.config/dotnet-tools.json

@@ -3,7 +3,7 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "8.0.3",
+      "version": "7.0.0-rc.1.22426.7",
       "commands": [
         "dotnet-ef"
       ]

Common/Phantom.Common.Data.Web/Users/AuthenticatedUserInfo.cs

@@ -1,5 +1,4 @@
-using System.Collections.Immutable;
+using MemoryPack;
-using MemoryPack;
 
 namespace Phantom.Common.Data.Web.Users;
 
@@ -7,18 +6,5 @@ namespace Phantom.Common.Data.Web.Users;
 public sealed partial record AuthenticatedUserInfo(
 	[property: MemoryPackOrder(0)] Guid Guid,
 	[property: MemoryPackOrder(1)] string Name,
-	[property: MemoryPackOrder(2)] PermissionSet Permissions,
+	[property: MemoryPackOrder(2)] PermissionSet Permissions
-	[property: MemoryPackOrder(3)] ImmutableHashSet<Guid> ManagedAgentGuids
+);
-) {
-	public bool CheckPermission(Permission permission) {
-		return Permissions.Check(permission);
-	}
-
-	public bool HasAccessToAgent(Guid agentGuid) {
-		return ManagedAgentGuids.Contains(agentGuid) || Permissions.Check(Permission.ManageAllAgents);
-	}
-
-	public ImmutableHashSet<Guid> FilterAccessibleAgentGuids(ImmutableHashSet<Guid> agentGuids) {
-		return Permissions.Check(Permission.ManageAllAgents) ? agentGuids : agentGuids.Intersect(ManagedAgentGuids);
-	}
-}

Common/Phantom.Common.Data.Web/Users/Permission.cs

@@ -14,9 +14,6 @@ public sealed record Permission(string Id, Permission? Parent) {
 		return Register(id, this);
 	}
 
-	public const string ManageAllAgentsPolicy = "Agents.ManageAll";
-	public static readonly Permission ManageAllAgents = Register(ManageAllAgentsPolicy);
-	
 	public const string ViewInstancesPolicy = "Instances.View";
 	public static readonly Permission ViewInstances = Register(ViewInstancesPolicy);
 	

Common/Phantom.Common.Messages.Web/ToController/LogInMessage.cs

@@ -1,5 +1,4 @@
 using MemoryPack;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Utils.Actor;
 
@@ -9,4 +8,4 @@ namespace Phantom.Common.Messages.Web.ToController;
 public sealed partial record LogInMessage(
 	[property: MemoryPackOrder(0)] string Username,
 	[property: MemoryPackOrder(1)] string Password
-) : IMessageToController, ICanReply<Optional<LogInSuccess>>;
+) : IMessageToController, ICanReply<LogInSuccess?>;

Common/Phantom.Common.Messages.Web/WebMessageRegistries.cs

@@ -24,7 +24,7 @@ public static class WebMessageRegistries {
 	static WebMessageRegistries() {
 		ToController.Add<RegisterWebMessage>(0);
 		ToController.Add<UnregisterWebMessage>(1);
-		ToController.Add<LogInMessage, Optional<LogInSuccess>>(2);
+		ToController.Add<LogInMessage, LogInSuccess?>(2);
 		ToController.Add<LogOutMessage>(3);
 		ToController.Add<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(4);
 		ToController.Add<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(5);

Controller/Phantom.Controller.Database.Postgres/Migrations/20240407211636_UserAgentAccess.Designer.cs

