Access Gate

Access Gate

Gate any Capell page, download, or member area behind login, email approval, guest links, schedules, or paid checkout — with full request, grant, and audit management in the admin.

At A Glance

• Package: capell-app/access-gate
• Namespace: Capell\AccessGate\
• Surfaces: admin, frontend, console
• Service providers: packages/access-gate/src/Providers/AccessGateServiceProvider.php
• Capell dependencies: capell-app/core
• Third-party dependencies: laravel/framework, lorisleiva/laravel-actions

Why It Helps Your Capell Workflow

• Protect gated pages, downloads, or member-only areas without building a one-off approval system for each site.
• Keeps request, grant, claim-token, and approval state in package tables so operators can audit access decisions.
• Works well with public submission flows because access requests can stay separate from page rendering and cacheable public HTML.

Best Used With

• Public Actions
• HTML Cache
• Diagnostics

What It Adds

• Access gating foundations for Capell CMS.
• Admin resources: AccessAreaResource, AccessGateEventResource, BrowserTokenResource, ClaimTokenResource, GrantResource, RegistrationResource.
• Package setup or maintenance commands.
• Public request, claim, status, and logout endpoints for gated access flows.

Code Map

Admin Surface

• Resources: AccessAreaResource, AccessGateEventResource, BrowserTokenResource, ClaimTokenResource, GrantResource, RegistrationResource.
• Pages: CreateAccessArea, EditAccessArea, ListAccessAreas, ListAccessGateEvents, ListBrowserTokens, ListClaimTokens, ListGrants, ListRegistrations.

Runtime Surface

• Controllers: AccessGateStatusController, ClaimAccessGateTokenController, LogoutAccessGateController, ShowAccessRequestController, StoreAccessRequestController.
• Routes: packages/access-gate/routes/web.php.

Commands

• capell:access-gate-doctor (packages/access-gate/src/Console/Commands/AccessGateDoctorCommand.php)
• capell:access-gate-install (packages/access-gate/src/Console/Commands/AccessGateInstallCommand.php)
• capell:access-gate-setup (packages/access-gate/src/Console/Commands/AccessGateSetupCommand.php)

Data And Persistence

• Models: AccessGateModel, Area, BrowserToken, ClaimToken, Event, Grant, Registration.
• Migrations: 2026_05_10_190838_01_create_access_gate_areas_table.php, 2026_05_10_190838_02_create_access_gate_registrations_table.php, 2026_05_10_190838_03_create_access_gate_grants_table.php, 2026_05_10_190838_04_create_access_gate_claim_tokens_table.php, 2026_05_10_190838_05_create_access_gate_browser_tokens_table.php, 2026_05_10_190838_06_create_access_gate_events_table.php.
• Config: packages/access-gate/config/access-gate.php.
• Data objects live in src/Data/; use them for payloads, form state, and view models.

Extension Points

• Contracts: AccessRequestMethod, RegistrationField.
• Events: RegistrationApproved.
• Register Capell extension points, routes, migrations, settings, render hooks, and resources from service providers.

Install And Setup

• Install with composer require capell-app/access-gate in the host Capell application.
• Run migrations through the host application package install flow.
• In this repository, verify package changes with vendor/bin/pest; do not use php artisan.

Docs

• docs index
• access-requests.md
• overview.md
• screenshots.json

Testing

Run package tests from the repository root:

vendor/bin/pest packages/access-gate/tests --configuration=phpunit.xml

Maintenance Notes

• Treat public routes as untrusted input and keep validation, permission checks, and side effects inside actions or dedicated services.
• Put behaviour changes in src/Actions/; UI classes, commands, and controllers should call actions instead of owning domain logic.
• Use package Data classes at boundaries instead of passing anonymous arrays between layers.
• Use backed enums for persisted values and enum labels for Filament options.

Access Gate

Status: Available, schema-owning · Kind: package · Tier: premium · Bundle: operations · Contexts: admin, frontend, console · Product group: Capell Operations

Access Gate adds gated access areas, request intake, claim-token flows, active grants, browser tokens, and audit events for protected Capell surfaces.

What This Package Adds

• Filament resources for access areas, registrations, grants, claim tokens, browser tokens, and access events.
• Public request, claim, logout, and optional status routes under the configured access route prefix.
• Access-gate middleware and frontend rule conditions for page/layout gating.
• Configurable registration fields, identity methods, approval strategies, token policies, and rate limits.
• Install, setup, and doctor commands for host application maintenance.

Install Flow

• Composer package: capell-app/access-gate
• Hard dependencies: capell-app/core
• Optional dependencies: capell-app/public-actions
• Run host migrations through the package install flow, then run capell:extension-install capell-app/access-gate.
• Run capell:access-gate-doctor in the host app to verify middleware order, route registration, and package health.

Admin Surfaces

• AccessAreaResource: list, create, and edit access areas.
• RegistrationResource: list requests and run approve, reject, resend claim, expire, and grant actions.
• GrantResource: list grants and revoke active grants.
• ClaimTokenResource: list claim-token status.
• BrowserTokenResource: list browser-token status and revoke active browser tokens.
• AccessGateEventResource: list audit events.

Frontend Surfaces

• GET /access/request/{area}: access request form.
• POST /access/request/{area}: access request submission endpoint.
• GET /access/claim/{token}: claim-token endpoint.
• POST /access/logout/{area}: area logout endpoint.
• Optional GET /access/status/{area} endpoint when enabled in config.
• Blade views render the request form, blocked message, and reusable request CTA.

Anonymous and non-admin public output must stay free of authoring markers, editor URLs, model IDs, and admin-only labels.

Screenshot Plan

• Access areas admin index.
• Create/edit access area form.
• Registrations admin index with approval actions.
• Grants admin index with revoke action.
• Claim tokens admin index.
• Browser tokens admin index.
• Access events admin index.
• Public access request form.
• Public gated message.
• Public request CTA component.

Known Risks

• The batch harness Composer install discovered the package and registered public routes, but php artisan migrate --graceful reported no migrations to run before capell:extension-install. Verify the package install flow publishes or runs all access-gate migrations in a fresh host app.
• Screenshots need seeded access areas, registrations, grants, and tokens before final publication.

Feature Suggestions

• Add an admin “Access Area health” panel that previews request URL, status endpoint availability, registration policy, and middleware status for each area.
• Add a bulk registration triage workflow with filters for area, status, requested host, and one-click approve/reject notes.
• Add a safe public preview command that renders the request form and blocked message for a selected area without requiring a live protected page.