diff --git a/app/Contracts/Http/ClientPermissionsRequest.php b/app/Contracts/Http/ClientPermissionsRequest.php
index 898ef032e..d098b3ce9 100644
--- a/app/Contracts/Http/ClientPermissionsRequest.php
+++ b/app/Contracts/Http/ClientPermissionsRequest.php
@@ -2,12 +2,13 @@
namespace App\Contracts\Http;
+use App\Enums\SubuserPermission;
+
interface ClientPermissionsRequest
{
/**
- * Returns the permissions string indicating which permission should be used to
- * validate that the authenticated user has permission to perform this action against
- * the given resource (server).
+ * Returns the permission used to validate that the authenticated user may perform
+ * this action against the given resource (server).
*/
- public function permission(): string;
+ public function permission(): SubuserPermission|string;
}
diff --git a/app/Enums/SubuserPermission.php b/app/Enums/SubuserPermission.php
new file mode 100644
index 000000000..ccb16680e
--- /dev/null
+++ b/app/Enums/SubuserPermission.php
@@ -0,0 +1,88 @@
+value, 2);
+ }
+
+ public function isHidden(): bool
+ {
+ return $this === self::WebsocketConnect;
+ }
+
+ public function getIcon(): ?string
+ {
+ [$group, $permission] = $this->split();
+
+ return match ($group) {
+ 'control' => 'tabler-terminal-2',
+ 'user' => 'tabler-users',
+ 'file' => 'tabler-files',
+ 'backup' => 'tabler-file-zip',
+ 'allocation' => 'tabler-network',
+ 'startup' => 'tabler-player-play',
+ 'database' => 'tabler-database',
+ 'schedule' => 'tabler-clock',
+ 'settings' => 'tabler-settings',
+ 'activity' => 'tabler-stack',
+ default => null,
+ };
+ }
+}
diff --git a/app/Extensions/Features/Schemas/GSLTokenSchema.php b/app/Extensions/Features/Schemas/GSLTokenSchema.php
index f9b0f3a54..aa380a771 100644
--- a/app/Extensions/Features/Schemas/GSLTokenSchema.php
+++ b/app/Extensions/Features/Schemas/GSLTokenSchema.php
@@ -2,9 +2,9 @@
namespace App\Extensions\Features\Schemas;
+use App\Enums\SubuserPermission;
use App\Extensions\Features\FeatureSchemaInterface;
use App\Facades\Activity;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\ServerVariable;
use App\Repositories\Daemon\DaemonServerRepository;
@@ -54,7 +54,7 @@ class GSLTokenSchema implements FeatureSchemaInterface
->modalHeading('Invalid GSL token')
->modalDescription('It seems like your Gameserver Login Token (GSL token) is invalid or has expired.')
->modalSubmitActionLabel('Update GSL Token')
- ->disabledSchema(fn () => !user()?->can(Permission::ACTION_STARTUP_UPDATE, $server))
+ ->disabledSchema(fn () => !user()?->can(SubuserPermission::StartupUpdate, $server))
->schema([
TextEntry::make('info')
->label(new HtmlString(Blade::render('You can either generate a new one and enter it below or leave the field blank to remove it completely.'))),
diff --git a/app/Extensions/Features/Schemas/JavaVersionSchema.php b/app/Extensions/Features/Schemas/JavaVersionSchema.php
index 4e47c1baf..6ca0be258 100644
--- a/app/Extensions/Features/Schemas/JavaVersionSchema.php
+++ b/app/Extensions/Features/Schemas/JavaVersionSchema.php
@@ -2,9 +2,9 @@
namespace App\Extensions\Features\Schemas;
+use App\Enums\SubuserPermission;
use App\Extensions\Features\FeatureSchemaInterface;
use App\Facades\Activity;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonServerRepository;
use Exception;
@@ -44,7 +44,7 @@ class JavaVersionSchema implements FeatureSchemaInterface
->modalHeading('Unsupported Java Version')
->modalDescription('This server is currently running an unsupported version of Java and cannot be started.')
->modalSubmitActionLabel('Update Docker Image')
- ->disabledSchema(fn () => !user()?->can(Permission::ACTION_STARTUP_DOCKER_IMAGE, $server))
+ ->disabledSchema(fn () => !user()?->can(SubuserPermission::StartupDockerImage, $server))
->schema([
TextEntry::make('java')
->label('Please select a supported version from the list below to continue starting the server.'),
diff --git a/app/Filament/App/Resources/Servers/Pages/ListServers.php b/app/Filament/App/Resources/Servers/Pages/ListServers.php
index 1643635b3..98ac83e21 100644
--- a/app/Filament/App/Resources/Servers/Pages/ListServers.php
+++ b/app/Filament/App/Resources/Servers/Pages/ListServers.php
@@ -4,11 +4,11 @@ namespace App\Filament\App\Resources\Servers\Pages;
use App\Enums\CustomizationKey;
use App\Enums\ServerResourceType;
+use App\Enums\SubuserPermission;
use App\Filament\App\Resources\Servers\ServerResource;
use App\Filament\Components\Tables\Columns\ProgressBarColumn;
use App\Filament\Components\Tables\Columns\ServerEntryColumn;
use App\Filament\Server\Pages\Console;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonServerRepository;
use App\Traits\Filament\CanCustomizeHeaderActions;
@@ -244,21 +244,21 @@ class ListServers extends ListRecords
->label(trans('server/console.power_actions.start'))
->color('primary')
->icon('tabler-player-play-filled')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_START, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStart, $server))
->visible(fn (Server $server) => $server->retrieveStatus()->isStartable())
->dispatch('powerAction', fn (Server $server) => ['server' => $server, 'action' => 'start']),
Action::make('restart')
->label(trans('server/console.power_actions.restart'))
->color('gray')
->icon('tabler-reload')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_RESTART, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlRestart, $server))
->visible(fn (Server $server) => $server->retrieveStatus()->isRestartable())
->dispatch('powerAction', fn (Server $server) => ['server' => $server, 'action' => 'restart']),
Action::make('stop')
->label(trans('server/console.power_actions.stop'))
->color('danger')
->icon('tabler-player-stop-filled')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_STOP, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStop, $server))
->visible(fn (Server $server) => $server->retrieveStatus()->isStoppable() && !$server->retrieveStatus()->isKillable())
->dispatch('powerAction', fn (Server $server) => ['server' => $server, 'action' => 'stop']),
Action::make('kill')
@@ -266,7 +266,7 @@ class ListServers extends ListRecords
->color('danger')
->icon('tabler-alert-square')
->tooltip(trans('server/console.power_actions.kill_tooltip'))
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_STOP, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStop, $server))
->visible(fn (Server $server) => $server->retrieveStatus()->isKillable())
->dispatch('powerAction', fn (Server $server) => ['server' => $server, 'action' => 'kill']),
])
diff --git a/app/Filament/Components/Actions/ExportScheduleAction.php b/app/Filament/Components/Actions/ExportScheduleAction.php
index df1f04ca3..764c2fff6 100644
--- a/app/Filament/Components/Actions/ExportScheduleAction.php
+++ b/app/Filament/Components/Actions/ExportScheduleAction.php
@@ -2,7 +2,7 @@
namespace App\Filament\Components\Actions;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Models\Server;
use App\Services\Schedules\Sharing\ScheduleExporterService;
@@ -36,7 +36,7 @@ class ExportScheduleAction extends Action
$this->label(trans('filament-actions::export.modal.actions.export.label'));
- $this->authorize(fn () => user()?->can(Permission::ACTION_SCHEDULE_READ, $server));
+ $this->authorize(fn () => user()?->can(SubuserPermission::ScheduleRead, $server));
$this->action(fn (ScheduleExporterService $service, Schedule $schedule) => response()->streamDownload(function () use ($service, $schedule) {
echo $service->handle($schedule);
diff --git a/app/Filament/Components/Actions/ImportScheduleAction.php b/app/Filament/Components/Actions/ImportScheduleAction.php
index ce579a8d9..d3b3deede 100644
--- a/app/Filament/Components/Actions/ImportScheduleAction.php
+++ b/app/Filament/Components/Actions/ImportScheduleAction.php
@@ -2,7 +2,7 @@
namespace App\Filament\Components\Actions;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Server;
use App\Services\Schedules\Sharing\ScheduleImporterService;
use Exception;
@@ -33,7 +33,7 @@ class ImportScheduleAction extends Action
$this->label(trans('filament-actions::import.modal.actions.import.label'));
- $this->authorize(fn () => user()?->can(Permission::ACTION_SCHEDULE_CREATE, $server));
+ $this->authorize(fn () => user()?->can(SubuserPermission::ScheduleCreate, $server));
$this->schema([
Tabs::make('Tabs')
diff --git a/app/Filament/Server/Pages/Console.php b/app/Filament/Server/Pages/Console.php
index 4f454dfe1..f149b7a84 100644
--- a/app/Filament/Server/Pages/Console.php
+++ b/app/Filament/Server/Pages/Console.php
@@ -4,6 +4,7 @@ namespace App\Filament\Server\Pages;
use App\Enums\ConsoleWidgetPosition;
use App\Enums\ContainerStatus;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\Server\ServerStateConflictException;
use App\Extensions\Features\FeatureService;
use App\Filament\Server\Widgets\ServerConsole;
@@ -12,7 +13,6 @@ use App\Filament\Server\Widgets\ServerMemoryChart;
use App\Filament\Server\Widgets\ServerNetworkChart;
use App\Filament\Server\Widgets\ServerOverview;
use App\Livewire\AlertBanner;
-use App\Models\Permission;
use App\Models\Server;
use App\Traits\Filament\CanCustomizeHeaderActions;
use Filament\Actions\Action;
@@ -164,7 +164,7 @@ class Console extends Page
->label(trans('server/console.power_actions.start'))
->color('primary')
->icon('tabler-player-play-filled')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_START, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStart, $server))
->disabled(fn (Server $server) => $server->isInConflictState() || !$this->status->isStartable())
->action(fn (Server $server) => $this->dispatch('setServerState', uuid: $server->uuid, state: 'start'))
->size(Size::ExtraLarge),
@@ -172,7 +172,7 @@ class Console extends Page
->label(trans('server/console.power_actions.restart'))
->color('gray')
->icon('tabler-reload')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_RESTART, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlRestart, $server))
->disabled(fn (Server $server) => $server->isInConflictState() || !$this->status->isRestartable())
->action(fn (Server $server) => $this->dispatch('setServerState', uuid: $server->uuid, state: 'restart'))
->size(Size::ExtraLarge),
@@ -180,7 +180,7 @@ class Console extends Page
->label(trans('server/console.power_actions.stop'))
->color('danger')
->icon('tabler-player-stop-filled')
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_STOP, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStop, $server))
->visible(fn () => !$this->status->isKillable())
->disabled(fn (Server $server) => $server->isInConflictState() || !$this->status->isStoppable())
->action(fn (Server $server) => $this->dispatch('setServerState', uuid: $server->uuid, state: 'stop'))
@@ -191,7 +191,7 @@ class Console extends Page
->icon('tabler-alert-square')
->tooltip(trans('server/console.power_actions.kill_tooltip'))
->requiresConfirmation()
- ->authorize(fn (Server $server) => user()?->can(Permission::ACTION_CONTROL_STOP, $server))
+ ->authorize(fn (Server $server) => user()?->can(SubuserPermission::ControlStop, $server))
->visible(fn () => $this->status->isKillable())
->disabled(fn (Server $server) => $server->isInConflictState() || !$this->status->isKillable())
->action(fn (Server $server) => $this->dispatch('setServerState', uuid: $server->uuid, state: 'kill'))
diff --git a/app/Filament/Server/Pages/Settings.php b/app/Filament/Server/Pages/Settings.php
index 6732a07b1..19bfe7d31 100644
--- a/app/Filament/Server/Pages/Settings.php
+++ b/app/Filament/Server/Pages/Settings.php
@@ -2,8 +2,8 @@
namespace App\Filament\Server\Pages;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Servers\ReinstallServerService;
use Exception;
@@ -60,7 +60,7 @@ class Settings extends ServerFormPage
->columnStart(1)
->columnSpanFull()
->label(trans('server/setting.server_info.name'))
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_RENAME, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::SettingsRename, $server))
->required()
->live(onBlur: true)
->afterStateUpdated(fn ($state, Server $server) => $this->updateName($state, $server)),
@@ -69,7 +69,7 @@ class Settings extends ServerFormPage
->columnSpanFull()
->label(trans('server/setting.server_info.description'))
->hidden(!config('panel.editable_server_descriptions'))
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_DESCRIPTION, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::SettingsDescription, $server))
->autosize()
->live(onBlur: true)
->afterStateUpdated(fn ($state, Server $server) => $this->updateDescription($state ?? '', $server)),
@@ -319,7 +319,7 @@ class Settings extends ServerFormPage
]),
Fieldset::make(trans('server/setting.server_info.sftp.title'))
->columnSpanFull()
- ->hidden(fn (Server $server) => !user()?->can(Permission::ACTION_FILE_SFTP, $server))
+ ->hidden(fn (Server $server) => !user()?->can(SubuserPermission::FileSftp, $server))
->columns([
'default' => 1,
'sm' => 1,
@@ -361,19 +361,19 @@ class Settings extends ServerFormPage
]),
]),
Section::make(trans('server/setting.reinstall.title'))
- ->hidden(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_REINSTALL, $server))
+ ->hidden(fn (Server $server) => !user()?->can(SubuserPermission::SettingsReinstall, $server))
->columnSpanFull()
->footerActions([
Action::make('reinstall')
->label(trans('server/setting.reinstall.action'))
->color('danger')
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_SETTINGS_REINSTALL, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::SettingsReinstall, $server))
->requiresConfirmation()
->modalHeading(trans('server/setting.reinstall.modal'))
->modalDescription(trans('server/setting.reinstall.modal_description'))
->modalSubmitActionLabel(trans('server/setting.reinstall.yes'))
->action(function (Server $server, ReinstallServerService $reinstallService) {
- abort_unless(user()?->can(Permission::ACTION_SETTINGS_REINSTALL, $server), 403);
+ abort_unless(user()?->can(SubuserPermission::SettingsReinstall, $server), 403);
try {
$reinstallService->handle($server);
@@ -412,7 +412,7 @@ class Settings extends ServerFormPage
public function updateName(string $name, Server $server): void
{
- abort_unless(user()?->can(Permission::ACTION_SETTINGS_RENAME, $server), 403);
+ abort_unless(user()?->can(SubuserPermission::SettingsRename, $server), 403);
$original = $server->name;
@@ -443,7 +443,7 @@ class Settings extends ServerFormPage
public function updateDescription(string $description, Server $server): void
{
- abort_unless(user()?->can(Permission::ACTION_SETTINGS_DESCRIPTION, $server) && config('panel.editable_server_descriptions'), 403);
+ abort_unless(user()?->can(SubuserPermission::SettingsDescription, $server) && config('panel.editable_server_descriptions'), 403);
$original = $server->description;
diff --git a/app/Filament/Server/Pages/Startup.php b/app/Filament/Server/Pages/Startup.php
index 231875172..4eae89233 100644
--- a/app/Filament/Server/Pages/Startup.php
+++ b/app/Filament/Server/Pages/Startup.php
@@ -2,10 +2,10 @@
namespace App\Filament\Server\Pages;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Components\Actions\PreviewStartupAction;
use App\Filament\Components\Forms\Fields\StartupVariable;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\ServerVariable;
