ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
b60a8cea04
TenantAtlas/specs/067-rbac-troubleshooting/quickstart.md
ahmido 3490fb9e2c feat: RBAC troubleshooting & tenant UI bugfix pack (spec 067) (#84) 
Summary
Implements Spec 067 “RBAC Troubleshooting & Tenant UI Bugfix Pack v1” for the tenant admin plane (/admin) with strict RBAC UX semantics:

Non-member tenant scope ⇒ 404 (deny-as-not-found)
Member lacking capability ⇒ 403 server-side, while the UI stays visible-but-disabled with standardized tooltips
What changed
Tenant view header actions now use centralized UI enforcement (no “normal click → error page” for readonly members).
Archived tenants remain resolvable in tenant-scoped routes for entitled members; an “Archived” banner is shown.
Adds tenant-scoped diagnostics page (/admin/t/{tenant}/diagnostics) with safe repair actions (confirmation + authorization + audit log).
Adds/updates targeted Pest tests to lock the 404 vs 403 semantics and action UX.
Implementation notes
Livewire v4.0+ compliance: Uses Filament v5 + Livewire v4 conventions; widget Blade views render a single root element.
Provider registration: Laravel 11+ providers stay in providers.php (no changes required).
Global search: No global search behavior/resources changed in this PR.
Destructive actions:
Tenant archive/restore/force delete and diagnostics repairs execute via ->action(...) and include ->requiresConfirmation().
Server-side authorization is enforced (non-members 404, insufficient capability 403).
Assets: No new assets. No change to php artisan filament:assets expectations.
Tests
Ran:

vendor/bin/sail bin pint --dirty
vendor/bin/sail artisan test --compact (focused files for Spec 067)

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #84
2026-01-31 20:09:25 +00:00

1.0 KiB
Raw Blame History

Quickstart — RBAC Troubleshooting & Tenant UI Bugfix Pack v1

Prereqs

  • Docker running
  • Laravel Sail dependencies installed

Run locally

  • Start containers: vendor/bin/sail up -d
  • Run targeted tests (after implementation):
    • vendor/bin/sail artisan test --compact tests/Feature/Rbac/
    • (guard) vendor/bin/sail artisan test --compact tests/Feature/Guards/NoAdHocFilamentAuthPatternsTest.php
  • Format: vendor/bin/sail bin pint --dirty

Manual smoke (after implementation)

  1. Sign in to /admin.
  2. Pick a tenant scope via the tenant menu.
  3. As a read-only member:
    • Tenant view page shows Edit/Deactivate disabled with tooltip.
    • Attempting to force-execute mutations still fails server-side.
  4. Archive a tenant, then:
    • Member can still open tenant view and sees an Archived banner.
    • Non-member gets 404 for tenant scope URLs.

Notes

  • Filament v5 requires Livewire v4.0+ (this repo is already on Livewire v4).
  • Panel providers in Laravel 11+ are registered in bootstrap/providers.php (this repo follows that convention).