ahmido
38d9826f5e
Implements workspace-first enforcement and UX: - Workspace selected before tenant flows; /admin routes into choose-workspace/choose-tenant - Tenant lists and default tenant selection are scoped to current workspace - Workspaces UI is tenantless at /admin/workspaces Security hardening: - Workspaces can never have 0 owners (blocks last-owner removal/demotion) - Blocked attempts are audited with action_id=workspace_membership.last_owner_blocked + required metadata - Optional break-glass recovery page to re-assign workspace owner (audited) Tests: - Added/updated Pest feature tests covering redirects, scoping, tenantless workspaces, last-owner guards, and break-glass recovery. Notes: - Filament v5 strict Page property signatures respected in RepairWorkspaceOwners. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #86
26 lines
1.0 KiB
PHP
26 lines
1.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Audit;
|
|
|
|
enum AuditActionId: string
|
|
{
|
|
case WorkspaceMembershipAdd = 'workspace_membership.add';
|
|
case WorkspaceMembershipRoleChange = 'workspace_membership.role_change';
|
|
case WorkspaceMembershipRemove = 'workspace_membership.remove';
|
|
case WorkspaceMembershipLastOwnerBlocked = 'workspace_membership.last_owner_blocked';
|
|
case WorkspaceMembershipBreakGlassAssignOwner = 'workspace_membership.break_glass.assign_owner';
|
|
|
|
case TenantMembershipAdd = 'tenant_membership.add';
|
|
case TenantMembershipRoleChange = 'tenant_membership.role_change';
|
|
case TenantMembershipRemove = 'tenant_membership.remove';
|
|
case TenantMembershipLastOwnerBlocked = 'tenant_membership.last_owner_blocked';
|
|
|
|
// Not part of the v1 contract, but used in codebase.
|
|
case TenantMembershipBootstrapRecover = 'tenant_membership.bootstrap_recover';
|
|
|
|
// Diagnostics / repair actions.
|
|
case TenantMembershipDuplicatesMerged = 'tenant_membership.duplicates_merged';
|
|
}
|