ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
1f3619bd16
TenantAtlas/app/Support
History
ahmido 1f3619bd16 feat: tenant-owned query canon and wrong-tenant guards (#180) 
## Summary
- introduce a shared tenant-owned query and record-resolution canon for first-slice Filament resources
- harden direct views, row actions, bulk actions, relation managers, and workspace-admin canonical viewers against wrong-tenant access
- add registry-backed rollout metadata, search posture handling, architectural guards, and focused Pest coverage for scope parity and 404/403 semantics

## Included
- Spec 150 package under `specs/150-tenant-owned-query-canon-and-wrong-tenant-guards/`
- shared support classes: `TenantOwnedModelFamilies`, `TenantOwnedQueryScope`, `TenantOwnedRecordResolver`
- shared Filament concern: `InteractsWithTenantOwnedRecords`
- resource/page/policy hardening across findings, policies, policy versions, backup schedules, backup sets, restore runs, inventory items, and Entra groups
- additional regression coverage for canonical tenant state, wrong-tenant record resolution, relation-manager congruence, and action-surface guardrails

## Validation
- `vendor/bin/sail artisan test --compact` passed
- full suite result: `2733 passed, 8 skipped`
- formatting applied with `vendor/bin/sail bin pint --dirty --format agent`

## Notes
- Livewire v4.0+ compliant via existing Filament v5 stack
- provider registration remains in `bootstrap/providers.php`
- globally searchable first-slice posture: Entra groups scoped; policies and policy versions explicitly disabled
- destructive actions continue to use confirmation and policy authorization
- no new Filament assets added; existing deployment flow remains unchanged, including `php artisan filament:assets` when registered assets are used

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #180
2026-03-18 08:33:13 +00:00
..
Alerts feat(alerts): test message + last test status + deep links (#122) 2026-02-18 23:12:38 +00:00
Audit feat: centralize tenant lifecycle presentation (#175) 2026-03-16 18:18:53 +00:00
Auth feat: managed tenant onboarding draft identity and resume semantics (#167) 2026-03-13 23:45:23 +00:00
Badges feat: harden queued execution legitimacy (#179) 2026-03-17 21:52:40 +00:00
Baselines feat: add Intune RBAC baseline compare support (#156) 2026-03-09 18:49:20 +00:00
Concerns feat(alerts): test message + last test status + deep links (#122) 2026-02-18 23:12:38 +00:00
Diff feat: refine onboarding draft flow and RBAC diff UX (#171) 2026-03-14 20:09:54 +00:00
Enums feat/042-inventory-dependencies-graph (#50) 2026-01-10 12:50:08 +00:00
Filament feat: complete admin canonical tenant rollout (#165) 2026-03-13 08:09:20 +00:00
Inventory feat: add Intune RBAC baseline compare support (#156) 2026-03-09 18:49:20 +00:00
Links feat: standardize platform provider identity (#166) 2026-03-13 16:29:08 +00:00
Middleware feat: central tenant operability policy (#177) 2026-03-17 11:48:55 +00:00
Navigation feat: lay audit log foundation (#163) 2026-03-11 09:39:37 +00:00
Onboarding feat: add onboarding lifecycle checkpoints and locking (#169) 2026-03-14 11:02:29 +00:00
OperateHub feat: tenant-owned query canon and wrong-tenant guards (#180) 2026-03-18 08:33:13 +00:00
Operations feat: harden queued execution legitimacy (#179) 2026-03-17 21:52:40 +00:00
OpsUx feat: harden queued execution legitimacy (#179) 2026-03-17 21:52:40 +00:00
Providers feat: standardize platform provider identity (#166) 2026-03-13 16:29:08 +00:00
Rbac feat: implement tenant action taxonomy lifecycle visibility (#174) 2026-03-16 00:57:17 +00:00
References feat: canonical tenant context resolution (#164) 2026-03-11 21:24:28 +00:00
Settings feat(115): baseline operability + alerts (#140) 2026-03-01 02:26:47 +00:00
System feat(114): system console control tower (merged) (#139) 2026-02-28 00:15:31 +00:00
SystemConsole feat(114): system console control tower (merged) (#139) 2026-02-28 00:15:31 +00:00
Tenants feat: central tenant operability policy (#177) 2026-03-17 11:48:55 +00:00
Ui feat: tenant-owned query canon and wrong-tenant guards (#180) 2026-03-18 08:33:13 +00:00
Verification feat: add verify access required permissions assist (#168) 2026-03-14 02:00:28 +00:00
WorkspaceIsolation feat: tenant-owned query canon and wrong-tenant guards (#180) 2026-03-18 08:33:13 +00:00
Workspaces feat: central tenant operability policy (#177) 2026-03-17 11:48:55 +00:00
OperationCatalog.php feat: harden queued execution legitimacy (#179) 2026-03-17 21:52:40 +00:00
OperationRunLinks.php feat: canonical tenant context resolution (#164) 2026-03-11 21:24:28 +00:00
OperationRunOutcome.php Spec 081: Provider connection cutover (#98) 2026-02-08 11:28:51 +00:00
OperationRunStatus.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
OperationRunType.php Spec 119: Drift cutover to Baseline Compare (golden master) (#144) 2026-03-06 14:30:49 +00:00
RbacReason.php Intune RBAC: graceful unsupported-account handling, health-check fixes, tests and docs updates 2025-12-13 01:25:06 +01:00
RedactionIntegrity.php Spec 120: harden secret redaction integrity (#146) 2026-03-07 16:43:01 +00:00
RestoreRunIdempotency.php 056-remove-legacy-bulkops (#65) 2026-01-19 23:27:52 +00:00
RestoreRunStatus.php feat/011-restore-run-wizard (#17) 2025-12-31 19:14:59 +00:00
ReviewPackStatus.php Fix Review Pack generation UX + notifications (#133) 2026-02-23 19:42:52 +00:00
TenantRole.php 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00