Add user_mountable functionality for Mounts (#2077)

Resolves #2077

app/Enums/SubuserPermission.php

@@ -58,6 +58,9 @@ enum SubuserPermission: string
     case SettingsDescription = 'settings.description';
     case SettingsReinstall = 'settings.reinstall';
 
+    case MountRead = 'mount.read';
+    case MountUpdate = 'mount.update';
+
     /** @return string[] */
     public function split(): array
     {
@@ -84,6 +87,7 @@ enum SubuserPermission: string
             'schedule' => TablerIcon::Clock,
             'settings' => TablerIcon::Settings,
             'activity' => TablerIcon::Stack,
+            'mount' => TablerIcon::LayersLinked,
             default => null,
         };
     }

app/Filament/Admin/Resources/Mounts/MountResource.php

@@ -143,6 +143,24 @@ class MountResource extends Resource
                         ])
                         ->inline()
                         ->default(false),
+                    ToggleButtons::make('user_mountable')
+                        ->label(trans('admin/mount.user_mountable'))
+                        ->helperText(trans('admin/mount.user_mountable_help'))
+                        ->stateCast(new BooleanStateCast(false, true))
+                        ->options([
+                            false => trans('admin/mount.toggles.not_user_mountable'),
+                            true => trans('admin/mount.toggles.user_mountable'),
+                        ])
+                        ->icons([
+                            false => TablerIcon::Users,
+                            true => TablerIcon::Users,
+                        ])
+                        ->colors([
+                            false => 'warning',
+                            true => 'success',
+                        ])
+                        ->inline()
+                        ->default(true),
                     TextInput::make('source')
                         ->label(trans('admin/mount.source'))
                         ->required()

app/Filament/Admin/Resources/Mounts/Pages/CreateMount.php

@@ -42,7 +42,6 @@ class CreateMount extends CreateRecord
     protected function handleRecordCreation(array $data): Model
     {
         $data['uuid'] ??= Str::uuid()->toString();
-        $data['user_mountable'] = 1;
 
         return parent::handleRecordCreation($data);
     }

app/Filament/Server/Pages/Console.php

@@ -78,15 +78,11 @@ class Console extends Page
         $feature = data_get($data, 'key');
 
         $feature = $this->featureService->get($feature);
-        if (!$feature) {
+        if (!$feature || $this->getMountedAction()) {
             return;
         }
-
-        if ($this->getMountedAction()) {
-            $this->replaceMountedAction($feature->getId());
-        } else {
-            $this->mountAction($feature->getId());
-        }
+        $this->mountAction($feature->getId());
+        sleep(2); // TODO find a better way
     }
 
