53 lines
1.6 KiB
Markdown
53 lines
1.6 KiB
Markdown
# Route Contract — Spec 080
|
|
|
|
This document defines the **expected user-facing route surfaces** and the **required 404/403 semantics**.
|
|
|
|
## Canonical Management (workspace-scoped)
|
|
|
|
All of the following are under `/admin/*` and require:
|
|
- selected workspace context
|
|
- workspace membership (non-member → 404)
|
|
|
|
Routes:
|
|
- `GET /admin/tenants`
|
|
- `GET /admin/tenants/{tenant}`
|
|
- `GET /admin/tenants/{tenant}/memberships`
|
|
- `GET /admin/tenants/{tenant}/provider-connections`
|
|
- `GET /admin/tenants/{tenant}/provider-connections/{connection}/edit`
|
|
- `GET /admin/tenants/{tenant}/required-permissions`
|
|
- (optional) `GET /admin/tenants/{tenant}/onboarding`
|
|
|
|
Identifier contract:
|
|
- `{tenant}` MUST be `Tenant.external_id` (Entra tenant GUID)
|
|
|
|
Authorization contract:
|
|
- member without capability:
|
|
- viewing pages: allowed
|
|
- mutating actions: 403
|
|
|
|
## Canonical Operate (tenant-scoped)
|
|
|
|
All of the following are under `/admin/t/{tenant}/*` and require:
|
|
- selected workspace context
|
|
- workspace membership
|
|
- tenant entitlement (non-entitled → 404)
|
|
|
|
Routes (contract targets for US2 tests):
|
|
- `GET /admin/t/{tenant}` (tenant dashboard root)
|
|
- `GET /admin/t/{tenant}/diagnostics` (operational diagnostics page)
|
|
|
|
## Removed Tenant-Scoped Management (must 404)
|
|
|
|
The following routes MUST NOT exist (no redirects in dev stage):
|
|
- `GET /admin/t/{tenant}/provider-connections*`
|
|
- `GET /admin/t/{tenant}/required-permissions*`
|
|
- `GET /admin/t/{tenant}/memberships*`
|
|
- `GET /admin/t/{tenant}/tenants*`
|
|
|
|
## Monitoring
|
|
|
|
- `GET /admin/operations`
|
|
- `GET /admin/operations/{run}`
|
|
|
|
Monitoring pages are DB-only at render time.
|