TenantAtlas/data-model.md at fb1046c97a35a7366da30cf1466370249bac2e55

ahmido fb1046c97a Spec 077: Workspace Global Mode + context bar redundancy cleanup (#94 )

Implements Spec 077 refinements: workspace Global Mode and navigation/context-bar redundancy cleanup.

Summary
- Global Mode: `/admin/workspaces` is workspace-optional (lists only member workspaces); explicit allowlist in `EnsureWorkspaceSelected`.
- Navigation cleanup: workspace switching is topbar-only; no sidebar “Switch workspace”; removes redundant “Manage workspaces” entry from context-bar.
- Context bar: when no workspace selected, tenant picker is disabled with guidance; on tenant-scoped routes `/admin/t/{tenant}/…` the tenant indicator is read-only (Filament tenant menu remains primary).
- Authorization: workspace creation is policy-driven (`WorkspacePolicy::create()`), enforced in `ChooseWorkspace` via Gate.

Safety / Compliance
- Livewire v4.0+ compliant (Filament v5).
- Panel provider registration remains in `bootstrap/providers.php` (no changes required).
- Global search: no new globally searchable resources added; no behavior changes introduced.
- Destructive actions: none added/changed.
- Assets: no new assets registered; deploy process unchanged (if assets are registered elsewhere, ensure `php artisan filament:assets` runs in deploy as usual).

Tests
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/Monitoring tests/Feature/OpsUx tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php`

Spec artifacts
- `specs/077-workspace-nav-monitoring-hub/{spec,plan,tasks}.md`
- `specs/077-workspace-nav-monitoring-hub/contracts/routes.md`

Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #94

2026-02-06 22:14:53 +00:00

2.1 KiB

Raw Blame History

Date: 2026-02-06
Spec: specs/077-workspace-nav-monitoring-hub/spec.md

This feature is primarily information architecture + context enforcement. No new tables are required; the design depends on existing entities and their relationships.

Entities

Workspace

Represents a portfolio / customer container (primary context).

Key fields (existing, relevant):
- id
- name
- slug (optional)
- archived_at (nullable)

WorkspaceMembership

Entitlement relationship between a user and a workspace.

Key fields (existing, relevant):
- workspace_id
- user_id
- role (e.g. owner/operator/etc; actual role semantics are managed by the capability resolver)

Tenant (Managed Tenant)

Represents a Microsoft/Intune tenant belonging to a workspace (secondary context via Filament tenancy).

Key fields (existing, relevant):
- id
- workspace_id (foreign key to Workspace)
- external_id (used in Filament tenancy route /admin/t/{tenant})
- status (e.g., active)

OperationRun

Canonical monitoring record (workspace-level entity; may optionally be linked to a tenant).

Key fields (existing, relevant):
- id
- workspace_id (required for access control)
- tenant_id (nullable; used for default filtering and “recent operations”)
- type, status, outcome
- timestamps (created/started/completed)
- context (JSON)

Relationships

Workspace has many WorkspaceMemberships.
Workspace has many Tenants.
Workspace has many OperationRuns.
Tenant belongs to Workspace.
OperationRun belongs to Workspace.
OperationRun optionally belongs to Tenant.

Invariants / Rules enforced by this feature

Workspace context (current_workspace_id) is required for workspace-scoped navigation and access control.
Tenant context must be consistent with workspace context:
- If tenant is not in current workspace, tenant context is cleared (continue tenantless).
OperationRun access is controlled by membership in the run’s workspace_id.

2.1 KiB Raw Blame History Unescape Escape

Data Model — Workspace-first Navigation & Monitoring Hub (077)