ahmido
90bfe1516e
Implements Spec 090 (Action Surface Contract Compliance & RBAC Hardening). Highlights: - Adds/updates action surface declarations and shrinks baseline exemptions. - Standardizes Filament action grouping/order and empty-state CTAs. - Enforces RBAC UX semantics (non-member -> 404, member w/o capability -> disabled + tooltip, server-side 403). - Adds audit logging for successful side-effect actions. - Fixes Provider Connections list context so header create + row actions resolve tenant correctly. Tests (focused): - vendor/bin/sail artisan test --compact tests/Feature/090/ - vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php - vendor/bin/sail bin pint --dirty Livewire/Filament: - Filament v5 + Livewire v4 compliant. - No panel provider registration changes (Laravel 11+ registration remains in bootstrap/providers.php). Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #108
60 lines
2.4 KiB
Markdown
60 lines
2.4 KiB
Markdown
# Data Model — Spec 090 (Action Surface Contract Compliance & RBAC Hardening)
|
|
|
|
## Summary
|
|
Spec 090 is primarily a UI + authorization + auditability retrofit. **No new tables are required**. The feature standardizes how existing entities are presented and how actions are gated and audited.
|
|
|
|
## Entities (Existing)
|
|
|
|
### `AuditLog`
|
|
- **Purpose**: Durable audit trail for security/ops-relevant actions.
|
|
- **Key fields (observed from loggers)**:
|
|
- `tenant_id` (nullable)
|
|
- `workspace_id` (nullable)
|
|
- `actor_id`, `actor_email`, `actor_name`
|
|
- `action` (stable action id string)
|
|
- `resource_type`, `resource_id`
|
|
- `status` (`success` for Spec 090 scope)
|
|
- `metadata` (sanitized)
|
|
- `recorded_at`
|
|
- **Writers**:
|
|
- Tenant-scoped: `App\Services\Intune\AuditLogger`
|
|
- Workspace-scoped: `App\Services\Audit\WorkspaceAuditLogger`
|
|
|
|
### `OperationRun`
|
|
- **Purpose**: Observability record for queued/remote operations.
|
|
- **Spec 090 usage**: Operation-start actions must enqueue work and link to the run (“View run”).
|
|
|
|
### Tenant-scoped domain entities
|
|
- `Tenant`
|
|
- `Policy` / `PolicyVersion`
|
|
- `BackupSchedule` (+ executions via `OperationRun` type `backup_schedule_run`)
|
|
- `ProviderConnection`
|
|
- `Finding`
|
|
- `InventoryItem`
|
|
- `EntraGroup`
|
|
|
|
### Workspace-scoped domain entities
|
|
- `Workspace`
|
|
- workspace memberships (used for isolation boundary)
|
|
|
|
## Relationships (High-level)
|
|
- `Workspace` has many `Tenant`.
|
|
- `Tenant` has many `Policy`, `BackupSchedule`, `ProviderConnection`, `Finding`, `InventoryItem`, `EntraGroup`.
|
|
- `OperationRun` is scoped by `(workspace_id, tenant_id)` when applicable.
|
|
- `AuditLog` is scoped either by `tenant_id` (tenant-plane audits) or `workspace_id` (workspace-plane audits).
|
|
|
|
## Authorization/Capability Model (Existing)
|
|
- Canonical capability registry: `App\Support\Auth\Capabilities`.
|
|
- Capability resolution: `App\Services\Auth\CapabilityResolver`.
|
|
- Filament gating helpers:
|
|
- `App\Support\Rbac\UiEnforcement` (tenant scope)
|
|
- `App\Support\Rbac\WorkspaceUiEnforcement` (workspace scope)
|
|
|
|
## State Transitions (Relevant)
|
|
- “Side-effect action executed” → writes an `AuditLog` entry (success only for Spec 090).
|
|
- “Operation start action executed” → creates/reuses an `OperationRun`, enqueues background work, then links user to the run.
|
|
|
|
## Non-goals / Deferred
|
|
- BackupSchedule retention (soft delete/restore/force delete) is explicitly deferred.
|
|
- No schema changes are required for action-surface declarations; these live in code.
|