ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/297-managed-environment-canonical-route-cutover/data-model.md
ahmido 3ec582a182 feat: retire legacy tenant route surfaces (#352) 
## Summary
- retire legacy `/admin/t` and active `/admin/tenants` product surfaces in favor of canonical workspace-scoped managed-environment routes
- centralize runtime URL generation through `ManagedEnvironmentLinks` and update intended URL handling to reject legacy tenant paths
- remove dormant tenant panel runtime, rename test helpers to the admin environment context, and add guard coverage for route/helper regressions

## Validation
- targeted Feature guard, workspace, provider connection, required permissions, and Filament test lanes run under Sail
- browser smoke coverage run for provider connection and workspace RBAC environment access flows
- formatting and diff checks completed with Pint and `git diff --check`

## Notes
- Filament remains on v5 with Livewire v4
- provider registration stays in `apps/platform/bootstrap/providers.php`
- retired tenant resource global search is disabled and destructive action confirmation rules remain unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #352
2026-05-12 23:35:03 +00:00

2.6 KiB
Raw Permalink Blame History

Data Model: Managed Environment Canonical Route Cutover & Legacy Tenant Surface Retirement

Date: 2026-05-12
Runtime persistence changes: none planned.

Existing Domain Truth

Concept Current role in this spec Persistence change
Workspace Primary SaaS/admin context and route scope None
ManagedEnvironment Secondary managed target context under a workspace None
Tenant / internal tenant model Existing technical implementation detail where repo-real None
WorkspaceMembership Role/capability authority None
ManagedEnvironmentMembership Access-scope / narrowing-only overlay None
ProviderConnection Tenantless admin resource with neutral scope context None
OperationRun Existing execution truth linked through workspace operations routes None

Route Truth

Old route family New truth Data implication
/admin/t... Retired / 404 None
/admin/tenants... Retired as active product surface None
/admin/tenants/{environment}/required-permissions /admin/workspaces/{workspace}/environments/{environment}/required-permissions or repo-real equivalent None
/admin/tenants/{environment}/provider-connections... /admin/provider-connections... with neutral scope context or canonical environment context None
/admin/operations /admin/workspaces/{workspace}/operations when workspace known None

New Structures

No new persisted tables, columns, enum/status families, lifecycle states, or source-of-truth records are introduced.

One bounded runtime helper may be introduced if needed:

App\Support\ManagedEnvironmentLinks

Allowed helper responsibility:

  • Generate canonical URLs for existing workspace/environment routes.
  • Require enough workspace/environment context to avoid ambiguous routing.
  • Delegate operations URLs to existing OperationRun link helpers.

Forbidden helper responsibility:

  • Acting as a generic route registry.
  • Creating compatibility redirects.
  • Inferring authorization from route generation.
  • Introducing a new persistent route mapping.

RBAC Semantics

  • Workspace membership carries role/capability authority.
  • Managed-environment membership narrows access only.
  • Non-member or out-of-scope workspace/environment access returns 404.
  • Established member missing capability returns 403.
  • Legacy role data on managed-environment membership, if present, is not authority.

Compatibility

No compatibility data model exists for this cutover. Historical rows, old route aliases, and old helper aliases are not preserved.