ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
e76ef02fab
TenantAtlas/specs/085-tenant-operate-hub/data-model.md
Ahmed Darrazi 6dab6297f8 feat(spec-085): tenant operate hub
2026-02-11 01:02:42 +01:00

2.4 KiB
Raw Blame History

Data Model: Tenant Operate Hub / Tenant Overview IA

Date: 2026-02-09
Branch: 085-tenant-operate-hub

This feature is primarily UI/IA + navigation behavior. It introduces no new database tables.

Entities (existing)

Workspace

  • Purpose: primary isolation boundary and monitoring scope.
  • Source of truth: workspaces + membership.

Tenant

  • Purpose: managed environment; tenant-plane routes live under /admin/t/{tenant}.
  • Access: entitlement-based.

OperationRun

  • Purpose: canonical run tracking for all operational workflows.
  • Surface:
    • Index: /admin/operations
    • Detail: /admin/operations/{run}

Alert (placeholder)

  • Purpose: future operator signals.
  • Surface: /admin/alerts.

Audit Event / Audit Log (placeholder)

  • Purpose: immutable record of sensitive actions.
  • Surface: /admin/audit-log.

Session / Context State (existing)

Workspace context

  • Key: WorkspaceContext::SESSION_KEY (current_workspace_id)
  • Meaning: selected workspace id for the current session.

Last tenant per workspace (session-based)

  • Key: WorkspaceContext::LAST_TENANT_IDS_SESSION_KEY (workspace_last_tenant_ids)
  • Shape:
    • Map keyed by workspace id string → tenant id int
    • Example:
      • {"12": 345}
  • APIs:
    • WorkspaceContext::rememberLastTenantId(int $workspaceId, int $tenantId, Request $request)
    • WorkspaceContext::lastTenantId(Request $request): ?int
    • WorkspaceContext::clearLastTenantId(Request $request)

Filament tenant context

  • Source: Filament::getTenant() (may persist across panels depending on Filament tenancy configuration).
  • Used to determine “active tenant context” for Monitoring UX.

Spec 085 scope note: Monitoring may use session-based last-tenant memory as a tenant-context signal when Filament tenant context is absent (e.g., when navigating from the tenant panel into central Monitoring). It must not be inferred from arbitrary deep links.

Stale tenant context behavior (no entitlement)

  • If tenant context is active but the user is not entitled, Monitoring pages behave as workspace-wide views and must not display tenant identity.

Validation / Rules

  • Tenant context MUST NOT be implicitly mutated by canonical monitoring pages.
  • Deny-as-not-found (404) applies when the actor is not entitled to tenant/workspace scope.
  • Forbidden (403) applies only after membership is established but capability is missing.