ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
562996c508
TenantAtlas/specs/285-workspace-rbac-environment-access/checklists/requirements.md
Ahmed Darrazi ef02ff5a29
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 8m29s
Details
feat: implement spec 285 workspace-first environment access
2026-05-09 14:36:12 +02:00

49 lines
3.0 KiB
Markdown
Raw Blame History

# Requirements Checklist: Workspace-first RBAC & Environment Access Scoping
## Scope and problem framing
- [x] The package describes the real repo problem as dual role-bearing authorization truth, not generic missing RBAC.
- [x] The package keeps `WorkspaceMembership` as the only role-bearing truth.
- [x] The package treats the current `ManagedEnvironmentMembership` semantics as a narrow access-scope overlay or in-place successor only.
- [x] The package keeps environment scope optional and narrowing-only.
- [x] The package does not absorb provider capability, source taxonomy, copy/localization, or cutover-guardrail work from adjacent specs.
## Repo-truth anchoring
- [x] The package reflects the current repo term `ManagedEnvironmentMembership` rather than the stale raw-candidate term `TenantMembership`.
- [x] The package references the existing workspace-first seams: `WorkspaceMembership`, `WorkspaceCapabilityResolver`, and `WorkspaceContext`.
- [x] The package references the current environment-owned seams that must be retargeted: `CapabilityResolver`, `User::canAccessTenant()`, key policies, and the tenant-membership Filament surfaces.
- [x] The package keeps `OperationRun` authorization split between workspace-bound and environment-bound runs.
## Authorization contract
- [x] Non-membership or out-of-scope access remains `404`.
- [x] In-scope members missing capability remain `403`.
- [x] Provider capability and operability remain downstream gates after local RBAC passes.
- [x] No scope row can grant access without workspace membership.
- [x] No second role selector survives on the managed-environment access-scope surface.
- [x] Touched searchable-resource results remain non-member-safe and out-of-scope-safe.
- [x] Denied-access diagnostics are modeled as derived, boundary-safe logging rather than new persisted truth.
## Filament and UI guardrails
- [x] Filament remains v5 on Livewire v4.
- [x] Provider registration remains in `apps/platform/bootstrap/providers.php`.
- [x] Touched destructive actions remain `->action(...)` plus `->requiresConfirmation()`.
- [x] `ProviderConnectionResource` remains non-globally-searchable and no touched searchable resource loses its valid View or Edit destination.
- [x] Asset strategy remains unchanged and does not introduce new `filament:assets` requirements beyond existing deployment expectations.
## Testing and readiness
- [x] The package defines bounded proof through unit, feature, and one browser smoke.
- [x] The same validation commands appear in `spec.md`, `plan.md`, and `quickstart.md`.
- [x] The package states that Specs `280`, `281`, and `283` are external prerequisites for runtime implementation.
- [x] The package stays prep-only and does not claim implementation has already landed.
## Outcome
- **Review outcome class**: `blocked-by-prerequisites`
- **Workflow outcome**: `keep`
- **Test-governance outcome**: `keep`
- **Readiness note**: implementation is externally gated until Specs `280`, `281`, and `283` are present on the branch
Reference in New Issue View Git Blame Copy Permalink