ahmido
5bcb4f6ab8
## Summary
- add a canonical queued execution legitimacy contract for actor-bound and system-authority operation runs
- enforce legitimacy before queued jobs transition runs to running across provider, inventory, restore, bulk, sync, and scheduled backup flows
- surface blocked execution outcomes consistently in Monitoring, notifications, audit data, and the tenantless operation viewer
- add Spec 149 artifacts and focused Pest coverage for legitimacy decisions, middleware ordering, blocked presentation, retry behavior, and cross-family adoption
## Testing
- vendor/bin/sail artisan test --compact tests/Unit/Operations/QueuedExecutionLegitimacyGateTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionMiddlewareOrderingTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Verification/ProviderExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/RunInventorySyncExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/ExecuteRestoreRunExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/SystemRunBlockedExecutionNotificationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/BulkOperationExecutionReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionRetryReauthorizationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionContractMatrixTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/OperationRunBlockedExecutionPresentationTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/QueuedExecutionAuditTrailTest.php
- vendor/bin/sail artisan test --compact tests/Feature/Operations/TenantlessOperationRunViewerTest.php
- vendor/bin/sail bin pint --dirty --format agent
## Manual validation
- validated queued provider execution blocking for tenant operability drift in the integrated browser on /admin/operations and /admin/operations/{run}
- validated 404 vs 403 route behavior for non-membership vs in-scope capability denial
- validated initiator-null blocked system-run behavior without creating a user terminal notification
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #179
155 lines
4.4 KiB
PHP
155 lines
4.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Filament\Pages;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Models\UserTenantPreference;
|
|
use App\Services\Tenants\TenantOperabilityService;
|
|
use App\Support\Tenants\TenantInteractionLane;
|
|
use App\Support\Tenants\TenantLifecyclePresentation;
|
|
use App\Support\Tenants\TenantOperabilityQuestion;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Filament\Facades\Filament;
|
|
use Filament\Pages\Page;
|
|
use Illuminate\Database\Eloquent\Collection;
|
|
use Illuminate\Support\Facades\Schema;
|
|
|
|
class ChooseTenant extends Page
|
|
{
|
|
protected static string $layout = 'filament-panels::components.layout.simple';
|
|
|
|
protected static bool $shouldRegisterNavigation = false;
|
|
|
|
protected static bool $isDiscovered = false;
|
|
|
|
protected static ?string $slug = 'choose-tenant';
|
|
|
|
protected static ?string $title = 'Choose tenant';
|
|
|
|
protected string $view = 'filament.pages.choose-tenant';
|
|
|
|
/**
|
|
* Disable the simple-layout topbar to prevent lazy-loaded
|
|
* DatabaseNotifications from triggering Livewire update 404s.
|
|
*/
|
|
protected function getLayoutData(): array
|
|
{
|
|
return [
|
|
'hasTopbar' => false,
|
|
];
|
|
}
|
|
|
|
/**
|
|
* @return Collection<int, Tenant>
|
|
*/
|
|
public function getTenants(): Collection
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
return Tenant::query()->whereRaw('1 = 0')->get();
|
|
}
|
|
|
|
$tenants = $user->getTenants(Filament::getCurrentOrDefaultPanel());
|
|
|
|
if ($tenants instanceof Collection) {
|
|
return app(TenantOperabilityService::class)->filterSelectable($tenants);
|
|
}
|
|
|
|
return app(TenantOperabilityService::class)->filterSelectable(collect($tenants));
|
|
}
|
|
|
|
public function selectTenant(int $tenantId): void
|
|
{
|
|
$user = auth()->user();
|
|
|
|
if (! $user instanceof User) {
|
|
abort(403);
|
|
}
|
|
|
|
$workspaceContext = app(WorkspaceContext::class);
|
|
$workspaceId = $workspaceContext->currentWorkspaceId(request());
|
|
$tenant = null;
|
|
|
|
if ($workspaceId === null) {
|
|
$tenant = Tenant::query()->whereKey($tenantId)->first();
|
|
|
|
if ($tenant instanceof Tenant) {
|
|
$workspace = $tenant->workspace;
|
|
|
|
if ($workspace !== null && $user->canAccessTenant($tenant)) {
|
|
$workspaceContext->setCurrentWorkspace($workspace, $user, request());
|
|
$workspaceId = (int) $workspace->getKey();
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($workspaceId === null) {
|
|
$this->redirect(route('filament.admin.pages.choose-workspace'));
|
|
|
|
return;
|
|
}
|
|
|
|
if (! $tenant instanceof Tenant || (int) $tenant->workspace_id !== $workspaceId) {
|
|
$tenant = Tenant::query()
|
|
->where('workspace_id', $workspaceId)
|
|
->whereKey($tenantId)
|
|
->first();
|
|
}
|
|
|
|
if (! $tenant instanceof Tenant) {
|
|
abort(404);
|
|
}
|
|
|
|
if (! $user->canAccessTenant($tenant)) {
|
|
abort(404);
|
|
}
|
|
|
|
$outcome = app(TenantOperabilityService::class)->outcomeFor(
|
|
tenant: $tenant,
|
|
question: TenantOperabilityQuestion::SelectorEligibility,
|
|
actor: $user,
|
|
workspaceId: $workspaceId,
|
|
lane: TenantInteractionLane::StandardActiveOperating,
|
|
);
|
|
|
|
if (! $outcome->allowed) {
|
|
abort(404);
|
|
}
|
|
|
|
$this->persistLastTenant($user, $tenant);
|
|
|
|
if (! $workspaceContext->rememberTenantContext($tenant, request())) {
|
|
abort(404);
|
|
}
|
|
|
|
$this->redirect(TenantDashboard::getUrl(panel: 'tenant', tenant: $tenant));
|
|
}
|
|
|
|
public function tenantLifecyclePresentation(Tenant $tenant): TenantLifecyclePresentation
|
|
{
|
|
return TenantLifecyclePresentation::fromTenant($tenant);
|
|
}
|
|
|
|
private function persistLastTenant(User $user, Tenant $tenant): void
|
|
{
|
|
if (Schema::hasColumn('users', 'last_tenant_id')) {
|
|
$user->forceFill(['last_tenant_id' => $tenant->getKey()])->save();
|
|
|
|
return;
|
|
}
|
|
|
|
if (! Schema::hasTable('user_tenant_preferences')) {
|
|
return;
|
|
}
|
|
|
|
UserTenantPreference::query()->updateOrCreate(
|
|
['user_id' => $user->getKey(), 'tenant_id' => $tenant->getKey()],
|
|
['last_used_at' => now()]
|
|
);
|
|
}
|
|
}
|