ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
154-finding-risk-acceptance
TenantAtlas/app/Policies/BackupSchedulePolicy.php
ahmido 1f3619bd16 feat: tenant-owned query canon and wrong-tenant guards (#180) 
## Summary
- introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources
- harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access
- add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics

## Included
- Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/`
- shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver`
- shared Filament concern: `InteractsWithTenantOwnedRecords`
- resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups
- additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails

## Validation
- `vendor/bin/sail artisan test --compact` passed
- full suite result: `2733 passed, 8 skipped`
- formatting applied with `vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Livewire v4.0+ compliant via existing Filament v5 stack
- provider registration remains in `bootstrap/providers.php`
- globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled
- destructive actions continue to use confirmation and policy authorization
- no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #180
2026-03-18 08:33:13 +00:00

103 lines
3.1 KiB
PHP
Raw Permalink Blame History

<?php
namespace App\Policies;
use App\Models\BackupSchedule;
use App\Models\Tenant;
use App\Models\User;
use App\Support\Auth\Capabilities;
use App\Support\OperateHub\OperateHubShell;
use Filament\Facades\Filament;
use Illuminate\Auth\Access\HandlesAuthorization;
use Illuminate\Auth\Access\Response;
use Illuminate\Support\Facades\Gate;
class BackupSchedulePolicy
{
use HandlesAuthorization;
protected function isTenantMember(User $user, ?Tenant $tenant = null): bool
{
$tenant ??= $this->resolvedTenant();
return $tenant instanceof Tenant
&& Gate::forUser($user)->allows(Capabilities::TENANT_VIEW, $tenant);
}
public function viewAny(User $user): bool
{
return $this->isTenantMember($user);
}
public function view(User $user, BackupSchedule $schedule): Response|bool
{
$tenant = $this->resolvedTenant();
if (! $this->isTenantMember($user, $tenant)) {
return Response::denyAsNotFound();
}
return (int) $schedule->tenant_id === (int) $tenant->getKey()
? true
: Response::denyAsNotFound();
}
public function create(User $user): bool
{
$tenant = $this->resolvedTenant();
return $tenant instanceof Tenant
&& Gate::forUser($user)->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant);
}
public function update(User $user, BackupSchedule $schedule): Response|bool
{
return $this->authorizeScheduleAction($user, $schedule, Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE);
}
public function delete(User $user, BackupSchedule $schedule): Response|bool
{
return $this->authorizeScheduleAction($user, $schedule, Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE);
}
public function restore(User $user, BackupSchedule $schedule): Response|bool
{
return $this->authorizeScheduleAction($user, $schedule, Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE);
}
public function forceDelete(User $user, BackupSchedule $schedule): Response|bool
{
return $this->authorizeScheduleAction($user, $schedule, Capabilities::TENANT_DELETE);
}
protected function authorizeScheduleAction(User $user, BackupSchedule $schedule, string $capability): Response|bool
{
$tenant = $this->resolvedTenant();
if (! $this->isTenantMember($user, $tenant)) {
return Response::denyAsNotFound();
}
if (! $tenant instanceof Tenant || (int) $schedule->tenant_id !== (int) $tenant->getKey()) {
return Response::denyAsNotFound();
}
return Gate::forUser($user)->allows($capability, $tenant)
? true
: Response::deny();
}
protected function resolvedTenant(): ?Tenant
{
if (Filament::getCurrentPanel()?->getId() === 'admin') {
$tenant = app(OperateHubShell::class)->tenantOwnedPanelContext(request());
return $tenant instanceof Tenant ? $tenant : null;
}
$tenant = Tenant::current();
return $tenant instanceof Tenant ? $tenant : null;
}
}
Reference in New Issue View Git Blame Copy Permalink