ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
38d9826f5e
TenantAtlas/specs/064-auth-structure/quickstart.md
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

2.5 KiB
Raw Blame History

Quickstart: Auth Structure

This guide provides the essential steps for a developer to set up and test the 064-auth-structure feature locally.

Prerequisites

  • Ensure you are on the 064-auth-structure feature branch.
  • A working local development environment (Laravel Sail is preferred).
  • Entra ID application credentials must be configured in your .env file to test the /admin panel.

1. Apply Database Changes

Run the new migration to create the platform_users table and seed it with an initial administrator account.

# Using Laravel Sail
./vendor/bin/sail artisan migrate
./vendor/bin/sail artisan db:seed --class=PlatformUserSeeder

The default seeded platform user will be:

  • Email: operator@tenantpilot.io
  • Password: password

2. Configure Environment Variables

Add the following variables to your local .env file to control the new features.

# .env

# Enables the "break-glass" feature in the System Panel.
# Default: false
BREAK_GLASS_ENABLED=true

# Sets the duration (in minutes) for a break-glass session before it auto-expires.
# Default: 60
BREAK_GLASS_TTL_MINUTES=60

3. Verification Steps

Follow these steps to confirm the feature is working correctly.

a. Test System Panel Access

  1. Navigate to http://localhost/system/login.
  2. Log in using the seeded platform operator credentials:
    • Email: operator@tenantpilot.io
    • Password: password
  3. You should be successfully redirected to the System Panel dashboard.
  4. If BREAK_GLASS_ENABLED is true, find and activate the "Enter break-glass mode" feature. A persistent banner should appear at the top of the page.

b. Test Admin Panel Access

  1. Navigate to http://localhost/admin/login.
  2. Log in using a valid Microsoft Entra ID test user associated with a tenant.
  3. You should be successfully redirected to that tenant's dashboard.

c. Test Isolation (Cross-Scope Access)

  1. While logged into the System Panel (/system), attempt to navigate directly to a tenant-scoped admin URL (e.g., http://localhost/admin/t/1/dashboard).

    • Expected Result: You should receive a 404 Not Found error page.

  2. While logged into the Admin Panel (/admin), attempt to navigate directly to a system panel URL (e.g., http://localhost/system/dashboard).

    • Expected Result: You should receive a 404 Not Found error page.

If all the above steps are successful, the local setup is complete and correct.