ahmido
6a86c5901a
Kontext / Ziel Diese PR standardisiert Tenant‑RBAC Enforcement in der Filament‑UI: statt ad-hoc Gate::*, abort_if/abort_unless und kopierten ->visible()/->disabled()‑Closures gibt es jetzt eine zentrale, wiederverwendbare Implementierung für Actions (Header/Table/Bulk). Links zur Spec: spec.md plan.md quickstart.md Was ist drin Neue zentrale Helper-API: UiEnforcement (Tenant-plane RBAC‑UX “source of truth” für Filament Actions) Standardisierte Tooltip-Texte und Context-DTO (UiTooltips, TenantAccessContext) Migration vieler tenant‑scoped Filament Action-Surfaces auf das Standardpattern (ohne ad-hoc Auth-Patterns) CI‑Guard (Test) gegen neue ad-hoc Patterns in app/Filament/**: verbietet Gate::allows/denies/check/authorize, use Illuminate\Support\Facades\Gate, abort_if/abort_unless Legacy-Allowlist ist aktuell leer (neue Verstöße failen sofort) RBAC-UX Semantik (konsequent & testbar) Non-member: UI Actions hidden (kein Tenant‑Leak); Execution wird blockiert (Filament hidden→disabled chain), Defense‑in‑depth enthält zusätzlich serverseitige Guards. Member ohne Capability: Action visible aber disabled + Standard-Tooltip; Execution wird blockiert (keine Side Effects). Member mit Capability: Action enabled und ausführbar. Destructive actions: über ->destructive() immer mit ->requiresConfirmation() + klare Warntexte (Execution bleibt über ->action(...)). Wichtig: In Filament v5 sind hidden/disabled Actions typischerweise “silently blocked” (200, keine Ausführung). Die Tests prüfen daher UI‑State + “no side effects”, nicht nur HTTP‑Statuscodes. Sicherheit / Scope Keine neuen DB-Tabellen, keine Migrations, keine Microsoft Graph Calls (DB‑only bei Render; kein outbound HTTP). Tenant Isolation bleibt Isolation‑Boundary (deny-as-not-found auf Tenant‑Ebene, Capability erst nach Membership). Kein Asset-Setup erforderlich; keine neuen Filament Assets. Compliance Notes (Repo-Regeln) Filament v5 / Livewire v4.0+ kompatibel. Keine Änderungen an Provider‑Registrierung (Laravel 11+/12: providers.php bleibt der Ort; hier unverändert). Global Search: keine gezielte Änderung am Global‑Search-Verhalten in dieser PR. Tests / Qualität Pest Feature/Unit Tests für Member/Non-member/Tooltip/Destructive/Regression‑Guard. Guard-Test: “No ad-hoc Filament auth patterns”. Full suite laut Tasks: vendor/bin/sail artisan test --compact → 837 passed, 5 skipped. Checklist: requirements.md vollständig (16/16). Review-Fokus API‑Usage in neuen/angepassten Filament Actions: UiEnforcement::forAction/forTableAction/forBulkAction(...)->requireCapability(...)->apply() Guard-Test soll “red” werden, sobald jemand neue ad-hoc Auth‑Patterns einführt (by design). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #81
215 lines
8.3 KiB
PHP
215 lines
8.3 KiB
PHP
<?php
|
|
|
|
namespace App\Filament\Resources;
|
|
|
|
use App\Filament\Clusters\Inventory\InventoryCluster;
|
|
use App\Filament\Resources\InventorySyncRunResource\Pages;
|
|
use App\Models\InventorySyncRun;
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Services\Auth\CapabilityResolver;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Badges\BadgeDomain;
|
|
