ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
a23684a852
TenantAtlas/specs/077-workspace-nav-monitoring-hub/contracts/routes.md
Ahmed Darrazi a23684a852 feat(spec-077): global mode + context bar redundancy cleanup 
- Define Global Mode: /admin/workspaces is workspace-optional; allowlist in EnsureWorkspaceSelected

- Remove redundancy: no sidebar Switch workspace; no topbar Manage workspaces link; tenant context read-only on /admin/t/{tenant}

- Unify workspace creation auth via WorkspacePolicy + Gate enforcement

- Tests: vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/Monitoring tests/Feature/OpsUx tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php
2026-02-06 23:11:14 +01:00

2.3 KiB
Raw Blame History

Contracts — Routes & Semantics (077)

Spec: specs/077-workspace-nav-monitoring-hub/spec.md

This feature is an admin UI/navigation refactor. Contracts are expressed as web route semantics + access rules.

Canonical routes

Workspace context

  • GET /admin/choose-workspace

    • Purpose: select active workspace context
    • Access: authenticated user
    • Visibility: shows only workspaces where the user is a member

  • POST /admin/switch-workspace

    • Purpose: update workspace context
    • Access: authenticated user
    • Security:
      • If user is not a member of the selected workspace → 404 (deny-as-not-found)

Workspace management (CRUD)

  • GET /admin/workspaces
  • GET /admin/workspaces/{workspace}
  • GET /admin/workspaces/{workspace}/edit
  • GET /admin/workspaces/create

Contract semantics:

  • Workspace context is optional on /admin/workspaces (Global Mode).
  • Index lists only workspaces the user is a member of.
  • If user attempts to access a workspace record they are not a member of → 404 (deny-as-not-found)
  • Workspace creation is self-serve for authenticated users (policy-driven).
  • If user is a member but lacks the required capability for a protected action/screen (edit/membership management) → 403
  • If user is authorized → normal Filament behavior

Monitoring hub — Operations

  • GET /admin/operations

    • Canonical operations index (tenantless URL)
    • Behavior:
      • If tenant context is active: default filter state = current tenant (removable)
      • If tenant context is not active: workspace-wide list

  • GET /admin/operations/{run}

    • Canonical run deep link
    • Security:
      • If run belongs to a workspace the user is not a member of → 404

Monitoring hub — Reserved surfaces (placeholders)

  • GET /admin/alerts

    • Reserved placeholder page
    • Access: workspace members (workspace context required)

  • GET /admin/audit-log

    • Reserved placeholder page
    • Access: workspace members (workspace context required)

Status code rules (summary)

  • Non-member / not entitled to the workspace scope → 404
  • Member but missing capability (workspace-scoped protected actions) → 403

Non-leakage requirements

  • Global search must not list inaccessible workspaces/tenants/runs.
  • Navigation labels and groups must not imply the existence of admin-only surfaces.