ahmido
0dc79520a4
Implements provider access hardening for Intune write operations: - RBAC-based write gate with configurable staleness thresholds - Gate enforced at restore start and in jobs (execute + assignments) - UI affordances: disabled rerun action, tenant RBAC status card, refresh RBAC action - Audit logging for blocked writes - Ops UX label: `rbac.health_check` now displays as “RBAC health check” - Adds/updates Pest tests and SpecKit artifacts for feature 108 Notes: - Filament v5 / Livewire v4 compliant. - Destructive actions require confirmation. - Assets: no new global assets. Tested: - `vendor/bin/sail artisan test --compact` (suite previously green) + focused OpsUx tests for OperationCatalog labels. - `vendor/bin/sail bin pint --dirty`. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #132
24 lines
630 B
PHP
24 lines
630 B
PHP
<?php
|
|
|
|
namespace App\Contracts\Hardening;
|
|
|
|
use App\Exceptions\Hardening\ProviderAccessHardeningRequired;
|
|
use App\Models\Tenant;
|
|
|
|
interface WriteGateInterface
|
|
{
|
|
/**
|
|
* Evaluate whether a write operation is allowed for the given tenant.
|
|
*
|
|
* @throws ProviderAccessHardeningRequired when the operation is blocked
|
|
*/
|
|
public function evaluate(Tenant $tenant, string $operationType): void;
|
|
|
|
/**
|
|
* Check whether the gate would block a write operation for the given tenant.
|
|
*
|
|
* Non-throwing variant for UI disabled-state checks.
|
|
*/
|
|
public function wouldBlock(Tenant $tenant): bool;
|
|
}
|