     public function getWidgetData(): array

app/Filament/Server/Pages/Mounts.php

@@ -0,0 +1,114 @@
+<?php
+
+namespace App\Filament\Server\Pages;
+
+use App\Enums\SubuserPermission;
+use App\Enums\TablerIcon;
+use App\Facades\Activity;
+use App\Models\Mount;
+use App\Models\Server;
+use BackedEnum;
+use Filament\Facades\Filament;
+use Filament\Forms\Components\CheckboxList;
+use Filament\Notifications\Notification;
+use Filament\Schemas\Components\Section;
+use Filament\Schemas\Schema;
+
+class Mounts extends ServerFormPage
+{
+    protected static string|BackedEnum|null $navigationIcon = TablerIcon::LayersLinked;
+
+    protected static ?int $navigationSort = 11;
+
+    public static function canAccess(): bool
+    {
+        return parent::canAccess() && user()?->can(SubuserPermission::MountRead, Filament::getTenant());
+    }
+
+    protected function authorizeAccess(): void
+    {
+        abort_unless(user()?->can(SubuserPermission::MountRead, Filament::getTenant()), 403);
+    }
+
+    protected function fillForm(): void
+    {
+        $this->form->fill([
+            'mounts' => $this->getRecord()->mounts->pluck('id')->toArray(),
+        ]);
+    }
+
+    public function form(Schema $schema): Schema
+    {
+        /** @var Server $server */
+        $server = $this->getRecord();
+
+        $allowedMounts = Mount::query()
+            ->where('user_mountable', true)
+            ->where(function ($query) use ($server) {
+                $query->whereDoesntHave('nodes')
+                    ->orWhereHas('nodes', fn ($q) => $q->where('nodes.id', $server->node_id));
+            })
+            ->where(function ($query) use ($server) {
+                $query->whereDoesntHave('eggs')
+                    ->orWhereHas('eggs', fn ($q) => $q->where('eggs.id', $server->egg_id));
+            })
+            ->get();
+
+        return parent::form($schema)
+            ->components([
+                Section::make(trans('server/mount.description'))
+                    ->schema([
+                        CheckboxList::make('mounts')
+                            ->hiddenLabel()
+                            ->relationship('mounts')
+                            ->options(fn () => $allowedMounts->mapWithKeys(fn (Mount $mount) => [$mount->id => $mount->name]))
+                            ->descriptions(fn () => $allowedMounts->mapWithKeys(fn (Mount $mount) => [$mount->id => "$mount->source -> $mount->target"]))
+                            ->helperText(fn () => $allowedMounts->isEmpty() ? trans('server/mount.no_mounts') : null)
+                            ->disabled(fn (Server $server) => !user()?->can(SubuserPermission::MountUpdate, $server))
+                            ->bulkToggleable()
+                            ->live()
+                            ->afterStateUpdated(function ($state) {
+                                $this->save();
+                            })
+                            ->columnSpanFull(),
+                    ]),
+            ]);
+    }
+
+    public function save(): void
+    {
+        /** @var Server $server */
+        $server = $this->getRecord();
+
+        abort_unless(user()?->can(SubuserPermission::MountUpdate, $server), 403);
+
+        try {
+            $this->form->getState();
+            $this->form->saveRelationships();
+
+            Activity::event('server:mount.update')
+                ->log();
+
+            Notification::make()
+                ->title(trans('server/mount.notification_updated'))
+                ->success()
+                ->send();
+        } catch (\Exception $exception) {
+            Notification::make()
+                ->title(trans('server/mount.notification_failed'))
+                ->body($exception->getMessage())
+                ->danger()
+                ->send();
+        }
+    }
+
+    public function getTitle(): string
+    {
+        return trans('server/mount.title');
+    }
+
+    public static function getNavigationLabel(): string
+    {
+        return trans('server/mount.title');
+    }
+}

app/Filament/Server/Resources/Files/Pages/ListFiles.php

@@ -209,18 +209,16 @@ class ListFiles extends ListRecords
                                 ->required()
                                 ->live(),
                             TextEntry::make('new_location')
-                                ->state(fn (Get $get, File $file) => resolve_path(join_paths($this->path, str_ends_with($get('location') ?? '/', '/') ? join_paths($get('location') ?? '/', $file->name) : $get('location') ?? '/'))),
+                                ->state(fn (Get $get, File $file) => resolve_path(join_paths($this->path, $get('location') ?? '/', $file->name))),
                         ])
                         ->action(function ($data, File $file) {
                             $location = $data['location'];
-                            $endsWithSlash = str_ends_with($location, '/');
-                            $to = $endsWithSlash ? join_paths($location, $file->name) : $location;
-                            $files = [['to' => $to, 'from' => $file->name]];
+                            $files = [['to' => join_paths($location, $file->name), 'from' => $file->name]];
 
                             $this->getDaemonFileRepository()->renameFiles($this->path, $files);
 
                             $oldLocation = join_paths($this->path, $file->name);
-                            $newLocation = resolve_path(join_paths($this->path, $to));
+                            $newLocation = resolve_path(join_paths($this->path, $location, $file->name));
 
                             Activity::event('server:file.rename')
                                 ->property('directory', $this->path)

app/Http/Controllers/Auth/OAuthController.php

@@ -74,7 +74,7 @@ class OAuthController extends Controller
         $email = $oauthUser->getEmail();
 
         if (!$email) {
-            return $this->errorRedirect('No email was linked to your account on the OAuth provider.');
+            return $this->errorRedirect();
         }
 
         $user = User::whereEmail($email)->first();

