ahmido
eceeee9c5c
## Summary - retire the remaining tenant-scoped provider-connection legacy routes and update canonical verification and link behavior - complete the provider target-scope fallback cleanup so neutral shared scope data falls back to the managed environment when the raw connection tenant identifier is blank - stop mirroring workspace roles into managed-environment scope persistence and cut the targeted admin-panel test helpers over to the post-cutover context path - add and update the Spec 287 artifact package and targeted regression coverage for route retirement, provider-core neutralization, workspace-first RBAC, and helper cutover ## Validation - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/ProviderConnections/LegacyRedirectTest.php tests/Feature/ProviderConnections/TenantlessListRouteTest.php tests/Feature/ProviderConnections/TenantlessListScopingTest.php tests/Feature/Auth/WorkspaceFirstManagedEnvironmentAccessTest.php tests/Feature/Rbac/ProviderConnectionWorkspaceFirstPolicyTest.php tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php` - `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec281ProviderConnectionScopeSmokeTest.php tests/Browser/Spec285WorkspaceRbacEnvironmentAccessSmokeTest.php` - `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent` ## Notes - Filament remains on Livewire v4 and provider registration stays unchanged in `apps/platform/bootstrap/providers.php`. - No new asset registration or deployment-step changes are included in this slice. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #346
4.4 KiB
4.4 KiB
Data Model: Cutover Prerequisite Completion
Overview
287 introduces no new persisted entity, table, lifecycle state, or runtime DTO. The "data model" for this package is a derived seam inventory that pins which runtime and test-harness seams must be completed, which canonical replacements are expected, and which validation commands stay aligned across the package.
Canonical Completion Categories
| Completion Key | Meaning | Primary Targets | Canonical Replacement |
|---|---|---|---|
provider_connection_route_contract |
provider-connection runtime no longer accepts tenant-first legacy aliases | apps/platform/routes/web.php, apps/platform/app/Providers/Filament/AdminPanelProvider.php, apps/platform/app/Filament/Resources/TenantResource.php, apps/platform/app/Filament/Pages/TenantRequiredPermissions.php, apps/platform/app/Support/OperationRunLinks.php, apps/platform/app/Support/Providers/ProviderReasonTranslator.php, apps/platform/app/Support/Verification/VerificationLinkBehavior.php |
canonical /admin/provider-connections... route family |
provider_target_scope_core_contract |
shared provider target-scope and identity outputs no longer require Microsoft-only core keys | shared provider target-scope and identity seams | neutral target-scope fields with provider-owned nested detail only |
workspace_role_authority_contract |
workspace membership remains the only role-bearing truth | access-scope persistence seams and directly affected policy or resolver paths | workspace membership role truth with narrowing-only environment scope |
test_harness_context_contract |
the shared test harness no longer boots the retired tenant panel for the changed seams | apps/platform/tests/Pest.php, apps/platform/tests/Feature/Reviews/CustomerReviewWorkspaceLaunchLinksTest.php, and apps/platform/tests/Feature/Rbac/TriageReviewStateAuthorizationTest.php |
post-cutover admin or workspace context helper path |
targeted_validation_contract |
proof remains limited to the changed seams | targeted feature tests, targeted browser tests, formatting command | exact command set shared across the package |
Pinned Canonical Replacements
| Completion Key | Retired Pattern | Canonical Replacement |
|---|---|---|
provider_connection_route_contract |
/admin/tenants/{tenant:slug}/provider-connections... |
/admin/provider-connections... |
provider_target_scope_core_contract |
entra_tenant_id, tenantContext, target_scope.entra_tenant_id as shared primary truth |
provider-neutral target-scope fields such as scope kind, scope identifier, and scope display name |
workspace_role_authority_contract |
copied role-bearing ManagedEnvironmentMembership persistence |
workspace membership role truth plus narrowing-only environment scope |
test_harness_context_contract |
setTenantPanelContext() and related tenant-panel-era setup |
admin or workspace context bootstrapping suitable for the completed runtime |
targeted_validation_contract |
guard-suite or full-suite proof expectation | targeted feature and browser validation only |
Allowed Provider-Owned Detail
| Detail Class | Meaning | Examples |
|---|---|---|
provider_owned_profile_detail |
provider-specific detail is allowed where the provider is genuinely the subject | Microsoft tenant identifiers, consent URLs, Graph-specific diagnostics |
provider_owned_support_detail |
lower-level support or troubleshooting context remains nested provider detail | raw provider metadata, provider-specific error context |
Invariants
287adds no new runtime state and no new persistence.- The same completion categories and the same Spec
288follow-up boundary must appear acrossspec.md,plan.md,tasks.md,quickstart.md,data-model.md, andchecklists/requirements.md. - The literal proof commands live only in
spec.md,plan.md,tasks.md, andquickstart.md; the remaining artifacts reference that canonical command set rather than restating another variant. - Validation remains targeted to the changed seams only.
- Provider-owned Microsoft detail may remain nested, but it must not stay the shared platform-core contract.
- Environment scope must remain narrowing-only after the cleanup.
Out of Scope Data Changes
- no database migrations
- no new provider profile table or registry
- no new role family or persisted access overlay
- no global no-legacy guard inventory
- no full-suite baseline or lane-wide enforcement artifact