Skip to content
Capell CMS

Overview

Status: Available, schema-owning · Kind: package · Tier: premium · Bundle: operations · Contexts: admin, frontend, console · Product group: Capell Operations

Access Gate adds gated access areas, request intake, claim-token flows, active grants, browser tokens, and audit events for protected Capell surfaces.

What This Package Adds

Section titled “What This Package Adds”
  • Filament resources for access areas, registrations, grants, claim tokens, browser tokens, and access events.
  • Public request, claim, logout, and optional status routes under the configured access route prefix.
  • Access-gate middleware and frontend rule conditions for page/layout gating.
  • Configurable registration fields, identity methods, approval strategies, token policies, and rate limits.
  • Install, setup, and doctor commands for host application maintenance.

Install Flow

Section titled “Install Flow”
  • Composer package: capell-app/access-gate
  • Hard dependencies: capell-app/core
  • Optional dependencies: capell-app/public-actions
  • Run host migrations through the package install flow, then run capell:extension-install capell-app/access-gate.
  • Run capell:access-gate-doctor in the host app to verify middleware order, route registration, and package health.

Admin Surfaces

Section titled “Admin Surfaces”
  • AccessAreaResource: list, create, and edit access areas.
  • RegistrationResource: list requests and run approve, reject, resend claim, expire, and grant actions.
  • GrantResource: list grants and revoke active grants.
  • ClaimTokenResource: list claim-token status.
  • BrowserTokenResource: list browser-token status and revoke active browser tokens.
  • AccessGateEventResource: list audit events.

Frontend Surfaces

Section titled “Frontend Surfaces”
  • GET /access/request/{area}: access request form.
  • POST /access/request/{area}: access request submission endpoint.
  • GET /access/claim/{token}: claim-token endpoint.
  • POST /access/logout/{area}: area logout endpoint.
  • Optional GET /access/status/{area} endpoint when enabled in config.
  • Blade views render the request form, blocked message, and reusable request CTA.

Anonymous and non-admin public output must stay free of authoring markers, editor URLs, model IDs, and admin-only labels.

Screenshot Plan

Section titled “Screenshot Plan”
  • Access areas admin index.
  • Create/edit access area form.
  • Registrations admin index with approval actions.
  • Grants admin index with revoke action.
  • Claim tokens admin index.
  • Browser tokens admin index.
  • Access events admin index.
  • Public access request form.
  • Public gated message.
  • Public request CTA component.

Known Risks

Section titled “Known Risks”
  • The batch harness Composer install discovered the package and registered public routes, but php artisan migrate --graceful reported no migrations to run before capell:extension-install. Verify the package install flow publishes or runs all access-gate migrations in a fresh host app.
  • Screenshots need seeded access areas, registrations, grants, and tokens before final publication.

Feature Suggestions

Section titled “Feature Suggestions”
  • Add an admin “Access Area health” panel that previews request URL, status endpoint availability, registration policy, and middleware status for each area.
  • Add a bulk registration triage workflow with filters for area, status, requested host, and one-click approve/reject notes.
  • Add a safe public preview command that renders the request form and blocked message for a selected area without requiring a live protected page.