use Exception;
@@ -51,7 +51,7 @@ class Startup extends ServerFormPage
->label(trans('server/startup.command'))
->live()
->visible(fn (Server $server) => in_array($server->startup, $server->egg->startup_commands))
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_STARTUP_UPDATE, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::StartupUpdate, $server))
->formatStateUsing(fn (Server $server) => $server->startup)
->afterStateUpdated(function ($state, Server $server, Set $set) {
$original = $server->startup;
@@ -85,7 +85,7 @@ class Startup extends ServerFormPage
->label(trans('server/startup.docker_image'))
->live()
->visible(fn (Server $server) => in_array($server->image, $server->egg->docker_images))
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_STARTUP_DOCKER_IMAGE, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::StartupDockerImage, $server))
->afterStateUpdated(function ($state, Server $server) {
$original = $server->image;
$server->forceFill(['image' => $state])->saveOrFail();
@@ -123,7 +123,7 @@ class Startup extends ServerFormPage
return $query->where('egg_variables.user_viewable', true)->orderByPowerJoins('variable.sort');
})
->grid()
- ->disabled(fn (Server $server) => !user()?->can(Permission::ACTION_STARTUP_UPDATE, $server))
+ ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::StartupUpdate, $server))
->reorderable(false)->addable(false)->deletable(false)
->schema([
StartupVariable::make('variable_value')
@@ -139,12 +139,12 @@ class Startup extends ServerFormPage
protected function authorizeAccess(): void
{
- abort_unless(user()?->can(Permission::ACTION_STARTUP_READ, Filament::getTenant()), 403);
+ abort_unless(user()?->can(SubuserPermission::StartupRead, Filament::getTenant()), 403);
}
public static function canAccess(): bool
{
- return parent::canAccess() && user()?->can(Permission::ACTION_STARTUP_READ, Filament::getTenant());
+ return parent::canAccess() && user()?->can(SubuserPermission::StartupRead, Filament::getTenant());
}
public function update(?string $state, ServerVariable $serverVariable): null
diff --git a/app/Filament/Server/Resources/Allocations/AllocationResource.php b/app/Filament/Server/Resources/Allocations/AllocationResource.php
index 79ead717f..83ec5fd78 100644
--- a/app/Filament/Server/Resources/Allocations/AllocationResource.php
+++ b/app/Filament/Server/Resources/Allocations/AllocationResource.php
@@ -2,10 +2,10 @@
namespace App\Filament\Server\Resources\Allocations;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Server\Resources\Allocations\Pages\ListAllocations;
use App\Models\Allocation;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Allocations\FindAssignableAllocationService;
use App\Traits\Filament\BlockAccessInConflict;
@@ -57,7 +57,7 @@ class AllocationResource extends Resource
TextInputColumn::make('notes')
->label(trans('server/network.notes'))
->visibleFrom('sm')
- ->disabled(fn () => !user()?->can(Permission::ACTION_ALLOCATION_UPDATE, $server))
+ ->disabled(fn () => !user()?->can(SubuserPermission::AllocationUpdate, $server))
->placeholder(trans('server/network.no_notes')),
IconColumn::make('primary')
->icon(fn ($state) => match ($state) {
@@ -69,7 +69,7 @@ class AllocationResource extends Resource
default => 'gray',
})
->tooltip(fn (Allocation $allocation) => $allocation->id === $server->allocation_id ? trans('server/network.primary') : trans('server/network.make_primary'))
- ->action(fn (Allocation $allocation) => user()?->can(PERMISSION::ACTION_ALLOCATION_UPDATE, $server) && $server->update(['allocation_id' => $allocation->id]))
+ ->action(fn (Allocation $allocation) => user()?->can(SubuserPermission::AllocationUpdate, $server) && $server->update(['allocation_id' => $allocation->id]))
->default(fn (Allocation $allocation) => $allocation->id === $server->allocation_id)
->label(trans('server/network.primary')),
IconColumn::make('is_locked')
@@ -81,7 +81,7 @@ class AllocationResource extends Resource
->recordActions([
DetachAction::make()
->visible(fn (Allocation $allocation) => !$allocation->is_locked || user()?->can('update', $allocation->node))
- ->authorize(fn () => user()?->can(Permission::ACTION_ALLOCATION_DELETE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::AllocationDelete, $server))
->label(trans('server/network.delete'))
->action(function (Allocation $allocation) {
Allocation::where('id', $allocation->id)->update([
@@ -101,7 +101,7 @@ class AllocationResource extends Resource
Action::make('add_allocation')
->hiddenLabel()->iconButton()->iconSize(IconSize::ExtraLarge)
->icon(fn () => $server->allocations()->count() >= $server->allocation_limit ? 'tabler-network-off' : 'tabler-network')
- ->authorize(fn () => user()?->can(Permission::ACTION_ALLOCATION_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::AllocationCreate, $server))
->tooltip(fn () => $server->allocations()->count() >= $server->allocation_limit ? trans('server/network.limit') : trans('server/network.add'))
->hidden(fn () => !config('panel.client_features.allocations.enabled') || $server->allocation === null)
->disabled(fn () => $server->allocations()->count() >= $server->allocation_limit)
diff --git a/app/Filament/Server/Resources/Backups/BackupResource.php b/app/Filament/Server/Resources/Backups/BackupResource.php
index 66a2aad30..320aafb32 100644
--- a/app/Filament/Server/Resources/Backups/BackupResource.php
+++ b/app/Filament/Server/Resources/Backups/BackupResource.php
@@ -4,13 +4,13 @@ namespace App\Filament\Server\Resources\Backups;
use App\Enums\BackupStatus;
use App\Enums\ServerState;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Components\Tables\Columns\BytesColumn;
use App\Filament\Components\Tables\Columns\DateTimeColumn;
use App\Filament\Server\Resources\Backups\Pages\ListBackups;
use App\Http\Controllers\Api\Client\Servers\BackupController;
use App\Models\Backup;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonBackupRepository;
use App\Services\Backups\DeleteBackupService;
@@ -128,7 +128,7 @@ class BackupResource extends Resource
ActionGroup::make([
Action::make('rename')
->icon('tabler-pencil')
- ->authorize(fn () => user()?->can(Permission::ACTION_BACKUP_DELETE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::BackupDelete, $server))
->label(trans('server/backup.actions.rename.title'))
->schema([
TextInput::make('name')
@@ -159,7 +159,7 @@ class BackupResource extends Resource
Action::make('lock')
->iconSize(IconSize::Large)
->icon(fn (Backup $backup) => !$backup->is_locked ? 'tabler-lock' : 'tabler-lock-open')
- ->authorize(fn () => user()?->can(Permission::ACTION_BACKUP_DELETE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::BackupDelete, $server))
->label(fn (Backup $backup) => !$backup->is_locked ? trans('server/backup.actions.lock.lock') : trans('server/backup.actions.lock.unlock'))
->action(fn (BackupController $backupController, Backup $backup, Request $request) => $backupController->toggleLock($request, $server, $backup))
->visible(fn (Backup $backup) => $backup->status === BackupStatus::Successful),
@@ -168,7 +168,7 @@ class BackupResource extends Resource
->iconSize(IconSize::Large)
->color('primary')
->icon('tabler-download')
- ->authorize(fn () => user()?->can(Permission::ACTION_BACKUP_DOWNLOAD, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::BackupDownload, $server))
->url(fn (DownloadLinkService $downloadLinkService, Backup $backup, Request $request) => $downloadLinkService->handle($backup, $request->user()), true)
->visible(fn (Backup $backup) => $backup->status === BackupStatus::Successful),
Action::make('restore')
@@ -176,7 +176,7 @@ class BackupResource extends Resource
->iconSize(IconSize::Large)
->color('success')
->icon('tabler-folder-up')
- ->authorize(fn () => user()?->can(Permission::ACTION_BACKUP_RESTORE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::BackupRestore, $server))
->schema([
TextEntry::make('stop_info')
->hiddenLabel()
@@ -258,7 +258,7 @@ class BackupResource extends Resource
])
->toolbarActions([
CreateAction::make()
- ->authorize(fn () => user()?->can(Permission::ACTION_BACKUP_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::BackupCreate, $server))
->icon('tabler-file-zip')
->tooltip(fn () => $server->backups()->count() >= $server->backup_limit ? trans('server/backup.actions.create.limit') : trans('server/backup.actions.create.title'))
->disabled(fn () => $server->backups()->count() >= $server->backup_limit)
@@ -269,7 +269,7 @@ class BackupResource extends Resource
->action(function (InitiateBackupService $initiateBackupService, $data) use ($server) {
$action = $initiateBackupService->setIgnoredFiles(explode(PHP_EOL, $data['ignored'] ?? ''));
- if (user()?->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+ if (user()?->can(SubuserPermission::BackupDelete, $server)) {
$action->setIsLocked((bool) $data['is_locked']);
}
diff --git a/app/Filament/Server/Resources/Databases/DatabaseResource.php b/app/Filament/Server/Resources/Databases/DatabaseResource.php
index bbd555960..c93e4a8a7 100644
--- a/app/Filament/Server/Resources/Databases/DatabaseResource.php
+++ b/app/Filament/Server/Resources/Databases/DatabaseResource.php
@@ -2,12 +2,12 @@
namespace App\Filament\Server\Resources\Databases;
+use App\Enums\SubuserPermission;
use App\Filament\Components\Actions\RotateDatabasePasswordAction;
use App\Filament\Components\Tables\Columns\DateTimeColumn;
use App\Filament\Server\Resources\Databases\Pages\ListDatabases;
use App\Models\Database;
use App\Models\DatabaseHost;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Databases\DatabaseManagementService;
use App\Traits\Filament\BlockAccessInConflict;
@@ -87,10 +87,10 @@ class DatabaseResource extends Resource
TextInput::make('password')
->label(trans('server/database.password'))
->password()->revealable()
- ->hidden(fn () => !user()?->can(Permission::ACTION_DATABASE_VIEW_PASSWORD, $server))
+ ->hidden(fn () => !user()?->can(SubuserPermission::DatabaseViewPassword, $server))
->hintAction(
RotateDatabasePasswordAction::make()
- ->authorize(fn () => user()?->can(Permission::ACTION_DATABASE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::DatabaseUpdate, $server))
)
->copyable()
->formatStateUsing(fn (Database $database) => $database->password),
@@ -102,7 +102,7 @@ class DatabaseResource extends Resource
TextInput::make('jdbc')
->label(trans('server/database.jdbc'))
->password()->revealable()
- ->hidden(!user()?->can(Permission::ACTION_DATABASE_VIEW_PASSWORD, $server))
+ ->hidden(!user()?->can(SubuserPermission::DatabaseViewPassword, $server))
->copyable()
->columnSpanFull()
->formatStateUsing(fn (Database $database) => $database->jdbc),
diff --git a/app/Filament/Server/Resources/Files/Pages/DownloadFiles.php b/app/Filament/Server/Resources/Files/Pages/DownloadFiles.php
index 7402c8069..b84fc1078 100644
--- a/app/Filament/Server/Resources/Files/Pages/DownloadFiles.php
+++ b/app/Filament/Server/Resources/Files/Pages/DownloadFiles.php
@@ -2,9 +2,9 @@
namespace App\Filament\Server\Resources\Files\Pages;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Server\Resources\Files\FileResource;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Nodes\NodeJWTService;
use Carbon\CarbonImmutable;
@@ -55,7 +55,7 @@ class DownloadFiles extends Page
protected function authorizeAccess(): void
{
- abort_unless(user()?->can(Permission::ACTION_FILE_READ_CONTENT, Filament::getTenant()), 403);
+ abort_unless(user()?->can(SubuserPermission::FileReadContent, Filament::getTenant()), 403);
}
public static function route(string $path): PageRegistration
diff --git a/app/Filament/Server/Resources/Files/Pages/EditFiles.php b/app/Filament/Server/Resources/Files/Pages/EditFiles.php
index 8b51821bc..48e28b038 100644
--- a/app/Filament/Server/Resources/Files/Pages/EditFiles.php
+++ b/app/Filament/Server/Resources/Files/Pages/EditFiles.php
@@ -2,13 +2,13 @@
namespace App\Filament\Server\Resources\Files\Pages;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\Server\FileSizeTooLargeException;
use App\Exceptions\Repository\FileNotEditableException;
use App\Facades\Activity;
use App\Filament\Server\Resources\Files\FileResource;
use App\Livewire\AlertBanner;
use App\Models\File;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonFileRepository;
use App\Traits\Filament\CanCustomizeHeaderActions;
@@ -83,7 +83,7 @@ class EditFiles extends Page
->footerActions([
Action::make('save_and_close')
->label(trans('server/file.actions.edit.save_close'))
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->icon('tabler-device-floppy')
->keyBindings('mod+shift+s')
->action(function () {
@@ -103,7 +103,7 @@ class EditFiles extends Page
}),
Action::make('save')
->label(trans('server/file.actions.edit.save'))
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->icon('tabler-device-floppy')
->keyBindings('mod+s')
->action(function () {
@@ -233,7 +233,7 @@ class EditFiles extends Page
protected function authorizeAccess(): void
{
- abort_unless(user()?->can(Permission::ACTION_FILE_READ_CONTENT, Filament::getTenant()), 403);
+ abort_unless(user()?->can(SubuserPermission::FileReadContent, Filament::getTenant()), 403);
}
/**
diff --git a/app/Filament/Server/Resources/Files/Pages/ListFiles.php b/app/Filament/Server/Resources/Files/Pages/ListFiles.php
index 3576bba57..2cec8f916 100644
--- a/app/Filament/Server/Resources/Files/Pages/ListFiles.php
+++ b/app/Filament/Server/Resources/Files/Pages/ListFiles.php
@@ -2,6 +2,7 @@
namespace App\Filament\Server\Resources\Files\Pages;
+use App\Enums\SubuserPermission;
use App\Exceptions\Repository\FileExistsException;
use App\Facades\Activity;
use App\Filament\Components\Tables\Columns\BytesColumn;
@@ -9,7 +10,6 @@ use App\Filament\Components\Tables\Columns\DateTimeColumn;
use App\Filament\Server\Resources\Files\FileResource;
use App\Livewire\AlertBanner;
use App\Models\File;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonFileRepository;
use App\Services\Nodes\NodeJWTService;
@@ -122,7 +122,7 @@ class ListFiles extends ListRecords
return self::getUrl(['path' => encode_path(join_paths($this->path, $file->name))]);
}
- if (!user()?->can(Permission::ACTION_FILE_READ_CONTENT, $server)) {
+ if (!user()?->can(SubuserPermission::FileReadContent, $server)) {
return null;
}
@@ -130,18 +130,18 @@ class ListFiles extends ListRecords
})
->recordActions([
Action::make('view')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_READ, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileRead, $server))
->label(trans('server/file.actions.open'))
->icon('tabler-eye')->iconSize(IconSize::Large)
->visible(fn (File $file) => $file->is_directory)
->url(fn (File $file) => self::getUrl(['path' => encode_path(join_paths($this->path, $file->name))])),
EditAction::make('edit')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_READ_CONTENT, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileReadContent, $server))
->visible(fn (File $file) => $file->canEdit())
->url(fn (File $file) => EditFiles::getUrl(['path' => encode_path(join_paths($this->path, $file->name))])),
ActionGroup::make([
Action::make('rename')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->label(trans('server/file.actions.rename.title'))
