ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
fdd3a85b64
TenantAtlas/app/Filament/System/Pages/Security/AccessLogs.php
ahmido 37c6d0622c feat: implement spec 169 action surface contract v1.1 (#200) 
## Summary
- implement the Action Surface Contract v1.1 runtime changes for Spec 169
- add the new explicit ActionSurfaceType contract, validator/discovery updates, and enrolled surface declarations
- update Filament action-surface documentation, focused guard tests, and spec artifacts for the completed feature

## Included
- clickable-row vs explicit-inspect enforcement across monitoring, reporting, CRUD, and system reference surfaces
- helper-first, workflow-next, destructive-last overflow ordering checks
- system panel list discovery in the primary action-surface validator
- Spec 169 artifacts: spec, plan, tasks, research, data model, quickstart, and logical contract

## Verification
- focused Pest verification pack completed for:
  - tests/Feature/Guards/ActionSurfaceValidatorTest.php
  - tests/Feature/Guards/ActionSurfaceContractTest.php
  - tests/Feature/Rbac/TenantActionSurfaceConsistencyTest.php
- integrated browser smoke test completed for admin-side reference surfaces:
  - /admin/operations
  - /admin/audit-log
  - /admin/finding-exceptions/queue
  - /admin/reviews
  - /admin/tenants

## Notes
- system panel browser smoke coverage could not be exercised in the same session because /system routes require platform authentication in the integrated browser
- Livewire target remains v4-compliant and no provider registration or asset strategy changes are introduced by this PR

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #200
2026-03-30 09:21:39 +00:00

89 lines
3.6 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
namespace App\Filament\System\Pages\Security;
use App\Models\AuditLog;
use App\Models\PlatformUser;
use App\Support\Auth\PlatformCapabilities;
use App\Support\Ui\ActionSurface\ActionSurfaceDeclaration;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceProfile;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceSlot;
use App\Support\Ui\ActionSurface\Enums\ActionSurfaceType;
use Filament\Pages\Page;
use Filament\Tables\Columns\TextColumn;
use Filament\Tables\Concerns\InteractsWithTable;
use Filament\Tables\Contracts\HasTable;
use Filament\Tables\Table;
use Illuminate\Database\Eloquent\Builder;
class AccessLogs extends Page implements HasTable
{
use InteractsWithTable;
protected static ?string $navigationLabel = 'Access logs';
protected static string|\BackedEnum|null $navigationIcon = 'heroicon-o-shield-check';
protected static string|\UnitEnum|null $navigationGroup = 'Security';
protected static ?string $slug = 'security/access-logs';
protected string $view = 'filament.system.pages.security.access-logs';
public static function actionSurfaceDeclaration(): ActionSurfaceDeclaration
{
return ActionSurfaceDeclaration::forPage(ActionSurfaceProfile::RunLog, ActionSurfaceType::HistoryAudit)
->exempt(ActionSurfaceSlot::ListHeader, 'Access logs remain scan-first and do not expose page header actions.')
->exempt(ActionSurfaceSlot::InspectAffordance, 'Access logs intentionally keep auth and break-glass events inline without a separate inspect view.')
->exempt(ActionSurfaceSlot::ListBulkMoreGroup, 'Access logs are immutable and intentionally omit bulk actions.')
->satisfy(ActionSurfaceSlot::ListEmptyState, 'The empty state explains when no platform auth or break-glass events match the current log scope.')
->exempt(ActionSurfaceSlot::DetailHeader, 'The access log page does not open per-record detail headers; review stays inline in the table.');
}
public static function canAccess(): bool
{
$user = auth('platform')->user();
return $user instanceof PlatformUser
&& $user->hasCapability(PlatformCapabilities::CONSOLE_VIEW);
}
public function mount(): void
{
$this->mountInteractsWithTable();
}
public function table(Table $table): Table
{
return $table
->defaultSort('recorded_at', 'desc')
->paginated(\App\Support\Filament\TablePaginationProfiles::customPage())
->query(function (): Builder {
return AuditLog::query()
->where(function (Builder $query): void {
$query
->where('action', 'platform.auth.login')
->orWhere('action', 'like', 'platform.break_glass.%');
});
})
->columns([
TextColumn::make('recorded_at')
->label('Recorded')
->since(),
TextColumn::make('action')
->label('Action')
->searchable(),
TextColumn::make('status')
->badge()
->color(fn (?string $state): string => $state === 'failure' ? 'danger' : 'success'),
TextColumn::make('actor_email')
->label('Actor')
->formatStateUsing(fn (?string $state): string => $state ?: 'Unknown'),
])
->emptyStateHeading('No access logs found')
->emptyStateDescription('Platform login and break-glass events will appear here.');
}
}
Reference in New Issue View Git Blame Copy Permalink