Add finer permissions for instances on web

Server/Phantom.Server.Web.Identity/Data/Permission.cs

@@ -10,17 +10,27 @@ public sealed record Permission(string Id, Permission? Parent) {
 		return permission;
 	}
 
+	private Permission RegisterChild(string id) {
+		return Register(id, this);
+	}
+
 	public const string ViewInstancesPolicy = "Instances.View";
 	public static readonly Permission ViewInstances = Register(ViewInstancesPolicy);
 	
+	public const string ViewInstanceLogsPolicy = "Instances.Logs.View";
+	public static readonly Permission ViewInstanceLogs = ViewInstances.RegisterChild(ViewInstanceLogsPolicy);
+	
 	public const string CreateInstancesPolicy = "Instances.Create";
-	public static readonly Permission CreateInstances = Register(CreateInstancesPolicy, parent: ViewInstances);
+	public static readonly Permission CreateInstances = ViewInstances.RegisterChild(CreateInstancesPolicy);
+	
+	public const string ControlInstancesPolicy = "Instances.Control";
+	public static readonly Permission ControlInstances = ViewInstances.RegisterChild(ControlInstancesPolicy);
 	
 	public const string ViewUsersPolicy = "Users.View";
 	public static readonly Permission ViewUsers = Register(ViewUsersPolicy);
 	
 	public const string EditUsersPolicy = "Users.Edit";
-	public static readonly Permission EditUsers = Register(EditUsersPolicy, parent: ViewUsers);
+	public static readonly Permission EditUsers = ViewUsers.RegisterChild(EditUsersPolicy);
 	
 	public const string ViewAuditPolicy = "Audit.View";
 	public static readonly Permission ViewAudit = Register(ViewAuditPolicy);

Server/Phantom.Server.Web/Pages/InstanceDetail.razor

@@ -1,5 +1,6 @@
 @page "/instances/{InstanceGuid:guid}"
 @attribute [Authorize(Permission.ViewInstancesPolicy)]
+@inherits PhantomComponent
 @using Phantom.Common.Data.Instance
 @using Phantom.Common.Data.Replies
 @using Phantom.Server.Services.Audit
@@ -15,23 +16,28 @@
 else {
   <h1>Instance: @Instance.Configuration.InstanceName</h1>
   <div class="d-flex flex-row align-items-center gap-2">
-    <button type="button" class="btn btn-success" @onclick="LaunchInstance" disabled="@(isLaunchingInstance || !Instance.Status.CanLaunch())">Launch</button>
-    <button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#stop-instance" disabled="@(!Instance.Status.CanStop())">Stop...</button>
-    <div class="ms-2">
-      <InstanceStatusText Status="Instance.Status" />
-    </div>
+    <PermissionView Permission="Permission.ControlInstances">
+      <button type="button" class="btn btn-success" @onclick="LaunchInstance" disabled="@(isLaunchingInstance || !Instance.Status.CanLaunch())">Launch</button>
+      <button type="button" class="btn btn-danger" data-bs-toggle="modal" data-bs-target="#stop-instance" disabled="@(!Instance.Status.CanStop())">Stop...</button>
+      <span><!-- extra spacing --></span>
+    </PermissionView>
+    <InstanceStatusText Status="Instance.Status" />
   </div>
   @if (lastError != null) {
-    <p class="text-danger">@lastError</p>
+    <p class="text-danger mt-2">@lastError</p>
   }
-  
-  <InstanceLog InstanceGuid="InstanceGuid" />
 
-  <div class="mb-3">
-    <InstanceCommandInput InstanceGuid="InstanceGuid" Disabled="@(!Instance.Status.CanSendCommand())" />
-  </div>
-  
-  <InstanceStopDialog InstanceGuid="InstanceGuid" ModalId="stop-instance" Disabled="@(!Instance.Status.CanStop())" />
+  <PermissionView Permission="Permission.ViewInstanceLogs">
+    <InstanceLog InstanceGuid="InstanceGuid" />
+  </PermissionView>
+
+  <PermissionView Permission="Permission.ControlInstances">
+    <div class="mb-3">
+      <InstanceCommandInput InstanceGuid="InstanceGuid" Disabled="@(!Instance.Status.CanSendCommand())" />
+    </div>
+
+    <InstanceStopDialog InstanceGuid="InstanceGuid" ModalId="stop-instance" Disabled="@(!Instance.Status.CanStop())" />
+  </PermissionView>
 }
 
 @code {
@@ -58,15 +64,22 @@ else {
     isLaunchingInstance = true;
     lastError = null;
 
-    var result = await InstanceManager.LaunchInstance(InstanceGuid);
-    if (result == LaunchInstanceResult.LaunchInitiated) {
-      await AuditLog.AddInstanceLaunchedEvent(InstanceGuid);
+    try {
+      if (!await CheckPermission(Permission.ControlInstances)) {
+        lastError = "You do not have permission to launch instances.";
+        return;
+      }
+
+      var result = await InstanceManager.LaunchInstance(InstanceGuid);
+      if (result == LaunchInstanceResult.LaunchInitiated) {
+        await AuditLog.AddInstanceLaunchedEvent(InstanceGuid);
+      }
+      else {
+        lastError = result.ToSentence();
+      }
+    } finally {
+      isLaunchingInstance = false;
     }
-    else {
-      lastError = result.ToSentence();
-    }
-    
-    isLaunchingInstance = false;
   }
 
   public void Dispose() {

Server/Phantom.Server.Web/Shared/InstanceCommandInput.razor

@@ -34,7 +34,7 @@
   private async Task ExecuteCommand(EditContext context) {
     await form.SubmitModel.StartSubmitting();
 
-    if (!await CheckPermission(Permission.ViewInstances)) {
+    if (!await CheckPermission(Permission.ControlInstances)) {
       form.SubmitModel.StopSubmitting("You do not have permission to execute commands.");
       return;
     }

Server/Phantom.Server.Web/Shared/InstanceLog.razor

@@ -58,7 +58,7 @@
   private async Task RecheckPermissions() {
     recheckPermissionsStopwatch.Restart();
     
-    if (!await CheckPermission(Permission.ViewInstances)) {
+    if (!await CheckPermission(Permission.ViewInstanceLogs)) {
       await Task.Yield();
       Dispose();
       instanceLogs = new RingBuffer<string>(0);

Server/Phantom.Server.Web/Shared/InstanceStopDialog.razor

@@ -51,7 +51,7 @@
   private async Task StopInstance(EditContext context) {
     await form.SubmitModel.StartSubmitting();
 
-    if (!await CheckPermission(Permission.ViewInstances)) {
+    if (!await CheckPermission(Permission.ControlInstances)) {
       form.SubmitModel.StopSubmitting("You do not have permission to stop instances.");
       return;
     }