ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
ef02ff5a29
TenantAtlas/specs/285-workspace-rbac-environment-access/checklists/requirements.md
Ahmed Darrazi ef02ff5a29
Some checks failed
PR Fast Feedback / fast-feedback (pull_request) Failing after 8m29s
Details
feat: implement spec 285 workspace-first environment access
2026-05-09 14:36:12 +02:00

3.0 KiB
Raw Blame History

Requirements Checklist: Workspace-first RBAC & Environment Access Scoping

Scope and problem framing

  • The package describes the real repo problem as dual role-bearing authorization truth, not generic missing RBAC.
  • The package keeps WorkspaceMembership as the only role-bearing truth.
  • The package treats the current ManagedEnvironmentMembership semantics as a narrow access-scope overlay or in-place successor only.
  • The package keeps environment scope optional and narrowing-only.
  • The package does not absorb provider capability, source taxonomy, copy/localization, or cutover-guardrail work from adjacent specs.

Repo-truth anchoring

  • The package reflects the current repo term ManagedEnvironmentMembership rather than the stale raw-candidate term TenantMembership.
  • The package references the existing workspace-first seams: WorkspaceMembership, WorkspaceCapabilityResolver, and WorkspaceContext.
  • The package references the current environment-owned seams that must be retargeted: CapabilityResolver, User::canAccessTenant(), key policies, and the tenant-membership Filament surfaces.
  • The package keeps OperationRun authorization split between workspace-bound and environment-bound runs.

Authorization contract

  • Non-membership or out-of-scope access remains 404.
  • In-scope members missing capability remain 403.
  • Provider capability and operability remain downstream gates after local RBAC passes.
  • No scope row can grant access without workspace membership.
  • No second role selector survives on the managed-environment access-scope surface.
  • Touched searchable-resource results remain non-member-safe and out-of-scope-safe.
  • Denied-access diagnostics are modeled as derived, boundary-safe logging rather than new persisted truth.

Filament and UI guardrails

  • Filament remains v5 on Livewire v4.
  • Provider registration remains in apps/platform/bootstrap/providers.php.
  • Touched destructive actions remain ->action(...) plus ->requiresConfirmation().
  • ProviderConnectionResource remains non-globally-searchable and no touched searchable resource loses its valid View or Edit destination.
  • Asset strategy remains unchanged and does not introduce new filament:assets requirements beyond existing deployment expectations.

Testing and readiness

  • The package defines bounded proof through unit, feature, and one browser smoke.
  • The same validation commands appear in spec.md, plan.md, and quickstart.md.
  • The package states that Specs 280, 281, and 283 are external prerequisites for runtime implementation.
  • The package stays prep-only and does not claim implementation has already landed.

Outcome

  • Review outcome class: blocked-by-prerequisites
  • Workflow outcome: keep
  • Test-governance outcome: keep
  • Readiness note: implementation is externally gated until Specs 280, 281, and 283 are present on the branch