ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
platform-dev
TenantAtlas/specs/303-admin-directory-groups-cutover/checklists/requirements.md
ahmido 1cd8d48474 feat: cut over admin directory groups (#358) 
## Summary
- cut over `EntraGroupResource` to an environment-bound admin Directory Groups surface in the workspace-first runtime
- adopt workspace-scoped admin list/detail URLs and add the bounded `Directory > Groups` navigation entry in the admin panel
- keep workspace-home navigation clean while preserving existing scoped list, detail, and global-search behavior
- update focused feature coverage and add a browser smoke for the rendered sidebar drilldown path
- include the Spec 303 package under `specs/303-admin-directory-groups-cutover/`

## Testing
- updated focused Pest coverage for admin navigation segregation, Entra group admin scoping, Entra group global search scoping, and directory group browsing
- added browser smoke coverage in `apps/platform/tests/Browser/Spec303AdminDirectoryGroupsCutoverSmokeTest.php`

## Filament / Runtime Notes
- remains compliant with Filament v5 on Livewire v4
- no provider registration changes; provider registration location remains `apps/platform/bootstrap/providers.php`
- `EntraGroupResource` remains eligible for global search because it has a View page
- no destructive actions were added or changed; confirmation and authorization behavior is unchanged
- no asset registration changes; existing `cd apps/platform && php artisan filament:assets` deploy posture is unchanged

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #358
2026-05-14 22:44:44 +00:00

5.6 KiB
Raw Permalink Blame History

Requirements Checklist: Admin Directory Groups Cutover

Purpose: Validate that the Spec 303 preparation package is complete, bounded, and ready for implementation. Created: 2026-05-14 Feature: spec.md

Applicability And Low-Impact Gate

  • The package explicitly changes an operator-facing navigation/resource/search surface and does not use a false low-impact N/A.
  • spec.md, plan.md, and tasks.md carry the same native Filament navigation/resource/search classification, shared-family relevance, and no-new-action decision.

Candidate Selection

  • The selected candidate exists in docs/product/spec-candidates.md as admin-directory-groups-cutover.
  • The candidate was explicitly manually promoted by the user and assigned number 303.
  • Spec 301 is treated as completed Inventory context and is not modified.
  • Spec 302 is treated as completed audit evidence and is not modified.
  • Close alternatives are deferred: navigation-contract-split, tenant-panel-dead-code-retirement, and any broader Directory/Admin Roles IA.

Scope And Requirements

  • Entra Groups has an explicit admin role as a secondary environment-bound Directory/Identity surface.
  • Workspace-home sidebar cleanliness remains an explicit negative-control requirement.
  • Environment-bound Groups visibility is explicit and testable.
  • List, View, and global-search scoping requirements cover no-context, cross-environment, and cross-workspace cases.
  • Global-search View destination requirements explicitly reject legacy /admin/t routes.
  • No generic M365 Admin mirror or broad Identity Center is in scope.
  • No new group mutation/admin action is in scope.
  • No new persistence, migration, model, service, job, provider contract, route family, asset, or provider registration change is introduced.

Native, Shared-Family, And State Ownership

  • The surface remains native Filament resource navigation, table, View page, and global search.
  • The shared paths to reuse are named as NavigationScope, OperateHubShell, ScopesGlobalSearchToTenant, ResolvesPanelTenantContext, and tenant-owned record helpers.
  • Shell, page, route context, remembered environment context, and record resolution are named without introducing a second state owner.
  • The likely next operator action is coherent: open or inspect Groups inside the selected environment.

Shared Pattern Reuse

  • Navigation and search interaction classes are explicitly marked.
  • The package extends existing navigation/context/search helpers instead of adding a Directory navigation framework.
  • No direct-route posture is retained; Entra Groups uses workspace/environment resource routes.

OperationRun Start UX Contract

  • The package explicitly says it does not create, queue, deduplicate, resume, block, complete, or deep-link to a new OperationRun.
  • Existing directory group sync behavior remains outside new behavior and must continue using existing shared operation-start helpers if touched.
  • No queued or terminal notification policy changes are introduced.

Provider Boundary And Vocabulary

  • The package explicitly classifies the provider/platform boundary as mixed and bounded.
  • Microsoft Entra terminology remains provider-owned and does not become platform-core identity truth.
  • Operator-visible terms prefer Workspace, Managed Environment, Directory Groups, and Directory inventory.

Signals, Exceptions, And Test Depth

  • The triggered repository signal is classified as a review-mandatory Groups navigation/search repair.
  • No broad exception is needed; WorkspaceScopedTenantRoutes was adopted and verified.
  • The required surface profile is standard-native-filament.
  • Planned proof stays focused on Pest feature tests plus one explicit Browser smoke for the rendered sidebar navigation path.
  • Fixture/helper cost remains low and reuses existing workspace/environment test helpers.

Audience-Aware Disclosure And Decision Hierarchy

  • Directory Groups is secondary context, not a primary decision surface.
  • Workspace home remains workspace-level and avoids environment-owned default-visible content.
  • Raw/support diagnostics are not promoted by navigation.
  • Exactly one dominant navigation intent is preserved: open Groups within the active environment.

Filament v5 Checklist

  • Filament v5 targets Livewire v4.0+; this repo currently uses Livewire 4.1.4.
  • No provider registration changes are planned; existing providers remain registered in apps/platform/bootstrap/providers.php.
  • EntraGroupResource has a View page, so global search destination eligibility is satisfied.
  • Global-search result URL customization is explicitly covered by requirements and tasks.
  • No destructive actions are introduced or changed.
  • No assets are registered; deploy filament:assets posture remains unchanged.
  • Planned tests target Filament navigation/resource/search behavior using Feature tests.

Review Outcome

  • Review outcome class: acceptable-special-case.
  • Workflow outcome: document-in-feature.
  • Final note location: active feature PR close-out entry Guardrail / Exception / Smoke Coverage.

Preparation Result

  • No application implementation was performed while preparing this package.
  • Preparation analysis found no critical or high-severity cross-artifact issues.
  • Spec Readiness Gate passes for preparation: spec.md, plan.md, tasks.md, and this checklist exist, contain no placeholders, and keep implementation scope bounded to Spec 303.