ahmido
7217559e5a
Ziel: Spec/Plan/Tasks für “RBAC UI Enforcement Helper v2” (suite-wide, mixed visibility, record-scoped tenant) bereitstellen, damit die anschließende Implementierung sauber reviewbar ist.
Enthält
Feature-Spec inkl. RBAC-UX Contract (Non-member 404/hidden, member-no-cap disabled + Tooltip, member-with-cap enabled).
Implementation Plan + Research/Decisions.
Contracts:
UiEnforcement v2 (mixed visibility composition, tenant resolvers, bulk preflight).
Guardrails (CI-failing allowlist guard gegen ad-hoc Filament auth patterns).
Data-model/Quickstart/Tasks inkl. “Definition of Done”.
Review-Fokus
Scope: Tenant plane only (/admin/t/{tenant}), Platform plane out of scope.
Bulk semantics: authorization-only all-or-nothing; eligibility separat mit Feedback.
preserveVisibility() nur tenant-scoped, verboten für record-scoped/cross-tenant.
Standard tooltip copy: “Insufficient permission — ask a tenant Owner.”
Keine Code-Änderungen
PR ist spec-only (keine Runtime-Änderungen).
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #82
32 lines
1.4 KiB
Markdown
32 lines
1.4 KiB
Markdown
# Contract: RBAC Guardrails for Filament (v2)
|
|
|
|
**Branch**: `066-rbac-ui-enforcement-helper-v2`
|
|
**Date**: 2026-01-30
|
|
**Spec**: `/Users/ahmeddarrazi/Documents/projects/TenantAtlas-066-rbac-ui-enforcement-helper-v2/specs/066-rbac-ui-enforcement-helper/spec.md`
|
|
|
|
## Goal
|
|
|
|
Prevent re-introducing ad-hoc RBAC authorization patterns inside `app/Filament/**` by keeping a CI-failing, allowlist-driven guard.
|
|
|
|
## Guard contract
|
|
|
|
- The guard is CI-failing for new violations (no “warnings only” mode).
|
|
- Legacy violations are allowed only via an explicit allowlist.
|
|
- Every v2 migration batch removes allowlist entries for the migrated files.
|
|
|
|
## Forbidden patterns (examples)
|
|
|
|
The exact pattern list is defined in the guard test, but v2 migrations must remove ad-hoc patterns such as:
|
|
|
|
- `Gate::...` checks inside Filament resources/pages when the enforcement helper is intended.
|
|
- `abort_*` calls used as the primary UI enforcement mechanism inside Filament resources/pages.
|
|
- Raw policy ability string literals (instead of `Capabilities::*` constants).
|
|
- Custom RBAC helper patterns that bypass `UiEnforcement`.
|
|
|
|
## Allowed patterns
|
|
|
|
- Capability checks via `UiEnforcement` and `Capabilities::*` registry constants.
|
|
- Defense-in-depth server-side authorization inside action handlers (403 for members without capability; 404 for non-members where reachable).
|
|
- Filament action UX patterns: `->requiresConfirmation()` for destructive/high-impact actions.
|
|
|