->icon('tabler-forms')->iconSize(IconSize::Large)
->schema([
@@ -171,7 +171,7 @@ class ListFiles extends ListRecords
$this->refreshPage();
}),
Action::make('copy')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileCreate, $server))
->label(trans('server/file.actions.copy.title'))
->icon('tabler-copy')->iconSize(IconSize::Large)
->visible(fn (File $file) => $file->is_file)
@@ -190,13 +190,13 @@ class ListFiles extends ListRecords
$this->refreshPage();
}),
Action::make('download')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_READ_CONTENT, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileReadContent, $server))
->label(trans('server/file.actions.download'))
->icon('tabler-download')->iconSize(IconSize::Large)
->visible(fn (File $file) => $file->is_file)
->url(fn (File $file) => DownloadFiles::getUrl(['path' => encode_path(join_paths($this->path, $file->name))]), true),
Action::make('move')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->label(trans('server/file.actions.move.title'))
->icon('tabler-replace')->iconSize(IconSize::Large)
->schema([
@@ -233,7 +233,7 @@ class ListFiles extends ListRecords
$this->refreshPage();
}),
Action::make('permissions')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->label(trans('server/file.actions.permissions.title'))
->icon('tabler-license')->iconSize(IconSize::Large)
->schema([
@@ -295,7 +295,7 @@ class ListFiles extends ListRecords
->send();
}),
Action::make('archive')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_ARCHIVE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileArchive, $server))
->label(trans('server/file.actions.archive.title'))
->icon('tabler-archive')->iconSize(IconSize::Large)
->schema([
@@ -335,7 +335,7 @@ class ListFiles extends ListRecords
$this->refreshPage();
}),
Action::make('unarchive')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_ARCHIVE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileArchive, $server))
->label(trans('server/file.actions.unarchive.title'))
->icon('tabler-archive')->iconSize(IconSize::Large)
->visible(fn (File $file) => $file->isArchive())
@@ -356,7 +356,7 @@ class ListFiles extends ListRecords
}),
])->iconSize(IconSize::Large),
DeleteAction::make()
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_DELETE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileDelete, $server))
->hiddenLabel()
->iconSize(IconSize::Large)
->requiresConfirmation()
@@ -376,7 +376,7 @@ class ListFiles extends ListRecords
->toolbarActions([
BulkActionGroup::make([
BulkAction::make('move')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileUpdate, $server))
->schema([
TextInput::make('location')
->label(trans('server/file.actions.move.directory'))
@@ -405,7 +405,7 @@ class ListFiles extends ListRecords
$this->refreshPage();
}),
BulkAction::make('archive')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_ARCHIVE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileArchive, $server))
->schema([
Grid::make(3)
->schema([
@@ -446,7 +446,7 @@ class ListFiles extends ListRecords
}),
DeleteBulkAction::make()
->successNotificationTitle(null)
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_DELETE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileDelete, $server))
->action(function (Collection $files) {
$files = $files->map(fn ($file) => $file['name'])->toArray();
$this->getDaemonFileRepository()->deleteFiles($this->path, $files);
@@ -466,7 +466,7 @@ class ListFiles extends ListRecords
]),
Action::make('new_file')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileCreate, $server))
->tooltip(trans('server/file.actions.new_file.title'))
->hiddenLabel()->icon('tabler-file-plus')->iconButton()->iconSize(IconSize::ExtraLarge)
->color('primary')
@@ -499,7 +499,7 @@ class ListFiles extends ListRecords
->hiddenLabel(),
]),
Action::make('new_folder')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileCreate, $server))
->hiddenLabel()->icon('tabler-folder-plus')->iconButton()->iconSize(IconSize::ExtraLarge)
->tooltip(trans('server/file.actions.new_folder.title'))
->color('primary')
@@ -530,10 +530,10 @@ class ListFiles extends ListRecords
->required(),
]),
Action::make('uploadFile')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileCreate, $server))
->view('filament.server.pages.file-upload'),
Action::make('uploadURL')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileCreate, $server))
->hiddenLabel()->icon('tabler-download')->iconButton()->iconSize(IconSize::ExtraLarge)
->tooltip(trans('server/file.actions.upload.from_url'))
->modalHeading(trans('server/file.actions.upload.from_url'))
@@ -555,7 +555,7 @@ class ListFiles extends ListRecords
->url(),
]),
Action::make('search')
- ->authorize(fn () => user()?->can(Permission::ACTION_FILE_READ, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::FileRead, $server))
->hiddenLabel()->iconButton()->iconSize(IconSize::ExtraLarge)
->tooltip(trans('server/file.actions.nested_search.title'))
->color('primary')
@@ -605,7 +605,7 @@ class ListFiles extends ListRecords
/** @var Server $server */
$server = Filament::getTenant();
- if (!user()?->can(Permission::ACTION_FILE_CREATE, $server)) {
+ if (!user()?->can(SubuserPermission::FileCreate, $server)) {
abort(403, 'You do not have permission to upload files.');
}
@@ -640,7 +640,7 @@ class ListFiles extends ListRecords
/** @var Server $server */
$server = Filament::getTenant();
- if (!user()?->can(Permission::ACTION_FILE_CREATE, $server)) {
+ if (!user()?->can(SubuserPermission::FileCreate, $server)) {
abort(403, 'You do not have permission to create folders.');
}
diff --git a/app/Filament/Server/Resources/Schedules/Pages/ViewSchedule.php b/app/Filament/Server/Resources/Schedules/Pages/ViewSchedule.php
index 1ceeaf040..3f4ad2284 100644
--- a/app/Filament/Server/Resources/Schedules/Pages/ViewSchedule.php
+++ b/app/Filament/Server/Resources/Schedules/Pages/ViewSchedule.php
@@ -3,9 +3,9 @@
namespace App\Filament\Server\Resources\Schedules\Pages;
use App\Enums\ScheduleStatus;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Server\Resources\Schedules\ScheduleResource;
-use App\Models\Permission;
use App\Models\Schedule;
use App\Services\Schedules\ProcessScheduleService;
use App\Traits\Filament\CanCustomizeHeaderActions;
@@ -29,7 +29,7 @@ class ViewSchedule extends ViewRecord
{
return [
Action::make('run_now')
- ->authorize(fn () => user()?->can(Permission::ACTION_SCHEDULE_UPDATE, Filament::getTenant()))
+ ->authorize(fn () => user()?->can(SubuserPermission::ScheduleUpdate, Filament::getTenant()))
->label(fn (Schedule $schedule) => $schedule->tasks->count() === 0 ? trans('server/schedule.no_tasks') : ($schedule->status === ScheduleStatus::Processing ? ScheduleStatus::Processing->getLabel() : trans('server/schedule.run_now')))
->color(fn (Schedule $schedule) => $schedule->tasks->count() === 0 || $schedule->status === ScheduleStatus::Processing ? 'warning' : 'primary')
->disabled(fn (Schedule $schedule) => $schedule->tasks->count() === 0 || $schedule->status === ScheduleStatus::Processing)
diff --git a/app/Filament/Server/Resources/Subusers/SubuserResource.php b/app/Filament/Server/Resources/Subusers/SubuserResource.php
index 50d30cb0b..bdb4ac87f 100644
--- a/app/Filament/Server/Resources/Subusers/SubuserResource.php
+++ b/app/Filament/Server/Resources/Subusers/SubuserResource.php
@@ -2,9 +2,9 @@
namespace App\Filament\Server\Resources\Subusers;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Filament\Server\Resources\Subusers\Pages\ListSubusers;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\Subuser;
use App\Services\Subusers\SubuserCreationService;
@@ -68,7 +68,11 @@ class SubuserResource extends Resource
$tabs = [];
$permissionsArray = [];
- foreach (Permission::permissionData() as $data) {
+ foreach (Subuser::allPermissionData() as $data) {
+ if ($data['hidden']) {
+ continue;
+ }
+
$options = [];
$descriptions = [];
@@ -84,6 +88,7 @@ class SubuserResource extends Resource
Section::make()
->description(trans('server/user.permissions.' . $data['name'] . '_desc'))
->icon($data['icon'])
+ ->contained(false)
->schema([
CheckboxList::make($data['name'])
->hiddenLabel()
@@ -109,9 +114,12 @@ class SubuserResource extends Resource
TextColumn::make('user.email')
->label(trans('server/user.email'))
->searchable(),
- TextColumn::make('permissions')
+ TextColumn::make('permissions_count')
->label(trans('server/user.permissions.title'))
- ->state(fn (Subuser $subuser) => count($subuser->permissions) - 1),
+ ->state(fn (Subuser $subuser) => collect($subuser->permissions)
+ ->reject(fn (string $permission) => SubuserPermission::tryFrom($permission)?->isHidden() ?? false)
+ ->count()
+ ),
])
->recordActions([
DeleteAction::make()
@@ -129,14 +137,14 @@ class SubuserResource extends Resource
EditAction::make()
->label(trans('server/user.edit'))
->hidden(fn (Subuser $subuser) => user()?->id === $subuser->user->id)
- ->authorize(fn () => user()?->can(Permission::ACTION_USER_UPDATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::UserUpdate, $server))
->modalHeading(fn (Subuser $subuser) => trans('server/user.editing', ['user' => $subuser->user->email]))
->successNotificationTitle(null)
->action(function (array $data, SubuserUpdateService $subuserUpdateService, Subuser $subuser) use ($server) {
$permissions = collect($data)
->forget('email')
->flatMap(fn ($permissions, $key) => collect($permissions)->map(fn ($permission) => "$key.$permission"))
- ->push(Permission::ACTION_WEBSOCKET_CONNECT)
+ ->push(SubuserPermission::WebsocketConnect->value)
->unique()
->all();
@@ -212,7 +220,7 @@ class SubuserResource extends Resource
->icon('tabler-user-plus')
->tooltip(trans('server/user.invite_user'))
->createAnother(false)
- ->authorize(fn () => user()?->can(Permission::ACTION_USER_CREATE, $server))
+ ->authorize(fn () => user()?->can(SubuserPermission::UserCreate, $server))
->schema([
Grid::make()
->columnSpanFull()
@@ -266,7 +274,7 @@ class SubuserResource extends Resource
$permissions = collect($data)
->forget('email')
->flatMap(fn ($permissions, $key) => collect($permissions)->map(fn ($permission) => "$key.$permission"))
- ->push(Permission::ACTION_WEBSOCKET_CONNECT)
+ ->push(SubuserPermission::WebsocketConnect->value)
->unique()
->all();
diff --git a/app/Filament/Server/Widgets/ServerConsole.php b/app/Filament/Server/Widgets/ServerConsole.php
index c6ba06314..3a2ec30a2 100644
--- a/app/Filament/Server/Widgets/ServerConsole.php
+++ b/app/Filament/Server/Widgets/ServerConsole.php
@@ -2,9 +2,9 @@
namespace App\Filament\Server\Widgets;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\HttpForbiddenException;
use App\Livewire\AlertBanner;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\User;
use App\Services\Nodes\NodeJWTService;
@@ -46,7 +46,7 @@ class ServerConsole extends Widget
protected function getToken(): string
{
- if (!$this->user || !$this->server || $this->user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $this->server)) {
+ if (!$this->user || !$this->server || $this->user->cannot(SubuserPermission::WebsocketConnect, $this->server)) {
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
}
@@ -72,7 +72,7 @@ class ServerConsole extends Widget
protected function authorizeSendCommand(): bool
{
- return $this->user->can(Permission::ACTION_CONTROL_CONSOLE, $this->server);
+ return $this->user->can(SubuserPermission::ControlConsole, $this->server);
}
protected function canSendCommand(): bool
diff --git a/app/Http/Controllers/Api/Client/ClientController.php b/app/Http/Controllers/Api/Client/ClientController.php
index 6ac44d0c6..42327ca18 100644
--- a/app/Http/Controllers/Api/Client/ClientController.php
+++ b/app/Http/Controllers/Api/Client/ClientController.php
@@ -4,13 +4,12 @@ namespace App\Http\Controllers\Api\Client;
use App\Http\Requests\Api\Client\GetServersRequest;
use App\Models\Filters\MultiFieldServerFilter;
-use App\Models\Permission;
use App\Models\Server;
+use App\Models\Subuser;
use App\Transformers\Api\Client\ServerTransformer;
use Dedoc\Scramble\Attributes\Group;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Model;
-use Illuminate\Support\Collection;
use Spatie\QueryBuilder\AllowedFilter;
use Spatie\QueryBuilder\QueryBuilder;
@@ -81,14 +80,14 @@ class ClientController extends ClientApiController
*
* Returns all the subuser permissions available on the system.
*
- * @return array{object: string, attributes: array{permissions: Collection}}
+ * @return array{object: string, attributes: array{permissions: string[]}}
*/
public function permissions(): array
{
return [
'object' => 'system_permissions',
'attributes' => [
- 'permissions' => Permission::permissions(),
+ 'permissions' => Subuser::allPermissionKeys(),
],
];
}
diff --git a/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php b/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
index 4f55d5dcf..4fcdf1e73 100644
--- a/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
+++ b/app/Http/Controllers/Api/Client/Servers/ActivityLogController.php
@@ -2,10 +2,10 @@
namespace App\Http\Controllers\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Http\Controllers\Api\Client\ClientApiController;
use App\Http\Requests\Api\Client\ClientApiRequest;
use App\Models\ActivityLog;
-use App\Models\Permission;
use App\Models\Role;
use App\Models\Server;
use App\Models\User;
@@ -29,7 +29,7 @@ class ActivityLogController extends ClientApiController
*/
public function __invoke(ClientApiRequest $request, Server $server): array
{
- Gate::authorize(Permission::ACTION_ACTIVITY_READ, $server);
+ Gate::authorize(SubuserPermission::ActivityRead, $server);
$activity = QueryBuilder::for($server->activity())
->allowedSorts(['timestamp'])
diff --git a/app/Http/Controllers/Api/Client/Servers/BackupController.php b/app/Http/Controllers/Api/Client/Servers/BackupController.php
index d255900ab..fd6217ad6 100644
--- a/app/Http/Controllers/Api/Client/Servers/BackupController.php
+++ b/app/Http/Controllers/Api/Client/Servers/BackupController.php
@@ -3,13 +3,13 @@
namespace App\Http\Controllers\Api\Client\Servers;
use App\Enums\ServerState;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
use App\Http\Controllers\Api\Client\ClientApiController;
use App\Http\Requests\Api\Client\Servers\Backups\RenameBackupRequest;
use App\Http\Requests\Api\Client\Servers\Backups\RestoreBackupRequest;
use App\Http\Requests\Api\Client\Servers\Backups\StoreBackupRequest;
use App\Models\Backup;
-use App\Models\Permission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonBackupRepository;
use App\Services\Backups\DeleteBackupService;
@@ -48,7 +48,7 @@ class BackupController extends ClientApiController
*/
public function index(Request $request, Server $server): array
{
- if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
+ if (!$request->user()->can(SubuserPermission::BackupRead, $server)) {
throw new AuthorizationException();
}
@@ -82,7 +82,7 @@ class BackupController extends ClientApiController
// otherwise ignore this status. This gets a little funky since it isn't clear
// how best to allow a user to create a backup that is locked without also preventing
// them from just filling up a server with backups that can never be deleted?
