TenantAtlas/specs/083-required-permissions-hardening/quickstart.md

Quickstart — Spec 083

Dev prerequisites

• Run via Sail (local): Docker + vendor/bin/sail available.

What to validate

Route semantics

• Canonical (must exist): GET /admin/tenants/{tenant}/required-permissions
• Legacy (must 404): GET /admin/t/{tenant}/required-permissions

Authorization semantics

• Non-workspace-member → 404
• Workspace-member but not tenant-entitled → 404
• Tenant-entitled (including read-only) → 200

Render behavior

• Page render uses stored DB data only (no Graph / no outbound HTTP).
• If no stored permission data exists, page shows "Keine Daten verfügbar" with a canonical CTA to /admin/onboarding.
• "Technical details" appears after Issues/Passed and is collapsed by default.

Run targeted tests

• vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions/*
  • (Exact filenames to be created in Phase 2 tasks.)

Manual smoke test

1. Log in to admin panel.
2. Select a workspace.
3. Open /admin/tenants/{external_id}/required-permissions for a tenant you are a member of.
4. Confirm Summary + Issues-first layout and that "Re-run verification" links to /admin/onboarding.
5. As a user without tenant entitlement, confirm the same URL returns 404.