ahmido
1c098441aa
Implements Spec 091 “BackupSchedule Retention & Lifecycle (Archive/Restore/Force Delete)”.
- BackupSchedule lifecycle:
- Archive (soft delete) with confirmation; restores via Restore action; Force delete with confirmation and strict gating.
- Force delete blocked when historical runs exist.
- Archived schedules never dispatch/execute (dispatcher + job guard).
- Audit events emitted for archive/restore/force delete.
- RBAC UX semantics preserved (non-member hidden/404; member w/o capability disabled + server-side 403).
- Filament UX contract update:
- Create CTA placement rule across create-enabled list pages:
- Empty list: only large centered empty-state Create CTA.
- Non-empty list: only header Create action.
- Tests added/updated to enforce the rule.
Verification:
- `vendor/bin/sail bin pint --dirty`
- Focused tests: BackupScheduling + RBAC enforcement + EmptyState CTAs + Create CTA placement
Notes:
- Filament v5 / Livewire v4 compliant.
- Manual quickstart verification in `specs/091-backupschedule-retention-lifecycle/quickstart.md` remains to be checked (T031).
Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #109
84 lines
2.4 KiB
PHP
84 lines
2.4 KiB
PHP
<?php
|
|
|
|
namespace App\Policies;
|
|
|
|
use App\Models\BackupSchedule;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Auth\Capabilities;
|
|
use Illuminate\Auth\Access\HandlesAuthorization;
|
|
use Illuminate\Support\Facades\Gate;
|
|
|
|
class BackupSchedulePolicy
|
|
{
|
|
use HandlesAuthorization;
|
|
|
|
protected function isTenantMember(User $user, ?Tenant $tenant = null): bool
|
|
{
|
|
$tenant ??= Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_VIEW, $tenant);
|
|
}
|
|
|
|
public function viewAny(User $user): bool
|
|
{
|
|
return $this->isTenantMember($user);
|
|
}
|
|
|
|
public function view(User $user, BackupSchedule $schedule): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
if (! $this->isTenantMember($user, $tenant)) {
|
|
return false;
|
|
}
|
|
|
|
return (int) $schedule->tenant_id === (int) $tenant->getKey();
|
|
}
|
|
|
|
public function create(User $user): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant);
|
|
}
|
|
|
|
public function update(User $user, BackupSchedule $schedule): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& (int) $schedule->tenant_id === (int) $tenant->getKey()
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant);
|
|
}
|
|
|
|
public function delete(User $user, BackupSchedule $schedule): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& (int) $schedule->tenant_id === (int) $tenant->getKey()
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant);
|
|
}
|
|
|
|
public function restore(User $user, BackupSchedule $schedule): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& (int) $schedule->tenant_id === (int) $tenant->getKey()
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_BACKUP_SCHEDULES_MANAGE, $tenant);
|
|
}
|
|
|
|
public function forceDelete(User $user, BackupSchedule $schedule): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
|
|
return $tenant instanceof Tenant
|
|
&& (int) $schedule->tenant_id === (int) $tenant->getKey()
|
|
&& Gate::forUser($user)->allows(Capabilities::TENANT_DELETE, $tenant);
|
|
}
|
|
}
|