ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
38d9826f5e
TenantAtlas/specs/072-managed-tenants-workspace-enforcement/tasks.md
ahmido 38d9826f5e feat: workspace context enforcement + ownership safeguards (#86) 
Implements workspace-first enforcement and UX:
- Workspace selected before tenant flows; /admin routes into choose-workspace/choose-tenant
- Tenant lists and default tenant selection are scoped to current workspace
- Workspaces UI is tenantless at /admin/workspaces

Security hardening:
- Workspaces can never have 0 owners (blocks last-owner removal/demotion)
- Blocked attempts are audited with action_id=workspace_membership.last_owner_blocked + required metadata
- Optional break-glass recovery page to re-assign workspace owner (audited)

Tests:
- Added/updated Pest feature tests covering redirects, scoping, tenantless workspaces, last-owner guards, and break-glass recovery.

Notes:
- Filament v5 strict Page property signatures respected in RepairWorkspaceOwners.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #86
2026-02-02 23:00:56 +00:00

37 lines
2.2 KiB
Markdown
Raw Blame History

# Tasks — 072 Managed Tenants workspace context enforcement
## Setup
- [x] T001 Confirm legacy managed-tenants routes and current workspace middleware behavior.
## Tests (TDD)
- [x] T010 Add regression test: `/admin/managed-tenants` redirects to workspace landing when a workspace is selected.
- [x] T020 Add regression test: `/admin/t/{tenant}` is 404 when workspace context is missing.
- [x] T030 Add regression test: `/admin/t/{tenant}` is 404 when tenant.workspace_id mismatches current workspace.
- [x] T040 Add regression test: `/admin/choose-tenant` redirects to `/admin/choose-workspace` when workspace is not selected.
## Core
- [x] T100 Create workspace-scoped Managed Tenants landing at `/admin/w/{workspace}/managed-tenants`.
- [x] T110 Make unscoped `/admin/managed-tenants/*` legacy-only (redirect to workspace-scoped URLs).
- [x] T120 Implement hard enforcement: tenant routes require workspace context and tenant.workspace_id match.
- [x] T130 Ensure `/admin/choose-tenant` requires selected workspace.
- [x] T140 Move Workspaces UI out of tenant routing (serve at `/admin/workspaces/*`, not `/admin/t/{tenant}/workspaces`).
## UX follow-ups
- [x] T200 Ensure default tenant selection respects current workspace context.
- [x] T210 Add a workspace switcher in the user menu (link to Choose Workspace).
- [x] T220 Add regression tests for workspace switcher + tenant selection.
- [x] T230 Ensure `/admin` lands on workspace-first flow (avoid redirecting to tenant registration).
- [x] T240 After choosing a workspace with zero tenants, route into the workspace Managed Tenants landing (with CTA).
- [x] T250 Allow workspace owners to register the first tenant in a workspace (bootstrap).
## Security hardening (owners / audit / recovery)
- [x] T260 Enforce rule: workspaces can never have 0 owners (block last-owner removal + demotion).
- [x] T270 Audit every blocked last-owner attempt with `workspace_membership.last_owner_blocked` + required metadata.
- [x] T280 Optional: break-glass recovery flow to re-assign a workspace owner (fully audited).
## Validation
- [x] T900 Run Pint on dirty files.
- [x] T910 Run targeted Pest tests.
- [x] T920 Run targeted Pest tests for last-owner + recovery flow.
Reference in New Issue View Git Blame Copy Permalink