Add server ownership, team access, role-based UI, and default admin role

- New migration 002_server_access.sql: created_by column + server_user table
- Server model: ownership, permission checks, team management methods
- Routes: /team routes, RoleMiddleware on /servers/create and /admin
- ServerController: permission checks via server_user, team CRUD methods
- TerminalController: server access checks
- DashboardController: filter servers by accessible ones
- ApiController: server access checks
- Views: team.php, team_server.php, sidebar Team link, hide actions by role
- Default user role changed from operator to admin on registration
- Admin user form defaults to admin role
This commit is contained in:
2026-06-07 06:49:12 -04:00
parent 9e11f767e7
commit 5f5de248c6
16 changed files with 813 additions and 71 deletions

View File

@@ -100,8 +100,8 @@
<div class="form-group">
<label for="modalRole">Role</label>
<select id="modalRole" name="role" class="form-select" required>
<option value="admin" selected>Administrator</option>
<option value="operator">Operator</option>
<option value="admin">Administrator</option>
<option value="super_admin">Super Administrator</option>
</select>
</div>
@@ -130,7 +130,7 @@ function showCreateUserModal() {
document.getElementById('modalPassword').value = '';
document.getElementById('modalPassword').required = true;
document.getElementById('passwordHint').style.display = 'block';
document.getElementById('modalRole').value = 'operator';
document.getElementById('modalRole').value = 'admin';
document.getElementById('modalActive').checked = true;
document.getElementById('saveUserBtn').textContent = 'Create';
document.getElementById('userModal').style.display = 'flex';

View File

@@ -65,7 +65,9 @@ $recentActivity = $recentActivity ?? [];
<div class="empty-state">
<i class="fas fa-server"></i>
<p>No servers configured yet.</p>
<?php if (is_admin()): ?>
<a href="/servers/create" class="btn btn-primary">Add Server</a>
<?php endif; ?>
</div>
<?php else: ?>
<div class="table-responsive">

View File

@@ -39,6 +39,12 @@
<div class="nav-submenu-loading"><i class="fas fa-spinner fa-spin"></i></div>
</div>
</li>
<li class="nav-item">
<a href="/team" class="nav-link <?= str_starts_with($_SERVER['REQUEST_URI'] ?? '', '/team') ? 'active' : '' ?>">
<i class="fas fa-users-cog"></i>
<span>Team</span>
</a>
</li>
<li class="nav-divider"></li>
<li class="nav-section">Administration</li>
<?php if (in_array($_SESSION['user_role'] ?? '', ['super_admin', 'admin'])): ?>

View File

@@ -9,9 +9,11 @@ $groups = $groups ?? [];
<p class="page-subtitle">Manage your Linux servers</p>
</div>
<div class="page-header-right">
<?php if (is_admin()): ?>
<a href="/servers/create" class="btn btn-primary">
<i class="fas fa-plus"></i> Add Server
</a>
<?php endif; ?>
</div>
</div>
@@ -45,7 +47,9 @@ $groups = $groups ?? [];
<div class="empty-state">
<i class="fas fa-server"></i>
<p>No servers found.</p>
<?php if (is_admin()): ?>
<a href="/servers/create" class="btn btn-primary">Add Your First Server</a>
<?php endif; ?>
</div>
<?php else: ?>
<div class="table-responsive">
@@ -106,6 +110,7 @@ $groups = $groups ?? [];
<a href="/terminal/<?= $server['id'] ?>" class="btn btn-xs" title="Terminal">
<i class="fas fa-terminal"></i>
</a>
<?php if (is_admin()): ?>
<a href="/servers/<?= $server['id'] ?>/edit" class="btn btn-xs" title="Edit">
<i class="fas fa-edit"></i>
</a>
@@ -113,6 +118,7 @@ $groups = $groups ?? [];
onclick="deleteServer(<?= $server['id'] ?>, '<?= htmlspecialchars(addslashes($server['name'])) ?>')">
<i class="fas fa-trash"></i>
</button>
<?php endif; ?>
</div>
</td>
</tr>

