ahmido
3f09fd50f6
Implements Spec 080: split Filament into workspace-managed `/admin/*` (manage) vs tenant operations `/admin/t/{tenant}/*` (operate).
Highlights:
- Adds tenant operations panel (`tenant`) at `/admin/t` with tenancy by `Tenant.external_id`
- Keeps management resources in workspace panel (`admin`) under `/admin/tenants/*`
- Moves Provider Connections to workspace-managed routes: `/admin/tenants/{tenant}/provider-connections`
- Adds discoverability CTA on tenant view (Actions → Provider connections)
- Adds/updates Pest regression tests for routing boundaries, 404/403 RBAC-UX semantics, and global search isolation
- Includes full Spec Kit artifacts under `specs/080-workspace-managed-tenant-admin/`
Validation:
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Spec080WorkspaceManagedTenantAdminMigrationTest.php`
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #97
2.9 KiB
2.9 KiB
Research — Spec 080 Workspace-Managed Tenant Administration Migration
Date: 2026-02-07
Decision 1 — Two Filament panels (workspace + tenant)
- Decision: Implement a workspace (tenantless) panel at
/adminand a tenant (tenancy) panel at/admin/t/{tenant}. - Rationale: This makes “Manage vs Operate” enforceable via route registration (removed routes 404), avoids tenant-context chicken-and-egg, and matches Filament-native separation.
- Alternatives considered:
- Keep a single panel and conditionally hide resources when tenant is selected: rejected because routes still exist and semantics are harder to enforce.
Decision 2 — Tenant panel path configuration to achieve /admin/t/{tenant}
- Decision: Configure the tenant panel with
path('admin/t'),tenant(Tenant::class, slugAttribute: 'external_id'), and no tenant route prefix (tenantRoutePrefix(null)/ default). - Rationale: Filament’s tenancy routing adds
/{tenant}after the panel path, and the optionaltenantRoutePrefixis only prepended when it is “filled”. Leaving it blank yields/admin/t/{tenant}(not/admin/t/t/{tenant}). - Alternatives considered:
- Keep the existing
path('admin') + tenantRoutePrefix('t')for a tenant panel: rejected because it would conflict with the workspace panel at the same path.
- Keep the existing
Decision 3 — Workspace context in URLs
- Decision: Workspace-managed tenant management uses
/admin/tenants*(workspace selected in session/context; enforced by middleware). - Rationale: Matches current app pattern (
ensure-workspace-selected) and reduces URL churn. - Alternatives considered:
/admin/w/{workspace}/tenants*: rejected because it’s not canonical for this feature and increases link surface.
Decision 4 — View vs mutation authorization in management scope
- Decision: Management pages are viewable for workspace members; mutations are capability-gated (403).
- Rationale: Aligns with RBAC-UX guidance: membership is isolation (404), capability is authorization (403).
- Alternatives considered:
- Require capability to view: rejected to avoid “mysterious forbidden” UX and because spec explicitly reserves 403 for mutations.
Decision 5 — Global search isolation
- Decision: Managed tenants are searchable in the workspace panel only; the tenant panel must not expose tenant-management entities via global search.
- Rationale: Prevents cross-scope discovery leaks and aligns with “Manage is workspace-scoped”.
- Alternatives considered:
- Disable global search entirely: rejected (spec wants workspace search behavior).
Decision 6 — How removed tenant-scoped management routes become 404
- Decision: Do not register tenant-management resources/pages in the tenant panel.
- Rationale: In Filament, unregistered resources/pages simply do not have routes; this is the cleanest dev-stage “no redirects” behavior.
- Alternatives considered:
- Redirect legacy tenant-scoped routes: rejected (explicit non-goal).