app/Listeners/AdminActivityListener.php

@@ -1,72 +0,0 @@
-<?php
-
-namespace App\Listeners;
-
-use App\Facades\Activity;
-use Filament\Facades\Filament;
-use Filament\Resources\Events\RecordCreated;
-use Filament\Resources\Events\RecordUpdated;
-use Illuminate\Support\Str;
-
-class AdminActivityListener
-{
-    protected const REDACTED_FIELDS = [
-        'password',
-        'password_confirmation',
-        'current_password',
-        'token',
-        'secret',
-        'api_key',
-        'daemon_token',
-        '_token',
-    ];
-
-    public function handle(RecordCreated|RecordUpdated $event): void
-    {
-        if (Filament::getCurrentPanel()?->getId() !== 'admin') {
-            return;
-        }
-
-        $record = $event->getRecord();
-        $page = $event->getPage();
-        $data = $event->getData();
-
-        $resourceClass = $page::getResource();
-        $modelClass = $resourceClass::getModel();
-        $slug = Str::kebab(class_basename($modelClass));
-
-        $action = $event instanceof RecordCreated ? 'create' : 'update';
-
-        $properties = $this->redactSensitiveFields($data);
-
-        Activity::event("admin:$slug.$action")
-            ->subject($record)
-            ->property($properties)
-            ->log();
-    }
-
-    /**
-     * @param  array<string, mixed>  $data
-     * @return array<string, mixed>
-     */
-    protected function redactSensitiveFields(array $data): array
-    {
-        $redacted = [];
-
-        foreach ($data as $key => $value) {
-            if (in_array($key, self::REDACTED_FIELDS, true)) {
-                $redacted[$key] = '[REDACTED]';
-
-                continue;
-            }
-
-            if (is_array($value)) {
-                $redacted[$key] = $this->redactSensitiveFields($value);
-            } else {
-                $redacted[$key] = $value;
-            }
-        }
-
-        return $redacted;
-    }
-}

app/Models/Node.php

@@ -358,7 +358,7 @@ class Node extends Model implements Validatable
             'disk_used' => 0,
         ];
 
-        return cache()->flexible("nodes.$this->id.statistics", [5, 30], function () use ($default) {
+        return cache()->remember("nodes.$this->id.statistics", now()->addSeconds(360), function () use ($default) {
             try {
 
                 $data = Http::daemon($this)

app/Providers/EventServiceProvider.php

@@ -2,10 +2,7 @@
 
 namespace App\Providers;
 
-use App\Listeners\AdminActivityListener;
 use App\Listeners\DispatchWebhooks;
-use Filament\Resources\Events\RecordCreated;
-use Filament\Resources\Events\RecordUpdated;
 use Illuminate\Foundation\Support\Providers\EventServiceProvider as ServiceProvider;
 
 class EventServiceProvider extends ServiceProvider
@@ -18,7 +15,5 @@ class EventServiceProvider extends ServiceProvider
         'eloquent.created*' => [DispatchWebhooks::class],
         'eloquent.deleted*' => [DispatchWebhooks::class],
         'eloquent.updated*' => [DispatchWebhooks::class],
-        RecordCreated::class => [AdminActivityListener::class],
-        RecordUpdated::class => [AdminActivityListener::class],
     ];
 }

app/Providers/Filament/FilamentServiceProvider.php

@@ -4,14 +4,12 @@ namespace App\Providers\Filament;
 
 use App\Enums\CustomizationKey;
 use App\Enums\TablerIcon;
-use App\Facades\Activity;
 use Filament\Actions\Action;
 use Filament\Actions\CreateAction;
 use Filament\Actions\DeleteAction;
 use Filament\Actions\EditAction;
 use Filament\Actions\View\ActionsIconAlias;
 use Filament\Actions\ViewAction;
-use Filament\Facades\Filament;
 use Filament\Forms\Components\Field;
 use Filament\Forms\Components\KeyValue;
 use Filament\Forms\Components\Repeater;
@@ -31,10 +29,8 @@ use Filament\Support\View\SupportIconAlias;
 use Filament\Tables\View\TablesIconAlias;
 use Filament\View\PanelsIconAlias;
 use Filament\View\PanelsRenderHook;
-use Illuminate\Database\Eloquent\Model;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\ServiceProvider;
-use Illuminate\Support\Str;
 use Livewire\Component;
 use Livewire\Livewire;
 
@@ -136,18 +132,6 @@ class FilamentServiceProvider extends ServiceProvider
                 $action->iconButton();
                 $action->iconSize(IconSize::ExtraLarge);
             }
-
-            $action->before(function (Model $record) {
-                if (Filament::getCurrentPanel()?->getId() !== 'admin') {
-                    return;
-                }
-
-                $slug = Str::kebab(class_basename($record));
-
-                Activity::event("admin:$slug.delete")
-                    ->subject($record)
-                    ->log();
-            });
         });
 
