ahmido
6a86c5901a
Kontext / Ziel Diese PR standardisiert Tenant‑RBAC Enforcement in der Filament‑UI: statt ad-hoc Gate::*, abort_if/abort_unless und kopierten ->visible()/->disabled()‑Closures gibt es jetzt eine zentrale, wiederverwendbare Implementierung für Actions (Header/Table/Bulk). Links zur Spec: spec.md plan.md quickstart.md Was ist drin Neue zentrale Helper-API: UiEnforcement (Tenant-plane RBAC‑UX “source of truth” für Filament Actions) Standardisierte Tooltip-Texte und Context-DTO (UiTooltips, TenantAccessContext) Migration vieler tenant‑scoped Filament Action-Surfaces auf das Standardpattern (ohne ad-hoc Auth-Patterns) CI‑Guard (Test) gegen neue ad-hoc Patterns in app/Filament/**: verbietet Gate::allows/denies/check/authorize, use Illuminate\Support\Facades\Gate, abort_if/abort_unless Legacy-Allowlist ist aktuell leer (neue Verstöße failen sofort) RBAC-UX Semantik (konsequent & testbar) Non-member: UI Actions hidden (kein Tenant‑Leak); Execution wird blockiert (Filament hidden→disabled chain), Defense‑in‑depth enthält zusätzlich serverseitige Guards. Member ohne Capability: Action visible aber disabled + Standard-Tooltip; Execution wird blockiert (keine Side Effects). Member mit Capability: Action enabled und ausführbar. Destructive actions: über ->destructive() immer mit ->requiresConfirmation() + klare Warntexte (Execution bleibt über ->action(...)). Wichtig: In Filament v5 sind hidden/disabled Actions typischerweise “silently blocked” (200, keine Ausführung). Die Tests prüfen daher UI‑State + “no side effects”, nicht nur HTTP‑Statuscodes. Sicherheit / Scope Keine neuen DB-Tabellen, keine Migrations, keine Microsoft Graph Calls (DB‑only bei Render; kein outbound HTTP). Tenant Isolation bleibt Isolation‑Boundary (deny-as-not-found auf Tenant‑Ebene, Capability erst nach Membership). Kein Asset-Setup erforderlich; keine neuen Filament Assets. Compliance Notes (Repo-Regeln) Filament v5 / Livewire v4.0+ kompatibel. Keine Änderungen an Provider‑Registrierung (Laravel 11+/12: providers.php bleibt der Ort; hier unverändert). Global Search: keine gezielte Änderung am Global‑Search-Verhalten in dieser PR. Tests / Qualität Pest Feature/Unit Tests für Member/Non-member/Tooltip/Destructive/Regression‑Guard. Guard-Test: “No ad-hoc Filament auth patterns”. Full suite laut Tasks: vendor/bin/sail artisan test --compact → 837 passed, 5 skipped. Checklist: requirements.md vollständig (16/16). Review-Fokus API‑Usage in neuen/angepassten Filament Actions: UiEnforcement::forAction/forTableAction/forBulkAction(...)->requireCapability(...)->apply() Guard-Test soll “red” werden, sobald jemand neue ad-hoc Auth‑Patterns einführt (by design). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #81
162 lines
5.9 KiB
PHP
162 lines
5.9 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources\PolicyResource\RelationManagers;
|
|
|
|
use App\Filament\Resources\RestoreRunResource;
|
|
use App\Models\PolicyVersion;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Services\Intune\RestoreService;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Badges\TagBadgeDomain;
|
|
use App\Support\Badges\TagBadgeRenderer;
|
|
use App\Support\Rbac\UiEnforcement;
|
|
use App\Support\Rbac\UiTooltips;
|
|
use Filament\Actions;
|
|
use Filament\Forms;
|
|
use Filament\Notifications\Notification;
|
|
use Filament\Resources\RelationManagers\RelationManager;
|
|
use Filament\Tables;
|
|
use Filament\Tables\Table;
|
|
|
|
class VersionsRelationManager extends RelationManager
|
|
{
|
|
protected static string $relationship = 'versions';
|
|
|
|
public function table(Table $table): Table
|
|
{
|
|
$restoreToIntune = Actions\Action::make('restore_to_intune')
|
|
->label('Restore to Intune')
|
|
->icon('heroicon-o-arrow-path-rounded-square')
|
|
->color('danger')
|
|
->requiresConfirmation()
|
|
->modalHeading(fn (PolicyVersion $record): string => "Restore version {$record->version_number} to Intune?")