@@ -1,353 +0,0 @@
-// <auto-generated />
-using System;
-using System.Text.Json;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore.Infrastructure;
-using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
-using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
-using Phantom.Controller.Database;
-
-#nullable disable
-
-namespace Phantom.Controller.Database.Postgres.Migrations
-{
-    [DbContext(typeof(ApplicationDbContext))]
-    [Migration("20240407211636_UserAgentAccess")]
-    partial class UserAgentAccess
-    {
-        /// <inheritdoc />
-        protected override void BuildTargetModel(ModelBuilder modelBuilder)
-        {
-#pragma warning disable 612, 618
-            modelBuilder
-                .HasAnnotation("ProductVersion", "8.0.0")
-                .HasAnnotation("Relational:MaxIdentifierLength", 63);
-
-            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.AgentEntity", b =>
-                {
-                    b.Property<Guid>("AgentGuid")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("BuildVersion")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<int>("MaxInstances")
-                        .HasColumnType("integer");
-
-                    b.Property<ushort>("MaxMemory")
-                        .HasColumnType("integer");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<int>("ProtocolVersion")
-                        .HasColumnType("integer");
-
-                    b.HasKey("AgentGuid");
-
-                    b.ToTable("Agents", "agents");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
-                {
-                    b.Property<long>("Id")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("bigint");
-
-                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
-
-                    b.Property<JsonDocument>("Data")
-                        .HasColumnType("jsonb");
-
-                    b.Property<string>("EventType")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("SubjectId")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("SubjectType")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<Guid?>("UserGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<DateTime>("UtcTime")
-                        .HasColumnType("timestamp with time zone");
-
-                    b.HasKey("Id");
-
-                    b.HasIndex("UserGuid");
-
-                    b.ToTable("AuditLog", "system");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.EventLogEntity", b =>
-                {
-                    b.Property<Guid>("EventGuid")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("uuid");
-
-                    b.Property<Guid?>("AgentGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<JsonDocument>("Data")
-                        .HasColumnType("jsonb");
-
-                    b.Property<string>("EventType")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("SubjectId")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("SubjectType")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<DateTime>("UtcTime")
-                        .HasColumnType("timestamp with time zone");
-
-                    b.HasKey("EventGuid");
-
-                    b.ToTable("EventLog", "system");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.InstanceEntity", b =>
-                {
-                    b.Property<Guid>("InstanceGuid")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("uuid");
-
-                    b.Property<Guid>("AgentGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("InstanceName")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<Guid>("JavaRuntimeGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("JvmArguments")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<bool>("LaunchAutomatically")
-                        .HasColumnType("boolean");
-
-                    b.Property<ushort>("MemoryAllocation")
-                        .HasColumnType("integer");
-
-                    b.Property<string>("MinecraftServerKind")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("MinecraftVersion")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<int>("RconPort")
-                        .HasColumnType("integer");
-
-                    b.Property<int>("ServerPort")
-                        .HasColumnType("integer");
-
-                    b.HasKey("InstanceGuid");
-
-                    b.ToTable("Instances", "agents");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.PermissionEntity", b =>
-                {
-                    b.Property<string>("Id")
-                        .HasColumnType("text");
-
-                    b.HasKey("Id");
-
-                    b.ToTable("Permissions", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.RoleEntity", b =>
-                {
-                    b.Property<Guid>("RoleGuid")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.HasKey("RoleGuid");
-
-                    b.ToTable("Roles", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
-                {
-                    b.Property<Guid>("RoleGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("PermissionId")
-                        .HasColumnType("text");
-
-                    b.HasKey("RoleGuid", "PermissionId");
-
-                    b.HasIndex("PermissionId");
-
-                    b.ToTable("RolePermissions", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
-                {
-                    b.Property<Guid>("UserGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<Guid>("AgentGuid")
-                        .HasColumnType("uuid");
-
-                    b.HasKey("UserGuid", "AgentGuid");
-
-                    b.HasIndex("AgentGuid");
-
-                    b.ToTable("UserAgentAccess", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserEntity", b =>
-                {
-                    b.Property<Guid>("UserGuid")
-                        .ValueGeneratedOnAdd()
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("Name")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.Property<string>("PasswordHash")
-                        .IsRequired()
-                        .HasColumnType("text");
-
-                    b.HasKey("UserGuid");
-
-                    b.HasIndex("Name")
-                        .IsUnique();
-
-                    b.ToTable("Users", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
-                {
-                    b.Property<Guid>("UserGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<string>("PermissionId")
-                        .HasColumnType("text");
-
-                    b.HasKey("UserGuid", "PermissionId");
-
-                    b.HasIndex("PermissionId");
-
-                    b.ToTable("UserPermissions", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
-                {
-                    b.Property<Guid>("UserGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<Guid>("RoleGuid")
-                        .HasColumnType("uuid");
-
-                    b.HasKey("UserGuid", "RoleGuid");
-
-                    b.HasIndex("RoleGuid");
-
-                    b.ToTable("UserRoles", "identity");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
-                        .WithMany()
-                        .HasForeignKey("UserGuid")
-                        .OnDelete(DeleteBehavior.SetNull);
-
-                    b.Navigation("User");
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
-                        .WithMany()
-                        .HasForeignKey("PermissionId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", null)
-                        .WithMany()
-                        .HasForeignKey("RoleGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.AgentEntity", null)
-                        .WithMany()
-                        .HasForeignKey("AgentGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
-                        .WithMany()
-                        .HasForeignKey("UserGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
-                        .WithMany()
-                        .HasForeignKey("PermissionId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
-                        .WithMany()
-                        .HasForeignKey("UserGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", "Role")
-                        .WithMany()
-                        .HasForeignKey("RoleGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
-                        .WithMany()
-                        .HasForeignKey("UserGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.Navigation("Role");
-
-                    b.Navigation("User");
-                });
-#pragma warning restore 612, 618
-        }
-    }
-}

