ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
31376c422e
TenantAtlas/specs/069-managed-tenant-onboarding-wizard/tasks.md
Ahmed Darrazi 31376c422e wip: save 069 onboarding wizard v1 worktree state
2026-02-01 12:20:09 +01:00

214 lines
11 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
description: "Task list for feature implementation"
---
# Tasks: Managed Tenant Onboarding Wizard v1
**Input**: Design documents from `specs/069-managed-tenant-onboarding-wizard/`
**Prerequisites**: `plan.md` (required), `spec.md` (required), plus `research.md`, `data-model.md`, `contracts/`, `quickstart.md`
**Tests**: Required (Pest) — runtime behavior changes.
---
## Phase 1: Setup (Shared Infrastructure)
**Purpose**: Confirm repo conventions and entry points before implementation.
- [x] T001 Inventory existing tenant-create entry points in app/Filament/Pages/Tenancy/RegisterTenant.php and app/Filament/Resources/TenantResource.php
- [x] T002 Confirm tenant-plane routing + membership 404 middleware in app/Providers/Filament/AdminPanelProvider.php
- [x] T003 [P] Confirm provider registration location (Laravel 11+) in bootstrap/providers.php
- [x] T004 [P] Review Filament v5 page/resource/testing rules in docs/research/filament-v5-notes.md
- [x] T051 Map spec conceptual capabilities → App\Support\Auth\Capabilities constants (TENANT_VIEW/TENANT_MANAGE/PROVIDER_RUN/TENANT_INVENTORY_SYNC_RUN) and note the mapping in specs/069-managed-tenant-onboarding-wizard/plan.md
---
## Phase 2: Foundational (Blocking Prerequisites)
**Purpose**: Shared data model + operation labeling needed by all user stories.
**⚠️ CRITICAL**: No user story work should start until these are done.
- [x] T005 Create onboarding sessions migration in database/migrations/*_create_tenant_onboarding_sessions_table.php
- [x] T006 Create TenantOnboardingSession model in app/Models/TenantOnboardingSession.php
- [x] T007 [P] Create TenantOnboardingSession factory in database/factories/TenantOnboardingSessionFactory.php
- [x] T008 Add partial unique index for active sessions in database/migrations/*_create_tenant_onboarding_sessions_table.php
- [x] T009 Add onboarding status columns migration in database/migrations/*_add_onboarding_status_to_tenants_table.php
- [x] T010 Update Tenant model onboarding casts/accessors in app/Models/Tenant.php
- [x] T011 Register OperationCatalog label(s) for any new onboarding verification run type(s) (only if a new type is introduced) in app/Support/OperationCatalog.php
- [x] T012 Register expected duration(s) for any new onboarding verification run type(s) (only if a new type is introduced) in app/Support/OperationCatalog.php
- [x] T052 Add AuditLog coverage tasks for onboarding-sensitive actions using app/Services/Intune/AuditLogger.php (credentials set/rotate, onboarding completed) and ensure action IDs are stable
