ahmido
3490fb9e2c
Summary
Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics:
Non-member tenant scope ⇒ 404 (deny-as-not-found)
Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips
What changed
Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members).
Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown.
Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log).
Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX.
Implementation notes
Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element.
Provider registration: Laravel 11+ providers stay in providers.php (no changes required).
Global search: No global search behavior/resources changed in this PR.
Destructive actions:
Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation().
Server-side authorization is enforced (non-members 404, insufficient capability 403).
Assets: No new assets. No change to php artisan filament:assets expectations.
Tests
Ran:
vendor/bin/sail bin pint --dirty
vendor/bin/sail artisan test --compact (focused files for Spec 067)
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #84
44 lines
1.2 KiB
PHP
44 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Rbac;
|
|
|
|
/**
|
|
* Standardized tooltip and confirmation messages for RBAC UI enforcement.
|
|
*
|
|
* These constants provide consistent, non-leaky messaging for:
|
|
* - Permission denials (members lacking capability)
|
|
* - Destructive action confirmations
|
|
*
|
|
* @see \App\Support\Rbac\UiEnforcement
|
|
*/
|
|
final class UiTooltips
|
|
{
|
|
/**
|
|
* Tooltip shown when a member lacks the required capability.
|
|
* Intentionally vague to avoid leaking permission structure.
|
|
*/
|
|
public const INSUFFICIENT_PERMISSION = 'Insufficient permission — ask a tenant Owner.';
|
|
|
|
/**
|
|
* Modal heading for destructive action confirmation.
|
|
*/
|
|
public const DESTRUCTIVE_CONFIRM_TITLE = 'Are you sure?';
|
|
|
|
/**
|
|
* Modal description for destructive action confirmation.
|
|
*/
|
|
public const DESTRUCTIVE_CONFIRM_DESCRIPTION = 'This action cannot be undone.';
|
|
|
|
/**
|
|
* Tooltip for actions that are unavailable because the tenant is archived.
|
|
*/
|
|
public const TENANT_ARCHIVED = 'This tenant is archived.';
|
|
|
|
/**
|
|
* Tooltip for actions that are unavailable because a tenant must always have an owner.
|
|
*/
|
|
public const TENANT_OWNER_REQUIRED = 'This tenant must have at least one Owner.';
|
|
}
|