ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8cffdbdb2c
TenantAtlas/apps/platform/app/Support/Auth/Capabilities.php
ahmido 0987527d0e feat: customer review acknowledgement lifecycle (343) (#415) 
## Summary
- add persisted customer review acknowledgement truth with capability gating and audit emission
- extend the customer review workspace with acknowledgement state, evidence basis details, and accepted-risk lifecycle visibility
- add focused feature and browser coverage plus Spec 343 screenshot artifacts and UI audit updates

## Scope
- Livewire v4 / Filament v5 surface only; no panel provider changes
- no new global assets; no `filament:assets` deployment change for this slice
- includes a PostgreSQL migration for `environment_review_acknowledgements`

## Guardrail / Exception / Smoke Coverage
- reachable UI surface changed: existing `/admin/reviews/workspace` customer-safe page
- UI audit updated in `docs/ui-ux-enterprise-audit/page-reports/ui-006-customer-review-workspace.md`
- screenshot artifacts included under `specs/343-customer-review-attestation-accepted-risk-lifecycle/artifacts/screenshots/`
- spec package includes plan, tasks, repo-truth map, and state contract for the implemented slice

## Notes
- target branch requested: `platform-dev`
- branch pushed from commit `aaaad441fd13dbac54e971ab48765c502ced6b3f`

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #415
2026-06-01 18:00:37 +00:00

