ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
065-tenant-rbac-v1
TenantAtlas/tests/Deprecation/IsPlatformSuperadminDeprecationTest.php
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

59 lines
1.8 KiB
PHP
Raw Permalink Blame History

<?php
declare(strict_types=1);
use Illuminate\Support\Facades\File;
it('does not use legacy platform-superadmin flag in code or tests', function () {
$forbiddenPatterns = [
'/\bis_platform_superadmin\b/',
'/\bisPlatformSuperadmin\s*\(/',
];
$basePaths = [
app_path(),
resource_path('views'),
base_path('tests'),
];
$allowedPathFragments = [
DIRECTORY_SEPARATOR.'database'.DIRECTORY_SEPARATOR.'migrations'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'specs'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'docs'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'vendor'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'storage'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'bootstrap'.DIRECTORY_SEPARATOR.'cache'.DIRECTORY_SEPARATOR,
DIRECTORY_SEPARATOR.'tests'.DIRECTORY_SEPARATOR.'Deprecation'.DIRECTORY_SEPARATOR,
];
$violations = [];
foreach ($basePaths as $basePath) {
foreach (File::allFiles($basePath) as $file) {
$path = $file->getRealPath();
if (! is_string($path)) {
continue;
}
foreach ($allowedPathFragments as $fragment) {
if (str_contains($path, $fragment)) {
continue 2;
}
}
$contents = File::get($path);
foreach ($forbiddenPatterns as $pattern) {
if (preg_match($pattern, $contents) === 1) {
$violations[] = $path;
break;
}
}
}
}
expect($violations)
->toBeEmpty('Remove usages of `users.is_platform_superadmin` / `isPlatformSuperadmin()` from runtime code and tests. Found in: '.implode(', ', $violations));
});
Reference in New Issue View Git Blame Copy Permalink