ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
c92df337a9
TenantAtlas/specs/090-action-surface-contract-compliance/data-model.md
ahmido 90bfe1516e feat(spec-090): action surface contract compliance (#108) 
Implements Spec 090 (Action Surface Contract Compliance & RBAC Hardening).

Highlights:
- Adds/updates action surface declarations and shrinks baseline exemptions.
- Standardizes Filament action grouping/order and empty-state CTAs.
- Enforces RBAC UX semantics (non-member -> 404, member w/o capability -> disabled + tooltip, server-side 403).
- Adds audit logging for successful side-effect actions.
- Fixes Provider Connections list context so header create + row actions resolve tenant correctly.

Tests (focused):
- vendor/bin/sail artisan test --compact tests/Feature/090/
- vendor/bin/sail artisan test --compact tests/Feature/Guards/ActionSurfaceContractTest.php
- vendor/bin/sail bin pint --dirty

Livewire/Filament:
- Filament v5 + Livewire v4 compliant.
- No panel provider registration changes (Laravel 11+ registration remains in bootstrap/providers.php).

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #108
2026-02-13 01:30:22 +00:00

2.4 KiB
Raw Blame History

Data Model — Spec 090 (Action Surface Contract Compliance & RBAC Hardening)

Summary

Spec 090 is primarily a UI + authorization + auditability retrofit. No new tables are required. The feature standardizes how existing entities are presented and how actions are gated and audited.

Entities (Existing)

AuditLog

  • Purpose: Durable audit trail for security/ops-relevant actions.
  • Key fields (observed from loggers):
    • tenant_id (nullable)
    • workspace_id (nullable)
    • actor_id, actor_email, actor_name
    • action (stable action id string)
    • resource_type, resource_id
    • status (success for Spec 090 scope)
    • metadata (sanitized)
    • recorded_at
  • Writers:
    • Tenant-scoped: App\Services\Intune\AuditLogger
    • Workspace-scoped: App\Services\Audit\WorkspaceAuditLogger

OperationRun

  • Purpose: Observability record for queued/remote operations.
  • Spec 090 usage: Operation-start actions must enqueue work and link to the run (“View run”).

Tenant-scoped domain entities

  • Tenant
  • Policy / PolicyVersion
  • BackupSchedule (+ executions via OperationRun type backup_schedule_run)
  • ProviderConnection
  • Finding
  • InventoryItem
  • EntraGroup

Workspace-scoped domain entities

  • Workspace
  • workspace memberships (used for isolation boundary)

Relationships (High-level)

  • Workspace has many Tenant.
  • Tenant has many Policy, BackupSchedule, ProviderConnection, Finding, InventoryItem, EntraGroup.
  • OperationRun is scoped by (workspace_id, tenant_id) when applicable.
  • AuditLog is scoped either by tenant_id (tenant-plane audits) or workspace_id (workspace-plane audits).

Authorization/Capability Model (Existing)

  • Canonical capability registry: App\Support\Auth\Capabilities.
  • Capability resolution: App\Services\Auth\CapabilityResolver.
  • Filament gating helpers:
    • App\Support\Rbac\UiEnforcement (tenant scope)
    • App\Support\Rbac\WorkspaceUiEnforcement (workspace scope)

State Transitions (Relevant)

  • “Side-effect action executed” → writes an AuditLog entry (success only for Spec 090).
  • “Operation start action executed” → creates/reuses an OperationRun, enqueues background work, then links user to the run.

Non-goals / Deferred

  • BackupSchedule retention (soft delete/restore/force delete) is explicitly deferred.
  • No schema changes are required for action-surface declarations; these live in code.