Controller/Phantom.Controller.Database.Postgres/Migrations/20240407211636_UserAgentAccess.cs

@@ -1,56 +0,0 @@
-using System;
-using Microsoft.EntityFrameworkCore.Migrations;
-
-#nullable disable
-
-namespace Phantom.Controller.Database.Postgres.Migrations
-{
-    /// <inheritdoc />
-    public partial class UserAgentAccess : Migration
-    {
-        /// <inheritdoc />
-        protected override void Up(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.CreateTable(
-                name: "UserAgentAccess",
-                schema: "identity",
-                columns: table => new
-                {
-                    UserGuid = table.Column<Guid>(type: "uuid", nullable: false),
-                    AgentGuid = table.Column<Guid>(type: "uuid", nullable: false)
-                },
-                constraints: table =>
-                {
-                    table.PrimaryKey("PK_UserAgentAccess", x => new { x.UserGuid, x.AgentGuid });
-                    table.ForeignKey(
-                        name: "FK_UserAgentAccess_Agents_AgentGuid",
-                        column: x => x.AgentGuid,
-                        principalSchema: "agents",
-                        principalTable: "Agents",
-                        principalColumn: "AgentGuid",
-                        onDelete: ReferentialAction.Cascade);
-                    table.ForeignKey(
-                        name: "FK_UserAgentAccess_Users_UserGuid",
-                        column: x => x.UserGuid,
-                        principalSchema: "identity",
-                        principalTable: "Users",
-                        principalColumn: "UserGuid",
-                        onDelete: ReferentialAction.Cascade);
-                });
-
-            migrationBuilder.CreateIndex(
-                name: "IX_UserAgentAccess_AgentGuid",
-                schema: "identity",
-                table: "UserAgentAccess",
-                column: "AgentGuid");
-        }
-
-        /// <inheritdoc />
-        protected override void Down(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.DropTable(
-                name: "UserAgentAccess",
-                schema: "identity");
-        }
-    }
-}

Controller/Phantom.Controller.Database.Postgres/Migrations/ApplicationDbContextModelSnapshot.cs

@@ -18,7 +18,7 @@ namespace Phantom.Controller.Database.Postgres.Migrations
         {
 #pragma warning disable 612, 618
             modelBuilder
-                .HasAnnotation("ProductVersion", "8.0.0")
+                .HasAnnotation("ProductVersion", "7.0.11")
                 .HasAnnotation("Relational:MaxIdentifierLength", 63);
 
             NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
@@ -204,21 +204,6 @@ namespace Phantom.Controller.Database.Postgres.Migrations
                     b.ToTable("RolePermissions", "identity");
                 });
 
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
-                {
-                    b.Property<Guid>("UserGuid")
-                        .HasColumnType("uuid");
-
-                    b.Property<Guid>("AgentGuid")
-                        .HasColumnType("uuid");
-
-                    b.HasKey("UserGuid", "AgentGuid");
-
-                    b.HasIndex("AgentGuid");
-
-                    b.ToTable("UserAgentAccess", "identity");
-                });
-
             modelBuilder.Entity("Phantom.Controller.Database.Entities.UserEntity", b =>
                 {
                     b.Property<Guid>("UserGuid")
@@ -296,21 +281,6 @@ namespace Phantom.Controller.Database.Postgres.Migrations
                         .IsRequired();
                 });
 