use App\Support\Badges\BadgeRenderer;
|
|
use App\Support\OperationRunLinks;
|
|
use BackedEnum;
|
|
use Filament\Actions;
|
|
use Filament\Infolists\Components\TextEntry;
|
|
use Filament\Infolists\Components\ViewEntry;
|
|
use Filament\Resources\Resource;
|
|
use Filament\Schemas\Components\Section;
|
|
use Filament\Schemas\Schema;
|
|
use Filament\Tables;
|
|
use Filament\Tables\Table;
|
|
use Illuminate\Database\Eloquent\Builder;
|
|
use Illuminate\Database\Eloquent\Model;
|
|
use UnitEnum;
|
|
|
|
class InventorySyncRunResource extends Resource
|
|
{
|
|
protected static ?string $model = InventorySyncRun::class;
|
|
|
|
protected static bool $shouldRegisterNavigation = true;
|
|
|
|
protected static ?string $cluster = InventoryCluster::class;
|
|
|
|
protected static ?int $navigationSort = 2;
|
|
|
|
protected static string|BackedEnum|null $navigationIcon = 'heroicon-o-clock';
|
|
|
|
protected static string|UnitEnum|null $navigationGroup = 'Inventory';
|
|
|
|
public static function canViewAny(): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
/** @var CapabilityResolver $resolver */
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
return $resolver->can($user, $tenant, Capabilities::TENANT_VIEW);
|
|
}
|
|
|
|
public static function canView(Model $record): bool
|
|
{
|
|
$tenant = Tenant::current();
|
|
$user = auth()->user();
|
|
|
|
if (! $tenant instanceof Tenant || ! $user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
/** @var CapabilityResolver $resolver */
|
|
$resolver = app(CapabilityResolver::class);
|
|
|
|
if (! $resolver->can($user, $tenant, Capabilities::TENANT_VIEW)) {
|
|
return false;
|
|
}
|
|
|
|
if ($record instanceof InventorySyncRun) {
|
|
return (int) $record->tenant_id === (int) $tenant->getKey();
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
public static function getNavigationLabel(): string
|
|
{
|
|
return 'Sync History';
|
|
}
|
|
|
|
public static function form(Schema $schema): Schema
|
|
{
|
|
return $schema;
|
|
}
|
|
|
|
public static function infolist(Schema $schema): Schema
|
|
{
|
|
return $schema
|
|
->schema([
|
|
Section::make('Legacy run view')
|
|
->description('Canonical monitoring is now available in Monitoring → Operations.')
|
|
->schema([
|
|
TextEntry::make('canonical_view')
|
|
->label('Canonical view')
|
|
->state('View in Operations')
|
|
->url(fn (InventorySyncRun $record): string => OperationRunLinks::index(Tenant::current() ?? $record->tenant))
|
|
->badge()
|
|
->color('primary'),
|
|
])
|
|
->columnSpanFull(),
|
|
|
|
Section::make('Sync Run')
|
|
->schema([
|
|
TextEntry::make('user.name')
|
|
->label('Initiator')
|
|
->placeholder('—'),
|
|
TextEntry::make('status')
|
|
->badge()
|
|
->formatStateUsing(BadgeRenderer::label(BadgeDomain::InventorySyncRunStatus))
|
|
->color(BadgeRenderer::color(BadgeDomain::InventorySyncRunStatus))
|
|
->icon(BadgeRenderer::icon(BadgeDomain::InventorySyncRunStatus))
|
|
->iconColor(BadgeRenderer::iconColor(BadgeDomain::InventorySyncRunStatus)),
|
|
TextEntry::make('selection_hash')->label('Selection hash')->copyable(),
|
|
TextEntry::make('started_at')->dateTime(),
|
|
TextEntry::make('finished_at')->dateTime(),
