diff --git a/app/app/Http/Middleware/EnsureSaasAdmin.php b/app/app/Http/Middleware/EnsureSaasAdmin.php index 7e232499..28eec93a 100644 --- a/app/app/Http/Middleware/EnsureSaasAdmin.php +++ b/app/app/Http/Middleware/EnsureSaasAdmin.php @@ -29,10 +29,16 @@ class EnsureSaasAdmin { public function handle(Request $request, Closure $next): Response { - if (! app()->environment('local', 'testing')) { - abort(503, 'SaaS-admin авторизация не настроена (ожидает Б-1 + DO-4).'); + if (app()->environment('local', 'testing')) { + return $next($request); } - return $next($request); + // ВРЕМЕННО (тест-деплой): пропускаем при включённом флаге. + // TODO: убрать после внедрения Yandex 360 SSO (Б-1 + DO-4). + if (config('app.saas_admin_test_bypass') === true) { + return $next($request); + } + + abort(503, 'SaaS-admin авторизация не настроена (ожидает Б-1 + DO-4).'); } } diff --git a/app/config/app.php b/app/config/app.php index 423eed59..3649d292 100644 --- a/app/config/app.php +++ b/app/config/app.php @@ -28,6 +28,13 @@ return [ 'env' => env('APP_ENV', 'production'), + /* + | ВРЕМЕННО (тест-деплой): пропуск гейта SaaS-admin зоны вне local/testing. + | По умолчанию false → прод не затронут. Включается только на тест-сервере + | (SAAS_ADMIN_TEST_BYPASS=true). Убрать после внедрения Yandex 360 SSO (Б-1 + DO-4). + */ + 'saas_admin_test_bypass' => (bool) env('SAAS_ADMIN_TEST_BYPASS', false), + /* |-------------------------------------------------------------------------- | Application Debug Mode diff --git a/app/tests/Feature/Middleware/EnsureSaasAdminTest.php b/app/tests/Feature/Middleware/EnsureSaasAdminTest.php new file mode 100644 index 00000000..c8d52a87 --- /dev/null +++ b/app/tests/Feature/Middleware/EnsureSaasAdminTest.php @@ -0,0 +1,22 @@ +detectEnvironment(fn () => 'production'); + config(['app.saas_admin_test_bypass' => false]); + + get('/api/admin/tenants')->assertStatus(503); +}); + +it('allows saas-admin area when test bypass flag is enabled', function () { + app()->detectEnvironment(fn () => 'production'); + config(['app.saas_admin_test_bypass' => true]); + + expect(get('/api/admin/tenants')->status())->not->toBe(503); +}); diff --git a/docs/observer/STATUS.md b/docs/observer/STATUS.md index 2cf07844..eb53cf00 100644 --- a/docs/observer/STATUS.md +++ b/docs/observer/STATUS.md @@ -1,6 +1,6 @@ # Brain Status (auto-generated) -Last updated: 2026-05-21T01:53:48.034Z +Last updated: 2026-05-21T07:59:50.686Z | Контролёр | Состояние | Детали | |---|---|---| @@ -8,12 +8,12 @@ Last updated: 2026-05-21T01:53:48.034Z | C2 Cross-ref consistency | ✅ | [cross-ref-checker] OK — 0 drift in 4 files | | C3 Observer-of-observer | ✅ | [observer-of-observer] OK — last read 0 week(s) ago | | C4 Сигнальный статус | ✅ | This file (self-reference) | -| C5 Observer-coverage | ⚠️ | 16 episode(s) this month · .git/hooks/post-commit not installed (run: npx lefthook install --force) | +| C5 Observer-coverage | ✅ | 67 episode(s) this month · Stop-hook + post-commit OK | | C6 Chain map sync | ✅ | [chain-map-checker] OK — 14 chains in sync | ## Метрики (информационные, не алерты) -- Observer evidence: 16 episodes this month, 0 observer_error markers, 0 PII matches before filter +- Observer evidence: 67 episodes this month, 0 observer_error markers, 48 PII matches before filter - Legacy v1 episodes (not in factor analysis): 5 - Last /brain-retro: 2 day(s) ago - Использование узлов: см. `/brain-retro` (раз в спринт). **Неиспользованные узлы — не проблема** (capability-readiness; см. memory `feedback_brain_unused_tools_not_problem` — outside-repo memory store).