-            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
-                {
-                    b.HasOne("Phantom.Controller.Database.Entities.AgentEntity", null)
-                        .WithMany()
-                        .HasForeignKey("AgentGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-
-                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
-                        .WithMany()
-                        .HasForeignKey("UserGuid")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
-                });
-
             modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
                 {
                     b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)

Controller/Phantom.Controller.Database/ApplicationDbContext.cs

@@ -20,8 +20,7 @@ public class ApplicationDbContext : DbContext {
 	public DbSet<UserRoleEntity> UserRoles { get; init; } = null!;
 	public DbSet<UserPermissionEntity> UserPermissions { get; init; } = null!;
 	public DbSet<RolePermissionEntity> RolePermissions { get; init; } = null!;
-	public DbSet<UserAgentAccessEntity> UserAgentAccess { get; init; } = null!;
+	
-
 	public DbSet<AgentEntity> Agents { get; init; } = null!;
 	public DbSet<InstanceEntity> Instances { get; init; } = null!;
 	public DbSet<AuditLogEntity> AuditLog { get; init; } = null!;
@@ -63,12 +62,6 @@ public class ApplicationDbContext : DbContext {
 			b.HasOne<RoleEntity>().WithMany().HasForeignKey(static e => e.RoleGuid).IsRequired().OnDelete(DeleteBehavior.Cascade);
 			b.HasOne<PermissionEntity>().WithMany().HasForeignKey(static e => e.PermissionId).IsRequired().OnDelete(DeleteBehavior.Cascade);
 		});
-		
-		builder.Entity<UserAgentAccessEntity>(static b => {
-			b.HasKey(static e => new { UserId = e.UserGuid, AgentId = e.AgentGuid });
-			b.HasOne<UserEntity>().WithMany().HasForeignKey(static e => e.UserGuid).IsRequired().OnDelete(DeleteBehavior.Cascade);
-			b.HasOne<AgentEntity>().WithMany().HasForeignKey(static e => e.AgentGuid).IsRequired().OnDelete(DeleteBehavior.Cascade);
-		});
 	}
 
 	protected override void ConfigureConventions(ModelConfigurationBuilder builder) {

Controller/Phantom.Controller.Database/Entities/UserAgentAccessEntity.cs

@@ -1,14 +0,0 @@
-using System.ComponentModel.DataAnnotations.Schema;
-
-namespace Phantom.Controller.Database.Entities;
-
-[Table("UserAgentAccess", Schema = "identity")]
-public sealed class UserAgentAccessEntity {
-	public Guid UserGuid { get; init; }
-	public Guid AgentGuid { get; init; }
-	
-	public UserAgentAccessEntity(Guid userGuid, Guid agentGuid) {
-		UserGuid = userGuid;
-		AgentGuid = agentGuid;
-	}
-}

Controller/Phantom.Controller.Database/Repositories/EventLogRepository.cs

@@ -17,12 +17,11 @@ public sealed class EventLogRepository {
 		db.Ctx.EventLog.Add(new EventLogEntity(eventGuid, utcTime, agentGuid, eventType, subjectId, extra));
 	}
 	
-	public Task<ImmutableArray<EventLogItem>> GetMostRecentItems(ImmutableHashSet<Guid> agentGuids, int count, CancellationToken cancellationToken) {
+	public Task<ImmutableArray<EventLogItem>> GetMostRecentItems(int count, CancellationToken cancellationToken) {
 		return db.Ctx
 		         .EventLog
 		         .AsQueryable()
 		         .OrderByDescending(static entity => entity.UtcTime)
-		         .Where(entity => entity.AgentGuid == null || agentGuids.Contains(entity.AgentGuid.Value))
 		         .Take(count)
 		         .AsAsyncEnumerable()
 		         .Select(static entity => new EventLogItem(entity.UtcTime, entity.AgentGuid, entity.EventType, entity.SubjectType, entity.SubjectId, entity.Data?.RootElement.ToString()))