- if ($request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+ if ($request->user()->can(SubuserPermission::BackupDelete, $server)) {
$action->setIsLocked((bool) $request->input('is_locked'));
}
@@ -110,7 +110,7 @@ class BackupController extends ClientApiController
*/
public function toggleLock(Request $request, Server $server, Backup $backup): array
{
- if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+ if (!$request->user()->can(SubuserPermission::BackupDelete, $server)) {
throw new AuthorizationException();
}
@@ -136,7 +136,7 @@ class BackupController extends ClientApiController
*/
public function view(Request $request, Server $server, Backup $backup): array
{
- if (!$request->user()->can(Permission::ACTION_BACKUP_READ, $server)) {
+ if (!$request->user()->can(SubuserPermission::BackupRead, $server)) {
throw new AuthorizationException();
}
@@ -155,7 +155,7 @@ class BackupController extends ClientApiController
*/
public function delete(Request $request, Server $server, Backup $backup): JsonResponse
{
- if (!$request->user()->can(Permission::ACTION_BACKUP_DELETE, $server)) {
+ if (!$request->user()->can(SubuserPermission::BackupDelete, $server)) {
throw new AuthorizationException();
}
@@ -181,7 +181,7 @@ class BackupController extends ClientApiController
*/
public function download(Request $request, Server $server, Backup $backup): JsonResponse
{
- if (!$request->user()->can(Permission::ACTION_BACKUP_DOWNLOAD, $server)) {
+ if (!$request->user()->can(SubuserPermission::BackupDownload, $server)) {
throw new AuthorizationException();
}
diff --git a/app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php b/app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php
index 1a43bba19..ed817cc3b 100644
--- a/app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php
+++ b/app/Http/Controllers/Api/Client/Servers/ScheduleTaskController.php
@@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\HttpForbiddenException;
use App\Exceptions\Model\DataValidationException;
use App\Exceptions\Service\ServiceLimitExceededException;
@@ -9,7 +10,6 @@ use App\Facades\Activity;
use App\Http\Controllers\Api\Client\ClientApiController;
use App\Http\Requests\Api\Client\ClientApiRequest;
use App\Http\Requests\Api\Client\Servers\Schedules\StoreTaskRequest;
-use App\Models\Permission;
use App\Models\Schedule;
use App\Models\Server;
use App\Models\Task;
@@ -170,7 +170,7 @@ class ScheduleTaskController extends ClientApiController
throw new NotFoundHttpException();
}
- if (!$request->user()->can(Permission::ACTION_SCHEDULE_DELETE, $server)) {
+ if (!$request->user()->can(SubuserPermission::ScheduleDelete, $server)) {
throw new HttpForbiddenException('You do not have permission to perform this action.');
}
diff --git a/app/Http/Controllers/Api/Client/Servers/SubuserController.php b/app/Http/Controllers/Api/Client/Servers/SubuserController.php
index 93e0df375..2a19a35a9 100644
--- a/app/Http/Controllers/Api/Client/Servers/SubuserController.php
+++ b/app/Http/Controllers/Api/Client/Servers/SubuserController.php
@@ -2,6 +2,7 @@
namespace App\Http\Controllers\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Exceptions\Model\DataValidationException;
use App\Exceptions\Service\Subuser\ServerSubuserExistsException;
use App\Exceptions\Service\Subuser\UserIsServerOwnerException;
@@ -11,7 +12,6 @@ use App\Http\Requests\Api\Client\Servers\Subusers\DeleteSubuserRequest;
use App\Http\Requests\Api\Client\Servers\Subusers\GetSubuserRequest;
use App\Http\Requests\Api\Client\Servers\Subusers\StoreSubuserRequest;
use App\Http\Requests\Api\Client\Servers\Subusers\UpdateSubuserRequest;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\Subuser;
use App\Models\User;
@@ -82,18 +82,17 @@ class SubuserController extends ClientApiController
*/
public function store(StoreSubuserRequest $request, Server $server): array
{
- $response = $this->creationService->handle(
- $server,
- $request->input('email'),
- $this->getDefaultPermissions($request)
- );
+ $email = $request->input('email');
+ $permissions = $this->getCleanedPermissions($request);
+
+ $subuser = $this->creationService->handle($server, $email, $permissions);
Activity::event('server:subuser.create')
- ->subject($response->user)
- ->property(['email' => $request->input('email'), 'permissions' => $this->getDefaultPermissions($request)])
+ ->subject($subuser->user)
+ ->property(['email' => $email, 'permissions' => $subuser->permissions])
->log();
- return $this->fractal->item($response)
+ return $this->fractal->item($subuser)
->transformWith($this->getTransformer(SubuserTransformer::class))
->toArray();
}
@@ -112,7 +111,7 @@ class SubuserController extends ClientApiController
/** @var Subuser $subuser */
$subuser = $request->attributes->get('subuser');
- $this->updateService->handle($subuser, $server, $this->getDefaultPermissions($request));
+ $this->updateService->handle($subuser, $server, $this->getCleanedPermissions($request));
return $this->fractal->item($subuser->refresh())
->transformWith($this->getTransformer(SubuserTransformer::class))
@@ -135,17 +134,19 @@ class SubuserController extends ClientApiController
}
/**
- * Returns the default permissions for subusers and parses out any permissions
+ * Returns the "cleaned" permissions for subusers and parses out any permissions
* that were passed that do not also exist in the internally tracked list of
* permissions.
*
- * @return array
+ * @return string[]
*/
- protected function getDefaultPermissions(Request $request): array
+ protected function getCleanedPermissions(Request $request): array
{
- $allowed = Permission::permissionKeys()->all();
- $cleaned = array_intersect($request->input('permissions') ?? [], $allowed);
-
- return array_unique(array_merge($cleaned, [Permission::ACTION_WEBSOCKET_CONNECT]));
+ return collect($request->input('permissions') ?? [])
+ ->intersect(Subuser::allPermissionKeys())
+ ->push(SubuserPermission::WebsocketConnect->value)
+ ->unique()
+ ->values()
+ ->toArray();
}
}
diff --git a/app/Http/Controllers/Api/Client/Servers/WebsocketController.php b/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
index 9f611c6ed..baf5493ec 100644
--- a/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
+++ b/app/Http/Controllers/Api/Client/Servers/WebsocketController.php
@@ -2,10 +2,10 @@
namespace App\Http\Controllers\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\HttpForbiddenException;
use App\Http\Controllers\Api\Client\ClientApiController;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Nodes\NodeJWTService;
use App\Services\Servers\GetUserPermissionsService;
@@ -37,7 +37,7 @@ class WebsocketController extends ClientApiController
public function __invoke(ClientApiRequest $request, Server $server): JsonResponse
{
$user = $request->user();
- if ($user->cannot(Permission::ACTION_WEBSOCKET_CONNECT, $server)) {
+ if ($user->cannot(SubuserPermission::WebsocketConnect, $server)) {
throw new HttpForbiddenException('You do not have permission to connect to this server\'s websocket.');
}
diff --git a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
index 66b6fe47f..a0c39c508 100644
--- a/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
+++ b/app/Http/Controllers/Api/Remote/SftpAuthenticationController.php
@@ -2,11 +2,11 @@
namespace App\Http\Controllers\Api\Remote;
+use App\Enums\SubuserPermission;
use App\Exceptions\Http\HttpForbiddenException;
use App\Facades\Activity;
use App\Http\Controllers\Controller;
use App\Http\Requests\Api\Remote\SftpAuthenticationFormRequest;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\User;
use App\Services\Servers\GetUserPermissionsService;
@@ -141,7 +141,7 @@ class SftpAuthenticationController extends Controller
if ($user->cannot('update server', $server) && $server->owner_id !== $user->id) {
$permissions = $this->permissions->handle($server, $user);
- if (!in_array(Permission::ACTION_FILE_SFTP, $permissions)) {
+ if (!in_array(SubuserPermission::FileSftp->value, $permissions)) {
Activity::event('server:sftp.denied')->actor($user)->subject($server)->log();
throw new HttpForbiddenException('You do not have permission to access SFTP for this server.');
diff --git a/app/Http/Requests/Api/Client/Servers/Backups/RenameBackupRequest.php b/app/Http/Requests/Api/Client/Servers/Backups/RenameBackupRequest.php
index 3378d24ed..ceaaecda9 100644
--- a/app/Http/Requests/Api/Client/Servers/Backups/RenameBackupRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Backups/RenameBackupRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Backups;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class RenameBackupRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_BACKUP_DELETE;
+ return SubuserPermission::BackupDelete;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Backups/RestoreBackupRequest.php b/app/Http/Requests/Api/Client/Servers/Backups/RestoreBackupRequest.php
index b8c787fba..4879fa6f9 100644
--- a/app/Http/Requests/Api/Client/Servers/Backups/RestoreBackupRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Backups/RestoreBackupRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Backups;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class RestoreBackupRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_BACKUP_RESTORE;
+ return SubuserPermission::BackupRestore;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php b/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php
index 2d7fce0cc..0ae91ab5f 100644
--- a/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Backups/StoreBackupRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Backups;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class StoreBackupRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_BACKUP_CREATE;
+ return SubuserPermission::BackupCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
index 656db5ead..df4792525 100644
--- a/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/DeleteDatabaseRequest.php
@@ -3,13 +3,13 @@
namespace App\Http\Requests\Api\Client\Servers\Databases;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class DeleteDatabaseRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_DATABASE_DELETE;
+ return SubuserPermission::DatabaseDelete;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/GetDatabasesRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/GetDatabasesRequest.php
index af7017aaa..c51d5f8d9 100644
--- a/app/Http/Requests/Api/Client/Servers/Databases/GetDatabasesRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/GetDatabasesRequest.php
@@ -3,13 +3,13 @@
namespace App\Http\Requests\Api\Client\Servers\Databases;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class GetDatabasesRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_DATABASE_READ;
+ return SubuserPermission::DatabaseRead;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
index 2b6d8f6f9..0c140eda5 100644
--- a/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/RotatePasswordRequest.php
@@ -2,16 +2,16 @@
namespace App\Http\Requests\Api\Client\Servers\Databases;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class RotatePasswordRequest extends ClientApiRequest
{
/**
* Check that the user has permission to rotate the password.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_DATABASE_UPDATE;
+ return SubuserPermission::DatabaseUpdate;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php b/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php
index 782922375..96ae3e7e8 100644
--- a/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Databases/StoreDatabaseRequest.php
@@ -3,9 +3,9 @@
namespace App\Http\Requests\Api\Client\Servers\Databases;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
use App\Models\Database;
-use App\Models\Permission;
use App\Models\Server;
use App\Services\Databases\DatabaseManagementService;
use Illuminate\Database\Query\Builder;
@@ -14,9 +14,9 @@ use Webmozart\Assert\Assert;
class StoreDatabaseRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_DATABASE_CREATE;
+ return SubuserPermission::DatabaseCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/ChmodFilesRequest.php b/app/Http/Requests/Api/Client/Servers/Files/ChmodFilesRequest.php
index c5a409a98..1d31c2414 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/ChmodFilesRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/ChmodFilesRequest.php
@@ -3,14 +3,14 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class ChmodFilesRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_UPDATE;
+ return SubuserPermission::FileUpdate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/CompressFilesRequest.php b/app/Http/Requests/Api/Client/Servers/Files/CompressFilesRequest.php
index ca3993718..86af93e24 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/CompressFilesRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/CompressFilesRequest.php
@@ -2,17 +2,17 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class CompressFilesRequest extends ClientApiRequest
{
/**
* Checks that the authenticated user is allowed to create archives for this server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_ARCHIVE;
+ return SubuserPermission::FileArchive;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/CopyFileRequest.php b/app/Http/Requests/Api/Client/Servers/Files/CopyFileRequest.php
index 74690f634..2a899aedb 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/CopyFileRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/CopyFileRequest.php
@@ -3,14 +3,14 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class CopyFileRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/CreateFolderRequest.php b/app/Http/Requests/Api/Client/Servers/Files/CreateFolderRequest.php
index cb0b97043..ec6d0a97c 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/CreateFolderRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/CreateFolderRequest.php
@@ -2,17 +2,17 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class CreateFolderRequest extends ClientApiRequest
{
/**
* Checks that the authenticated user is allowed to create files on the server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/DecompressFilesRequest.php b/app/Http/Requests/Api/Client/Servers/Files/DecompressFilesRequest.php
index 5b3f461af..949e2051a 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/DecompressFilesRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/DecompressFilesRequest.php
@@ -2,8 +2,8 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class DecompressFilesRequest extends ClientApiRequest
{
@@ -12,9 +12,9 @@ class DecompressFilesRequest extends ClientApiRequest
* rely on the archive permission here as it makes more sense to make sure the user can create
* additional files rather than make an archive.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/DeleteFileRequest.php b/app/Http/Requests/Api/Client/Servers/Files/DeleteFileRequest.php
index 104c30df9..adf55d2a5 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/DeleteFileRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/DeleteFileRequest.php
@@ -3,14 +3,14 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class DeleteFileRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_DELETE;
+ return SubuserPermission::FileDelete;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Files/GetFileContentsRequest.php b/app/Http/Requests/Api/Client/Servers/Files/GetFileContentsRequest.php
index 4467b9ca9..55931f65c 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/GetFileContentsRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/GetFileContentsRequest.php
@@ -3,8 +3,8 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class GetFileContentsRequest extends ClientApiRequest implements ClientPermissionsRequest
{
@@ -13,9 +13,9 @@ class GetFileContentsRequest extends ClientApiRequest implements ClientPermissio
* validate that the authenticated user has permission to perform this action aganist
* the given resource (server).
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_READ_CONTENT;
+ return SubuserPermission::FileReadContent;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/ListFilesRequest.php b/app/Http/Requests/Api/Client/Servers/Files/ListFilesRequest.php
index f77b43b42..d1fbcb0c3 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/ListFilesRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/ListFilesRequest.php
@@ -2,8 +2,8 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class ListFilesRequest extends ClientApiRequest
{
@@ -11,9 +11,9 @@ class ListFilesRequest extends ClientApiRequest
* Check that the user making this request to the API is authorized to list all
* the files that exist for a given server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_READ;
+ return SubuserPermission::FileRead;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/PullFileRequest.php b/app/Http/Requests/Api/Client/Servers/Files/PullFileRequest.php
index f5ff53ced..2bd88ffc7 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/PullFileRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/PullFileRequest.php
@@ -3,14 +3,14 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class PullFileRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/RenameFileRequest.php b/app/Http/Requests/Api/Client/Servers/Files/RenameFileRequest.php
index 7bb0b145e..6eb75a033 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/RenameFileRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/RenameFileRequest.php
@@ -3,8 +3,8 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class RenameFileRequest extends ClientApiRequest implements ClientPermissionsRequest
{
@@ -12,9 +12,9 @@ class RenameFileRequest extends ClientApiRequest implements ClientPermissionsReq
* The permission the user is required to have in order to perform this
* request action.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_UPDATE;
+ return SubuserPermission::FileUpdate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Files/UploadFileRequest.php b/app/Http/Requests/Api/Client/Servers/Files/UploadFileRequest.php
index 9bb70514a..0254de35b 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/UploadFileRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/UploadFileRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class UploadFileRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Files/WriteFileContentRequest.php b/app/Http/Requests/Api/Client/Servers/Files/WriteFileContentRequest.php
index c6818831b..eb8f85ef6 100644
--- a/app/Http/Requests/Api/Client/Servers/Files/WriteFileContentRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Files/WriteFileContentRequest.php
@@ -3,8 +3,8 @@
namespace App\Http\Requests\Api\Client\Servers\Files;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class WriteFileContentRequest extends ClientApiRequest implements ClientPermissionsRequest
{
@@ -13,9 +13,9 @@ class WriteFileContentRequest extends ClientApiRequest implements ClientPermissi
* validate that the authenticated user has permission to perform this action aganist
* the given resource (server).