184 lines
6.1 KiB
PHP
Raw Blame History

<?php
namespace App\Support\Auth;
/**
* Canonical Capability Registry
*
* This is the single source of truth for all capability strings in the system.
* All role-to-capability mappings must reference only these constants.
*/
class Capabilities
{
/**
* @var array<string>|null
*/
private static ?array $all = null;
// Workspaces
public const WORKSPACE_VIEW = 'workspace.view';
public const WORKSPACE_MANAGE = 'workspace.manage';
public const WORKSPACE_ARCHIVE = 'workspace.archive';
// Workspace memberships
public const WORKSPACE_MEMBERSHIP_VIEW = 'workspace_membership.view';
public const WORKSPACE_MEMBERSHIP_MANAGE = 'workspace_membership.manage';
// Managed environment onboarding
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD = 'workspace_managed_environment.onboard';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_IDENTIFY = 'workspace_managed_environment.onboard.identify';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CANCEL = 'workspace_managed_environment.onboard.cancel';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_VIEW = 'workspace_managed_environment.onboard.connection.view';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE = 'workspace_managed_environment.onboard.connection.manage';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_CONNECTION_MANAGE_DEDICATED = 'workspace_managed_environment.onboard.connection.manage_dedicated';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_VERIFICATION_START = 'workspace_managed_environment.onboard.verification.start';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_INVENTORY_SYNC = 'workspace_managed_environment.onboard.bootstrap.inventory_sync';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_POLICY_SYNC = 'workspace_managed_environment.onboard.bootstrap.policy_sync';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_BOOTSTRAP_BACKUP_BOOTSTRAP = 'workspace_managed_environment.onboard.bootstrap.backup_bootstrap';
public const WORKSPACE_MANAGED_ENVIRONMENT_ONBOARD_ACTIVATE = 'workspace_managed_environment.onboard.activate';
// Workspace settings
public const WORKSPACE_SETTINGS_VIEW = 'workspace_settings.view';
public const WORKSPACE_SETTINGS_MANAGE = 'workspace_settings.manage';
// Workspace alerts
public const ALERTS_VIEW = 'workspace_alerts.view';
public const ALERTS_MANAGE = 'workspace_alerts.manage';
// Tenants
public const TENANT_VIEW = 'tenant.view';
public const TENANT_MANAGE = 'tenant.manage';
public const TENANT_DELETE = 'tenant.delete';
public const TENANT_SYNC = 'tenant.sync';
// Support diagnostics
public const SUPPORT_DIAGNOSTICS_VIEW = 'support_diagnostics.view';
// Support requests
public const SUPPORT_REQUESTS_CREATE = 'support_requests.create';
// Inventory
public const TENANT_INVENTORY_SYNC_RUN = 'tenant_inventory_sync.run';
// Findings
public const TENANT_FINDINGS_VIEW = 'tenant_findings.view';
public const TENANT_FINDINGS_TRIAGE = 'tenant_findings.triage';
public const TENANT_FINDINGS_ASSIGN = 'tenant_findings.assign';
public const TENANT_FINDINGS_RESOLVE = 'tenant_findings.resolve';
public const TENANT_FINDINGS_CLOSE = 'tenant_findings.close';
public const TENANT_FINDINGS_RISK_ACCEPT = 'tenant_findings.risk_accept';
public const FINDING_EXCEPTION_VIEW = 'finding_exception.view';
public const FINDING_EXCEPTION_MANAGE = 'finding_exception.manage';
public const FINDING_EXCEPTION_APPROVE = 'finding_exception.approve';
// Verification
public const TENANT_VERIFICATION_ACKNOWLEDGE = 'tenant_verification.acknowledge';
// ManagedEnvironment memberships
public const TENANT_MEMBERSHIP_VIEW = 'tenant_membership.view';
public const TENANT_MEMBERSHIP_MANAGE = 'tenant_membership.manage';
// Optional mappings (no Graph resolution in v1)
public const TENANT_ROLE_MAPPING_VIEW = 'tenant_role_mapping.view';
public const TENANT_ROLE_MAPPING_MANAGE = 'tenant_role_mapping.manage';
// Backup schedules
public const TENANT_BACKUP_SCHEDULES_MANAGE = 'tenant_backup_schedules.manage';
public const TENANT_BACKUP_SCHEDULES_RUN = 'tenant_backup_schedules.run';
// Providers (existing gate names used throughout the app)
public const PROVIDER_VIEW = 'provider.view';
public const PROVIDER_MANAGE = 'provider.manage';
public const PROVIDER_MANAGE_DEDICATED = 'provider.manage_dedicated';
public const PROVIDER_RUN = 'provider.run';
// Workspace baselines (Golden Master governance)
public const WORKSPACE_BASELINES_VIEW = 'workspace_baselines.view';
public const WORKSPACE_BASELINES_MANAGE = 'workspace_baselines.manage';
// Audit
public const AUDIT_VIEW = 'audit.view';
// Entra admin roles
public const ENTRA_ROLES_VIEW = 'entra_roles.view';
public const ENTRA_ROLES_MANAGE = 'entra_roles.manage';
// Permission posture
public const PERMISSION_POSTURE_VIEW = 'permission_posture.view';
// Review packs
public const REVIEW_PACK_VIEW = 'review_pack.view';
public const REVIEW_PACK_MANAGE = 'review_pack.manage';
// ManagedEnvironment reviews
public const ENVIRONMENT_REVIEW_VIEW = 'environment_review.view';
public const ENVIRONMENT_REVIEW_MANAGE = 'environment_review.manage';
public const ENVIRONMENT_REVIEW_ACKNOWLEDGE = 'environment_review.acknowledge';
// Portfolio triage review progress
public const MANAGED_ENVIRONMENT_TRIAGE_REVIEW_MANAGE = 'managed_environment_triage_review.manage';
// Evidence snapshots
public const EVIDENCE_VIEW = 'evidence.view';
public const EVIDENCE_MANAGE = 'evidence.manage';
/**
* Get all capability constants
*
* @return array<string>
*/
public static function all(): array
{
if (self::$all !== null) {
return self::$all;
}
$reflection = new \ReflectionClass(self::class);
return self::$all = array_values($reflection->getConstants());
}
public static function isKnown(string $capability): bool
{
return in_array($capability, self::all(), true);
}
}
Reference in New Issue View Git Blame Copy Permalink