Controller/Phantom.Controller.Database/Repositories/PermissionRepository.cs

@@ -1,5 +1,4 @@
-using System.Collections.Immutable;
+using Microsoft.EntityFrameworkCore;
-using Microsoft.EntityFrameworkCore;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database.Entities;
 using Phantom.Utils.Collections;
@@ -24,12 +23,4 @@ public sealed class PermissionRepository {
 
 		return new PermissionSet(await userPermissions.Union(rolePermissions).AsAsyncEnumerable().ToImmutableSetAsync());
 	}
-
-	public Task<ImmutableHashSet<Guid>> GetManagedAgentGuids(UserEntity user) {
-		return db.Ctx.UserAgentAccess
-		         .Where(ua => ua.UserGuid == user.UserGuid)
-		         .Select(static ua => ua.AgentGuid)
-		         .AsAsyncEnumerable()
-		         .ToImmutableSetAsync();
-	}
 }

Controller/Phantom.Controller.Services/Agents/AgentActor.cs

@@ -10,12 +10,14 @@ using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Agent;
 using Phantom.Common.Data.Web.Instance;
 using Phantom.Common.Data.Web.Minecraft;
+using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Agent;
 using Phantom.Common.Messages.Agent.ToAgent;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Minecraft;
 using Phantom.Controller.Services.Instances;
+using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Actor.Mailbox;
 using Phantom.Utils.Actor.Tasks;
@@ -32,7 +34,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private static readonly TimeSpan DisconnectionRecheckInterval = TimeSpan.FromSeconds(5);
 	private static readonly TimeSpan DisconnectionThreshold = TimeSpan.FromSeconds(12);
 
-	public readonly record struct Init(Guid AgentGuid, AgentConfiguration AgentConfiguration, ControllerState ControllerState, MinecraftVersions MinecraftVersions, IDbContextProvider DbProvider, CancellationToken CancellationToken);
+	public readonly record struct Init(Guid AgentGuid, AgentConfiguration AgentConfiguration, ControllerState ControllerState, MinecraftVersions MinecraftVersions, UserLoginManager UserLoginManager, IDbContextProvider DbProvider, CancellationToken CancellationToken);
 	
 	public static Props<ICommand> Factory(Init init) {
 		return Props<ICommand>.Create(() => new AgentActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume, MailboxType = UnboundedJumpAheadMailbox.Name });
@@ -40,6 +42,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 
 	private readonly ControllerState controllerState;
 	private readonly MinecraftVersions minecraftVersions;
+	private readonly UserLoginManager userLoginManager;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
@@ -76,6 +79,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private AgentActor(Init init) {
 		this.controllerState = init.ControllerState;
 		this.minecraftVersions = init.MinecraftVersions;
+		this.userLoginManager = init.UserLoginManager;
 		this.dbProvider = init.DbProvider;
 		this.cancellationToken = init.CancellationToken;
 		
@@ -94,11 +98,11 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		Receive<NotifyIsAliveCommand>(NotifyIsAlive);
 		Receive<UpdateStatsCommand>(UpdateStats);
 		Receive<UpdateJavaRuntimesCommand>(UpdateJavaRuntimes);
-		ReceiveAndReplyLater<CreateOrUpdateInstanceCommand, Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstance);
+		ReceiveAndReplyLater<CreateOrUpdateInstanceCommand, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstance);
 		Receive<UpdateInstanceStatusCommand>(UpdateInstanceStatus);
-		ReceiveAndReplyLater<LaunchInstanceCommand, Result<LaunchInstanceResult, InstanceActionFailure>>(LaunchInstance);
+		ReceiveAndReplyLater<LaunchInstanceCommand, Result<LaunchInstanceResult, UserInstanceActionFailure>>(LaunchInstance);
-		ReceiveAndReplyLater<StopInstanceCommand, Result<StopInstanceResult, InstanceActionFailure>>(StopInstance);
+		ReceiveAndReplyLater<StopInstanceCommand, Result<StopInstanceResult, UserInstanceActionFailure>>(StopInstance);
-		ReceiveAndReplyLater<SendCommandToInstanceCommand, Result<SendCommandToInstanceResult, InstanceActionFailure>>(SendMinecraftCommand);
+		ReceiveAndReplyLater<SendCommandToInstanceCommand, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(SendMinecraftCommand);
 		Receive<ReceiveInstanceDataCommand>(ReceiveInstanceData);
 	}
 
