ahmido
3f09fd50f6
Implements Spec 080: split Filament into workspace-managed `/admin/*` (manage) vs tenant operations `/admin/t/{tenant}/*` (operate).
Highlights:
- Adds tenant operations panel (`tenant`) at `/admin/t` with tenancy by `Tenant.external_id`
- Keeps management resources in workspace panel (`admin`) under `/admin/tenants/*`
- Moves Provider Connections to workspace-managed routes: `/admin/tenants/{tenant}/provider-connections`
- Adds discoverability CTA on tenant view (Actions → Provider connections)
- Adds/updates Pest regression tests for routing boundaries, 404/403 RBAC-UX semantics, and global search isolation
- Includes full Spec Kit artifacts under `specs/080-workspace-managed-tenant-admin/`
Validation:
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php`
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #97
53 lines
1.6 KiB
Markdown
53 lines
1.6 KiB
Markdown
# Route Contract — Spec 080
|
|
|
|
This document defines the **expected user-facing route surfaces** and the **required 404/403 semantics**.
|
|
|
|
## Canonical Management (workspace-scoped)
|
|
|
|
All of the following are under `/admin/*` and require:
|
|
- selected workspace context
|
|
- workspace membership (non-member → 404)
|
|
|
|
Routes:
|
|
- `GET /admin/tenants`
|
|
- `GET /admin/tenants/{tenant}`
|
|
- `GET /admin/tenants/{tenant}/memberships`
|
|
- `GET /admin/tenants/{tenant}/provider-connections`
|
|
- `GET /admin/tenants/{tenant}/provider-connections/{connection}/edit`
|
|
- `GET /admin/tenants/{tenant}/required-permissions`
|
|
- (optional) `GET /admin/tenants/{tenant}/onboarding`
|
|
|
|
Identifier contract:
|
|
- `{tenant}` MUST be `Tenant.external_id` (Entra tenant GUID)
|
|
|
|
Authorization contract:
|
|
- member without capability:
|
|
- viewing pages: allowed
|
|
- mutating actions: 403
|
|
|
|
## Canonical Operate (tenant-scoped)
|
|
|
|
All of the following are under `/admin/t/{tenant}/*` and require:
|
|
- selected workspace context
|
|
- workspace membership
|
|
- tenant entitlement (non-entitled → 404)
|
|
|
|
Routes (contract targets for US2 tests):
|
|
- `GET /admin/t/{tenant}` (tenant dashboard root)
|
|
- `GET /admin/t/{tenant}/diagnostics` (operational diagnostics page)
|
|
|
|
## Removed Tenant-Scoped Management (must 404)
|
|
|
|
The following routes MUST NOT exist (no redirects in dev stage):
|
|
- `GET /admin/t/{tenant}/provider-connections*`
|
|
- `GET /admin/t/{tenant}/required-permissions*`
|
|
- `GET /admin/t/{tenant}/memberships*`
|
|
- `GET /admin/t/{tenant}/tenants*`
|
|
|
|
## Monitoring
|
|
|
|
- `GET /admin/operations`
|
|
- `GET /admin/operations/{run}`
|
|
|
|
Monitoring pages are DB-only at render time.
|