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_FILE_CREATE;
+ return SubuserPermission::FileCreate;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
index f5bff2d39..0daacd854 100644
--- a/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/DeleteAllocationRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Network;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class DeleteAllocationRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_ALLOCATION_DELETE;
+ return SubuserPermission::AllocationDelete;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Network/GetNetworkRequest.php b/app/Http/Requests/Api/Client/Servers/Network/GetNetworkRequest.php
index 6593f37b0..5d523ff27 100644
--- a/app/Http/Requests/Api/Client/Servers/Network/GetNetworkRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/GetNetworkRequest.php
@@ -2,8 +2,8 @@
namespace App\Http\Requests\Api\Client\Servers\Network;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class GetNetworkRequest extends ClientApiRequest
{
@@ -11,8 +11,8 @@ class GetNetworkRequest extends ClientApiRequest
* Check that the user has permission to view the allocations for
* this server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_ALLOCATION_READ;
+ return SubuserPermission::AllocationRead;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Network/NewAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/NewAllocationRequest.php
index cf05ccbc5..32c50ca86 100644
--- a/app/Http/Requests/Api/Client/Servers/Network/NewAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/NewAllocationRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Network;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class NewAllocationRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_ALLOCATION_CREATE;
+ return SubuserPermission::AllocationCreate;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php b/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
index 711903e68..6752d2fb0 100644
--- a/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Network/UpdateAllocationRequest.php
@@ -2,15 +2,15 @@
namespace App\Http\Requests\Api\Client\Servers\Network;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
use App\Models\Allocation;
-use App\Models\Permission;
class UpdateAllocationRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_ALLOCATION_UPDATE;
+ return SubuserPermission::AllocationUpdate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/DeleteScheduleRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/DeleteScheduleRequest.php
index 6cda70dbb..dd1ca6896 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/DeleteScheduleRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/DeleteScheduleRequest.php
@@ -2,12 +2,12 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class DeleteScheduleRequest extends ViewScheduleRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_DELETE;
+ return SubuserPermission::ScheduleDelete;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/StoreScheduleRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/StoreScheduleRequest.php
index 700b513a8..6fcc821bb 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/StoreScheduleRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/StoreScheduleRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
class StoreScheduleRequest extends ViewScheduleRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_CREATE;
+ return SubuserPermission::ScheduleCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/StoreTaskRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/StoreTaskRequest.php
index 190d3e54f..cda7b39fa 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/StoreTaskRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/StoreTaskRequest.php
@@ -2,7 +2,7 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class StoreTaskRequest extends ViewScheduleRequest
{
@@ -11,9 +11,9 @@ class StoreTaskRequest extends ViewScheduleRequest
* check if they can modify a schedule to determine if they're able to do this. There
* are no task specific permissions.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_UPDATE;
+ return SubuserPermission::ScheduleUpdate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/TriggerScheduleRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/TriggerScheduleRequest.php
index ffc803d17..9974a7030 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/TriggerScheduleRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/TriggerScheduleRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class TriggerScheduleRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_UPDATE;
+ return SubuserPermission::ScheduleUpdate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/UpdateScheduleRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/UpdateScheduleRequest.php
index a9937cd8d..b6444204c 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/UpdateScheduleRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/UpdateScheduleRequest.php
@@ -2,12 +2,12 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class UpdateScheduleRequest extends StoreScheduleRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_UPDATE;
+ return SubuserPermission::ScheduleUpdate;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Schedules/ViewScheduleRequest.php b/app/Http/Requests/Api/Client/Servers/Schedules/ViewScheduleRequest.php
index a0442bcdf..ae8264dd2 100644
--- a/app/Http/Requests/Api/Client/Servers/Schedules/ViewScheduleRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Schedules/ViewScheduleRequest.php
@@ -2,8 +2,8 @@
namespace App\Http\Requests\Api\Client\Servers\Schedules;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
use App\Models\Schedule;
use App\Models\Server;
use App\Models\Task;
@@ -36,8 +36,8 @@ class ViewScheduleRequest extends ClientApiRequest
return true;
}
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SCHEDULE_READ;
+ return SubuserPermission::ScheduleRead;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/SendCommandRequest.php b/app/Http/Requests/Api/Client/Servers/SendCommandRequest.php
index 0982aabb3..4b441eaa9 100644
--- a/app/Http/Requests/Api/Client/Servers/SendCommandRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/SendCommandRequest.php
@@ -2,17 +2,17 @@
namespace App\Http\Requests\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class SendCommandRequest extends ClientApiRequest
{
/**
* Determine if the API user has permission to perform this action.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_CONTROL_CONSOLE;
+ return SubuserPermission::ControlConsole;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/SendPowerRequest.php b/app/Http/Requests/Api/Client/Servers/SendPowerRequest.php
index e62dbb74e..942e2b507 100644
--- a/app/Http/Requests/Api/Client/Servers/SendPowerRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/SendPowerRequest.php
@@ -2,28 +2,28 @@
namespace App\Http\Requests\Api\Client\Servers;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class SendPowerRequest extends ClientApiRequest
{
/**
* Determine if the user has permission to send a power command to a server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
switch ($this->input('signal')) {
case 'start':
- return Permission::ACTION_CONTROL_START;
+ return SubuserPermission::ControlStart;
case 'stop':
case 'kill':
- return Permission::ACTION_CONTROL_STOP;
+ return SubuserPermission::ControlStop;
case 'restart':
- return Permission::ACTION_CONTROL_RESTART;
+ return SubuserPermission::ControlRestart;
}
// Fallback for invalid signals
- return Permission::ACTION_WEBSOCKET_CONNECT;
+ return SubuserPermission::WebsocketConnect;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Settings/DescriptionServerRequest.php b/app/Http/Requests/Api/Client/Servers/Settings/DescriptionServerRequest.php
index ba2fa2125..abed89d2f 100644
--- a/app/Http/Requests/Api/Client/Servers/Settings/DescriptionServerRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Settings/DescriptionServerRequest.php
@@ -3,8 +3,8 @@
namespace App\Http\Requests\Api\Client\Servers\Settings;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class DescriptionServerRequest extends ClientApiRequest implements ClientPermissionsRequest
{
@@ -13,9 +13,9 @@ class DescriptionServerRequest extends ClientApiRequest implements ClientPermiss
* validate that the authenticated user has permission to perform this action against
* the given resource (server).
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SETTINGS_DESCRIPTION;
+ return SubuserPermission::SettingsDescription;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Settings/ReinstallServerRequest.php b/app/Http/Requests/Api/Client/Servers/Settings/ReinstallServerRequest.php
index cc633d082..963da003e 100644
--- a/app/Http/Requests/Api/Client/Servers/Settings/ReinstallServerRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Settings/ReinstallServerRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Settings;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class ReinstallServerRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SETTINGS_REINSTALL;
+ return SubuserPermission::SettingsReinstall;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Settings/RenameServerRequest.php b/app/Http/Requests/Api/Client/Servers/Settings/RenameServerRequest.php
index f4d12c827..6a16f9b88 100644
--- a/app/Http/Requests/Api/Client/Servers/Settings/RenameServerRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Settings/RenameServerRequest.php
@@ -3,8 +3,8 @@
namespace App\Http\Requests\Api\Client\Servers\Settings;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
use App\Models\Server;
class RenameServerRequest extends ClientApiRequest implements ClientPermissionsRequest
@@ -14,9 +14,9 @@ class RenameServerRequest extends ClientApiRequest implements ClientPermissionsR
* validate that the authenticated user has permission to perform this action against
* the given resource (server).
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_SETTINGS_RENAME;
+ return SubuserPermission::SettingsRename;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Settings/SetDockerImageRequest.php b/app/Http/Requests/Api/Client/Servers/Settings/SetDockerImageRequest.php
index 7592afaf8..dcdb2516f 100644
--- a/app/Http/Requests/Api/Client/Servers/Settings/SetDockerImageRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Settings/SetDockerImageRequest.php
@@ -3,17 +3,17 @@
namespace App\Http\Requests\Api\Client\Servers\Settings;
use App\Contracts\Http\ClientPermissionsRequest;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
use App\Models\Server;
use Illuminate\Validation\Rule;
use Webmozart\Assert\Assert;
class SetDockerImageRequest extends ClientApiRequest implements ClientPermissionsRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_STARTUP_DOCKER_IMAGE;
+ return SubuserPermission::StartupDockerImage;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Startup/GetStartupRequest.php b/app/Http/Requests/Api/Client/Servers/Startup/GetStartupRequest.php
index ea251e5e5..29cf528e0 100644
--- a/app/Http/Requests/Api/Client/Servers/Startup/GetStartupRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Startup/GetStartupRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Startup;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class GetStartupRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_STARTUP_READ;
+ return SubuserPermission::StartupRead;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Startup/UpdateStartupVariableRequest.php b/app/Http/Requests/Api/Client/Servers/Startup/UpdateStartupVariableRequest.php
index f1b71864a..fe5dcc0d9 100644
--- a/app/Http/Requests/Api/Client/Servers/Startup/UpdateStartupVariableRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Startup/UpdateStartupVariableRequest.php
@@ -2,14 +2,14 @@
namespace App\Http\Requests\Api\Client\Servers\Startup;
+use App\Enums\SubuserPermission;
use App\Http\Requests\Api\Client\ClientApiRequest;
-use App\Models\Permission;
class UpdateStartupVariableRequest extends ClientApiRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_STARTUP_UPDATE;
+ return SubuserPermission::StartupUpdate;
}
/**
diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/DeleteSubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/DeleteSubuserRequest.php
index d6906f3f1..0bbe62b29 100644
--- a/app/Http/Requests/Api/Client/Servers/Subusers/DeleteSubuserRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Subusers/DeleteSubuserRequest.php
@@ -2,12 +2,12 @@
namespace App\Http\Requests\Api\Client\Servers\Subusers;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class DeleteSubuserRequest extends SubuserRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_USER_DELETE;
+ return SubuserPermission::UserDelete;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/GetSubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/GetSubuserRequest.php
index 6477e4348..99f92ed6c 100644
--- a/app/Http/Requests/Api/Client/Servers/Subusers/GetSubuserRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Subusers/GetSubuserRequest.php
@@ -2,15 +2,15 @@
namespace App\Http\Requests\Api\Client\Servers\Subusers;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class GetSubuserRequest extends SubuserRequest
{
/**
* Confirm that a user is able to view subusers for the specified server.
*/
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_USER_READ;
+ return SubuserPermission::UserRead;
}
}
diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/StoreSubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/StoreSubuserRequest.php
index e04a95c54..969d5fc06 100644
--- a/app/Http/Requests/Api/Client/Servers/Subusers/StoreSubuserRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Subusers/StoreSubuserRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Subusers;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class StoreSubuserRequest extends SubuserRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_USER_CREATE;
+ return SubuserPermission::UserCreate;
}
public function rules(): array
diff --git a/app/Http/Requests/Api/Client/Servers/Subusers/UpdateSubuserRequest.php b/app/Http/Requests/Api/Client/Servers/Subusers/UpdateSubuserRequest.php
index 90899dfd5..d3efbc328 100644
--- a/app/Http/Requests/Api/Client/Servers/Subusers/UpdateSubuserRequest.php
+++ b/app/Http/Requests/Api/Client/Servers/Subusers/UpdateSubuserRequest.php
@@ -2,13 +2,13 @@
namespace App\Http\Requests\Api\Client\Servers\Subusers;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
class UpdateSubuserRequest extends SubuserRequest
{
- public function permission(): string
+ public function permission(): SubuserPermission
{
- return Permission::ACTION_USER_UPDATE;
+ return SubuserPermission::UserUpdate;
}
public function rules(): array
diff --git a/app/Models/Permission.php b/app/Models/Permission.php
deleted file mode 100644
index a9b5a79c3..000000000
--- a/app/Models/Permission.php
+++ /dev/null
@@ -1,221 +0,0 @@
- */
- public static array $validationRules = [
- 'subuser_id' => ['required', 'numeric', 'min:1'],
- 'permission' => ['required', 'string'],
- ];
-
- protected function casts(): array
- {
- return [
- 'subuser_id' => 'integer',
- ];
- }
-
- /**
- * All the permissions available on the system.
- *
- * @return array
- */
- public static function permissionData(): array
- {
- return [
- [
- 'name' => 'control',
- 'icon' => 'tabler-terminal-2',
- 'permissions' => ['console', 'start', 'stop', 'restart'],
- ],
- [
- 'name' => 'user',
- 'icon' => 'tabler-users',
- 'permissions' => ['read', 'create', 'update', 'delete'],
- ],
- [
- 'name' => 'file',
- 'icon' => 'tabler-files',
- 'permissions' => ['read', 'read-content', 'create', 'update', 'delete', 'archive', 'sftp'],
- ],
- [
- 'name' => 'backup',
- 'icon' => 'tabler-file-zip',
- 'permissions' => ['read', 'create', 'delete', 'download', 'restore'],
- ],
- [
- 'name' => 'allocation',
- 'icon' => 'tabler-network',
- 'permissions' => ['read', 'create', 'update', 'delete'],
- ],
- [
- 'name' => 'startup',
- 'icon' => 'tabler-player-play',
- 'permissions' => ['read', 'update', 'docker-image'],
- ],
- [
- 'name' => 'database',
- 'icon' => 'tabler-database',
- 'permissions' => ['read', 'create', 'update', 'delete', 'view-password'],
- ],
- [
- 'name' => 'schedule',
- 'icon' => 'tabler-clock',
- 'permissions' => ['read', 'create', 'update', 'delete'],
- ],
- [
- 'name' => 'settings',
- 'icon' => 'tabler-settings',
- 'permissions' => ['rename', 'description', 'reinstall'],
- ],
- [
- 'name' => 'activity',
- 'icon' => 'tabler-stack',
- 'permissions' => ['read'],
- ],
- ];
- }
-
- /**
- * Returns all the permissions available on the system for a user to have when controlling a server.
- */
- public static function permissions(): Collection
- {
- $permissions = [
- 'websocket' => [
- 'description' => 'Allows the user to connect to the server websocket, giving them access to view console output and realtime server stats.',
- 'keys' => [
- 'connect' => 'Allows a user to connect to the websocket instance for a server to stream the console.',
- ],
- ],
- ];
-
- foreach (static::permissionData() as $data) {
- $permissions[$data['name']] = [
- 'description' => trans('server/users.permissions.' . $data['name'] . '_desc'),
- 'keys' => collect($data['permissions'])->mapWithKeys(fn ($key) => [$key => trans('server/users.permissions.' . $data['name'] . '_' . str($key)->replace('-', '_'))])->toArray(),
- ];
- }
-
- return collect($permissions);
- }
-
- public static function permissionKeys(): Collection
- {
- return static::permissions()
- ->map(fn ($value, $prefix) => array_map(fn ($value) => "$prefix.$value", array_keys($value['keys'])))
- ->flatten();
- }
-}
diff --git a/app/Models/Subuser.php b/app/Models/Subuser.php
index 5bb2210c4..80d74242f 100644
--- a/app/Models/Subuser.php
+++ b/app/Models/Subuser.php
@@ -3,12 +3,12 @@
namespace App\Models;
use App\Contracts\Validatable;
+use App\Enums\SubuserPermission;
use App\Traits\HasValidation;
use Carbon\Carbon;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Relations\BelongsTo;
-use Illuminate\Database\Eloquent\Relations\HasMany;
use Illuminate\Notifications\Notifiable;
/**
@@ -33,6 +33,28 @@ class Subuser extends Model implements Validatable
*/
public const RESOURCE_NAME = 'server_subuser';
+ /** @var array */
+ protected static array $customPermissions = [];
+
+ /** @param string[] $permissions */
+ public static function registerCustomPermissions(string $name, array $permissions, ?string $icon = null, ?bool $hidden = null): void
+ {
+ $customPermission = static::$customPermissions[$name] ?? [];
+
+ $customPermission['name'] = $name;
+ $customPermission['permissions'] = array_merge($customPermission['permissions'] ?? [], $permissions);
+
+ if (!is_null($icon)) {
+ $customPermission['icon'] = $icon;
+ }
+
+ if (!is_null($hidden)) {
+ $customPermission['hidden'] = $hidden;
+ }
+
+ static::$customPermissions[$name] = $customPermission;
+ }
+
/**
* Fields that are not mass assignable.
*/
@@ -71,11 +93,56 @@ class Subuser extends Model implements Validatable
return $this->belongsTo(User::class);
}
- /**
- * Gets the permissions associated with a subuser.