@@ -146,13 +150,21 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		}
 	}
 
-	private async Task<Result<TReply, InstanceActionFailure>> RequestInstance<TCommand, TReply>(Guid instanceGuid, TCommand command) where TCommand : InstanceActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
+	private async Task<Result<TReply, UserInstanceActionFailure>> RequestInstance<TCommand, TReply>(ImmutableArray<byte> authToken, Guid instanceGuid, Func<Guid, TCommand> commandFactoryFromLoggedInUserGuid) where TCommand : InstanceActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
+		var loggedInUser = userLoginManager.GetLoggedInUser(authToken);
+		if (!loggedInUser.CheckPermission(Permission.ControlInstances)) {
+			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
+		}
+		
+		var command = commandFactoryFromLoggedInUserGuid(loggedInUser.Guid!.Value);
+		
 		if (instanceActorByGuid.TryGetValue(instanceGuid, out var instance)) {
-			return await instance.Request(command, cancellationToken);
+			var result = await instance.Request(command, cancellationToken);
+			return result.MapError(static error => (UserInstanceActionFailure) error);
 		}
 		else {
 			Logger.Warning("Could not deliver command {CommandType} to instance {InstanceGuid}, instance not found.", command.GetType().Name, instanceGuid);
-			return InstanceActionFailure.InstanceDoesNotExist;
+			return (UserInstanceActionFailure) InstanceActionFailure.InstanceDoesNotExist;
 		}
 	}
 
@@ -183,15 +195,15 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	
 	public sealed record UpdateJavaRuntimesCommand(ImmutableArray<TaggedJavaRuntime> JavaRuntimes) : ICommand;
 	
-	public sealed record CreateOrUpdateInstanceCommand(Guid LoggedInUserGuid, Guid InstanceGuid, InstanceConfiguration Configuration) : ICommand, ICanReply<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>;
+	public sealed record CreateOrUpdateInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, InstanceConfiguration Configuration) : ICommand, ICanReply<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>;
 	
 	public sealed record UpdateInstanceStatusCommand(Guid InstanceGuid, IInstanceStatus Status) : ICommand;
 
-	public sealed record LaunchInstanceCommand(Guid LoggedInUserGuid, Guid InstanceGuid) : ICommand, ICanReply<Result<LaunchInstanceResult, InstanceActionFailure>>;
+	public sealed record LaunchInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid) : ICommand, ICanReply<Result<LaunchInstanceResult, UserInstanceActionFailure>>;
 	
-	public sealed record StopInstanceCommand(Guid LoggedInUserGuid, Guid InstanceGuid, MinecraftStopStrategy StopStrategy) : ICommand, ICanReply<Result<StopInstanceResult, InstanceActionFailure>>;
+	public sealed record StopInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, MinecraftStopStrategy StopStrategy) : ICommand, ICanReply<Result<StopInstanceResult, UserInstanceActionFailure>>;
 	
-	public sealed record SendCommandToInstanceCommand(Guid LoggedInUserGuid, Guid InstanceGuid, string Command) : ICommand, ICanReply<Result<SendCommandToInstanceResult, InstanceActionFailure>>;
+	public sealed record SendCommandToInstanceCommand(ImmutableArray<byte> AuthToken, Guid InstanceGuid, string Command) : ICommand, ICanReply<Result<SendCommandToInstanceResult, UserInstanceActionFailure>>;
 	
 	public sealed record ReceiveInstanceDataCommand(Instance Instance) : ICommand, IJumpAhead;
 
@@ -280,25 +292,30 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		controllerState.UpdateAgentJavaRuntimes(agentGuid, javaRuntimes);
 	}
 	
