ahmido
6a86c5901a
Kontext / Ziel Diese PR standardisiert Tenant‑RBAC Enforcement in der Filament‑UI: statt ad-hoc Gate::*, abort_if/abort_unless und kopierten ->visible()/->disabled()‑Closures gibt es jetzt eine zentrale, wiederverwendbare Implementierung für Actions (Header/Table/Bulk). Links zur Spec: spec.md plan.md quickstart.md Was ist drin Neue zentrale Helper-API: UiEnforcement (Tenant-plane RBAC‑UX “source of truth” für Filament Actions) Standardisierte Tooltip-Texte und Context-DTO (UiTooltips, TenantAccessContext) Migration vieler tenant‑scoped Filament Action-Surfaces auf das Standardpattern (ohne ad-hoc Auth-Patterns) CI‑Guard (Test) gegen neue ad-hoc Patterns in app/Filament/**: verbietet Gate::allows/denies/check/authorize, use Illuminate\Support\Facades\Gate, abort_if/abort_unless Legacy-Allowlist ist aktuell leer (neue Verstöße failen sofort) RBAC-UX Semantik (konsequent & testbar) Non-member: UI Actions hidden (kein Tenant‑Leak); Execution wird blockiert (Filament hidden→disabled chain), Defense‑in‑depth enthält zusätzlich serverseitige Guards. Member ohne Capability: Action visible aber disabled + Standard-Tooltip; Execution wird blockiert (keine Side Effects). Member mit Capability: Action enabled und ausführbar. Destructive actions: über ->destructive() immer mit ->requiresConfirmation() + klare Warntexte (Execution bleibt über ->action(...)). Wichtig: In Filament v5 sind hidden/disabled Actions typischerweise “silently blocked” (200, keine Ausführung). Die Tests prüfen daher UI‑State + “no side effects”, nicht nur HTTP‑Statuscodes. Sicherheit / Scope Keine neuen DB-Tabellen, keine Migrations, keine Microsoft Graph Calls (DB‑only bei Render; kein outbound HTTP). Tenant Isolation bleibt Isolation‑Boundary (deny-as-not-found auf Tenant‑Ebene, Capability erst nach Membership). Kein Asset-Setup erforderlich; keine neuen Filament Assets. Compliance Notes (Repo-Regeln) Filament v5 / Livewire v4.0+ kompatibel. Keine Änderungen an Provider‑Registrierung (Laravel 11+/12: providers.php bleibt der Ort; hier unverändert). Global Search: keine gezielte Änderung am Global‑Search-Verhalten in dieser PR. Tests / Qualität Pest Feature/Unit Tests für Member/Non-member/Tooltip/Destructive/Regression‑Guard. Guard-Test: “No ad-hoc Filament auth patterns”. Full suite laut Tasks: vendor/bin/sail artisan test --compact → 837 passed, 5 skipped. Checklist: requirements.md vollständig (16/16). Review-Fokus API‑Usage in neuen/angepassten Filament Actions: UiEnforcement::forAction/forTableAction/forBulkAction(...)->requireCapability(...)->apply() Guard-Test soll “red” werden, sobald jemand neue ad-hoc Auth‑Patterns einführt (by design). Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box> Reviewed-on: #81
85 lines
3.0 KiB
PHP
85 lines
3.0 KiB
PHP
<?php
|
|
|
|
use App\Models\Tenant;
|
|
use App\Models\User;
|
|
use App\Support\Auth\Capabilities;
|
|
use App\Support\Rbac\TenantAccessContext;
|
|
use App\Support\Rbac\UiEnforcement;
|
|
use App\Support\Rbac\UiTooltips;
|
|
|
|
describe('TenantAccessContext', function () {
|
|
it('correctly identifies non-member as deny-as-not-found', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: false,
|
|
hasCapability: false,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeTrue();
|
|
expect($context->shouldDenyAsForbidden())->toBeFalse();
|
|
expect($context->isAuthorized())->toBeFalse();
|
|
});
|
|
|
|
it('correctly identifies member without capability as forbidden', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: true,
|
|
hasCapability: false,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeFalse();
|
|
expect($context->shouldDenyAsForbidden())->toBeTrue();
|
|
expect($context->isAuthorized())->toBeFalse();
|
|
});
|
|
|
|
it('correctly identifies authorized member', function () {
|
|
$context = new TenantAccessContext(
|
|
user: User::factory()->make(),
|
|
tenant: Tenant::factory()->make(),
|
|
isMember: true,
|
|
hasCapability: true,
|
|
);
|
|
|
|
expect($context->shouldDenyAsNotFound())->toBeFalse();
|
|
expect($context->shouldDenyAsForbidden())->toBeFalse();
|
|
expect($context->isAuthorized())->toBeTrue();
|
|
});
|
|
});
|
|
|
|
describe('UiTooltips', function () {
|
|
it('has non-empty insufficient permission message', function () {
|
|
expect(UiTooltips::INSUFFICIENT_PERMISSION)->toBeString();
|
|
expect(UiTooltips::INSUFFICIENT_PERMISSION)->not->toBeEmpty();
|
|
});
|
|
|
|
it('has non-empty destructive confirmation messages', function () {
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_TITLE)->toBeString();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_TITLE)->not->toBeEmpty();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_DESCRIPTION)->toBeString();
|
|
expect(UiTooltips::DESTRUCTIVE_CONFIRM_DESCRIPTION)->not->toBeEmpty();
|
|
});
|
|
});
|
|
|
|
describe('UiEnforcement', function () {
|
|
it('throws when unknown capability is passed', function () {
|
|
$action = \Filament\Actions\Action::make('test')
|
|
->action(fn () => null);
|
|
|
|
expect(fn () => UiEnforcement::forAction($action)
|
|
->requireCapability('unknown.capability')
|
|
)->toThrow(\InvalidArgumentException::class, 'Unknown capability');
|
|
});
|
|
|
|
it('accepts known capabilities from registry', function () {
|
|
$action = \Filament\Actions\Action::make('test')
|
|
->action(fn () => null);
|
|
|
|
$enforcement = UiEnforcement::forAction($action)
|
|
->requireCapability(Capabilities::PROVIDER_MANAGE);
|
|
|
|
expect($enforcement)->toBeInstanceOf(UiEnforcement::class);
|
|
});
|
|
});
|