- */
- public function permissions(): HasMany
+ /** @return array */
+ public static function allPermissionData(): array
{
- return $this->hasMany(Permission::class);
+ $allPermissions = [];
+
+ foreach (SubuserPermission::cases() as $subuserPermission) {
+ [$group, $permission] = $subuserPermission->split();
+
+ $allPermissions[$group] = [
+ 'name' => $group,
+ 'hidden' => $subuserPermission->isHidden(),
+ 'icon' => $subuserPermission->getIcon(),
+ 'permissions' => array_merge($allPermissions[$group]['permissions'] ?? [], [$permission]),
+ ];
+ }
+
+ foreach (static::$customPermissions as $customPermission) {
+ $name = $customPermission['name'];
+
+ $groupData = $allPermissions[$name] ?? [];
+
+ $groupData = [
+ 'name' => $name,
+ 'hidden' => $customPermission['hidden'] ?? $groupData['hidden'] ?? false,
+ 'icon' => $customPermission['icon'] ?? $groupData['icon'],
+ 'permissions' => array_unique(array_merge($groupData['permissions'] ?? [], $customPermission['permissions'])),
+ ];
+
+ $allPermissions[$name] = $groupData;
+ }
+
+ return array_values($allPermissions);
+ }
+
+ /** @return string[] */
+ public static function allPermissionKeys(): array
+ {
+ return collect(static::allPermissionData())
+ ->map(fn ($data) => array_map(fn ($permission) => $data['name'] . '.' . $permission, $data['permissions']))
+ ->flatten()
+ ->unique()
+ ->toArray();
+ }
+
+ public static function doesPermissionExist(string|SubuserPermission $permission): bool
+ {
+ if ($permission instanceof SubuserPermission) {
+ $permission = $permission->value;
+ }
+
+ return str_contains($permission, '.') && in_array($permission, static::allPermissionKeys());
}
}
diff --git a/app/Models/User.php b/app/Models/User.php
index 52e26a8e4..7a969ec91 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -4,6 +4,7 @@ namespace App\Models;
use App\Contracts\Validatable;
use App\Enums\CustomizationKey;
+use App\Enums\SubuserPermission;
use App\Exceptions\DisplayException;
use App\Extensions\Avatar\AvatarService;
use App\Models\Traits\HasAccessTokens;
@@ -327,14 +328,18 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
return !$key ? $customization : $customization[$key->value];
}
- protected function checkPermission(Server $server, string $permission = ''): bool
+ protected function checkPermission(Server $server, string|SubuserPermission $permission = ''): bool
{
+ if ($permission instanceof SubuserPermission) {
+ $permission = $permission->value;
+ }
+
if ($this->canned('update', $server) || $server->owner_id === $this->id) {
return true;
}
// If the user only has "view" permissions allow viewing the console
- if ($permission === Permission::ACTION_WEBSOCKET_CONNECT && $this->canned('view', $server)) {
+ if ($permission === SubuserPermission::WebsocketConnect->value && $this->canned('view', $server)) {
return true;
}
@@ -356,13 +361,9 @@ class User extends Model implements AuthenticatableContract, AuthorizableContrac
*/
public function can($abilities, mixed $arguments = []): bool
{
- if (is_string($abilities) && str_contains($abilities, '.')) {
- [$permission, $key] = str($abilities)->explode('.', 2);
-
- if (isset(Permission::permissions()[$permission]['keys'][$key])) {
- if ($arguments instanceof Server) {
- return $this->checkPermission($arguments, $abilities);
- }
+ if ($arguments instanceof Server) {
+ if ($abilities instanceof SubuserPermission || Subuser::doesPermissionExist($abilities)) {
+ return $this->checkPermission($arguments, $abilities);
}
}
diff --git a/app/Policies/ActivityLogPolicy.php b/app/Policies/ActivityLogPolicy.php
index 2671ae415..df5fffa21 100644
--- a/app/Policies/ActivityLogPolicy.php
+++ b/app/Policies/ActivityLogPolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,11 +11,11 @@ class ActivityLogPolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_ACTIVITY_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::ActivityRead, Filament::getTenant());
}
public function view(User $user, Model $model): bool
{
- return $user->can(Permission::ACTION_ACTIVITY_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::ActivityRead, Filament::getTenant());
}
}
diff --git a/app/Policies/AllocationPolicy.php b/app/Policies/AllocationPolicy.php
index beec3489f..99b05fbed 100644
--- a/app/Policies/AllocationPolicy.php
+++ b/app/Policies/AllocationPolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,26 +11,26 @@ class AllocationPolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_ALLOCATION_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::AllocationRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_ALLOCATION_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::AllocationRead, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_ALLOCATION_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::AllocationCreate, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_ALLOCATION_UPDATE, Filament::getTenant());
+ return $user->can(SubuserPermission::AllocationUpdate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_ALLOCATION_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::AllocationDelete, Filament::getTenant());
}
}
diff --git a/app/Policies/BackupPolicy.php b/app/Policies/BackupPolicy.php
index 8e60c6918..4c2dbee3d 100644
--- a/app/Policies/BackupPolicy.php
+++ b/app/Policies/BackupPolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,21 +11,21 @@ class BackupPolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_BACKUP_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::BackupRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_BACKUP_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::BackupRead, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_BACKUP_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::BackupCreate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_BACKUP_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::BackupDelete, Filament::getTenant());
}
}
diff --git a/app/Policies/DatabasePolicy.php b/app/Policies/DatabasePolicy.php
index 2cd9bd10c..16ddfd39b 100644
--- a/app/Policies/DatabasePolicy.php
+++ b/app/Policies/DatabasePolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,26 +11,26 @@ class DatabasePolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::DatabaseRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_DATABASE_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::DatabaseRead, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_DATABASE_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::DatabaseCreate, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_DATABASE_UPDATE, Filament::getTenant());
+ return $user->can(SubuserPermission::DatabaseUpdate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_DATABASE_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::DatabaseDelete, Filament::getTenant());
}
}
diff --git a/app/Policies/FilePolicy.php b/app/Policies/FilePolicy.php
index 51d7113ef..ec8c4b46d 100644
--- a/app/Policies/FilePolicy.php
+++ b/app/Policies/FilePolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,26 +11,26 @@ class FilePolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_FILE_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::FileRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_FILE_READ_CONTENT, Filament::getTenant());
+ return $user->can(SubuserPermission::FileReadContent, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_FILE_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::FileCreate, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_FILE_UPDATE, Filament::getTenant());
+ return $user->can(SubuserPermission::FileUpdate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_FILE_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::FileDelete, Filament::getTenant());
}
}
diff --git a/app/Policies/SchedulePolicy.php b/app/Policies/SchedulePolicy.php
index 5d9724d0e..9c7cac88a 100644
--- a/app/Policies/SchedulePolicy.php
+++ b/app/Policies/SchedulePolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,26 +11,26 @@ class SchedulePolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_SCHEDULE_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::ScheduleRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_SCHEDULE_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::ScheduleRead, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_SCHEDULE_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::ScheduleCreate, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_SCHEDULE_UPDATE, Filament::getTenant());
+ return $user->can(SubuserPermission::ScheduleUpdate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_SCHEDULE_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::ScheduleDelete, Filament::getTenant());
}
}
diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php
index a00b26b65..6f58b28fb 100644
--- a/app/Policies/ServerPolicy.php
+++ b/app/Policies/ServerPolicy.php
@@ -2,8 +2,8 @@
namespace App\Policies;
-use App\Models\Permission;
use App\Models\Server;
+use App\Models\Subuser;
use App\Models\User;
class ServerPolicy
@@ -22,7 +22,7 @@ class ServerPolicy
return null;
}
- if (Permission::permissionKeys()->contains($ability)) {
+ if (Subuser::doesPermissionExist($ability)) {
// Owner has full server permissions
if ($server->owner_id === $user->id) {
return true;
diff --git a/app/Policies/SubuserPolicy.php b/app/Policies/SubuserPolicy.php
index 3d646bba3..63d0fb8df 100644
--- a/app/Policies/SubuserPolicy.php
+++ b/app/Policies/SubuserPolicy.php
@@ -2,7 +2,7 @@
namespace App\Policies;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\User;
use Filament\Facades\Filament;
use Illuminate\Database\Eloquent\Model;
@@ -11,26 +11,26 @@ class SubuserPolicy
{
public function viewAny(User $user): bool
{
- return $user->can(Permission::ACTION_USER_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::UserRead, Filament::getTenant());
}
public function view(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_USER_READ, Filament::getTenant());
+ return $user->can(SubuserPermission::UserRead, Filament::getTenant());
}
public function create(User $user): bool
{
- return $user->can(Permission::ACTION_USER_CREATE, Filament::getTenant());
+ return $user->can(SubuserPermission::UserCreate, Filament::getTenant());
}
public function edit(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_USER_UPDATE, Filament::getTenant());
+ return $user->can(SubuserPermission::UserUpdate, Filament::getTenant());
}
public function delete(User $user, Model $record): bool
{
- return $user->can(Permission::ACTION_USER_DELETE, Filament::getTenant());
+ return $user->can(SubuserPermission::UserDelete, Filament::getTenant());
}
}
diff --git a/app/Services/Servers/GetUserPermissionsService.php b/app/Services/Servers/GetUserPermissionsService.php
index 338bee7ab..93b659103 100644
--- a/app/Services/Servers/GetUserPermissionsService.php
+++ b/app/Services/Servers/GetUserPermissionsService.php
@@ -2,7 +2,7 @@
namespace App\Services\Servers;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Server;
use App\Models\Subuser;
use App\Models\User;
@@ -32,7 +32,7 @@ class GetUserPermissionsService
];
if ($isAdmin) {
- return $isOwner || $user->can('update', $server) ? array_merge(['*'], $adminPermissions) : array_merge([Permission::ACTION_WEBSOCKET_CONNECT], $adminPermissions);
+ return $isOwner || $user->can('update', $server) ? array_merge(['*'], $adminPermissions) : array_merge([SubuserPermission::WebsocketConnect->value], $adminPermissions);
}
/** @var Subuser|null $subuser */
diff --git a/app/Services/Subusers/SubuserCreationService.php b/app/Services/Subusers/SubuserCreationService.php
index 81c41a7d8..61d8ba007 100644
--- a/app/Services/Subusers/SubuserCreationService.php
+++ b/app/Services/Subusers/SubuserCreationService.php
@@ -2,11 +2,11 @@
namespace App\Services\Subusers;
+use App\Enums\SubuserPermission;
use App\Events\Server\SubUserAdded;
use App\Exceptions\Model\DataValidationException;
use App\Exceptions\Service\Subuser\ServerSubuserExistsException;
use App\Exceptions\Service\Subuser\UserIsServerOwnerException;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\Subuser;
use App\Models\User;
@@ -58,7 +58,7 @@ class SubuserCreationService
$cleanedPermissions = collect($permissions)
->unique()
- ->filter(fn ($permission) => $permission === Permission::ACTION_WEBSOCKET_CONNECT || user()?->can($permission, $server))
+ ->filter(fn ($permission) => $permission === SubuserPermission::WebsocketConnect->value || user()?->can($permission, $server))
->sort()
->values()
->all();
diff --git a/app/Services/Subusers/SubuserUpdateService.php b/app/Services/Subusers/SubuserUpdateService.php
index 9a8aa7961..14fd9decd 100644
--- a/app/Services/Subusers/SubuserUpdateService.php
+++ b/app/Services/Subusers/SubuserUpdateService.php
@@ -2,8 +2,8 @@
namespace App\Services\Subusers;
+use App\Enums\SubuserPermission;
use App\Facades\Activity;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\Subuser;
use App\Repositories\Daemon\DaemonServerRepository;
@@ -22,7 +22,7 @@ class SubuserUpdateService
{
$cleanedPermissions = collect($permissions)
->unique()
- ->filter(fn ($permission) => $permission === Permission::ACTION_WEBSOCKET_CONNECT || user()?->can($permission, $server))
+ ->filter(fn ($permission) => $permission === SubuserPermission::WebsocketConnect->value || user()?->can($permission, $server))
->sort()
->values()
->all();
diff --git a/app/Transformers/Api/Client/DatabaseTransformer.php b/app/Transformers/Api/Client/DatabaseTransformer.php
index 03e246243..bca5def2a 100644
--- a/app/Transformers/Api/Client/DatabaseTransformer.php
+++ b/app/Transformers/Api/Client/DatabaseTransformer.php
@@ -2,8 +2,8 @@
namespace App\Transformers\Api\Client;
+use App\Enums\SubuserPermission;
use App\Models\Database;
-use App\Models\Permission;
use League\Fractal\Resource\Item;
use League\Fractal\Resource\NullResource;
@@ -41,7 +41,7 @@ class DatabaseTransformer extends BaseClientTransformer
*/
public function includePassword(Database $database): Item|NullResource
{
- if (!$this->request->user()->can(Permission::ACTION_DATABASE_VIEW_PASSWORD, $database->server)) {
+ if (!$this->request->user()->can(SubuserPermission::DatabaseViewPassword, $database->server)) {
return $this->null();
}
diff --git a/app/Transformers/Api/Client/ServerTransformer.php b/app/Transformers/Api/Client/ServerTransformer.php
index 0e52b0e9f..1763ef91b 100644
--- a/app/Transformers/Api/Client/ServerTransformer.php
+++ b/app/Transformers/Api/Client/ServerTransformer.php
@@ -2,10 +2,10 @@
namespace App\Transformers\Api\Client;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
use App\Models\Egg;
use App\Models\EggVariable;
-use App\Models\Permission;
use App\Models\Server;
use App\Models\Subuser;
use App\Services\Servers\StartupCommandService;
@@ -60,7 +60,7 @@ class ServerTransformer extends BaseClientTransformer
'oom_disabled' => !$server->oom_killer,
'oom_killer' => $server->oom_killer,
],
- 'invocation' => $service->handle($server, hideAllValues: !$user->can(Permission::ACTION_STARTUP_READ, $server)),
+ 'invocation' => $service->handle($server, hideAllValues: !$user->can(SubuserPermission::StartupRead, $server)),
'docker_image' => $server->image,
'egg_features' => $server->egg->inherit_features,
'feature_limits' => [
@@ -98,7 +98,7 @@ class ServerTransformer extends BaseClientTransformer
//
// This allows us to avoid too much permission regression, without also hiding information that
// is generally needed for the frontend to make sense when browsing or searching results.
