1.1 KiB
1.1 KiB
Route Contract — Spec 083
This contract defines the Required Permissions routes and their 404/403 semantics.
Canonical management surface (must exist)
GET /admin/tenants/{tenant}/required-permissions
Identifier contract:
{tenant}isTenant.external_id(Entra tenant GUID)
Authorization contract:
- Not authenticated → handled by Filament auth middleware
- Workspace not selected → 404 (deny-as-not-found)
- Not a workspace member → 404
- Workspace member but not tenant-entitled (no
tenant_membershipsrow) → 404 - Tenant-entitled (including read-only) → 200
Action contract:
- This page is read-only. Any mutations are only linked to and executed on other surfaces.
- Mutations on other surfaces must enforce capability checks server-side (missing capability → 403).
- "Re-run verification" links canonical to the start-verification surface:
GET /admin/onboarding(generated via route helper, not hardcoded legacy paths).
Removed tenant-plane route (must 404)
The following route MUST NOT exist and MUST return 404 (no redirects, no aliases):
GET /admin/t/{tenant}/required-permissions