ahmido
5ec62cd117
## Summary
- add the shared trusted-state model and resolver helpers for first-slice Livewire and Filament surfaces
- harden managed tenant onboarding, tenant required permissions, and system runbooks against forged or stale public state
- add focused Pest guard and regression coverage plus the complete spec 152 artifact set
## Validation
- `vendor/bin/sail artisan test --compact`
- manual smoke validated on `/admin/onboarding/{onboardingDraft}`
- manual smoke validated on `/admin/tenants/{tenant}/required-permissions`
- manual smoke validated on `/system/ops/runbooks`
## Notes
- Livewire v4.0+ / Filament v5 stack unchanged
- no new panels, routes, assets, or global-search changes
- provider registration remains in `bootstrap/providers.php`
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #182
54 lines
1.6 KiB
PHP
54 lines
1.6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Livewire\TrustedState;
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\TenantOnboardingSession;
|
|
use App\Models\User;
|
|
use App\Models\Workspace;
|
|
use App\Services\Onboarding\OnboardingDraftResolver;
|
|
use App\Services\System\AllowedTenantUniverse;
|
|
use App\Support\Workspaces\WorkspaceContext;
|
|
use Illuminate\Http\Request;
|
|
|
|
final class TrustedStateResolver
|
|
{
|
|
/**
|
|
* @return array<string>
|
|
*/
|
|
public function requiredAuthoritySources(string $component, TrustedStatePolicy $policy): array
|
|
{
|
|
return $policy->forComponent($component)['authority_sources'];
|
|
}
|
|
|
|
public function currentWorkspaceForMember(User $user, WorkspaceContext $workspaceContext, ?Request $request = null): Workspace
|
|
{
|
|
return $workspaceContext->currentWorkspaceForMemberOrFail($user, $request);
|
|
}
|
|
|
|
public function resolveOnboardingDraft(
|
|
TenantOnboardingSession|int|string $draft,
|
|
User $user,
|
|
Workspace $workspace,
|
|
OnboardingDraftResolver $resolver,
|
|
): TenantOnboardingSession {
|
|
return $resolver->resolveForTrustedAction($draft, $user, $workspace);
|
|
}
|
|
|
|
public function resolveAllowedTenantProposal(
|
|
int|string|null $tenantId,
|
|
AllowedTenantUniverse $allowedTenantUniverse,
|
|
): ?Tenant {
|
|
return $allowedTenantUniverse->resolveAllowed($tenantId);
|
|
}
|
|
|
|
public function resolveAllowedTenantProposalOrFail(
|
|
int|string|null $tenantId,
|
|
AllowedTenantUniverse $allowedTenantUniverse,
|
|
): Tenant {
|
|
return $allowedTenantUniverse->resolveAllowedOrFail($tenantId);
|
|
}
|
|
}
|