68 lines
2.2 KiB
Markdown
68 lines
2.2 KiB
Markdown
# Contracts — Routes & Semantics (077)
|
|
|
|
**Spec**: [specs/077-workspace-nav-monitoring-hub/spec.md](../spec.md)
|
|
|
|
This feature is an admin UI/navigation refactor. Contracts are expressed as web route semantics + access rules.
|
|
|
|
## Canonical routes
|
|
|
|
### Workspace context
|
|
|
|
- `GET /admin/choose-workspace`
|
|
- Purpose: select active workspace context
|
|
- Access: authenticated user
|
|
- Visibility: shows only workspaces where the user is a member
|
|
|
|
- `POST /admin/switch-workspace`
|
|
- Purpose: update workspace context
|
|
- Access: authenticated user
|
|
- Security:
|
|
- If user is not a member of the selected workspace → 404 (deny-as-not-found)
|
|
|
|
### Workspace management (CRUD)
|
|
|
|
- `GET /admin/workspaces`
|
|
- `GET /admin/workspaces/{workspace}`
|
|
- `GET /admin/workspaces/{workspace}/edit`
|
|
- `GET /admin/workspaces/create`
|
|
|
|
Contract semantics:
|
|
|
|
- Index lists only workspaces the user is a member of.
|
|
- If user attempts to access a workspace record they are not a member of → 404 (deny-as-not-found)
|
|
- If user is a member but lacks the required capability for a protected action/screen (create/edit/membership management) → 403
|
|
- If user is authorized → normal Filament behavior
|
|
|
|
### Monitoring hub — Operations
|
|
|
|
- `GET /admin/operations`
|
|
- Canonical operations index (tenantless URL)
|
|
- Behavior:
|
|
- If tenant context is active: default filter state = current tenant (removable)
|
|
- If tenant context is not active: workspace-wide list
|
|
|
|
- `GET /admin/operations/{run}`
|
|
- Canonical run deep link
|
|
- Security:
|
|
- If run belongs to a workspace the user is not a member of → 404
|
|
|
|
### Monitoring hub — Reserved surfaces (placeholders)
|
|
|
|
- `GET /admin/alerts`
|
|
- Reserved placeholder page
|
|
- Access: workspace members (workspace context required)
|
|
|
|
- `GET /admin/audit-log`
|
|
- Reserved placeholder page
|
|
- Access: workspace members (workspace context required)
|
|
|
|
## Status code rules (summary)
|
|
|
|
- Non-member / not entitled to the workspace scope → 404
|
|
- Member but missing capability (workspace-scoped protected actions) → 403
|
|
|
|
## Non-leakage requirements
|
|
|
|
- Global search must not list inaccessible workspaces/tenants/runs.
|
|
- Navigation labels and groups must not imply the existence of admin-only surfaces.
|