ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d1a9989037
TenantAtlas/app/Support
History
ahmido d1a9989037 feat/066-rbac-ui-enforcement-helper-v2 (#83) 
Implementiert Feature 066: “RBAC UI Enforcement Helper v2” inkl. Migration der betroffenen Filament-Surfaces + Regression-Tests.

Was ist drin

Neuer Helper:
UiEnforcement.php: mixed visibility (preserveVisibility, andVisibleWhen, andHiddenWhen), tenant resolver (tenantFromFilament, tenantFromRecord, tenantFrom(callable)), bulk preflight (preflightByCapability, preflightByTenantMembership, preflightSelection) + server-side authorizeOrAbort() / authorizeBulkSelectionOrAbort().
UiTooltips.php: standard Tooltip “Insufficient permission — ask a tenant Owner.”
Filament migrations (weg von Gate::… / abort_* hin zu UiEnforcement):
Backup/Restore (mixed visibility)
TenantResource (record-scoped tenant actions + bulk preflight)
Inventory/Entra/ProviderConnections (Tier-2 surfaces)
Guardrails:
NoAdHocFilamentAuthPatternsTest.php als CI-failing allowlist guard für app/Filament/**.
Verhalten / Contract

Non-member: deny-as-not-found (404) auf tenant routes; Actions hidden.
Member ohne Capability: Action visible but disabled + standard tooltip; keine Ausführung.
Member mit Capability: Action enabled; destructive/high-impact Actions bleiben confirmation-gated (->requiresConfirmation()).
Server-side Enforcement bleibt vorhanden: Mutations/Operations rufen authorizeOrAbort() / authorizeBulkSelectionOrAbort().
Tests

Neue/erweiterte Feature-Tests für RBAC UX inkl. Http::preventStrayRequests() (DB-only render):
BackupSetUiEnforcementTest.php
RestoreRunUiEnforcementTest.php
ProviderConnectionsUiEnforcementTest.php
diverse bestehende Filament Tests erweitert (Inventory/Entra/Tenant actions/bulk)
Unit-Tests:
UiEnforcementTest.php
UiEnforcementBulkPreflightQueryCountTest.php
Verification

vendor/bin/sail bin pint --dirty 
vendor/bin/sail artisan test --compact tests/Unit/Auth tests/Feature/Filament tests/Feature/Guards tests/Feature/Rbac  (185 passed, 5 skipped)
Notes für Reviewer

Filament v5 / Livewire v4 compliant.
Destructive actions: weiterhin ->requiresConfirmation() + server-side auth.
Bulk: authorization preflight ist set-based (Query-count test vorhanden).

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #83
2026-01-30 17:28:47 +00:00
..
Audit 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00
Auth feat/066-rbac-ui-enforcement-helper-v2 (#83) 2026-01-30 17:28:47 +00:00
Badges feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
Concerns feat/027-enrollment-config-subtypes (#31) 2026-01-04 13:25:15 +00:00
Enums feat/042-inventory-dependencies-graph (#50) 2026-01-10 12:50:08 +00:00
Inventory 058-tenant-ui-polish (#70) 2026-01-22 00:17:23 +00:00
Middleware 062-tenant-rbac-v1 (#74) 2026-01-25 15:27:39 +00:00
OpsUx feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
Rbac feat/066-rbac-ui-enforcement-helper-v2 (#83) 2026-01-30 17:28:47 +00:00
OperationCatalog.php feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
OperationRunLinks.php feat: unify provider connection actions and notifications (#73) 2026-01-25 01:01:37 +00:00
OperationRunOutcome.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
OperationRunStatus.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
OperationRunType.php 054-unify-runs-suitewide (#63) 2026-01-17 22:25:00 +00:00
RbacReason.php Intune RBAC: graceful unsupported-account handling, health-check fixes, tests and docs updates 2025-12-13 01:25:06 +01:00
RestoreRunIdempotency.php 056-remove-legacy-bulkops (#65) 2026-01-19 23:27:52 +00:00
RestoreRunStatus.php feat/011-restore-run-wizard (#17) 2025-12-31 19:14:59 +00:00
TenantRole.php 065-tenant-rbac-v1 (#79) 2026-01-28 21:09:47 +00:00