-	private Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> CreateOrUpdateInstance(CreateOrUpdateInstanceCommand command) {
+	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance(CreateOrUpdateInstanceCommand command) {
+		var loggedInUser = userLoginManager.GetLoggedInUser(command.AuthToken);
+		if (!loggedInUser.CheckPermission(Permission.CreateInstances)) {
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>((UserInstanceActionFailure) UserActionFailure.NotAuthorized);
+		}
+		
 		var instanceConfiguration = command.Configuration;
 
 		if (string.IsNullOrWhiteSpace(instanceConfiguration.InstanceName)) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceNameMustNotBeEmpty);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceNameMustNotBeEmpty);
 		}
 		
 		if (instanceConfiguration.MemoryAllocation <= RamAllocationUnits.Zero) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceMemoryMustNotBeZero);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.InstanceMemoryMustNotBeZero);
 		}
 		
 		return minecraftVersions.GetServerExecutableInfo(instanceConfiguration.MinecraftVersion, cancellationToken)
-		                        .ContinueOnActor(CreateOrUpdateInstance1, command)
+		                        .ContinueOnActor(CreateOrUpdateInstance1, loggedInUser.Guid!.Value, command)
 		                        .Unwrap();
 	}
 
-	private Task<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>> CreateOrUpdateInstance1(FileDownloadInfo? serverExecutableInfo, CreateOrUpdateInstanceCommand command) {
+	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance1(FileDownloadInfo? serverExecutableInfo, Guid loggedInUserGuid, CreateOrUpdateInstanceCommand command) {
 		if (serverExecutableInfo == null) {
-			return Task.FromResult<Result<CreateOrUpdateInstanceResult, InstanceActionFailure>>(CreateOrUpdateInstanceResult.MinecraftVersionDownloadInfoNotFound);
+			return Task.FromResult<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstanceResult.MinecraftVersionDownloadInfoNotFound);
 		}
 		
 		var instanceConfiguration = command.Configuration;
@@ -308,13 +325,13 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 			instanceActorRef = CreateNewInstance(Instance.Offline(command.InstanceGuid, instanceConfiguration));
 		}
 		
-		var configureInstanceCommand = new InstanceActor.ConfigureInstanceCommand(command.LoggedInUserGuid, command.InstanceGuid, instanceConfiguration, new InstanceLaunchProperties(serverExecutableInfo), isCreatingInstance);
+		var configureInstanceCommand = new InstanceActor.ConfigureInstanceCommand(loggedInUserGuid, command.InstanceGuid, instanceConfiguration, new InstanceLaunchProperties(serverExecutableInfo), isCreatingInstance);
 		
 		return instanceActorRef.Request(configureInstanceCommand, cancellationToken)
 		                       .ContinueOnActor(CreateOrUpdateInstance2, configureInstanceCommand);
 	}
 	
-	private Result<CreateOrUpdateInstanceResult, InstanceActionFailure> CreateOrUpdateInstance2(Result<ConfigureInstanceResult, InstanceActionFailure> result, InstanceActor.ConfigureInstanceCommand command) {
+	private Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure> CreateOrUpdateInstance2(Result<ConfigureInstanceResult, InstanceActionFailure> result, InstanceActor.ConfigureInstanceCommand command) {
 		var instanceGuid = command.InstanceGuid;
 		var instanceName = command.Configuration.InstanceName;
 		var isCreating = command.IsCreatingInstance;
@@ -342,16 +359,16 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		TellInstance(command.InstanceGuid, new InstanceActor.SetStatusCommand(command.Status));
 	}
 
-	private Task<Result<LaunchInstanceResult, InstanceActionFailure>> LaunchInstance(LaunchInstanceCommand command) {
+	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> LaunchInstance(LaunchInstanceCommand command) {
-		return RequestInstance<InstanceActor.LaunchInstanceCommand, LaunchInstanceResult>(command.InstanceGuid, new InstanceActor.LaunchInstanceCommand(command.LoggedInUserGuid));
+		return RequestInstance<InstanceActor.LaunchInstanceCommand, LaunchInstanceResult>(command.AuthToken, command.InstanceGuid, static loggedInUserGuid => new InstanceActor.LaunchInstanceCommand(loggedInUserGuid));
 	}
 
