ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
dev-session-1769637808
TenantAtlas/app/Support
History
ahmido d90fb0f963 065-tenant-rbac-v1 (#79) 
PR Body
Implements Spec 065 “Tenant RBAC v1” with capabilities-first RBAC, tenant membership scoping (Option 3), and consistent Filament action semantics.

Key decisions / rules

Tenancy Option 3: tenant switching is tenantless (ChooseTenant), tenant-scoped routes stay scoped, non-members get 404 (not 403).
RBAC model: canonical capability registry + role→capability map + Gates for each capability (no role-string checks in UI logic).
UX policy: for tenant members lacking permission → actions are visible but disabled + tooltip (avoid click→403).
Security still enforced server-side.
What’s included

Capabilities foundation:
Central capability registry (Capabilities::*)
Role→capability mapping (RoleCapabilityMap)
Gate registration + resolver/manager updates to support tenant-scoped authorization
Filament enforcement hardening across the app:
Tenant registration & tenant CRUD properly gated
Backup/restore/policy flows aligned to “visible-but-disabled” where applicable
Provider operations (health check / inventory sync / compliance snapshot) guarded and normalized
Directory groups + inventory sync start surfaces normalized
Policy version maintenance actions (archive/restore/prune/force delete) gated
SpecKit artifacts for 065:
spec.md, plan/tasks updates, checklists, enforcement hitlist
Security guarantees

Non-member → 404 via tenant scoping/membership guards.
Member without capability → 403 on execution, even if UI is disabled.
No destructive actions execute without proper authorization checks.
Tests

Adds/updates Pest coverage for:
Tenant scoping & membership denial behavior
Role matrix expectations (owner/manager/operator/readonly)
Filament surface checks (visible/disabled actions, no side effects)
Provider/Inventory/Groups run-start authorization
Verified locally with targeted vendor/bin/sail artisan test --compact …
Deployment / ops notes

No new services required.
Safe change: behavior is authorization + UI semantics; no breaking route changes intended.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #79
2026-01-28 21:09:47 +00:00
..
Audit 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00
Auth 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00
Badges feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
Concerns feat/027-enrollment-config-subtypes (#31) 2026-01-04 13:25:15 +00:00
Enums feat/042-inventory-dependencies-graph (#50) 2026-01-10 12:50:08 +00:00
Inventory 058-tenant-ui-polish (#70) 2026-01-22 00:17:23 +00:00
Middleware 062-tenant-rbac-v1 (#74) 2026-01-25 15:27:39 +00:00
OpsUx feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
OperationCatalog.php feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
OperationRunLinks.php feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
OperationRunOutcome.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
OperationRunStatus.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
OperationRunType.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
RbacReason.php Intune RBAC: graceful unsupported-account handling, health-check fixes, tests and docs updates 2025-12-13 01:25:06 +01:00
RestoreRunIdempotency.php 056-remove-legacy-bulkops (#65) 2026-01-19 23:27:52 +00:00
RestoreRunStatus.php feat/011-restore-run-wizard (#17) 2025-12-31 19:14:59 +00:00
TenantRole.php 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00