|
|
->modalSubheading('Creates a restore run using this policy version snapshot.')
|
|
->form([
|
|
Forms\Components\Toggle::make('is_dry_run')
|
|
->label('Preview only (dry-run)')
|
|
->default(true),
|
|
])
|
|
->action(function (PolicyVersion $record, array $data, RestoreService $restoreService) {
|
|
$tenant = Tenant::current();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
Notification::make()
|
|
->title('Missing tenant or user context.')
|
|
->danger()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
if ($record->tenant_id !== $tenant->id) {
|
|
Notification::make()
|
|
->title('Policy version belongs to a different tenant')
|
|
->danger()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
try {
|
|
$run = $restoreService->executeFromPolicyVersion(
|
|
tenant: $tenant,
|
|
version: $record,
|
|
dryRun: (bool) ($data['is_dry_run'] ?? true),
|
|
actorEmail: $user->email,
|
|
actorName: $user->name,
|
|
);
|
|
} catch (\Throwable $throwable) {
|
|
Notification::make()
|
|
->title('Restore run failed to start')
|
|
->body($throwable->getMessage())
|
|
->danger()
|
|
->send();
|
|
|
|
return;
|
|
}
|
|
|
|
Notification::make()
|
|
->title('Restore run started')
|
|
->success()
|
|
->send();
|
|
|
|
return redirect(RestoreRunResource::getUrl('view', ['record' => $run]));
|
|
});
|
|
|
|
UiEnforcement::forAction($restoreToIntune)
|
|
->requireCapability(Capabilities::TENANT_MANAGE)
|
|
->apply();
|
|
|
|
$restoreToIntune
|
|
->disabled(function (PolicyVersion $record): bool {
|
|
if (($record->metadata['source'] ?? null) === 'metadata_only') {
|
|
return true;
|
|
}
|
|
|
|
$tenant = Tenant::current();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return true;
|
|
}
|
|
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return true;
|
|
}
|
|
|
|
return ! $resolver->can($user, $tenant, Capabilities::TENANT_MANAGE);
|
|
})
|
|
->tooltip(function (PolicyVersion $record): ?string {
|
|
if (($record->metadata['source'] ?? null) === 'metadata_only') {
|
|
return 'Disabled for metadata-only snapshots (Graph did not provide policy settings).';
|
|
}
|
|
|
|
$tenant = Tenant::current();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return null;
|
|
}
|
|
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
if (! $resolver->isMember($user, $tenant)) {
|
|
return null;
|
|
}
|
|
|
|
if (! $resolver->can($user, $tenant, Capabilities::TENANT_MANAGE)) {
|
|
return UiTooltips::INSUFFICIENT_PERMISSION;
|
|
}
|
|
|
|
return null;
|
|
});
|
|
|
|
return $table
|
|
->columns([
|
|
Tables\Columns\TextColumn::make('version_number')->sortable(),
|
|
Tables\Columns\TextColumn::make('captured_at')->dateTime()->sortable(),
|
|
Tables\Columns\TextColumn::make('created_by')->label('Actor'),
|
|
Tables\Columns\TextColumn::make('policy_type')
|
|
->badge()
|
|
->formatStateUsing(TagBadgeRenderer::label(TagBadgeDomain::PolicyType))
|
|
->color(TagBadgeRenderer::color(TagBadgeDomain::PolicyType))
|
|
->toggleable(isToggledHiddenByDefault: true),
|
|
])
|
|
->defaultSort('version_number', 'desc')
|
|
->filters([])
|
|
->headerActions([])
|
|
->actions([
|
|
$restoreToIntune,
|
|
Actions\ViewAction::make()
|
|
->url(fn ($record) => \App\Filament\Resources\PolicyVersionResource::getUrl('view', ['record' => $record]))
|
|
->openUrlInNewTab(false),
|
|
])
|
|
->bulkActions([]);
|
|
}
|
|
}
|