ahmido
fb1046c97a
Implements Spec 077 refinements: workspace Global Mode and navigation/context-bar redundancy cleanup.
Summary
- Global Mode: `/admin/workspaces` is workspace-optional (lists only member workspaces); explicit allowlist in `EnsureWorkspaceSelected`.
- Navigation cleanup: workspace switching is topbar-only; no sidebar “Switch workspace”; removes redundant “Manage workspaces” entry from context-bar.
- Context bar: when no workspace selected, tenant picker is disabled with guidance; on tenant-scoped routes `/admin/t/{tenant}/…` the tenant indicator is read-only (Filament tenant menu remains primary).
- Authorization: workspace creation is policy-driven (`WorkspacePolicy::create()`), enforced in `ChooseWorkspace` via Gate.
Safety / Compliance
- Livewire v4.0+ compliant (Filament v5).
- Panel provider registration remains in `bootstrap/providers.php` (no changes required).
- Global search: no new globally searchable resources added; no behavior changes introduced.
- Destructive actions: none added/changed.
- Assets: no new assets registered; deploy process unchanged (if assets are registered elsewhere, ensure `php artisan filament:assets` runs in deploy as usual).
Tests
- `vendor/bin/sail bin pint --dirty`
- `vendor/bin/sail artisan test --compact tests/Feature/Workspaces tests/Feature/Monitoring tests/Feature/OpsUx tests/Feature/Filament/WorkspaceContextTopbarAndTenantSelectionTest.php`
Spec artifacts
- `specs/077-workspace-nav-monitoring-hub/{spec,plan,tasks}.md`
- `specs/077-workspace-nav-monitoring-hub/contracts/routes.md`
Co-authored-by: Ahmed Darrazi <ahmeddarrazi@MacBookPro.fritz.box>
Reviewed-on: #94
127 lines
3.0 KiB
PHP
127 lines
3.0 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Support\Workspaces;
|
|
|
|
use Illuminate\Http\Request;
|
|
use Illuminate\Session\Store;
|
|
|
|
final class WorkspaceIntendedUrl
|
|
{
|
|
/**
|
|
* Store a safe intended URL (path + query) for returning after workspace selection.
|
|
*/
|
|
public static function store(string $pathWithQuery, ?Request $request = null): void
|
|
{
|
|
$pathWithQuery = trim($pathWithQuery);
|
|
|
|
if ($pathWithQuery === '') {
|
|
return;
|
|
}
|
|
|
|
if (! self::isAllowed($pathWithQuery)) {
|
|
return;
|
|
}
|
|
|
|
$session = self::session($request);
|
|
|
|
if (! $session instanceof Store) {
|
|
return;
|
|
}
|
|
|
|
$session->put(WorkspaceContext::INTENDED_URL_SESSION_KEY, $pathWithQuery);
|
|
}
|
|
|
|
/**
|
|
* Store the intended URL derived from the current request.
|
|
*/
|
|
public static function storeFromRequest(Request $request): void
|
|
{
|
|
if (! $request->isMethod('GET')) {
|
|
return;
|
|
}
|
|
|
|
$path = '/'.ltrim($request->path(), '/');
|
|
|
|
$queryString = $request->getQueryString();
|
|
$pathWithQuery = $queryString ? "{$path}?{$queryString}" : $path;
|
|
|
|
self::store($pathWithQuery, $request);
|
|
}
|
|
|
|
/**
|
|
* Consume (read + forget) the intended URL. Returns null if missing or unsafe.
|
|
*/
|
|
public static function consume(?Request $request = null): ?string
|
|
{
|
|
$session = self::session($request);
|
|
|
|
if (! $session instanceof Store) {
|
|
return null;
|
|
}
|
|
|
|
$value = $session->pull(WorkspaceContext::INTENDED_URL_SESSION_KEY);
|
|
|
|
if (! is_string($value)) {
|
|
return null;
|
|
}
|
|
|
|
$value = trim($value);
|
|
|
|
if ($value === '' || ! self::isAllowed($value)) {
|
|
return null;
|
|
}
|
|
|
|
return $value;
|
|
}
|
|
|
|
public static function clear(?Request $request = null): void
|
|
{
|
|
$session = self::session($request);
|
|
|
|
if (! $session instanceof Store) {
|
|
return;
|
|
}
|
|
|
|
$session->forget(WorkspaceContext::INTENDED_URL_SESSION_KEY);
|
|
}
|
|
|
|
private static function session(?Request $request = null): ?Store
|
|
{
|
|
$session = ($request && $request->hasSession())
|
|
? $request->session()
|
|
: session()->driver();
|
|
|
|
return $session instanceof Store ? $session : null;
|
|
}
|
|
|
|
private static function isAllowed(string $pathWithQuery): bool
|
|
{
|
|
if (str_contains($pathWithQuery, "\n") || str_contains($pathWithQuery, "\r")) {
|
|
return false;
|
|
}
|
|
|
|
if (preg_match('#^https?://#i', $pathWithQuery) === 1) {
|
|
return false;
|
|
}
|
|
|
|
if (str_starts_with($pathWithQuery, '//')) {
|
|
return false;
|
|
}
|
|
|
|
if (! str_starts_with($pathWithQuery, '/admin')) {
|
|
return false;
|
|
}
|
|
|
|
$path = parse_url($pathWithQuery, PHP_URL_PATH);
|
|
$path = '/'.ltrim((string) ($path ?? ''), '/');
|
|
|
|
if (in_array($path, ['/admin/choose-workspace', '/admin/no-access'], true)) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
}
|