ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d2c7267f3b
TenantAtlas/specs/144-canonical-operation-viewer-context-decoupling/quickstart.md

2.8 KiB
Raw Blame History

Quickstart: Canonical Operation Viewer Context Decoupling

Goal

Verify that canonical operation run viewing is independent of remembered tenant context while preserving tenant entitlement and capability semantics.

Preconditions

  1. Start the local environment:
vendor/bin/sail up -d
  1. Ensure test database and app state are ready:
vendor/bin/sail artisan optimize:clear

Manual Verification Flow

  1. Sign in as a user who is a member of one workspace and entitled to at least two tenants in that workspace.
  2. Open a canonical run linked to tenant A while tenant B is selected in the header.
  3. Confirm the page still renders the run and shows a non-blocking mismatch message.
  4. Clear tenant context or open the same run from a fresh session with no selected tenant.
  5. Confirm the run still renders.
  6. Open a tenantless run.
  7. Confirm the page renders with workspace-level framing and no tenant selection requirement.
  8. Open the same run from a notification-style or verification-surface View run entry point with no selected tenant.
  9. Confirm the canonical viewer still resolves the same run.
  10. Open a run linked to an onboarding, archived, or other tenant state already excluded from selector rules.
  11. Confirm the page remains viewable, lifecycle-aware messaging is shown, and tenant follow-up actions are reduced or absent without blocking the viewer.
  12. Open a canonical run for a tenant the current user is not entitled to.
  13. Confirm the response is deny-as-not-found.
  14. Open a run type that resolves a capability the current user lacks while workspace and tenant scope are otherwise valid.
  15. Confirm the response is forbidden.

Focused Test Command

vendor/bin/sail artisan test --compact \
  tests/Feature/144/CanonicalOperationViewerContextMismatchTest.php \
  tests/Feature/144/CanonicalOperationViewerDeepLinkTrustTest.php \
  tests/Feature/Operations/TenantlessOperationRunViewerTest.php \
  tests/Feature/OpsUx/OperateHubShellTest.php \
  tests/Feature/Monitoring/OperationsTenantScopeTest.php \
  tests/Feature/RunAuthorizationTenantIsolationTest.php \
  tests/Feature/Filament/OperationRunEnterpriseDetailPageTest.php

Formatting

Run the required formatter after implementation changes:

vendor/bin/sail bin pint --dirty --format agent

Expected Outcome

  • Canonical run viewing succeeds for authorized users regardless of remembered tenant context mismatch.
  • Tenant-linked runs still enforce direct tenant entitlement.
  • Tenantless runs and onboarding, archived, or otherwise selector-excluded tenant-linked runs remain viewable when authorized.
  • View run deep links remain canonical and trustworthy across tenant, notification, verification, and monitoring surfaces.
  • Reduced or unavailable tenant follow-up actions do not invalidate the canonical viewer.