**Checkpoint**: Foundation ready — user story work can begin.
---
## Phase 3: User Story 1 — Onboard a managed tenant end-to-end (Priority: P1) 🎯 MVP
**Goal**: Create a guided, resumable, 5-step wizard that creates/updates a Tenant without external calls.
**Independent Test**: Complete the wizard and confirm Tenant + session state are persisted and resumable.
### Tests for User Story 1 (required)
- [x] T013 [P] [US1] Add wizard happy-path coverage in tests/Feature/ManagedTenantOnboardingWizardTest.php
- [x] T014 [P] [US1] Add resume + dedupe coverage in tests/Feature/ManagedTenantOnboardingWizardResumeTest.php
- [x] T015 [P] [US1] Add tenant-duplicate prevention coverage in tests/Feature/ManagedTenantOnboardingWizardDuplicateTest.php
### Implementation for User Story 1
- [x] T016 [US1] Implement session persistence service in app/Services/TenantOnboardingSessionService.php
- [x] T017 [P] [US1] Create onboarding wizard page Livewire component in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T018 [P] [US1] Create onboarding wizard view in resources/views/filament/pages/tenant-onboarding-wizard.blade.php
- [x] T019 [US1] Add step definitions + per-step validation in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T020 [US1] Implement start-or-resume behavior in app/Services/TenantOnboardingSessionService.php
- [x] T021 [US1] Ensure session payload excludes secrets in app/Services/TenantOnboardingSessionService.php
- [x] T022 [US1] Implement tenant creation/update (DB-only) in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T023 [US1] Enforce uniqueness by tenant_id (repository “workspace” == Tenant container; tenant_id is the unique external key) in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T024 [US1] Add “credentials required” decision rule config in config/tenantpilot.php
- [x] T025 [US1] Apply credentials-step conditional rendering in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T026 [US1] Ensure secrets never re-render (only “set/missing”) in resources/views/filament/pages/tenant-onboarding-wizard.blade.php
- [x] T027 [US1] Add “Resume wizard” action to tenant view in app/Filament/Resources/TenantResource.php
- [x] T028 [US1] Remove/disable non-wizard tenant creation entry in app/Filament/Pages/Tenancy/RegisterTenant.php
- [x] T029 [US1] Remove/disable TenantResource create flow entry in app/Filament/Resources/TenantResource.php
**Checkpoint**: US1 complete — wizard works end-to-end, resumable, DB-only.
---
## Phase 4: User Story 2 — Run verification checks without blocking page loads (Priority: P2)
**Goal**: Trigger verification via enqueue-only `OperationRun` and display stored results (no Graph calls during render).
**Independent Test**: Load wizard step pages without outbound calls; click Verify → `OperationRun` created and job enqueued.
### Tests for User Story 2 (required)
- [x] T030 [P] [US2] Assert wizard render/mount is DB-only by binding a failing fake GraphClientInterface (or equivalent Graph abstraction) in tests/Feature/ManagedTenantOnboardingWizardDbOnlyRenderTest.php
- [x] T031 [P] [US2] Assert Verify creates/dedupes OperationRun in tests/Feature/TenantOnboardingVerifyOperationRunTest.php
- [x] T032 [P] [US2] Assert permissions step uses stored results in tests/Feature/ManagedTenantOnboardingWizardPermissionsViewTest.php
### Implementation for User Story 2
- [x] T033 [US2] Ensure any wizard-triggered verification action is enqueue-only (creates/reuses OperationRun + dispatches job) and never calls Graph during render/mount in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T034 [US2] Wire “Check connection” to the existing provider.connection.check operation (OperationRun type + existing job patterns) and render stored outcome in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T035 [US2] Implement run creation + dedupe for onboarding verification (permissions/RBAC) in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T036 [US2] Create onboarding verification job (Graph calls allowed only inside job via GraphClientInterface + contracts) in app/Jobs/TenantOnboardingVerifyJob.php
- [x] T037 [US2] Dispatch TenantOnboardingVerifyJob only when run is newly created and persist sanitized results to tenant fields in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T038 [US2] Render stored “Granted/Missing” status in resources/views/filament/pages/tenant-onboarding-wizard.blade.php
- [x] T039 [US2] Implement completion criteria check based on stored results in app/Filament/Pages/TenantOnboardingWizard.php
