ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ccfd491260
TenantAtlas/specs/064-auth-structure/quickstart.md
ahmido 210cf5ce8b feat: implement auth structure system panel (#77) 
Implements 064-auth-structure (Auth Structure v1.0):

Adds platform_users + PlatformUser identity (factory + seeder) for platform operators
Introduces platform auth guard/provider in auth.php
Adds a dedicated Filament v5 System panel at system using guard platform (custom login + dashboard)
Enforces strict cross-scope isolation between /admin and system (deny-as-404)
Adds platform capability gating (platform.access_system_panel, platform.use_break_glass) + gates in AuthServiceProvider
Implements audited break-glass mode (enter/exit/expire), banner via render hook, feature flag + TTL config
Removes legacy users.is_platform_superadmin runtime usage and adds an architecture test to prevent regressions
Updates tenant membership pivot usage where needed (tenant_memberships)
Testing:

vendor/bin/sail artisan test --compact tests/Feature/Auth (28 passed)
vendor/bin/sail bin pint --dirty
Notes:

Filament v5 / Livewire v4 compatible.
Panel providers registered in providers.php.
Destructive actions use ->action(...) + ->requiresConfirmation() where applicable.

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #77
2026-01-27 21:49:18 +00:00

69 lines
2.5 KiB
Markdown
Raw Blame History

# Quickstart: Auth Structure
This guide provides the essential steps for a developer to set up and test the `064-auth-structure` feature locally.
## Prerequisites
- Ensure you are on the `064-auth-structure` feature branch.
- A working local development environment (Laravel Sail is preferred).
- Entra ID application credentials must be configured in your `.env` file to test the `/admin` panel.
## 1. Apply Database Changes
Run the new migration to create the `platform_users` table and seed it with an initial administrator account.
```bash
# Using Laravel Sail
./vendor/bin/sail artisan migrate
./vendor/bin/sail artisan db:seed --class=PlatformUserSeeder
```
The default seeded platform user will be:
- **Email**: `operator@tenantpilot.io`
- **Password**: `password`
## 2. Configure Environment Variables
Add the following variables to your local `.env` file to control the new features.
```dotenv
# .env
# Enables the "break-glass" feature in the System Panel.
# Default: false
BREAK_GLASS_ENABLED=true
# Sets the duration (in minutes) for a break-glass session before it auto-expires.
# Default: 60
BREAK_GLASS_TTL_MINUTES=60
```
## 3. Verification Steps
Follow these steps to confirm the feature is working correctly.
### a. Test System Panel Access
1. Navigate to `http://localhost/system/login`.
2. Log in using the seeded platform operator credentials:
- Email: `operator@tenantpilot.io`
- Password: `password`
3. You should be successfully redirected to the System Panel dashboard.
4. If `BREAK_GLASS_ENABLED` is `true`, find and activate the "Enter break-glass mode" feature. A persistent banner should appear at the top of the page.
### b. Test Admin Panel Access
1. Navigate to `http://localhost/admin/login`.
2. Log in using a valid Microsoft Entra ID test user associated with a tenant.
3. You should be successfully redirected to that tenant's dashboard.
### c. Test Isolation (Cross-Scope Access)
1. **While logged into the System Panel** (`/system`), attempt to navigate directly to a tenant-scoped admin URL (e.g., `http://localhost/admin/t/1/dashboard`).
- **Expected Result**: You should receive a **404 Not Found** error page.
2. **While logged into the Admin Panel** (`/admin`), attempt to navigate directly to a system panel URL (e.g., `http://localhost/system/dashboard`).
- **Expected Result**: You should receive a **404 Not Found** error page.
If all the above steps are successful, the local setup is complete and correct.
Reference in New Issue View Git Blame Copy Permalink