ahmido
ce0615a9c1
## Summary - move the Laravel application into `apps/platform` and keep the repository root for orchestration, docs, and tooling - update the local command model, Sail/Docker wiring, runtime paths, and ignore rules around the new platform location - add relocation quickstart/contracts plus focused smoke coverage for bootstrap, command model, routes, and runtime behavior ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/PlatformRelocation` - integrated browser smoke validated `/up`, `/`, `/admin`, `/admin/choose-workspace`, and tenant route semantics for `200`, `403`, and `404` ## Remaining Rollout Checks - validate Dokploy build context and working-directory assumptions against the new `apps/platform` layout - confirm web, queue, and scheduler processes all start from the expected working directory in staging/production - verify no legacy volume mounts or asset-publish paths still point at the old root-level `public/` or `storage/` locations Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #213
59 lines
2.2 KiB
PHP
59 lines
2.2 KiB
PHP
<?php
|
|
|
|
namespace App\Support\Operations;
|
|
|
|
use App\Models\OperationRun;
|
|
use App\Support\Auth\Capabilities;
|
|
|
|
final class OperationRunCapabilityResolver
|
|
{
|
|
public function requiredCapabilityForRun(OperationRun $run): ?string
|
|
{
|
|
return $this->requiredCapabilityForType((string) $run->type);
|
|
}
|
|
|
|
public function requiredCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = trim($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'inventory_sync' => Capabilities::TENANT_INVENTORY_SYNC_RUN,
|
|
'entra_group_sync' => Capabilities::TENANT_SYNC,
|
|
'backup_schedule_run', 'backup_schedule_retention', 'backup_schedule_purge' => Capabilities::TENANT_BACKUP_SCHEDULES_RUN,
|
|
'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'directory_role_definitions.sync' => Capabilities::TENANT_MANAGE,
|
|
'alerts.evaluate', 'alerts.deliver' => Capabilities::ALERTS_VIEW,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_VIEW,
|
|
|
|
// Viewing verification reports should be possible for readonly members.
|
|
// Starting verification is separately guarded by the verification service.
|
|
'provider.connection.check' => Capabilities::PROVIDER_VIEW,
|
|
|
|
// Keep legacy / unknown types viewable by membership+entitlement only.
|
|
default => null,
|
|
};
|
|
}
|
|
|
|
public function requiredExecutionCapabilityForType(string $operationType): ?string
|
|
{
|
|
$operationType = trim($operationType);
|
|
|
|
if ($operationType === '') {
|
|
return null;
|
|
}
|
|
|
|
return match ($operationType) {
|
|
'provider.connection.check', 'provider.inventory.sync', 'provider.compliance.snapshot' => Capabilities::PROVIDER_RUN,
|
|
'policy.sync', 'policy.sync_one', 'tenant.sync' => Capabilities::TENANT_SYNC,
|
|
'policy.delete' => Capabilities::TENANT_MANAGE,
|
|
'assignments.restore', 'restore.execute' => Capabilities::TENANT_MANAGE,
|
|
'tenant.review.compose' => Capabilities::TENANT_REVIEW_MANAGE,
|
|
default => $this->requiredCapabilityForType($operationType),
|
|
};
|
|
}
|
|
}
|