         CreateAction::configureUsing(function (CreateAction $action) {

lang/en/activity.php

@@ -122,51 +122,4 @@ return [
         ],
         'crashed' => 'Server crashed',
     ],
-    'admin' => [
-        'user' => [
-            'create' => 'Created user <b>:username</b>',
-            'update' => 'Updated user <b>:username</b>',
-            'delete' => 'Deleted user <b>:username</b>',
-        ],
-        'server' => [
-            'create' => 'Created server <b>:name</b>',
-            'update' => 'Updated server <b>:name</b>',
-            'delete' => 'Deleted server <b>:name</b>',
-        ],
-        'node' => [
-            'create' => 'Created node <b>:name</b>',
-            'update' => 'Updated node <b>:name</b>',
-            'delete' => 'Deleted node <b>:name</b>',
-        ],
-        'egg' => [
-            'create' => 'Created egg <b>:name</b>',
-            'update' => 'Updated egg <b>:name</b>',
-            'delete' => 'Deleted egg <b>:name</b>',
-        ],
-        'role' => [
-            'create' => 'Created role <b>:name</b>',
-            'update' => 'Updated role <b>:name</b>',
-            'delete' => 'Deleted role <b>:name</b>',
-        ],
-        'database-host' => [
-            'create' => 'Created database host <b>:name</b>',
-            'update' => 'Updated database host <b>:name</b>',
-            'delete' => 'Deleted database host <b>:name</b>',
-        ],
-        'mount' => [
-            'create' => 'Created mount <b>:name</b>',
-            'update' => 'Updated mount <b>:name</b>',
-            'delete' => 'Deleted mount <b>:name</b>',
-        ],
-        'webhook-configuration' => [
-            'create' => 'Created webhook <b>:description</b>',
-            'update' => 'Updated webhook <b>:description</b>',
-            'delete' => 'Deleted webhook <b>:description</b>',
-        ],
-        'api-key' => [
-            'create' => 'Created API key',
-            'update' => 'Updated API key',
-            'delete' => 'Deleted API key',
-        ],
-    ],
 ];

lang/en/admin/mount.php

@@ -17,9 +17,13 @@ return [
     'no_mounts' => 'No Mounts',
     'eggs' => 'Eggs',
     'nodes' => 'Nodes',
+    'user_mountable' => 'User Mountable?',
+    'user_mountable_help' => 'Allow users to toggle this mount on or off for their servers.',
     'toggles' => [
         'writable' => 'Writable',
         'read_only' => 'Read Only',
+        'user_mountable' => 'User Mountable',
+        'not_user_mountable' => 'Admin Only',
     ],
     'table' => [
         'name' => 'Name',

lang/en/server/mount.php

@@ -0,0 +1,9 @@
+<?php
+
+return [
+    'title' => 'Mounts',
+    'description' => 'Manage the mounts attached to your server.',
+    'no_mounts' => 'There are no user-mountable mounts available for this server.',
+    'notification_updated' => 'Mounts updated successfully.',
+    'notification_failed' => 'Failed to update mounts.',
+];

lang/en/server/user.php

@@ -69,5 +69,8 @@ return [
         'backup_delete' => 'Allows a user to remove backups from the system.',
         'backup_download' => 'Allows a user to download a backup for the server. Danger: this allows a user to access all files for the server in the backup.',
         'backup_restore' => 'Allows a user to restore a backup for the server. Danger: this allows the user to delete all of the server files in the process.',
+        'mount_desc' => 'Permissions that control a user\'s ability to manage mounts for this server.',
+        'mount_read' => 'Allows a user to view the mounts page and see available mounts.',
+        'mount_update' => 'Allows a user to toggle mounts on or off for the server.',
     ],
 ];

public/.htaccess

@@ -5,10 +5,6 @@
 
     RewriteEngine On
 
-    # Handle X-Forwarded-Proto Header
-    RewriteCond %{HTTP:X-Forwarded-Proto} =https [NC]
-    RewriteRule .* - [E=HTTPS:on]
-
     # Handle Authorization Header
     RewriteCond %{HTTP:Authorization} .
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

