ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
d6f37f7b9f
TenantAtlas/specs/106-required-permissions-sidebar-context/quickstart.md

2.5 KiB
Raw Blame History

Quickstart: 106 — Required Permissions Sidebar Context Fix

Branch: 106-required-permissions-sidebar-context

What This Changes

The EnsureFilamentTenantSelected middleware is updated to recognize the Required Permissions page (/admin/tenants/{tenant}/required-permissions) as a workspace-scoped page. The page retains its {tenant} route parameter for data display and authorization, but the middleware no longer sets Filament's tenant context when serving this page. This causes the sidebar to render workspace-level navigation instead of tenant-level navigation.

Files Modified

File Change
app/Support/Middleware/EnsureFilamentTenantSelected.php Add workspace-scoped page allowlist check; add Livewire referer check
tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php New test file — sidebar context assertions

Implementation Steps

1. Add workspace-scoped page path helper

In EnsureFilamentTenantSelected, add a private method:

private function isWorkspaceScopedPageWithTenant(string $path): bool
{
    return preg_match('#^/admin/tenants/[^/]+/required-permissions$#', $path) === 1;
}

2. Add Livewire referer check (before existing checks)

In the /livewire/update block, add:

if (preg_match('#^/admin/tenants/[^/]+/required-permissions$#', $refererPath) === 1) {
    $this->configureNavigationForRequest($panel);
    return $next($request);
}

3. Split {tenant} param handling

In the $tenantParameter !== null block, after all 8 authorization checks pass, add:

if ($this->isWorkspaceScopedPageWithTenant($path)) {
    // Workspace-scoped page: authorize but do NOT set Filament tenant context.
    // This preserves workspace sidebar while still validating tenant access.
    $this->configureNavigationForRequest($panel);
    return $next($request);
}

Place this before Filament::setTenant($tenant, true).

4. Write tests

Create tests/Feature/RequiredPermissions/RequiredPermissionsSidebarTest.php with assertions:

  • Sidebar shows workspace navigation items (Operations, Manage workspaces)
  • Sidebar does NOT show tenant navigation items (Inventory, Backups & Restore)
  • Livewire updates preserve workspace sidebar
  • Other {tenant} pages still get tenant sidebar

Verification

vendor/bin/sail artisan test --compact --filter=RequiredPermissionsSidebar
vendor/bin/sail artisan test --compact tests/Feature/RequiredPermissions/
vendor/bin/sail bin pint --dirty --format agent