ahmido
3490fb9e2c
Summary
Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics:
Non-member tenant scope ⇒ 404 (deny-as-not-found)
Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips
What changed
Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members).
Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown.
Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log).
Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX.
Implementation notes
Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element.
Provider registration: Laravel 11+ providers stay in providers.php (no changes required).
Global search: No global search behavior/resources changed in this PR.
Destructive actions:
Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation().
Server-side authorization is enforced (non-members 404, insufficient capability 403).
Assets: No new assets. No change to php artisan filament:assets expectations.
Tests
Ran:
vendor/bin/sail bin pint --dirty
vendor/bin/sail artisan test --compact (focused files for Spec 067)
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #84
31 lines
1.0 KiB
Markdown
31 lines
1.0 KiB
Markdown
# Quickstart — RBAC Troubleshooting & Tenant UI Bugfix Pack v1
|
|
|
|
## Prereqs
|
|
|
|
- Docker running
|
|
- Laravel Sail dependencies installed
|
|
|
|
## Run locally
|
|
|
|
- Start containers: `vendor/bin/sail up -d`
|
|
- Run targeted tests (after implementation):
|
|
- `vendor/bin/sail artisan test --compact tests/Feature/Rbac/`
|
|
- (guard) `vendor/bin/sail artisan test --compact tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php`
|
|
- Format: `vendor/bin/sail bin pint --dirty`
|
|
|
|
## Manual smoke (after implementation)
|
|
|
|
1. Sign in to `/admin`.
|
|
2. Pick a tenant scope via the tenant menu.
|
|
3. As a read-only member:
|
|
- Tenant view page shows Edit/Deactivate disabled with tooltip.
|
|
- Attempting to force-execute mutations still fails server-side.
|
|
4. Archive a tenant, then:
|
|
- Member can still open tenant view and sees an Archived banner.
|
|
- Non-member gets 404 for tenant scope URLs.
|
|
|
|
## Notes
|
|
|
|
- Filament v5 requires Livewire v4.0+ (this repo is already on Livewire v4).
|
|
- Panel providers in Laravel 11+ are registered in `bootstrap/providers.php` (this repo follows that convention).
|