ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
5421aa06ae
TenantAtlas/specs/077-workspace-nav-monitoring-hub/contracts/routes.md

2.2 KiB
Raw Blame History

Contracts — Routes & Semantics (077)

Spec: specs/077-workspace-nav-monitoring-hub/spec.md

This feature is an admin UI/navigation refactor. Contracts are expressed as web route semantics + access rules.

Canonical routes

Workspace context

  • GET /admin/choose-workspace

    • Purpose: select active workspace context
    • Access: authenticated user
    • Visibility: shows only workspaces where the user is a member

  • POST /admin/switch-workspace

    • Purpose: update workspace context
    • Access: authenticated user
    • Security:
      • If user is not a member of the selected workspace → 404 (deny-as-not-found)

Workspace management (CRUD)

  • GET /admin/workspaces
  • GET /admin/workspaces/{workspace}
  • GET /admin/workspaces/{workspace}/edit
  • GET /admin/workspaces/create

Contract semantics:

  • Index lists only workspaces the user is a member of.
  • If user attempts to access a workspace record they are not a member of → 404 (deny-as-not-found)
  • If user is a member but lacks the required capability for a protected action/screen (create/edit/membership management) → 403
  • If user is authorized → normal Filament behavior

Monitoring hub — Operations

  • GET /admin/operations

    • Canonical operations index (tenantless URL)
    • Behavior:
      • If tenant context is active: default filter state = current tenant (removable)
      • If tenant context is not active: workspace-wide list

  • GET /admin/operations/{run}

    • Canonical run deep link
    • Security:
      • If run belongs to a workspace the user is not a member of → 404

Monitoring hub — Reserved surfaces (placeholders)

  • GET /admin/alerts

    • Reserved placeholder page
    • Access: workspace members (workspace context required)

  • GET /admin/audit-log

    • Reserved placeholder page
    • Access: workspace members (workspace context required)

Status code rules (summary)

  • Non-member / not entitled to the workspace scope → 404
  • Member but missing capability (workspace-scoped protected actions) → 403

Non-leakage requirements

  • Global search must not list inaccessible workspaces/tenants/runs.
  • Navigation labels and groups must not imply the existence of admin-only surfaces.