70 lines
2.5 KiB
Markdown
70 lines
2.5 KiB
Markdown
# Quickstart: 106 — Required Permissions Sidebar Context Fix
|
|
|
|
**Branch**: `106-required-permissions-sidebar-context`
|
|
|
|
## What This Changes
|
|
|
|
The `EnsureFilamentTenantSelected` middleware is updated to recognize the Required Permissions page (`/admin/tenants/{tenant}/required-permissions`) as a workspace-scoped page. The page retains its `{tenant}` route parameter for data display and authorization, but the middleware no longer sets Filament's tenant context when serving this page. This causes the sidebar to render workspace-level navigation instead of tenant-level navigation.
|
|
|
|
## Files Modified
|
|
|
|
| File | Change |
|
|
|---|---|
|
|
| `app/Support/Middleware/EnsureFilamentTenantSelected.php` | Add workspace-scoped page allowlist check; add Livewire referer check |
|
|
| `tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php` | New test file — sidebar context assertions |
|
|
|
|
## Implementation Steps
|
|
|
|
### 1. Add workspace-scoped page path helper
|
|
|
|
In `EnsureFilamentTenantSelected`, add a private method:
|
|
|
|
```php
|
|
private function isWorkspaceScopedPageWithTenant(string $path): bool
|
|
{
|
|
return preg_match('#^/admin/tenants/[^/]+/required-permissions$#', $path) === 1;
|
|
}
|
|
```
|
|
|
|
### 2. Add Livewire referer check (before existing checks)
|
|
|
|
In the `/livewire/update` block, add:
|
|
|
|
```php
|
|
if (preg_match('#^/admin/tenants/[^/]+/required-permissions$#', $refererPath) === 1) {
|
|
$this->configureNavigationForRequest($panel);
|
|
return $next($request);
|
|
}
|
|
```
|
|
|
|
### 3. Split `{tenant}` param handling
|
|
|
|
In the `$tenantParameter !== null` block, after all 8 authorization checks pass, add:
|
|
|
|
```php
|
|
if ($this->isWorkspaceScopedPageWithTenant($path)) {
|
|
// Workspace-scoped page: authorize but do NOT set Filament tenant context.
|
|
// This preserves workspace sidebar while still validating tenant access.
|
|
$this->configureNavigationForRequest($panel);
|
|
return $next($request);
|
|
}
|
|
```
|
|
|
|
Place this **before** `Filament::setTenant($tenant, true)`.
|
|
|
|
### 4. Write tests
|
|
|
|
Create `tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php` with assertions:
|
|
- Sidebar shows workspace navigation items (Operations, Manage workspaces)
|
|
- Sidebar does NOT show tenant navigation items (Inventory, Backups & Restore)
|
|
- Livewire updates preserve workspace sidebar
|
|
- Other `{tenant}` pages still get tenant sidebar
|
|
|
|
## Verification
|
|
|
|
```bash
|
|
vendor/bin/sail artisan test --compact --filter=RequiredPermissionsSidebar
|
|
vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions/
|
|
vendor/bin/sail bin pint --dirty --format agent
|
|
```
|