ahmido
98e2b5acd9
## Summary - add canonical managed-tenant onboarding draft routing with explicit draft identity and landing vs concrete draft behavior - implement draft lifecycle, authorization, attribution, picker UX, resume-stage resolution, and auditable cancel or completion semantics - add focused feature, unit, and browser coverage plus Spec 138 artifacts for the onboarding draft resume flow ## Validation - `vendor/bin/sail artisan test --compact tests/Feature/ManagedTenantOnboardingWizardTest.php tests/Feature/Audit/OnboardingDraftAuditTest.php tests/Feature/Onboarding/OnboardingDraftAccessTest.php tests/Feature/Onboarding/OnboardingDraftAuthorizationTest.php tests/Feature/Onboarding/OnboardingDraftLifecycleTest.php tests/Feature/Onboarding/OnboardingDraftMultiTabTest.php tests/Feature/Onboarding/OnboardingDraftPickerTest.php tests/Feature/Onboarding/OnboardingDraftRoutingTest.php tests/Feature/Onboarding/OnboardingRbacSemanticsTest.php tests/Feature/Onboarding/OnboardingVerificationClustersTest.php tests/Feature/Onboarding/OnboardingVerificationTest.php tests/Feature/Onboarding/OnboardingVerificationV1_5UxTest.php tests/Feature/Verification/VerificationReportViewerDbOnlyTest.php tests/Unit/Onboarding tests/Unit/VerificationReportSanitizerEvidenceKindsTest.php tests/Browser/OnboardingDraftRefreshTest.php tests/Browser/OnboardingDraftVerificationResumeTest.php` - passed: 69 tests, 251 assertions Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #167
2.5 KiB
2.5 KiB
Quickstart: Managed Tenant Onboarding Draft Identity & Resume Semantics
Scenario 1: Start a new onboarding draft
- Visit
/admin/onboardingin a workspace with no open onboarding drafts. - Confirm the page shows a clean start state and no misleading resume banner.
- Complete and confirm Step 1.
- Confirm the browser redirects to
/admin/onboarding/{draft}. - Refresh the page and confirm the identified tenant information still appears.
Scenario 2: Resume the only open draft
- Seed exactly one resumable onboarding draft in the current workspace.
- Visit
/admin/onboarding. - Confirm automatic redirect to
/admin/onboarding/{draft}. - Confirm the wizard displays a resume banner with tenant name, stage, and attribution.
Scenario 3: Choose among multiple drafts
- Seed multiple resumable drafts in the same workspace.
- Visit
/admin/onboarding. - Confirm a draft picker appears instead of a blank Step 1 or silent redirect.
- Resume one draft.
- Confirm the chosen draft opens on the correct derived stage.
Scenario 4: Hard refresh after provider selection
- Open a concrete draft URL where Step 1 is confirmed and a provider connection has been selected.
- Hard-refresh the browser.
- Confirm the same draft URL remains loaded.
- Confirm the selected provider connection and derived stage are restored.
- Confirm any secret entry field is empty after reload.
Scenario 5: Completed or cancelled draft direct access
- Mark a draft as completed or cancelled.
- Visit
/admin/onboarding/{draft}directly. - Confirm the draft does not reopen in editable wizard mode.
- Confirm the user sees a safe summary or non-resumable state.
Scenario 6: Cross-operator continuity
- Create a resumable draft as one authorized operator.
- Sign in as another authorized operator in the same workspace.
- Visit
/admin/onboardingand resume the draft. - Confirm started-by and last-updated-by attribution are visible and updated appropriately.
Scenario 7: Access semantics and activation guards survive refresh
- Attempt to load a concrete draft URL as a non-member or with the wrong workspace selected.
- Confirm the response remains deny-as-not-found.
- Attempt to load the same draft as an in-scope workspace member without onboarding capability.
- Confirm the response is policy-consistent
403. - Open a draft where activation is still blocked by verification or override requirements.
- Hard-refresh the draft URL.
- Confirm the activation guard, confirmation requirements, and override requirements remain in force after reload.