- if (!$user->can(Permission::ACTION_ALLOCATION_READ, $server)) {
+ if (!$user->can(SubuserPermission::AllocationRead, $server)) {
$primary = clone $server->allocation;
$primary->notes = null;
@@ -110,7 +110,7 @@ class ServerTransformer extends BaseClientTransformer
public function includeVariables(Server $server): Collection|NullResource
{
- if (!$this->request->user()->can(Permission::ACTION_STARTUP_READ, $server)) {
+ if (!$this->request->user()->can(SubuserPermission::StartupRead, $server)) {
return $this->null();
}
@@ -134,7 +134,7 @@ class ServerTransformer extends BaseClientTransformer
*/
public function includeSubusers(Server $server): Collection|NullResource
{
- if (!$this->request->user()->can(Permission::ACTION_USER_READ, $server)) {
+ if (!$this->request->user()->can(SubuserPermission::UserRead, $server)) {
return $this->null();
}
diff --git a/database/Factories/PermissionFactory.php b/database/Factories/PermissionFactory.php
index 7b73fac68..c1e041ee6 100644
--- a/database/Factories/PermissionFactory.php
+++ b/database/Factories/PermissionFactory.php
@@ -2,7 +2,6 @@
namespace Database\Factories;
-use App\Models\Permission;
use Illuminate\Database\Eloquent\Factories\Factory;
class PermissionFactory extends Factory
diff --git a/database/Factories/SubuserFactory.php b/database/Factories/SubuserFactory.php
index 686cfdc36..0220d5497 100644
--- a/database/Factories/SubuserFactory.php
+++ b/database/Factories/SubuserFactory.php
@@ -2,7 +2,7 @@
namespace Database\Factories;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Subuser;
use Illuminate\Database\Eloquent\Factories\Factory;
@@ -22,7 +22,7 @@ class SubuserFactory extends Factory
{
return [
'permissions' => [
- Permission::ACTION_WEBSOCKET_CONNECT,
+ SubuserPermission::WebsocketConnect->value,
],
];
}
diff --git a/tests/Feature/SettingsControllerTest.php b/tests/Feature/SettingsControllerTest.php
index 9a192063f..53d4adf29 100644
--- a/tests/Feature/SettingsControllerTest.php
+++ b/tests/Feature/SettingsControllerTest.php
@@ -1,8 +1,8 @@
group('API');
covers(SettingsController::class);
it('server name cannot be changed', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect]);
$originalName = $server->name;
$this->actingAs($user)
@@ -26,7 +26,7 @@ it('server name cannot be changed', function () {
});
it('server description can be changed', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_DESCRIPTION]);
+ [$user, $server] = generateTestAccount([SubuserPermission::SettingsDescription]);
$originalDescription = $server->description;
$newDescription = 'Test Server Description';
@@ -45,7 +45,7 @@ it('server description can be changed', function () {
});
it('server description cannot be changed', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_DESCRIPTION]);
+ [$user, $server] = generateTestAccount([SubuserPermission::SettingsDescription]);
Config::set('panel.editable_server_descriptions', false);
$originalDescription = $server->description;
@@ -61,7 +61,7 @@ it('server description cannot be changed', function () {
});
it('server name can be changed', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT, Permission::ACTION_SETTINGS_RENAME]);
+ [$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect, SubuserPermission::SettingsRename]);
$originalName = $server->name;
$this->actingAs($user)
@@ -76,7 +76,7 @@ it('server name can be changed', function () {
});
test('unauthorized user cannot change docker image in use by server', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = generateTestAccount([SubuserPermission::WebsocketConnect]);
$originalImage = $server->image;
$this->actingAs($user)
@@ -92,7 +92,7 @@ test('unauthorized user cannot change docker image in use by server', function (
test('cannot change docker image to image not allowed by egg', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
+ [$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
$server->image = 'ghcr.io/pelican-eggs/yolks:java_17';
$server->save();
@@ -112,7 +112,7 @@ test('cannot change docker image to image not allowed by egg', function () {
});
test('can change docker image in use by server', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
+ [$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
$oldImage = 'ghcr.io/pelican-eggs/yolks:java_17';
$server->image = $oldImage;
$server->save();
@@ -135,7 +135,7 @@ test('can change docker image in use by server', function () {
});
test('unable to change the docker image set by administrator', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_STARTUP_DOCKER_IMAGE]);
+ [$user, $server] = generateTestAccount([SubuserPermission::StartupDockerImage]);
$oldImage = 'ghcr.io/pelican-eggs/yolks:java_custom';
$server->image = $oldImage;
$server->save();
@@ -155,7 +155,7 @@ test('unable to change the docker image set by administrator', function () {
});
test('can be reinstalled', function () {
- [$user, $server] = generateTestAccount([Permission::ACTION_SETTINGS_REINSTALL]);
+ [$user, $server] = generateTestAccount([SubuserPermission::SettingsReinstall]);
expect($server->isInstalled())->toBeTrue();
$service = \Mockery::mock(DaemonServerRepository::class);
diff --git a/tests/Filament/Admin/ListEggsTest.php b/tests/Filament/Admin/ListEggsTest.php
index 595edcdbc..4d5fbb67d 100644
--- a/tests/Filament/Admin/ListEggsTest.php
+++ b/tests/Filament/Admin/ListEggsTest.php
@@ -3,7 +3,6 @@
use App\Enums\RolePermissionModels;
use App\Filament\Admin\Resources\Eggs\Pages\ListEggs;
use App\Models\Egg;
-use App\Models\Permission;
use App\Models\Role;
use function Pest\Livewire\livewire;
diff --git a/tests/Filament/Admin/ListNodesTest.php b/tests/Filament/Admin/ListNodesTest.php
index 07d98f2ad..8d3dd2e46 100644
--- a/tests/Filament/Admin/ListNodesTest.php
+++ b/tests/Filament/Admin/ListNodesTest.php
@@ -3,7 +3,6 @@
use App\Enums\RolePermissionModels;
use App\Filament\Admin\Resources\Nodes\Pages\ListNodes;
use App\Models\Node;
-use App\Models\Permission;
use App\Models\Role;
use App\Models\Server;
use Filament\Actions\CreateAction;
diff --git a/tests/Integration/Api/Client/ClientControllerTest.php b/tests/Integration/Api/Client/ClientControllerTest.php
index a7bd318ed..44477e157 100644
--- a/tests/Integration/Api/Client/ClientControllerTest.php
+++ b/tests/Integration/Api/Client/ClientControllerTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
-use App\Models\Permission;
use App\Models\Role;
use App\Models\Server;
use App\Models\Subuser;
@@ -158,7 +158,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
Subuser::query()->create([
'user_id' => $users[0]->id,
'server_id' => $servers[1]->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect->value],
]);
$response = $this->actingAs($users[0])->getJson('/api/client');
@@ -189,7 +189,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
Subuser::query()->create([
'user_id' => $users[0]->id,
'server_id' => $servers[1]->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect],
]);
$response = $this->actingAs($users[0])->getJson('/api/client?type=owner');
@@ -214,7 +214,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
->assertJson([
'object' => 'system_permissions',
'attributes' => [
- 'permissions' => Permission::permissions()->toArray(),
+ 'permissions' => Subuser::allPermissionKeys(),
],
]);
}
@@ -239,7 +239,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
Subuser::query()->create([
'user_id' => $users[0]->id,
'server_id' => $servers[1]->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect->value],
]);
// Only servers 2 & 3 (0 indexed) should be returned by the API at this point. The user making
@@ -274,7 +274,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
Subuser::query()->create([
'user_id' => $users[0]->id,
'server_id' => $servers[1]->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect->value],
]);
// All servers should be returned.
@@ -311,7 +311,7 @@ class ClientControllerTest extends ClientApiIntegrationTestCase
public function test_only_primary_allocation_is_returned_to_subuser(): void
{
/** @var \App\Models\Server $server */
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$server->allocation->notes = 'Test notes';
$server->allocation->save();
diff --git a/tests/Integration/Api/Client/Server/Allocation/CreateNewAllocationTest.php b/tests/Integration/Api/Client/Server/Allocation/CreateNewAllocationTest.php
index 6a9e039b8..fed38ec8e 100644
--- a/tests/Integration/Api/Client/Server/Allocation/CreateNewAllocationTest.php
+++ b/tests/Integration/Api/Client/Server/Allocation/CreateNewAllocationTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Allocation;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
-use App\Models\Permission;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
use PHPUnit\Framework\Attributes\DataProvider;
@@ -48,7 +48,7 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
public function test_allocation_cannot_be_created_if_user_does_not_have_permission(): void
{
/** @var \App\Models\Server $server */
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_UPDATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationUpdate]);
$server->update(['allocation_limit' => 2]);
$this->actingAs($user)->postJson($this->link($server, '/network/allocations'))->assertForbidden();
@@ -88,6 +88,6 @@ class CreateNewAllocationTest extends ClientApiIntegrationTestCase
public static function permissionDataProvider(): array
{
- return [[[Permission::ACTION_ALLOCATION_CREATE]], [[]]];
+ return [[[SubuserPermission::AllocationCreate]], [[]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php b/tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php
index 7df8dce43..3c02be522 100644
--- a/tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php
+++ b/tests/Integration/Api/Client/Server/Allocation/DeleteAllocationTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Allocation;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
-use App\Models\Permission;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
use PHPUnit\Framework\Attributes\DataProvider;
@@ -56,7 +56,7 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
public function test_error_is_returned_if_user_does_not_have_permission(): void
{
/** @var \App\Models\Server $server */
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
/** @var \App\Models\Allocation $allocation */
$allocation = Allocation::factory()->create([
@@ -101,6 +101,6 @@ class DeleteAllocationTest extends ClientApiIntegrationTestCase
public static function permissionDataProvider(): array
{
- return [[[Permission::ACTION_ALLOCATION_DELETE]], [[]]];
+ return [[[SubuserPermission::AllocationDelete]], [[]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php b/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php
index 1cf1537fa..649c8ae6b 100644
--- a/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php
+++ b/tests/Integration/Api/Client/Server/Backup/DeleteBackupTest.php
@@ -2,9 +2,9 @@
namespace App\Tests\Integration\Api\Client\Server\Backup;
+use App\Enums\SubuserPermission;
use App\Events\ActivityLogged;
use App\Models\Backup;
-use App\Models\Permission;
use App\Repositories\Daemon\DaemonBackupRepository;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
@@ -24,7 +24,7 @@ class DeleteBackupTest extends ClientApiIntegrationTestCase
public function test_user_without_permission_cannot_delete_backup(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::BackupCreate]);
$backup = Backup::factory()->create(['server_id' => $server->id]);
@@ -41,7 +41,7 @@ class DeleteBackupTest extends ClientApiIntegrationTestCase
{
Event::fake([ActivityLogged::class]);
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_BACKUP_DELETE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::BackupDelete]);
/** @var \App\Models\Backup $backup */
$backup = Backup::factory()->create(['server_id' => $server->id]);
diff --git a/tests/Integration/Api/Client/Server/CommandControllerTest.php b/tests/Integration/Api/Client/Server/CommandControllerTest.php
index 48e79f740..14b5f0cd4 100644
--- a/tests/Integration/Api/Client/Server/CommandControllerTest.php
+++ b/tests/Integration/Api/Client/Server/CommandControllerTest.php
@@ -2,9 +2,9 @@
namespace App\Tests\Integration\Api\Client\Server;
+use App\Enums\SubuserPermission;
use App\Http\Controllers\Api\Client\Servers\CommandController;
use App\Http\Requests\Api\Client\Servers\SendCommandRequest;
-use App\Models\Permission;
use App\Models\Server;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use GuzzleHttp\Exception\BadResponseException;
@@ -38,7 +38,7 @@ class CommandControllerTest extends ClientApiIntegrationTestCase
*/
public function test_subuser_without_permission_receives_error(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$response = $this->actingAs($user)->postJson("/api/client/servers/$server->uuid/command", [
'command' => 'say Test',
@@ -52,7 +52,7 @@ class CommandControllerTest extends ClientApiIntegrationTestCase
*/
public function test_command_can_send_to_server(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_CONTROL_CONSOLE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ControlConsole]);
$server = \Mockery::mock($server)->makePartial();
diff --git a/tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php b/tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php
index bb14ef7f3..09499041a 100644
--- a/tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php
+++ b/tests/Integration/Api/Client/Server/NetworkAllocationControllerTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
-use App\Models\Permission;
use App\Models\User;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
@@ -41,7 +41,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
$this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
->assertNotFound();
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
$this->actingAs($user)->getJson($this->link($server, '/network/allocations'))
->assertForbidden();
@@ -91,7 +91,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
$this->actingAs($user)->postJson($this->link($server->allocation))->assertNotFound();
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
$this->actingAs($user)->postJson($this->link($server->allocation))->assertForbidden();
}
@@ -125,7 +125,7 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
$this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
->assertNotFound();
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_ALLOCATION_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::AllocationCreate]);
$this->actingAs($user)->postJson($this->link($server->allocation, '/primary'))
->assertForbidden();
@@ -133,6 +133,6 @@ class NetworkAllocationControllerTest extends ClientApiIntegrationTestCase
public static function updatePermissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_ALLOCATION_UPDATE]]];
+ return [[[]], [[SubuserPermission::AllocationUpdate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/PowerControllerTest.php b/tests/Integration/Api/Client/Server/PowerControllerTest.php
index 3c47830b4..cbd82cd09 100644
--- a/tests/Integration/Api/Client/Server/PowerControllerTest.php
+++ b/tests/Integration/Api/Client/Server/PowerControllerTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Repositories\Daemon\DaemonServerRepository;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
@@ -15,7 +15,7 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
* an error in response. This checks against the specific permission needed to send
* the command to the server.
*
- * @param string[] $permissions
+ * @param array $permissions
*/
#[DataProvider('invalidPermissionDataProvider')]
public function test_subuser_without_permissions_receives_error(string $action, array $permissions): void
@@ -47,7 +47,7 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
* Test that sending a valid power actions works.
*/
#[DataProvider('validPowerActionDataProvider')]
- public function test_action_can_be_sent_to_server(string $action, string $permission): void
+ public function test_action_can_be_sent_to_server(string $action, string|SubuserPermission $permission): void
{
$service = \Mockery::mock(DaemonServerRepository::class);
$this->app->instance(DaemonServerRepository::class, $service);
@@ -74,25 +74,25 @@ class PowerControllerTest extends ClientApiIntegrationTestCase
public static function invalidPermissionDataProvider(): array
{
return [
- ['start', [Permission::ACTION_CONTROL_STOP, Permission::ACTION_CONTROL_RESTART]],
- ['stop', [Permission::ACTION_CONTROL_START]],
- ['kill', [Permission::ACTION_CONTROL_START, Permission::ACTION_CONTROL_RESTART]],
- ['restart', [Permission::ACTION_CONTROL_STOP, Permission::ACTION_CONTROL_START]],
- ['random', [Permission::ACTION_CONTROL_START]],
+ ['start', [SubuserPermission::ControlStop, SubuserPermission::ControlRestart]],
+ ['stop', [SubuserPermission::ControlStart]],
+ ['kill', [SubuserPermission::ControlStart, SubuserPermission::ControlRestart]],
+ ['restart', [SubuserPermission::ControlStop, SubuserPermission::ControlStart]],
+ ['random', [SubuserPermission::ControlStart]],
];
}
public static function validPowerActionDataProvider(): array
{
return [
- ['start', Permission::ACTION_CONTROL_START],
- ['stop', Permission::ACTION_CONTROL_STOP],
- ['restart', Permission::ACTION_CONTROL_RESTART],
- ['kill', Permission::ACTION_CONTROL_STOP],
+ ['start', SubuserPermission::ControlStart],
+ ['stop', SubuserPermission::ControlStop],
+ ['restart', SubuserPermission::ControlRestart],
+ ['kill', SubuserPermission::ControlStop],
// Yes, these spaces are intentional. You should be able to send values with or without
// a space on the start/end since we should be trimming the values.