tests/Filament/Admin/AdminActivityListenerTest.php

@@ -1,158 +0,0 @@
-<?php
-
-use App\Events\ActivityLogged;
-use App\Filament\Admin\Resources\Eggs\Pages\CreateEgg;
-use App\Filament\Admin\Resources\Eggs\Pages\EditEgg;
-use App\Filament\Admin\Resources\Nodes\Pages\CreateNode;
-use App\Filament\Admin\Resources\Nodes\Pages\EditNode;
-use App\Listeners\AdminActivityListener;
-use App\Models\Egg;
-use App\Models\Node;
-use App\Models\Role;
-use Filament\Facades\Filament;
-use Filament\Resources\Events\RecordCreated;
-use Filament\Resources\Events\RecordUpdated;
-use Illuminate\Support\Facades\Event;
-
-function pageInstance(string $class): object
-{
-    return (new ReflectionClass($class))->newInstanceWithoutConstructor();
-}
-
-function createEvent(object $record, array $data, object $page): RecordCreated
-{
-    return new RecordCreated($record, $data, $page);
-}
-
-function updateEvent(object $record, array $data, object $page): RecordUpdated
-{
-    return new RecordUpdated($record, $data, $page);
-}
-
-beforeEach(function () {
-    [$this->admin] = generateTestAccount([]);
-    $this->admin = $this->admin->syncRoles(Role::getRootAdmin());
-    $this->actingAs($this->admin);
-
-    Filament::setCurrentPanel('admin');
-});
-
-it('logs create activity for an egg', function () {
-    $egg = Egg::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(createEvent($egg, ['name' => 'Test Egg'], pageInstance(CreateEgg::class)));
-
-    $this->assertActivityLogged('admin:egg.create');
-});
-
-it('logs update activity for an egg', function () {
-    $egg = Egg::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(updateEvent($egg, ['name' => 'Updated Egg'], pageInstance(EditEgg::class)));
-
-    $this->assertActivityLogged('admin:egg.update');
-});
-
-it('logs create activity for a node', function () {
-    $node = Node::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(createEvent($node, ['name' => 'Test Node'], pageInstance(CreateNode::class)));
-
-    $this->assertActivityLogged('admin:node.create');
-});
-
-it('logs update activity for a node', function () {
-    $node = Node::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(updateEvent($node, ['name' => 'Updated Node'], pageInstance(EditNode::class)));
-
-    $this->assertActivityLogged('admin:node.update');
-});
-
-it('does not log activity for non-admin panels', function () {
-    Filament::setCurrentPanel('app');
-
-    $egg = Egg::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(createEvent($egg, ['name' => 'Test'], pageInstance(CreateEgg::class)));
-
-    Event::assertNotDispatched(ActivityLogged::class);
-});
-
-it('sets the record as the activity subject', function () {
-    $egg = Egg::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(createEvent($egg, ['name' => 'Test'], pageInstance(CreateEgg::class)));
-
-    $this->assertActivityFor('admin:egg.create', $this->admin, $egg);
-});
-
-it('redacts sensitive fields from activity properties', function () {
-    $egg = Egg::first();
-
-    $data = [
-        'name' => 'Visible',
-        'password' => 'should-be-redacted',
-        'password_confirmation' => 'should-be-redacted',
-        'token' => 'should-be-redacted',
-        'secret' => 'should-be-redacted',
-        'api_key' => 'should-be-redacted',
-    ];
-
-    $listener = new AdminActivityListener();
-    $listener->handle(updateEvent($egg, $data, pageInstance(EditEgg::class)));
-
-    Event::assertDispatched(ActivityLogged::class, function (ActivityLogged $event) {
-        $properties = $event->model->properties;
-
-        expect($properties)->toHaveKey('name', 'Visible')
-            ->toHaveKey('password', '[REDACTED]')
-            ->toHaveKey('password_confirmation', '[REDACTED]')
-            ->toHaveKey('token', '[REDACTED]')
-            ->toHaveKey('secret', '[REDACTED]')
-            ->toHaveKey('api_key', '[REDACTED]');
-
-        return true;
-    });
-});
-
-it('redacts sensitive fields in nested arrays', function () {
-    $egg = Egg::first();
-
-    $data = [
-        'name' => 'Visible',
-        'nested' => [
-            'safe' => 'value',
-            'password' => 'should-be-redacted',
-            'token' => 'should-be-redacted',
-        ],
-    ];
-
-    $listener = new AdminActivityListener();
-    $listener->handle(updateEvent($egg, $data, pageInstance(EditEgg::class)));
-
-    Event::assertDispatched(ActivityLogged::class, function (ActivityLogged $event) {
-        $properties = $event->model->properties;
-
-        expect($properties['nested'])->toHaveKey('safe', 'value')
-            ->toHaveKey('password', '[REDACTED]')
-            ->toHaveKey('token', '[REDACTED]');
-
-        return true;
-    });
-});
-
-it('generates kebab-case event names from model class names', function () {
-    $node = Node::first();
-
-    $listener = new AdminActivityListener();
-    $listener->handle(createEvent($node, ['name' => 'Test'], pageInstance(CreateNode::class)));
-
-    $this->assertActivityLogged('admin:node.create');
-});