**Checkpoint**: US2 complete — verification is observable + async; UI shows stored results.
---
## Phase 5: User Story 3 — RBAC-UX enforcement and safe access semantics (Priority: P3)
**Goal**: Enforce 404 vs 403 semantics and ensure UI is disabled+tooltip for insufficient capabilities.
**Independent Test**: Non-member gets 404; member w/out capability sees disabled UI and server rejects with 403.
### Tests for User Story 3 (required)
- [x] T040 [P] [US3] Assert non-member wizard access is 404 in tests/Feature/ManagedTenantOnboardingWizardRbacTest.php
- [x] T041 [P] [US3] Assert member missing capability is 403 on actions in tests/Feature/ManagedTenantOnboardingWizardRbacTest.php
- [x] T042 [P] [US3] Assert disabled UI state is rendered for insufficient capability in tests/Feature/ManagedTenantOnboardingWizardUiEnforcementTest.php
### Implementation for User Story 3
- [x] T043 [US3] Wrap wizard actions with UiEnforcement in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T044 [US3] Enforce server-side Gate authorization in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T045 [US3] Ensure wizard page is not registered in nav (entry-point only) in app/Filament/Pages/TenantOnboardingWizard.php
- [x] T046 [US3] Ensure credential mutation actions require confirmation in app/Filament/Pages/TenantOnboardingWizard.php
**Checkpoint**: US3 complete — RBAC semantics are enforced and regression-tested.
---
## Phase 6: Polish & Cross-Cutting Concerns
- [x] T047 Add legacy redirect for /admin/new → /admin/choose-tenant in routes/web.php
- [x] T048 Add/verify onboarding “single front door” UX copy in resources/views/filament/pages/tenant-onboarding-wizard.blade.php
- [x] T049 [P] Run formatter on touched files via `vendor/bin/sail bin pint --dirty` (targets app/ and tests/)
- [x] T050 Run focused test suite via `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php`
- [x] T053 Add at least one positive authorization test (member with required capability can start/resume/verify) alongside the negative 404/403 tests in tests/Feature/ManagedTenantOnboardingWizardRbacTest.php
---
## Dependencies & Execution Order
### Phase Dependencies
- Phase 1 (Setup) → Phase 2 (Foundational) → User story phases.
### User Story Dependencies (graph)
- US1 (P1) → US2 (P2) → US3 (P3)
- US2 depends on US1 having the wizard + tenant/session persistence.
- US3 can be implemented alongside US1/US2 but must land with tests.
### Parallel opportunities
- Setup: T003T004 can run in parallel.
- Foundational: T007 can run in parallel with T005T006.
- US1 tests (T013T015) can be authored in parallel.
- US2 tests (T030T032) can be authored in parallel.
- US3 tests (T040T042) can be authored in parallel.
---
## Parallel Example: User Story 1
```bash
# Tests in parallel
T013 # tests/Feature/ManagedTenantOnboardingWizardTest.php
T014 # tests/Feature/ManagedTenantOnboardingWizardResumeTest.php
T015 # tests/Feature/ManagedTenantOnboardingWizardDuplicateTest.php
# UI + service split
T016 # app/Services/TenantOnboardingSessionService.php
T017 # app/Filament/Pages/TenantOnboardingWizard.php
T018 # resources/views/filament/pages/tenant-onboarding-wizard.blade.php
```
## Parallel Example: User Story 2
```bash
# Tests in parallel
T030 # tests/Feature/ManagedTenantOnboardingWizardDbOnlyRenderTest.php
T031 # tests/Feature/TenantOnboardingVerifyOperationRunTest.php
T032 # tests/Feature/ManagedTenantOnboardingWizardPermissionsViewTest.php
# Job + UI work split
T036 # app/Jobs/TenantOnboardingVerifyJob.php
T035 # app/Filament/Pages/TenantOnboardingWizard.php
T038 # resources/views/filament/pages/tenant-onboarding-wizard.blade.php
```
## Parallel Example: User Story 3
```bash
# Tests in parallel
T040 # tests/Feature/ManagedTenantOnboardingWizardRbacTest.php
T042 # tests/Feature/ManagedTenantOnboardingWizardUiEnforcementTest.php
# Enforcement
T043 # app/Filament/Pages/TenantOnboardingWizard.php
```
---
## Implementation Strategy
### MVP scope
- MVP = US1 only (wizard + session persistence + single front door).
### Incremental delivery
1. Setup + Foundational.
2. Deliver US1 (MVP) and validate independently.
3. Add US2 (enqueue-only verification) and validate independently.
4. Add US3 (RBAC-UX hardening + regression tests).
Reference in New Issue View Git Blame Copy Permalink