28 lines
1.1 KiB
Markdown
28 lines
1.1 KiB
Markdown
# Route Contract — Spec 083
|
|
|
|
This contract defines the **Required Permissions** routes and their **404/403 semantics**.
|
|
|
|
## Canonical management surface (must exist)
|
|
|
|
- `GET /admin/tenants/{tenant}/required-permissions`
|
|
|
|
Identifier contract:
|
|
- `{tenant}` is `Tenant.external_id` (Entra tenant GUID)
|
|
|
|
Authorization contract:
|
|
- Not authenticated → handled by Filament auth middleware
|
|
- Workspace not selected → 404 (deny-as-not-found)
|
|
- Not a workspace member → 404
|
|
- Workspace member but **not tenant-entitled** (no `tenant_memberships` row) → 404
|
|
- Tenant-entitled (including read-only) → 200
|
|
|
|
Action contract:
|
|
- This page is read-only. Any mutations are only linked to and executed on other surfaces.
|
|
- Mutations on other surfaces must enforce capability checks server-side (missing capability → 403).
|
|
- "Re-run verification" links canonical to the start-verification surface: `GET /admin/onboarding` (generated via route helper, not hardcoded legacy paths).
|
|
|
|
## Removed tenant-plane route (must 404)
|
|
|
|
The following route MUST NOT exist and MUST return 404 (no redirects, no aliases):
|
|
- `GET /admin/t/{tenant}/required-permissions`
|