ahmido
3f09fd50f6
Implements Spec 080: split Filament into workspace-managed `/admin/*` (manage) vs tenant operations `/admin/t/{tenant}/*` (operate).
Highlights:
- Adds tenant operations panel (`tenant`) at `/admin/t` with tenancy by `Tenant.external_id`
- Keeps management resources in workspace panel (`admin`) under `/admin/tenants/*`
- Moves Provider Connections to workspace-managed routes: `/admin/tenants/{tenant}/provider-connections`
- Adds discoverability CTA on tenant view (Actions → Provider connections)
- Adds/updates Pest regression tests for routing boundaries, 404/403 RBAC-UX semantics, and global search isolation
- Includes full Spec Kit artifacts under `specs/080-workspace-managed-tenant-admin/`
Validation:
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php`
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #97
120 lines
5.2 KiB
PHP
120 lines
5.2 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources\TenantResource\Pages;
|
|
|
|
use App\Filament\Resources\ProviderConnectionResource;
|
|
use App\Filament\Resources\TenantResource;
|
|
use App\Filament\Widgets\Tenant\RecentOperationsSummary;
|
|
use App\Filament\Widgets\Tenant\TenantArchivedBanner;
|
|
use App\Models\Tenant;
|
|
use App\Services\Intune\AuditLogger;
|
|
use App\Services\Intune\RbacHealthService;
|
|
use App\Services\Intune\TenantConfigService;
|
|
use App\Services\Intune\TenantPermissionService;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Rbac\UiEnforcement;
|
|
use Filament\Actions;
|
|
use Filament\Notifications\Notification;
|
|
use Filament\Resources\Pages\ViewRecord;
|
|
|
|
class ViewTenant extends ViewRecord
|
|
{
|
|
protected static string $resource = TenantResource::class;
|
|
|
|
protected function getHeaderWidgets(): array
|
|
{
|
|
return [
|
|
TenantArchivedBanner::class,
|
|
RecentOperationsSummary::class,
|
|
];
|
|
}
|
|
|
|
protected function getHeaderActions(): array
|
|
{
|
|
return [
|
|
Actions\ActionGroup::make([
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('provider_connections')
|
|
->label('Provider connections')
|
|
->icon('heroicon-o-link')
|
|
->url(fn (Tenant $record): string => ProviderConnectionResource::getUrl('index', ['tenant' => $record->external_id], panel: 'admin'))
|
|
)
|
|
->requireCapability(Capabilities::PROVIDER_VIEW)
|
|
->apply(),
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('edit')
|
|
->label('Edit')
|
|
->icon('heroicon-o-pencil-square')
|
|
->url(fn (Tenant $record): string => TenantResource::getUrl('edit', ['record' => $record]))
|
|
)
|
|
->requireCapability(Capabilities::TENANT_MANAGE)
|
|
->apply(),
|
|
Actions\Action::make('admin_consent')
|
|
->label('Admin consent')
|
|
->icon('heroicon-o-clipboard-document')
|
|
->url(fn (Tenant $record) => TenantResource::adminConsentUrl($record))
|
|
->visible(fn (Tenant $record) => TenantResource::adminConsentUrl($record) !== null)
|
|
->openUrlInNewTab(),
|
|
Actions\Action::make('open_in_entra')
|
|
->label('Open in Entra')
|
|
->icon('heroicon-o-arrow-top-right-on-square')
|
|
->url(fn (Tenant $record) => TenantResource::entraUrl($record))
|
|
->visible(fn (Tenant $record) => TenantResource::entraUrl($record) !== null)
|
|
->openUrlInNewTab(),
|
|
Actions\Action::make('verify')
|
|
->label('Verify configuration')
|
|
->icon('heroicon-o-check-badge')
|
|
->color('primary')
|
|
->requiresConfirmation()
|
|
->action(function (
|
|
Tenant $record,
|
|
TenantConfigService $configService,
|
|
TenantPermissionService $permissionService,
|
|
RbacHealthService $rbacHealthService,
|
|
AuditLogger $auditLogger
|
|
) {
|
|
TenantResource::verifyTenant($record, $configService, $permissionService, $rbacHealthService, $auditLogger);
|
|
}),
|
|
TenantResource::rbacAction(),
|
|
UiEnforcement::forAction(
|
|
Actions\Action::make('archive')
|
|
->label('Deactivate')
|
|
->color('danger')
|
|
->icon('heroicon-o-archive-box-x-mark')
|
|
->visible(fn (Tenant $record): bool => ! $record->trashed())
|
|
->action(function (Tenant $record, AuditLogger $auditLogger): void {
|
|
$record->delete();
|
|
|
|
$auditLogger->log(
|
|
tenant: $record,
|
|
action: 'tenant.archived',
|
|
resourceType: 'tenant',
|
|
resourceId: (string) $record->getKey(),
|
|
status: 'success',
|
|
context: [
|
|
'metadata' => [
|
|
'internal_tenant_id' => (int) $record->getKey(),
|
|
'tenant_guid' => (string) $record->tenant_id,
|
|
],
|
|
]
|
|
);
|
|
|
|
Notification::make()
|
|
->title('Tenant deactivated')
|
|
->body('The tenant has been archived and hidden from lists.')
|
|
->success()
|
|
->send();
|
|
})
|
|
)
|
|
->preserveVisibility()
|
|
->requireCapability(Capabilities::TENANT_DELETE)
|
|
->destructive()
|
|
->apply(),
|
|
])
|
|
->label('Actions')
|
|
->icon('heroicon-o-ellipsis-vertical')
|
|
->color('gray'),
|
|
];
|
|
}
|
|
}
|