feat: shift tenant onboarding to approval flow and refresh platform UI

Create tenant registrations as pending requests and move domain/DB/user provisioning to admin approval via TenantOnboardingService::approveTenant.

Harden central tenant/admin flows: safer redirects, active-only tenant metrics, improved registration input normalization, and tenant plan relationship loading for admin views.

Add Alpine.js and replace inline confirm() usage with a reusable dialog triggered by data-confirm forms.

Apply industrial design-system overhaul across central/admin/tenant layouts, update typography/colors/navigation/modal behavior, and standardize payroll/currency display to PHP peso.

Author: oneetnwt

app/Http/Controllers/Central/Admin/AdminAuthController.php

@@ -29,7 +29,7 @@ public function store(Request $request)
 
         $request->session()->regenerate();
 
-        return redirect()->intended(route('admin.dashboard'));
+        return redirect()->route('admin.dashboard');
     }
 
     public function destroy(Request $request)
@@ -39,6 +39,6 @@ public function destroy(Request $request)
         $request->session()->invalidate();
         $request->session()->regenerateToken();
 
-        return redirect()->route('admin.login');
+        return redirect('/login');
     }
 }

app/Http/Controllers/Central/Admin/TenantManagementController.php

@@ -11,37 +11,58 @@
 use App\Notifications\Central\TenantApprovedNotification;
 
 use App\Services\Central\PlatformActivityService;
+use App\Services\Central\TenantOnboardingService;
+use Throwable;
 
 class TenantManagementController extends Controller
 {
-    public function __construct(protected PlatformActivityService $activityService)
+    public function __construct(
+        protected PlatformActivityService $activityService,
+        protected TenantOnboardingService $onboardingService,
+    )
     {}
 
     public function index(): View
     {
-        $tenants = Tenant::latest()->paginate(15);
+        $tenants = Tenant::with(['tenantPlan', 'plan'])->latest()->paginate(15);
         return view('admin.tenants.index', compact('tenants'));
     }
 
     public function show(Tenant $tenant): View
     {
-        // Peek into the tenant database to get metrics
-        $metrics = $tenant->run(function () {
-            return [
-                'workers_count' => \App\Models\User::workers()->count(),
-                'jobs_count' => \App\Models\JobOrder::count(),
-                'tasks_count' => \App\Models\Task::count(),
-                'payroll_periods_count' => \App\Models\PayrollPeriod::count(),
-                'total_payroll_value' => \App\Models\PayrollPeriod::sum('total_amount'),
-            ];
-        });
+        $metrics = [
+            'workers_count' => 0,
+            'jobs_count' => 0,
+            'tasks_count' => 0,
+            'payroll_periods_count' => 0,
+            'total_payroll_value' => 0,
+        ];
+
+        // Pending/suspended workspaces may not have a provisioned tenant DB yet.
+        if ($tenant->status === 'active') {
+            $metrics = $tenant->run(function () {
+                return [
+                    'workers_count' => \App\Models\User::workers()->count(),
+                    'jobs_count' => \App\Models\JobOrder::count(),
+                    'tasks_count' => \App\Models\Task::count(),
+                    'payroll_periods_count' => \App\Models\PayrollPeriod::count(),
+                    'total_payroll_value' => \App\Models\PayrollPeriod::sum('total_amount'),
+                ];
+            });
+        }
 
         return view('admin.tenants.show', compact('tenant', 'metrics'));
     }
 
     public function approve(Tenant $tenant)
     {
-        $tenant->update(['status' => 'active']);
+        try {
+            $this->onboardingService->approveTenant($tenant);
+        } catch (Throwable $e) {
+            return back()->withErrors([
+                'approval' => "Failed to approve tenant '{$tenant->company_name}'. Please try again. Error: {$e->getMessage()}",
+            ]);
+        }
 
         // Log the action
         $this->activityService->log(

app/Http/Controllers/Central/RegisterTenantController.php

@@ -44,23 +44,13 @@ public function create()
     public function store(RegisterTenantRequest $request)
     {
         try {
-            $result = $this->onboardingService->registerTenant($request->validated());
-            $tenant = $result['tenant'];
-            $tenantAdminUserId = $result['tenant_admin_user_id'];
-            $scheme = request()->secure() ? 'https://' : 'http://';
-            $baseDomain = preg_replace('/:\\d+$/', '', (string) (config('tenancy.central_domains')[0] ?? 'localhost'));
-            $subdomain = $tenant->subdomain ?: $tenant->getTenantKey();
-            $port = request()->getPort();
-            $portSegment = in_array((int) $port, [80, 443], true) ? '' : ':' . $port;
+            $this->onboardingService->registerTenant($request->validated());
 
