Feature/plans resources#20
Merged
Merged
Conversation
…signment guard.
- Added `Froxlor\Core\Support\ResourceRegistry` as the central registration and synchronization point for Core and package-defined resources.
- Added `IsTenantResource` and `IsEnvironmentResource` marker traits. Models keep using `IsResource` as the base technical contract and add one or both marker traits to opt into tenant/environment plan scopes.
- Core and standard package model resources are now routed through `ResourceRegistry` before being synchronized by `PlansAndResourcesTableSeeder`.
- Resource key conflicts are rejected per scope before the database unique key is hit.
- Plan limits now follow the intended semantics consistently in assignment checks: `0` means no access, `-1` means unlimited, positive values are finite limits.
- Tenant-user plan assignment now requires a tenant-scope plan that is global or owned by the route tenant.
- Tenant-user explicit plans must be a subset of the tenant's own plan; they cannot grant missing resources, unlimited resources above a finite parent, or finite limits above the parent limit.
- Environment-user plan assignment now requires an environment-scope plan that is global or owned by the route tenant.
- Environment-user explicit plans must be a subset of the environment's plan.
- Tenant/environment user creation paths now validate optional plan assignments through `PlanAssignments`, analogous to role assignment validation through `RoleAssignments`.
- Plan delete operations now reject used plans with a validation response before deletion. This covers `tenants.plan_id`, `environments.plan_id`, `tenant_user.plan_id`, and `environment_user.plan_id`.
- Added global plan-resource API routes for assigning/removing resources on global plans:
- `GET /api/plans/{plan}/resources`
- `POST /api/plans/{plan}/resources`
- `DELETE /api/plans/{plan}/resources/{resource}`
- Added tenant plan-resource API routes for assigning/removing resources on tenant-owned plans:
- `GET /api/tenants/{tenant}/plans/{plan}/resources`
- `POST /api/tenants/{tenant}/plans/{plan}/resources`
- `DELETE /api/tenants/{tenant}/plans/{plan}/resources/{resource}`
- Plan-resource listings return every resource matching the plan type with `assigned` and `limit` metadata for UI editing.
- Plan-resource assignment validates that the resource type matches the plan type.
- Tenant plan-resource assignment validates tenant-scope resource limits against the tenant's own plan.
- Plan-resource attach/detach operations write audit log entries and dispatch `ResourceUpdated` for the plan.
- Added `plans.resources.*` and `tenants.plans.resources.*` permission keys.
- Added PHPUnit coverage for plan assignment scope/type checks, subset-limit checks, unlimited-above-finite denial, assigned-plan delete guards, plan-resource assignment, response metadata, type mismatch denial, parent-limit denial, foreign/global route isolation, unassigned detach validation, and audit logging.
- Added PHPUnit coverage for the resource registry contract, duplicate key detection per scope, and automatic package resource seeding.
- Core, domain, and mail testing seeders now attach package resources to the new deterministic test plans instead of relying on the old generic `Unlimited` plan name.
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
- Resource CRUD operations via /api/resources have been removed.
- GET /api/plans/{plan}/users lists plan usage based on tenant, environment, TenantUser, and EnvironmentUser assignments.
- Deleting an environment plan now also utilizes the central PlanAssignments guard.
- Plan updates now block the `tenant_id` field and prevent changes to the `type` once resources or assignments exist.
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
…tenants. Global plans are no longer directly reusable for child-tenant creation. - Added `tenant_resource_reservations` for delegated tenant-scope budget. Assigning a tenant-owned plan to a child tenant reserves the enabled plan limits from the parent tenant's available budget. - Parent tenant availability now subtracts real `tenant_usage` and existing child reservations before a child plan can be assigned. - Environment create/update now validates selected plans through the central plan-assignment guard using tenant availability, without a separate environment-plan grant table. - Added PHPUnit coverage for plan assignment scope checks, subset-limit checks, unlimited-above-finite denial, assigned-plan delete guards, plan-resource assignment, response metadata, parent-limit denial, foreign/global route isolation, unassigned detach validation, and audit logging. - Added PHPUnit coverage for the resource registry contract, duplicate key detection per scope, and automatic package resource seeding. - Core, domain, and mail testing seeders now attach package resources to the new deterministic test plans instead of relying on the old generic `Unlimited` plan name. Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
…event collisions between identical keys across different scopes. - Child tenant reservations now capture all enabled plan resources, not just those with `type=tenant`. - Tenant/environment user plan assignments also compare all plan resources against the parent plan. - Actual usage remains scope-specific: tenant resources via `tenant_usage`, and environment resources via `env_usage`. Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
- Limits können reduziert werden, solange bestehende Usage und weiterdelegierte Reservations nicht darüber liegen. - Entfernen einer Resource wird abgelehnt, wenn dafür bereits Usage oder Delegation existiert. - Child-Tenant-Reservations werden nach erfolgreicher Planänderung synchronisiert. - Die alte pauschale Sperre für zugewiesene Pläne ist entfernt. - Global zugewiesene Pläne werden gegen aktuelle Usage geprüft, aber nicht fälschlich als Child-Tenant-Reservation behandelt. - Tenant-owned Child-Pläne aktualisieren die Parent-Reservations korrekt. - Tests decken Erhöhung, Senkung und Ablehnung unterhalb bestehender Usage ab. Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
…ble and correct Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
- Introduce Audit severity based log-methods according to RFC 5424 Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
envoyr
approved these changes
Jun 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.