ahmido
1f3619bd16
## Summary - introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources - harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access - add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics ## Included - Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/` - shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver` - shared Filament concern: `InteractsWithTenantOwnedRecords` - resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups - additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails ## Validation - `vendor/bin/sail artisan test --compact` passed - full suite result: `2733 passed, 8 skipped` - formatting applied with `vendor/bin/sail bin pint --dirty --format agent` ## Notes - Livewire v4.0+ compliant via existing Filament v5 stack - provider registration remains in `bootstrap/providers.php` - globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled - destructive actions continue to use confirmation and policy authorization - no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #180
36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
# Specification Quality Checklist: Tenant-Owned Query Canon and Wrong-Tenant Guards
|
|
|
|
**Purpose**: Validate specification completeness and quality before proceeding to planning
|
|
**Created**: 2026-03-17
|
|
**Feature**: [spec.md](../spec.md)
|
|
|
|
## Content Quality
|
|
|
|
- [x] No implementation details (languages, frameworks, APIs)
|
|
- [x] Focused on user value and business needs
|
|
- [x] Written for non-technical stakeholders
|
|
- [x] All mandatory sections completed
|
|
|
|
## Requirement Completeness
|
|
|
|
- [x] No [NEEDS CLARIFICATION] markers remain
|
|
- [x] Requirements are testable and unambiguous
|
|
- [x] Success criteria are measurable
|
|
- [x] Success criteria are technology-agnostic (no implementation details)
|
|
- [x] All acceptance scenarios are defined
|
|
- [x] Edge cases are identified
|
|
- [x] Scope is clearly bounded
|
|
- [x] Dependencies and assumptions identified
|
|
|
|
## Feature Readiness
|
|
|
|
- [x] All functional requirements have clear acceptance criteria
|
|
- [x] User scenarios cover primary flows
|
|
- [x] Feature meets measurable outcomes defined in Success Criteria
|
|
- [x] No implementation details leak into specification
|
|
|
|
## Notes
|
|
|
|
- Validation pass complete on 2026-03-17.
|
|
- No clarification markers remained after the first drafting pass.
|
|
- Spec 150 is intentionally positioned as the read and lookup complement to Spec 149, which already covers execution-time reauthorization for queued mutation work. |