- [' restart', Permission::ACTION_CONTROL_RESTART],
- ['kill ', Permission::ACTION_CONTROL_STOP],
+ [' restart', SubuserPermission::ControlRestart],
+ ['kill ', SubuserPermission::ControlStop],
];
}
}
diff --git a/tests/Integration/Api/Client/Server/ResourceUtilizationControllerTest.php b/tests/Integration/Api/Client/Server/ResourceUtilizationControllerTest.php
index f5224cd36..8ae4af5dc 100644
--- a/tests/Integration/Api/Client/Server/ResourceUtilizationControllerTest.php
+++ b/tests/Integration/Api/Client/Server/ResourceUtilizationControllerTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Repositories\Daemon\DaemonServerRepository;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -16,7 +16,7 @@ class ResourceUtilizationControllerTest extends ClientApiIntegrationTestCase
$service = \Mockery::mock(DaemonServerRepository::class);
$this->app->instance(DaemonServerRepository::class, $service);
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$service->expects('setServer')->with(\Mockery::on(function ($value) use ($server) {
return $server->uuid === $value->uuid;
diff --git a/tests/Integration/Api/Client/Server/Schedule/CreateServerScheduleTest.php b/tests/Integration/Api/Client/Server/Schedule/CreateServerScheduleTest.php
index c56b9f826..47f6d05a2 100644
--- a/tests/Integration/Api/Client/Server/Schedule/CreateServerScheduleTest.php
+++ b/tests/Integration/Api/Client/Server/Schedule/CreateServerScheduleTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Schedule;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
@@ -83,7 +83,7 @@ class CreateServerScheduleTest extends ClientApiIntegrationTestCase
*/
public function test_subuser_cannot_create_schedule_without_permissions(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleUpdate]);
$this->actingAs($user)
->postJson("/api/client/servers/$server->uuid/schedules", [])
@@ -92,6 +92,6 @@ class CreateServerScheduleTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SCHEDULE_CREATE]]];
+ return [[[]], [[SubuserPermission::ScheduleCreate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php b/tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php
index e1227e16c..cb3e09206 100644
--- a/tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php
+++ b/tests/Integration/Api/Client/Server/Schedule/DeleteServerScheduleTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Schedule;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Models\Task;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -66,7 +66,7 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
*/
public function test_error_is_returned_if_subuser_does_not_have_required_permissions(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_UPDATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleUpdate]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
@@ -79,6 +79,6 @@ class DeleteServerScheduleTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SCHEDULE_DELETE]]];
+ return [[[]], [[SubuserPermission::ScheduleDelete]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Schedule/ExecuteScheduleTest.php b/tests/Integration/Api/Client/Server/Schedule/ExecuteScheduleTest.php
index 676cdc0db..6b691e8d0 100644
--- a/tests/Integration/Api/Client/Server/Schedule/ExecuteScheduleTest.php
+++ b/tests/Integration/Api/Client/Server/Schedule/ExecuteScheduleTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Schedule;
+use App\Enums\SubuserPermission;
use App\Jobs\Schedule\RunTaskJob;
-use App\Models\Permission;
use App\Models\Schedule;
use App\Models\Task;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -56,7 +56,7 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
*/
public function test_user_without_schedule_update_permission_cannot_execute(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
/** @var \App\Models\Schedule $schedule */
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
@@ -66,6 +66,6 @@ class ExecuteScheduleTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
+ return [[[]], [[SubuserPermission::ScheduleUpdate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php b/tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php
index 3a15f61c6..c97b13414 100644
--- a/tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php
+++ b/tests/Integration/Api/Client/Server/Schedule/GetServerSchedulesTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Schedule;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Models\Task;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -76,7 +76,7 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
*/
public function test_user_without_permission_cannot_view_schedules(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$this->actingAs($user)
->getJson("/api/client/servers/$server->uuid/schedules")
@@ -94,8 +94,8 @@ class GetServerSchedulesTest extends ClientApiIntegrationTestCase
return [
[[], false],
[[], true],
- [[Permission::ACTION_SCHEDULE_READ], false],
- [[Permission::ACTION_SCHEDULE_READ], true],
+ [[SubuserPermission::ScheduleRead], false],
+ [[SubuserPermission::ScheduleRead], true],
];
}
}
diff --git a/tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php b/tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php
index 27f1accbe..72fbc4dab 100644
--- a/tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php
+++ b/tests/Integration/Api/Client/Server/Schedule/UpdateServerScheduleTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Schedule;
+use App\Enums\SubuserPermission;
use App\Helpers\Utilities;
-use App\Models\Permission;
use App\Models\Schedule;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use PHPUnit\Framework\Attributes\DataProvider;
@@ -70,7 +70,7 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
*/
public function test_error_is_returned_if_subuser_does_not_have_permission_to_modify_schedule(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
@@ -109,6 +109,6 @@ class UpdateServerScheduleTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
+ return [[[]], [[SubuserPermission::ScheduleUpdate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php b/tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php
index 5ba6e0448..9900c2c17 100644
--- a/tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php
+++ b/tests/Integration/Api/Client/Server/ScheduleTask/CreateServerScheduleTaskTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\ScheduleTask;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Models\Task;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -160,7 +160,7 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
*/
public function test_error_is_returned_if_subuser_does_not_have_schedule_update_permissions(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
/** @var \App\Models\Schedule $schedule */
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
@@ -172,6 +172,6 @@ class CreateServerScheduleTaskTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SCHEDULE_UPDATE]]];
+ return [[[]], [[SubuserPermission::ScheduleUpdate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/ScheduleTask/DeleteScheduleTaskTest.php b/tests/Integration/Api/Client/Server/ScheduleTask/DeleteScheduleTaskTest.php
index 11d24bc32..e207418b1 100644
--- a/tests/Integration/Api/Client/Server/ScheduleTask/DeleteScheduleTaskTest.php
+++ b/tests/Integration/Api/Client/Server/ScheduleTask/DeleteScheduleTaskTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\ScheduleTask;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Schedule;
use App\Models\Task;
use App\Models\User;
@@ -45,7 +45,7 @@ class DeleteScheduleTaskTest extends ClientApiIntegrationTestCase
*/
public function test_user_without_permission_returns_error(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_SCHEDULE_CREATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ScheduleCreate]);
$schedule = Schedule::factory()->create(['server_id' => $server->id]);
$task = Task::factory()->create(['schedule_id' => $schedule->id]);
diff --git a/tests/Integration/Api/Client/Server/SettingsControllerTest.php b/tests/Integration/Api/Client/Server/SettingsControllerTest.php
index 0ceeae415..b89b8a42c 100644
--- a/tests/Integration/Api/Client/Server/SettingsControllerTest.php
+++ b/tests/Integration/Api/Client/Server/SettingsControllerTest.php
@@ -3,7 +3,7 @@
namespace App\Tests\Integration\Api\Client\Server;
use App\Enums\ServerState;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Server;
use App\Repositories\Daemon\DaemonServerRepository;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -48,7 +48,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
*/
public function test_subuser_cannot_change_server_name_without_permission(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$originalName = $server->name;
$this->actingAs($user)
@@ -97,7 +97,7 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
*/
public function test_subuser_cannot_reinstall_server_without_permission(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$this->actingAs($user)
->postJson("/api/client/servers/$server->uuid/settings/reinstall")
@@ -109,11 +109,11 @@ class SettingsControllerTest extends ClientApiIntegrationTestCase
public static function renamePermissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SETTINGS_RENAME]]];
+ return [[[]], [[SubuserPermission::SettingsRename]]];
}
public static function reinstallPermissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_SETTINGS_REINSTALL]]];
+ return [[[]], [[SubuserPermission::SettingsReinstall]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php b/tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php
index 1a7aaa529..025191af2 100644
--- a/tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php
+++ b/tests/Integration/Api/Client/Server/Startup/GetStartupAndVariablesTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Startup;
+use App\Enums\SubuserPermission;
use App\Models\EggVariable;
-use App\Models\Permission;
use App\Models\User;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use PHPUnit\Framework\Attributes\DataProvider;
@@ -51,7 +51,7 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
*/
public function test_startup_data_is_not_returned_without_permission(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$this->actingAs($user)->getJson($this->link($server) . '/startup')->assertForbidden();
$user2 = User::factory()->create();
@@ -60,6 +60,6 @@ class GetStartupAndVariablesTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_STARTUP_READ]]];
+ return [[[]], [[SubuserPermission::StartupRead]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Startup/UpdateStartupVariableTest.php b/tests/Integration/Api/Client/Server/Startup/UpdateStartupVariableTest.php
index 489380238..b99871062 100644
--- a/tests/Integration/Api/Client/Server/Startup/UpdateStartupVariableTest.php
+++ b/tests/Integration/Api/Client/Server/Startup/UpdateStartupVariableTest.php
@@ -2,8 +2,8 @@
namespace App\Tests\Integration\Api\Client\Server\Startup;
+use App\Enums\SubuserPermission;
use App\Models\EggVariable;
-use App\Models\Permission;
use App\Models\User;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Illuminate\Http\Response;
@@ -139,7 +139,7 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
*/
public function test_startup_variable_cannot_be_updated_if_not_user_viewable(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$this->actingAs($user)->putJson($this->link($server) . '/startup/variable')->assertForbidden();
$user2 = User::factory()->create();
@@ -148,6 +148,6 @@ class UpdateStartupVariableTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_STARTUP_UPDATE]]];
+ return [[[]], [[SubuserPermission::StartupUpdate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Subuser/CreateServerSubuserTest.php b/tests/Integration/Api/Client/Server/Subuser/CreateServerSubuserTest.php
index 4a7abddab..0f986859f 100644
--- a/tests/Integration/Api/Client/Server/Subuser/CreateServerSubuserTest.php
+++ b/tests/Integration/Api/Client/Server/Subuser/CreateServerSubuserTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Subuser;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Subuser;
use App\Models\User;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -26,7 +26,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email = $this->faker->email(),
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -38,8 +38,8 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response->assertJsonPath('object', Subuser::RESOURCE_NAME);
$response->assertJsonPath('attributes.uuid', $subuser->uuid);
$response->assertJsonPath('attributes.permissions', [
- Permission::ACTION_USER_CREATE,
- Permission::ACTION_WEBSOCKET_CONNECT,
+ SubuserPermission::UserCreate->value,
+ SubuserPermission::WebsocketConnect->value,
]);
$expected = $response->json('attributes');
@@ -55,16 +55,16 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
public function test_error_is_returned_if_assigning_permissions_not_assigned_to_self(): void
{
[$user, $server] = $this->generateTestAccount([
- Permission::ACTION_USER_CREATE,
- Permission::ACTION_USER_READ,
- Permission::ACTION_CONTROL_CONSOLE,
+ SubuserPermission::UserCreate,
+ SubuserPermission::UserRead,
+ SubuserPermission::ControlConsole,
]);
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $this->faker->email(),
'permissions' => [
- Permission::ACTION_USER_CREATE,
- Permission::ACTION_USER_UPDATE, // This permission is not assigned to the subuser.
+ SubuserPermission::UserCreate->value,
+ SubuserPermission::UserUpdate->value, // This permission is not assigned to the subuser.
],
]);
@@ -85,7 +85,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email,
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -94,7 +94,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email . '.au',
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -117,7 +117,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $existing->email,
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -137,7 +137,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email = $this->faker->email(),
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -146,7 +146,7 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
$response = $this->actingAs($user)->postJson($this->link($server) . '/users', [
'email' => $email,
'permissions' => [
- Permission::ACTION_USER_CREATE,
+ SubuserPermission::UserCreate->value,
],
]);
@@ -157,6 +157,6 @@ class CreateServerSubuserTest extends ClientApiIntegrationTestCase
public static function permissionsDataProvider(): array
{
- return [[[]], [[Permission::ACTION_USER_CREATE]]];
+ return [[[]], [[SubuserPermission::UserCreate]]];
}
}
diff --git a/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php b/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
index 48693591b..63440a084 100644
--- a/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
+++ b/tests/Integration/Api/Client/Server/Subuser/DeleteSubuserTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Subuser;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Subuser;
use App\Models\User;
use App\Repositories\Daemon\DaemonServerRepository;
@@ -39,7 +39,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
Subuser::query()->forceCreate([
'user_id' => $subuser->id,
'server_id' => $server->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect],
]);
$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();
@@ -55,7 +55,7 @@ class DeleteSubuserTest extends ClientApiIntegrationTestCase
Subuser::query()->forceCreate([
'user_id' => $subuser->id,
'server_id' => $server->id,
- 'permissions' => [Permission::ACTION_WEBSOCKET_CONNECT],
+ 'permissions' => [SubuserPermission::WebsocketConnect],
]);
$mock->expects('setServer->revokeUserJTI')->with($subuser->id)->andReturnUndefined();
diff --git a/tests/Integration/Api/Client/Server/Subuser/UpdateSubuserTest.php b/tests/Integration/Api/Client/Server/Subuser/UpdateSubuserTest.php
index 154a0921a..eb15df5ad 100644
--- a/tests/Integration/Api/Client/Server/Subuser/UpdateSubuserTest.php
+++ b/tests/Integration/Api/Client/Server/Subuser/UpdateSubuserTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server\Subuser;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Models\Subuser;
use App\Models\User;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
@@ -43,9 +43,9 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
$server->subusers()->where('user_id', $user->id)->update([
'permissions' => [
- Permission::ACTION_USER_UPDATE,
- Permission::ACTION_CONTROL_START,
- Permission::ACTION_CONTROL_STOP,
+ SubuserPermission::UserUpdate,
+ SubuserPermission::ControlStart,
+ SubuserPermission::ControlStop,
],
]);
@@ -95,7 +95,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
*/
public function test_user_cannot_assign_permissions_they_do_not_have(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_USER_READ, Permission::ACTION_USER_UPDATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::UserRead, SubuserPermission::UserUpdate]);
$subuser = Subuser::factory()
->for(User::factory()->create())
@@ -104,7 +104,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
$this->actingAs($user)
->postJson("/api/client/servers/$server->uuid/users/{$subuser->user->uuid}", [
- 'permissions' => [Permission::ACTION_USER_READ, Permission::ACTION_CONTROL_CONSOLE],
+ 'permissions' => [SubuserPermission::UserRead, SubuserPermission::ControlConsole],
])
->assertForbidden();
@@ -116,7 +116,7 @@ class UpdateSubuserTest extends ClientApiIntegrationTestCase
*/
public function test_user_cannot_update_self(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_USER_READ, Permission::ACTION_USER_UPDATE]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::UserRead, SubuserPermission::UserUpdate]);
$this->actingAs($user)
->postJson("/api/client/servers/$server->uuid/users/$user->uuid", [])
diff --git a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php
index 559cce5c7..a8be77b20 100644
--- a/tests/Integration/Api/Client/Server/WebsocketControllerTest.php
+++ b/tests/Integration/Api/Client/Server/WebsocketControllerTest.php
@@ -2,7 +2,7 @@
namespace App\Tests\Integration\Api\Client\Server;
-use App\Models\Permission;
+use App\Enums\SubuserPermission;
use App\Tests\Integration\Api\Client\ClientApiIntegrationTestCase;
use Carbon\CarbonImmutable;
use Illuminate\Http\Response;
@@ -16,7 +16,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
{
public function test_subuser_without_websocket_permission_receives_error(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_CONTROL_RESTART]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::ControlRestart]);
$this->actingAs($user)->getJson("/api/client/servers/$server->uuid/websocket")
->assertStatus(Response::HTTP_FORBIDDEN)
@@ -29,8 +29,8 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
*/
public function test_user_without_permission_for_server_receives_error(): void
{
- [, $server] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
- [$user] = $this->generateTestAccount([Permission::ACTION_WEBSOCKET_CONNECT]);
+ [, $server] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
+ [$user] = $this->generateTestAccount([SubuserPermission::WebsocketConnect]);
$this->actingAs($user)->getJson("/api/client/servers/$server->uuid/websocket")
->assertStatus(Response::HTTP_NOT_FOUND);
@@ -86,7 +86,7 @@ class WebsocketControllerTest extends ClientApiIntegrationTestCase
public function test_jwt_is_configured_correctly_for_server_subuser(): void
{
- $permissions = [Permission::ACTION_WEBSOCKET_CONNECT, Permission::ACTION_CONTROL_CONSOLE];
+ $permissions = [SubuserPermission::WebsocketConnect->value, SubuserPermission::ControlConsole->value];
/** @var \App\Models\User $user */
/** @var \App\Models\Server $server */
diff --git a/tests/Integration/Api/Remote/SftpAuthenticationControllerTest.php b/tests/Integration/Api/Remote/SftpAuthenticationControllerTest.php
index 572bfdf10..13e5ff8e6 100644
--- a/tests/Integration/Api/Remote/SftpAuthenticationControllerTest.php
+++ b/tests/Integration/Api/Remote/SftpAuthenticationControllerTest.php
@@ -3,8 +3,8 @@
namespace App\Tests\Integration\Api\Remote;
use App\Enums\ServerState;
+use App\Enums\SubuserPermission;
use App\Models\Node;
-use App\Models\Permission;
use App\Models\Role;
use App\Models\Server;
use App\Models\User;
@@ -135,7 +135,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
public function test_request_is_denied_if_user_lacks_sftp_permission(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_FILE_READ]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::FileRead]);
$user->update(['password' => password_hash('foobar', PASSWORD_DEFAULT)]);
@@ -163,7 +163,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
*/
public function test_user_permissions_are_returned_correctly(): void
{
- [$user, $server] = $this->generateTestAccount([Permission::ACTION_FILE_READ, Permission::ACTION_FILE_SFTP]);
+ [$user, $server] = $this->generateTestAccount([SubuserPermission::FileRead, SubuserPermission::FileSftp]);
$user->update(['password' => password_hash('foobar', PASSWORD_DEFAULT)]);
@@ -176,7 +176,7 @@ class SftpAuthenticationControllerTest extends IntegrationTestCase
$this->postJson('/api/remote/sftp/auth', $data)
->assertOk()
- ->assertJsonPath('permissions', [Permission::ACTION_FILE_READ, Permission::ACTION_FILE_SFTP]);
+ ->assertJsonPath('permissions', [SubuserPermission::FileRead->value, SubuserPermission::FileSftp->value]);
$user->syncRoles(Role::getRootAdmin());
diff --git a/tests/Traits/Integration/CreatesTestModels.php b/tests/Traits/Integration/CreatesTestModels.php
index 90ee6fc65..5a910d45d 100644
--- a/tests/Traits/Integration/CreatesTestModels.php
+++ b/tests/Traits/Integration/CreatesTestModels.php
@@ -2,6 +2,7 @@
namespace App\Tests\Traits\Integration;
+use App\Enums\SubuserPermission;
use App\Models\Allocation;
use App\Models\Egg;
use App\Models\Node;
@@ -65,7 +66,7 @@ trait CreatesTestModels
* Generates a user and a server for that user. If an array of permissions is passed it
* is assumed that the user is actually a subuser of the server.
*
- * @param string[] $permissions
+ * @param array $permissions
* @return array{\App\Models\User, \App\Models\Server}
*/
public function generateTestAccount(array $permissions = []): array
@@ -82,7 +83,7 @@ trait CreatesTestModels
Subuser::query()->create([
'user_id' => $user->id,
'server_id' => $server->id,
- 'permissions' => $permissions,
+ 'permissions' => array_map(fn ($permission) => $permission instanceof SubuserPermission ? $permission->value : $permission, $permissions),
]);
return [$user, $server];