View File

@@ -2,6 +2,8 @@
$server = $server ?? [];
$metrics = $metrics ?? null;
$historicalMetrics = $historicalMetrics ?? [];
$server_role = $server_role ?? null;
$canManage = $server_role === 'owner' || $server_role === 'manager';
?>
<div class="page-header">
@@ -20,12 +22,23 @@ $historicalMetrics = $historicalMetrics ?? [];
</div>
<div class="page-header-right">
<div class="btn-group">
<?php if ($server_role === 'owner'): ?>
<a href="/team/<?= $server['id'] ?>" class="btn btn-secondary" title="Manage Team">
<i class="fas fa-users-cog"></i>
</a>
<?php endif; ?>
<span class="badge badge-<?= $server_role === 'owner' || $server_role === 'manager' ? 'warning' : 'info' ?>" style="align-self:center">
<?= htmlspecialchars(ucfirst($server_role ?? 'viewer')) ?>
</span>
<a href="/terminal/<?= $server['id'] ?>" class="btn btn-dark">
<i class="fas fa-terminal"></i> Terminal
</a>
<?php if ($canManage): ?>
<a href="/servers/<?= $server['id'] ?>/edit" class="btn btn-secondary">
<i class="fas fa-edit"></i> Edit
</a>
<?php endif; ?>
<?php if ($canManage): ?>
<div class="dropdown">
<button class="btn btn-secondary dropdown-toggle">
<i class="fas fa-cog"></i> Actions
@@ -43,6 +56,7 @@ $historicalMetrics = $historicalMetrics ?? [];
</button>
</div>
</div>
<?php endif; ?>
</div>
</div>
</div>
@@ -154,6 +168,7 @@ $historicalMetrics = $historicalMetrics ?? [];
<i class="fas fa-file-alt"></i>
<span>System Logs</span>
</a>
<?php if ($canManage): ?>
<a href="/servers/<?= $server['id'] ?>/nginx" class="action-card">
<svg viewBox="0 0 24 24" fill="currentColor" width="24" height="24" style="opacity:0.8">
<path d="M12 2L2 7.2v9.6L12 22l10-5.2V7.2L12 2zm0 1.5l8.5 4.4v8.2L12 20.5l-8.5-4.4V7.9L12 3.5zM7.4 8.5v7l1.5.9V11l3.1 4.3 1.5.9V8.5l-1.5.9v4.4L8.9 9.4l-1.5-.9zm9.2 0l-1.5.9-3.1 4.4V17l1.5-.9V11l3.1-4.3z"/>
@@ -180,6 +195,7 @@ $historicalMetrics = $historicalMetrics ?? [];
<i class="fas fa-sync-alt"></i>
<span>Restart Service</span>
</button>
<?php endif; ?>
</div>
</div>
</div>

60
views/servers/team.php Normal file
View File

@@ -0,0 +1,60 @@
<?php $servers = $servers ?? []; ?>
<div class="page-header">
<div class="page-header-left">
<h1 class="page-title">Team Management</h1>
<p class="page-subtitle">Manage who has access to your servers</p>
</div>
</div>
<div class="card">
<div class="card-body">
<?php if (empty($servers)): ?>
<div class="empty-state">
<i class="fas fa-users-cog"></i>
<p>You don't own any servers yet.</p>
<p class="text-muted">Servers you create will appear here so you can manage their team access.</p>
<a href="/servers/create" class="btn btn-primary">Add Server</a>
</div>
<?php else: ?>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th>Server</th>
<th>IP Address</th>
<th>Status</th>
<th>Team Members</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($servers as $server): ?>
<tr>
<td>
<a href="/servers/<?= $server['id'] ?>">
<?= htmlspecialchars($server['name']) ?>
</a>
</td>
<td><code><?= htmlspecialchars($server['ip_address']) ?></code></td>
<td>
<span class="status-badge status-<?= $server['status'] ?? 'unknown' ?>">
<?= ucfirst($server['status'] ?? 'unknown') ?>
</span>
</td>
<td>
<span class="badge badge-info"><?= $server['member_count'] ?> members</span>
</td>
<td>
<a href="/team/<?= $server['id'] ?>" class="btn btn-sm">
<i class="fas fa-users"></i> Manage Team
</a>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</div>
</div>

