TenantAtlas/app/Filament/System/Pages/Dashboard.php

<?php

declare(strict_types=1);

namespace App\Filament\System\Pages;

use App\Models\PlatformUser;
use App\Services\Auth\BreakGlassSession;
use App\Support\Auth\PlatformCapabilities;
use Filament\Actions\Action;
use Filament\Forms\Components\Textarea;
use Filament\Notifications\Notification;
use Filament\Pages\Dashboard as BaseDashboard;

class Dashboard extends BaseDashboard
{
    /**
     * @return array<Action>
     */
    protected function getHeaderActions(): array
    {
        $breakGlass = app(BreakGlassSession::class);
        $user = auth('platform')->user();

        $canUseBreakGlass = $breakGlass->isEnabled()
            && $user instanceof PlatformUser
            && $user->hasCapability(PlatformCapabilities::USE_BREAK_GLASS);

        return [
            Action::make('enter_break_glass')
                ->label('Enter break-glass mode')
                ->color('danger')
                ->visible(fn (): bool => $canUseBreakGlass && ! $breakGlass->isActive())
                ->requiresConfirmation()
                ->modalHeading('Enter break-glass mode')
                ->modalDescription('Recovery mode is time-limited and fully audited. Use for recovery only.')
                ->form([
                    Textarea::make('reason')
                        ->label('Reason')
                        ->required()
                        ->minLength(5)
                        ->maxLength(500)
                        ->rows(4),
                ])
                ->action(function (array $data, BreakGlassSession $breakGlass): void {
                    $user = auth('platform')->user();

                    if (! $user instanceof PlatformUser) {
                        abort(403);
                    }

                    if (! $user->hasCapability(PlatformCapabilities::USE_BREAK_GLASS)) {
                        abort(403);
                    }

                    $breakGlass->start($user, (string) ($data['reason'] ?? ''));

                    Notification::make()
                        ->title('Recovery mode enabled')
                        ->success()
                        ->send();
                }),

            Action::make('exit_break_glass')
                ->label('Exit break-glass')
                ->color('gray')
                ->visible(fn (): bool => $canUseBreakGlass && $breakGlass->isActive())
                ->requiresConfirmation()
                ->modalHeading('Exit break-glass mode')
                ->modalDescription('This will immediately end recovery mode.')
                ->action(function (BreakGlassSession $breakGlass): void {
                    $user = auth('platform')->user();

                    if (! $user instanceof PlatformUser) {
                        abort(403);
                    }

                    $breakGlass->exit($user);

                    Notification::make()
                        ->title('Recovery mode ended')
                        ->success()
                        ->send();
                }),
        ];
    }
}