ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
8e34b6084f
TenantAtlas/specs/073-unified-managed-tenant-onboarding-wizard/quickstart.md
ahmido 8e34b6084f 073-unified-managed-tenant-onboarding-wizard (#90) 
Kontext / Ziel
Diese PR liefert den einzigen kanonischen Onboarding-Entry unter /admin/onboarding (workspace-first, tenantless bis zur Aktivierung) und ergänzt einen tenantless OperationRun-Viewer unter /admin/operations/{run} mit membership→404 Semantik.

Was ist enthalten?
Single entry point: /admin/onboarding ist der einzige Einstieg; Legacy Entry Points liefern echte 404 (keine Redirects).
Wizard v1 (Enterprise): idempotentes Identifizieren eines Managed Tenants (per Entra Tenant ID), resumable Session-Flow.
Provider Connection Step: Auswahl oder Erstellung, Secrets werden nie erneut gerendert / nicht in Session-State persistiert.
Verification als OperationRun: async/queued, DB-only Rendering im Wizard (keine Graph-Calls beim Rendern).
Tenantless Run Viewing: /admin/operations/{run} funktioniert ohne ausgewählten Workspace/Tenant, aber bleibt über Workspace-Mitgliedschaft autorisiert (non-member → 404).
RBAC-UX Semantik: non-member → 404, member ohne Capability → UI disabled + tooltip, server-side Action → 403.
Auditability: Aktivierung/Overrides sind auditierbar, stable action IDs, keine Secrets.
Tech / Version-Safety
Filament v5 / Livewire v4.0+ kompatibel.
Laravel 11+: Panel Provider Registrierung in providers.php (unverändert).
Tests / Format
vendor/bin/sail bin pint --dirty
Full suite: vendor/bin/sail artisan test --no-ansi → 984 passed, 5 skipped (exit 0)
Ops / Deployment Notes
Keine zusätzlichen Services vorausgesetzt.
Falls Assets registriert wurden: Deployment weiterhin mit php artisan filament:assets (wie üblich im Projekt).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@adsmac.fritz.box>
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #90
2026-02-04 23:30:55 +00:00

36 lines
1.2 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Quickstart — Unified Managed Tenant Onboarding Wizard (073)
## Local setup
- Start containers: `vendor/bin/sail up -d`
- Install deps (if needed): `vendor/bin/sail composer install` and `vendor/bin/sail npm install`
- Run migrations: `vendor/bin/sail artisan migrate`
- Run frontend build/dev:
- `vendor/bin/sail npm run dev` (watch)
- or `vendor/bin/sail npm run build`
## Using the wizard (expected flow)
1) Sign in to `/admin`.
2) Open `/admin/onboarding`.
3) If no workspace is selected, you are redirected to `/admin/choose-workspace`.
4) Complete Identify → Connection → Verify (queued) → optional Bootstrap → Activate.
Notes:
- The onboarding UI must render DB-only; Graph calls occur only in queued work.
- Verification/bootstrap are tracked as `OperationRun`s.
- The “View run” link must open `/admin/operations/{run}` (tenantless). This page must be accessible without a selected workspace, but only to members of the runs workspace.
## Tests
Run targeted tests (expected file name when implemented):
- `vendor/bin/sail artisan test --compact --filter=Onboarding`
## Deploy / Ops
If Filament assets are used/registered, deployment must include:
- `php artisan filament:assets`
Reference in New Issue View Git Blame Copy Permalink