|
|
TextEntry::make('items_observed_count')->label('Observed')->numeric(),
|
|
TextEntry::make('items_upserted_count')->label('Upserted')->numeric(),
|
|
TextEntry::make('errors_count')->label('Errors')->numeric(),
|
|
TextEntry::make('had_errors')
|
|
->label('Had errors')
|
|
->badge()
|
|
->formatStateUsing(BadgeRenderer::label(BadgeDomain::BooleanHasErrors))
|
|
->color(BadgeRenderer::color(BadgeDomain::BooleanHasErrors))
|
|
->icon(BadgeRenderer::icon(BadgeDomain::BooleanHasErrors))
|
|
->iconColor(BadgeRenderer::iconColor(BadgeDomain::BooleanHasErrors)),
|
|
])
|
|
->columns(2)
|
|
->columnSpanFull(),
|
|
|
|
Section::make('Selection Payload')
|
|
->schema([
|
|
ViewEntry::make('selection_payload')
|
|
->label('')
|
|
->view('filament.infolists.entries.snapshot-json')
|
|
->state(fn (InventorySyncRun $record) => $record->selection_payload ?? [])
|
|
->columnSpanFull(),
|
|
])
|
|
->columnSpanFull(),
|
|
|
|
Section::make('Error Summary')
|
|
->schema([
|
|
ViewEntry::make('error_codes')
|
|
->label('Error codes')
|
|
->view('filament.infolists.entries.snapshot-json')
|
|
->state(fn (InventorySyncRun $record) => $record->error_codes ?? [])
|
|
->columnSpanFull(),
|
|
ViewEntry::make('error_context')
|
|
->label('Safe error context')
|
|
->view('filament.infolists.entries.snapshot-json')
|
|
->state(fn (InventorySyncRun $record) => $record->error_context ?? [])
|
|
->columnSpanFull(),
|
|
])
|
|
->columnSpanFull(),
|
|
]);
|
|
}
|
|
|
|
public static function table(Table $table): Table
|
|
{
|
|
return $table
|
|
->defaultSort('id', 'desc')
|
|
->columns([
|
|
Tables\Columns\TextColumn::make('user.name')
|
|
->label('Initiator')
|
|
->placeholder('—')
|
|
->toggleable(),
|
|
Tables\Columns\TextColumn::make('status')
|
|
->badge()
|
|
->formatStateUsing(BadgeRenderer::label(BadgeDomain::InventorySyncRunStatus))
|
|
->color(BadgeRenderer::color(BadgeDomain::InventorySyncRunStatus))
|
|
->icon(BadgeRenderer::icon(BadgeDomain::InventorySyncRunStatus))
|
|
->iconColor(BadgeRenderer::iconColor(BadgeDomain::InventorySyncRunStatus)),
|
|
Tables\Columns\TextColumn::make('selection_hash')
|
|
->label('Selection')
|
|
->copyable()
|
|
->limit(12),
|
|
Tables\Columns\TextColumn::make('started_at')->since(),
|
|
Tables\Columns\TextColumn::make('finished_at')->since(),
|
|
Tables\Columns\TextColumn::make('items_observed_count')
|
|
->label('Observed')
|
|
->numeric(),
|
|
Tables\Columns\TextColumn::make('items_upserted_count')
|
|
->label('Upserted')
|
|
->numeric(),
|
|
Tables\Columns\TextColumn::make('errors_count')
|
|
->label('Errors')
|
|
->numeric(),
|
|
])
|
|
->actions([
|
|
Actions\ViewAction::make(),
|
|
])
|
|
->bulkActions([]);
|
|
}
|
|
|
|
public static function getEloquentQuery(): Builder
|
|
{
|
|
$tenantId = Tenant::current()?->getKey();
|
|
|
|
return parent::getEloquentQuery()
|
|
->with('user')
|
|
->when($tenantId, fn (Builder $query) => $query->where('tenant_id', $tenantId));
|
|
}
|
|
|
|
public static function getPages(): array
|
|
{
|
|
return [
|
|
'index' => Pages\ListInventorySyncRuns::route('/'),
|
|
'view' => Pages\ViewInventorySyncRun::route('/{record}'),
|
|
];
|
|
}
|
|
}
|