Add allocation to role permission models & make sure user can target node of allocation (#2124)

app/Enums/RolePermissionModels.php

@@ -5,6 +5,7 @@ namespace App\Enums;
 enum RolePermissionModels: string
 {
     case ApiKey = 'apiKey';
+    case Allocation = 'allocation';
     case DatabaseHost = 'databaseHost';
     case Database = 'database';
     case Egg = 'egg';
@@ -34,4 +35,9 @@ enum RolePermissionModels: string
     {
         return RolePermissionPrefixes::Update->value . ' ' . $this->value;
     }
+
+    public function delete(): string
+    {
+        return RolePermissionPrefixes::Delete->value . ' ' . $this->value;
+    }
 }

app/Policies/AllocationPolicy.php

@@ -3,6 +3,7 @@
 namespace App\Policies;
 
 use App\Enums\SubuserPermission;
+use App\Models\Allocation;
 use App\Models\Server;
 use App\Models\User;
 use Filament\Facades\Filament;
@@ -21,6 +22,23 @@ class AllocationPolicy
 
     protected string $modelName = 'allocation';
 
+    public function before(User $user, string $ability, string|Allocation $allocation): ?bool
+    {
+        // For "viewAny" the $allocation param is the class name
+        if (is_string($allocation)) {
+            return null;
+        }
+
+        /** @var ?Server $server */
+        $server = Filament::getTenant();
+
+        if (!$server && !$user->canTarget($allocation->node)) {
+            return false;
+        }
+
+        return null;
+    }
+
     public function viewAny(User $user): bool
     {
         /** @var ?Server $server */