-            // Create token and redirect to tenant-side impersonation endpoint.
-            $token = tenancy()->impersonate($tenant, (string) $tenantAdminUserId, '/dashboard', 'web');
-
-            return redirect()->away($scheme . $subdomain . '.' . $baseDomain . $portSegment . '/impersonate/' . $token->token);
+            return redirect()->route('tenant.register.create')->with('success', 'Registration received. Your workspace will be provisioned after admin approval.');
         } catch (Exception $e) {
             // In a production app, we would log this and return a friendlier error
             return back()->withInput()->withErrors([
-                'domain' => 'Failed to provision tenant workspace. Please try again or choose a different subdomain. Error: ' . $e->getMessage(),
+                'domain' => 'Failed to submit tenant registration request. Please try again or choose a different subdomain. Error: ' . $e->getMessage(),
             ]);
         }
     }

app/Http/Requests/Central/RegisterTenantRequest.php

@@ -3,6 +3,7 @@
 namespace App\Http\Requests\Central;
 
 use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Support\Str;
 use Illuminate\Validation\Rules\Password;
 
 class RegisterTenantRequest extends FormRequest
@@ -16,29 +17,39 @@ public function rules(): array
     {
         return [
             'company_name' => ['required', 'string', 'max:255'],
-            'subdomain'    => ['required', 'string', 'max:60', 'alpha_dash'],
-            'domain'       => ['required', 'string', 'unique:domains,domain'],
-            'admin_name'   => ['required', 'string', 'max:255'],
-            'admin_email'  => ['required', 'string', 'email', 'max:255'],
-            'password'     => ['required', 'confirmed', Password::defaults()],
+            'subdomain' => ['required', 'string', 'max:60', 'alpha_dash', 'unique:tenants,subdomain'],
+            'domain' => ['required', 'string', 'unique:domains,domain'],
+            'admin_name' => ['required', 'string', 'max:255'],
+            'admin_email' => ['required', 'string', 'email', 'max:255'],
+            'password' => ['required', 'confirmed', Password::defaults()],
             // Legacy fields are optional to avoid breaking existing links or old clients.
-            'plan_id'      => ['nullable', 'exists:plans,id'],
-            'billing_cycle'=> ['nullable', 'string', 'in:monthly,annual'],
-            'industry'     => ['nullable', 'string', 'max:255'],
-            'size'         => ['nullable', 'string', 'max:255'],
-            'website'      => ['nullable', 'string', 'max:255'],
-            'terms'        => ['accepted'],
+            'plan_id' => ['nullable', 'exists:plans,id'],
+            'billing_cycle' => ['nullable', 'string', 'in:monthly,annual'],
+            'industry' => ['nullable', 'string', 'max:255'],
+            'size' => ['nullable', 'string', 'max:255'],
+            'website' => ['nullable', 'string', 'max:255'],
+            'terms' => ['accepted'],
         ];
     }
 
     protected function prepareForValidation(): void
     {
-        $centralDomain = config('tenancy.central_domains')[0] ?? 'localhost';   
-        $subdomain = strtolower($this->subdomain ?? $this->domain);
+        $rawCentralDomain = (string) (config('tenancy.central_domains')[0] ?? 'localhost');
+        $centralDomain = preg_replace('/:\\d+$/', '', $rawCentralDomain) ?: 'localhost';
+        $subdomainInput = strtolower((string) ($this->subdomain ?? $this->domain ?? ''));
+
+        // Allow users to paste either "acme" or "acme.localhost".
+        $subdomain = Str::of($subdomainInput)
+            ->when(
+                Str::endsWith($subdomainInput, '.'.$centralDomain),
+                fn ($value) => $value->beforeLast('.'.$centralDomain)
+            )
+            ->trim('.')
+            ->toString();
 
         $this->merge([
             'subdomain' => $subdomain,
-            'domain'    => $subdomain . '.' . $centralDomain,
+            'domain' => $subdomain.'.'.$centralDomain,
         ]);
     }
 }

app/Models/Tenant.php

@@ -44,4 +44,12 @@ public function plan()
     {
         return $this->belongsTo(Plan::class);
     }
+
+    /**
+     * Get the latest central plan record for this tenant.
+     */
+    public function tenantPlan()
+    {
+        return $this->hasOne(TenantPlan::class)->latestOfMany('valid_until');
+    }
 }

app/Providers/AppServiceProvider.php

@@ -2,12 +2,11 @@
 
 namespace App\Providers;
 
-use Illuminate\Support\ServiceProvider;
-
-use Illuminate\Support\Facades\Gate;
+use App\Models\User;
 use Illuminate\Auth\Middleware\Authenticate;
 use Illuminate\Auth\Middleware\RedirectIfAuthenticated;
-use App\Models\User;
+use Illuminate\Support\Facades\Gate;
+use Illuminate\Support\ServiceProvider;
 
 class AppServiceProvider extends ServiceProvider
 {
@@ -28,7 +27,7 @@ public function boot(): void
             $host = $request->getHost();
 
             if (str_starts_with($host, 'admin.')) {
-                return route('admin.login');
+                return '/login';
             }
 
             return '/login';