ahmido
a770b32e87
Implements Spec 082 updates to the Filament Action Surface Contract: - New required list/table slot: InspectAffordance (clickable row via recordUrl preferred; also supports View action or primary link column) - Retrofit view-only tables to remove lone View row action buttons and use clickable rows - Update validator + guard tests, add golden regression assertions - Add docs: docs/ui/action-surface-contract.md Tests (local via Sail): - vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php - vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceValidatorTest.php - vendor/bin/sail artisan test --compact tests/Feature/Rbac/ActionSurfaceRbacSemanticsTest.php - vendor/bin/sail artisan test --compact tests/Feature/Filament/EntraGroupSyncRunResourceTest.php Notes: - Filament v5 / Livewire v4 compatible. - No destructive-action behavior changed in this PR. Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #100
1.1 KiB
1.1 KiB
Action surface contract
This project enforces a small “action surface contract” for Filament Resources / Pages / RelationManagers to keep table UIs consistent, quiet, and safe.
Inspect affordance (required)
Any list-style surface that exposes records must provide an inspect affordance so an admin can open a record.
Accepted implementations:
- Clickable rows (preferred): set
recordUrl()for the table. - View action: a
ViewActionin the row actions. - Primary link column: a column that is clearly the primary affordance to open the record.
Rule: no lone “View” button
Avoid rendering a table that only has a single View row action. This creates visual noise and adds an unnecessary Actions column.
Preferred approach:
- Make the row clickable via
recordUrl()and setactions([])so no Actions column is rendered.
RBAC / safety
- If the current user cannot inspect a record,
recordUrl()must returnnullfor that record. - UI visibility is not authorization; always enforce permissions at the policy / resource level.