ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
38fa4cdea1
TenantAtlas/app/Providers/AuthServiceProvider.php
Ahmed Darrazi 7b0a383182 feat: unified managed tenant onboarding wizard 
Implements workspace-scoped managed tenant onboarding wizard (Filament v5 / Livewire v4) with strict RBAC (404/403 semantics), resumable sessions, provider connection selection/creation, verification OperationRun, and optional bootstrap. Removes legacy onboarding entrypoints and adds Pest coverage + spec artifacts (073).
2026-02-03 18:27:39 +01:00

68 lines
2.2 KiB
PHP
Raw Blame History

<?php
namespace App\Providers;
use App\Models\PlatformUser;
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\User;
use App\Models\Workspace;
use App\Policies\ProviderConnectionPolicy;
use App\Services\Auth\CapabilityResolver;
use App\Services\Auth\WorkspaceCapabilityResolver;
use App\Support\Auth\Capabilities;
use App\Support\Auth\PlatformCapabilities;
use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider;
use Illuminate\Support\Facades\Gate;
class AuthServiceProvider extends ServiceProvider
{
protected $policies = [
ProviderConnection::class => ProviderConnectionPolicy::class,
];
public function boot(): void
{
$this->registerPolicies();
$tenantResolver = app(CapabilityResolver::class);
$workspaceResolver = app(WorkspaceCapabilityResolver::class);
$defineTenantCapability = function (string $capability) use ($tenantResolver): void {
Gate::define($capability, function (User $user, ?Tenant $tenant = null) use ($tenantResolver, $capability): bool {
if (! $tenant instanceof Tenant) {
return false;
}
return $tenantResolver->can($user, $tenant, $capability);
});
};
$defineWorkspaceCapability = function (string $capability) use ($workspaceResolver): void {
Gate::define($capability, function (User $user, ?Workspace $workspace = null) use ($workspaceResolver, $capability): bool {
if (! $workspace instanceof Workspace) {
return false;
}
return $workspaceResolver->can($user, $workspace, $capability);
});
};
foreach (Capabilities::all() as $capability) {
if (str_starts_with($capability, 'workspace')) {
$defineWorkspaceCapability($capability);
continue;
}
$defineTenantCapability($capability);
}
foreach (PlatformCapabilities::all() as $capability) {
Gate::define($capability, function (PlatformUser $user) use ($capability): bool {
return $user->hasCapability($capability);
});
}
}
}
Reference in New Issue View Git Blame Copy Permalink