View File

@@ -0,0 +1,199 @@
<?php
$server = $server ?? [];
$members = $members ?? [];
$availableUsers = $availableUsers ?? [];
?>
<div class="page-header">
<div class="page-header-left">
<div class="back-link">
<a href="/team"><i class="fas fa-arrow-left"></i> Back to Team</a>
</div>
<h1 class="page-title"><?= htmlspecialchars($server['name'] ?? '') ?></h1>
<p class="page-subtitle">Manage team access for this server</p>
</div>
</div>
<div class="dashboard-grid">
<div class="dashboard-card">
<div class="card-header">
<h2><i class="fas fa-users"></i> Team Members</h2>
</div>
<div class="card-body">
<?php if (empty($members)): ?>
<div class="empty-state">
<i class="fas fa-users"></i>
<p>No team members yet.</p>
</div>
<?php else: ?>
<div class="table-responsive">
<table class="table">
<thead>
<tr>
<th>User</th>
<th>Role</th>
<th>Actions</th>
</tr>
</thead>
<tbody id="teamMembersBody">
<?php foreach ($members as $member): ?>
<tr data-user-id="<?= $member['user_id'] ?>">
<td>
<strong><?= htmlspecialchars($member['username']) ?></strong>
<br><small class="text-muted"><?= htmlspecialchars($member['email']) ?></small>
</td>
<td>
<?php if ($member['role'] === 'owner'): ?>
<span class="badge badge-danger">Owner</span>
<?php else: ?>
<select class="form-select form-select-sm role-select"
onchange="updateRole(<?= $member['user_id'] ?>, this.value)"
style="width:auto">
<option value="viewer" <?= $member['role'] === 'viewer' ? 'selected' : '' ?>>Viewer</option>
<option value="manager" <?= $member['role'] === 'manager' ? 'selected' : '' ?>>Manager</option>
</select>
<?php endif; ?>
</td>
<td>
<?php if ($member['role'] !== 'owner'): ?>
<button class="btn btn-xs btn-danger"
onclick="removeUser(<?= $member['user_id'] ?>, '<?= htmlspecialchars(addslashes($member['username'])) ?>')">
<i class="fas fa-trash"></i>
</button>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
<?php endif; ?>
</div>
</div>
<div class="dashboard-card">
<div class="card-header">
<h2><i class="fas fa-user-plus"></i> Add User</h2>
</div>
<div class="card-body">
<?php if (empty($availableUsers)): ?>
<div class="empty-state">
<i class="fas fa-user-plus"></i>
<p>All users already have access to this server.</p>
</div>
<?php else: ?>
<form id="addUserForm" class="form" onsubmit="addUser(event)">
<input type="hidden" name="_csrf_token" value="<?= $this->csrfToken() ?>">
<div class="form-group">
<label for="userId">User</label>
<select id="userId" name="user_id" class="form-select" required>
<option value="">Select a user...</option>
<?php foreach ($availableUsers as $user): ?>
<option value="<?= $user['id'] ?>">
<?= htmlspecialchars($user['username']) ?> (<?= htmlspecialchars($user['email']) ?>)
</option>
<?php endforeach; ?>
</select>
</div>
<div class="form-group">
<label for="role">Role</label>
<select id="role" name="role" class="form-select" required>
<option value="viewer">Viewer — can view server details and use terminal</option>
<option value="manager">Manager — full control except team management</option>
</select>
</div>
<button type="submit" class="btn btn-primary">
<i class="fas fa-user-plus"></i> Add User
</button>
</form>
<?php endif; ?>
</div>
</div>
</div>
<form id="csrfForm" style="display:none">
<input type="hidden" name="_csrf_token" value="<?= $this->csrfToken() ?>">
</form>
<script>
function getCsrfToken() {
return document.querySelector('meta[name="csrf-token"]')?.content || '';
}
function addUser(e) {
e.preventDefault();
const form = document.getElementById('addUserForm');
const data = new FormData(form);
fetch('/team/<?= $server['id'] ?>/add-user', {
method: 'POST',
headers: {
'X-CSRF-Token': getCsrfToken(),
},
body: data,
})
.then(r => r.json())
.then(res => {
if (res.success) {
showToast('success', res.message);
location.reload();
} else {
showToast('error', res.message);
}
})
.catch(err => showToast('error', 'Request failed'));
}
function removeUser(userId, username) {
if (!confirm('Remove "' + username + '" from this server?')) return;
const form = new FormData();
form.append('user_id', userId);
form.append('_csrf_token', getCsrfToken());
fetch('/team/<?= $server['id'] ?>/remove-user', {
method: 'POST',
headers: {
'X-CSRF-Token': getCsrfToken(),
},
body: form,
})
.then(r => r.json())
.then(res => {
if (res.success) {
showToast('success', res.message);
location.reload();
} else {
showToast('error', res.message);
}
})
.catch(err => showToast('error', 'Request failed'));
}
function updateRole(userId, role) {
const form = new FormData();
form.append('user_id', userId);
form.append('role', role);
form.append('_csrf_token', getCsrfToken());
fetch('/team/<?= $server['id'] ?>/update-role', {
method: 'POST',
headers: {
'X-CSRF-Token': getCsrfToken(),
},
body: form,
})
.then(r => r.json())
.then(res => {
if (res.success) {
showToast('success', 'Role updated to ' + role);
} else {
showToast('error', res.message);
}
})
.catch(err => showToast('error', 'Request failed'));
}
</script>