-	private Task<Result<StopInstanceResult, InstanceActionFailure>> StopInstance(StopInstanceCommand command) {
+	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> StopInstance(StopInstanceCommand command) {
-		return RequestInstance<InstanceActor.StopInstanceCommand, StopInstanceResult>(command.InstanceGuid, new InstanceActor.StopInstanceCommand(command.LoggedInUserGuid, command.StopStrategy));
+		return RequestInstance<InstanceActor.StopInstanceCommand, StopInstanceResult>(command.AuthToken, command.InstanceGuid, loggedInUserGuid => new InstanceActor.StopInstanceCommand(loggedInUserGuid, command.StopStrategy));
 	}
 
-	private Task<Result<SendCommandToInstanceResult, InstanceActionFailure>> SendMinecraftCommand(SendCommandToInstanceCommand command) {
+	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> SendMinecraftCommand(SendCommandToInstanceCommand command) {
-		return RequestInstance<InstanceActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(command.InstanceGuid, new InstanceActor.SendCommandToInstanceCommand(command.LoggedInUserGuid, command.Command));
+		return RequestInstance<InstanceActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(command.AuthToken, command.InstanceGuid, loggedInUserGuid => new InstanceActor.SendCommandToInstanceCommand(loggedInUserGuid, command.Command));
 	}
 
 	private void ReceiveInstanceData(ReceiveInstanceDataCommand command) {

Controller/Phantom.Controller.Services/Agents/AgentManager.cs

@@ -1,5 +1,4 @@
 using System.Collections.Concurrent;
-using System.Collections.Immutable;
 using Akka.Actor;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Agent;
@@ -45,7 +44,7 @@ sealed class AgentManager {
 	}
 
 	private ActorRef<AgentActor.ICommand> CreateAgentActor(Guid agentGuid, AgentConfiguration agentConfiguration) {
-		var init = new AgentActor.Init(agentGuid, agentConfiguration, controllerState, minecraftVersions, dbProvider, cancellationToken);
+		var init = new AgentActor.Init(agentGuid, agentConfiguration, controllerState, minecraftVersions, userLoginManager, dbProvider, cancellationToken);
 		var name = "Agent:" + agentGuid;
 		return actorSystem.ActorOf(AgentActor.Factory(init), name);
 	}
@@ -88,18 +87,7 @@ sealed class AgentManager {
 		}
 	}
 
-	public async Task<Result<TReply, UserInstanceActionFailure>> DoInstanceAction<TCommand, TReply>(Permission requiredPermission, ImmutableArray<byte> authToken, Guid agentGuid, Func<Guid, TCommand> commandFactoryFromLoggedInUserGuid) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
+	public async Task<Result<TReply, UserInstanceActionFailure>> DoInstanceAction<TCommand, TReply>(Guid agentGuid, TCommand command) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, UserInstanceActionFailure>> {
-		var loggedInUser = userLoginManager.GetLoggedInUser(authToken);
+		return agentsByGuid.TryGetValue(agentGuid, out var agent) ? await agent.Request(command, cancellationToken) : (UserInstanceActionFailure) InstanceActionFailure.AgentDoesNotExist;
-		if (!loggedInUser.HasAccessToAgent(agentGuid) || !loggedInUser.CheckPermission(requiredPermission)) {
-			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
-		}
-		
-		if (!agentsByGuid.TryGetValue(agentGuid, out var agent)) {
-			return (UserInstanceActionFailure) InstanceActionFailure.AgentDoesNotExist;
-		}
-		
-		var command = commandFactoryFromLoggedInUserGuid(loggedInUser.Guid!.Value);
-		var result = await agent.Request(command, cancellationToken);
-		return result.MapError(static error => (UserInstanceActionFailure) error);
 	}
 }

Controller/Phantom.Controller.Services/ControllerServices.cs

@@ -64,7 +64,7 @@ public sealed class ControllerServices : IDisposable {
 		this.InstanceLogManager = new InstanceLogManager();
 		
 		this.AuditLogManager = new AuditLogManager(dbProvider);
-		this.EventLogManager = new EventLogManager(ControllerState, ActorSystem, dbProvider, shutdownCancellationToken);
+		this.EventLogManager = new EventLogManager(ActorSystem, dbProvider, shutdownCancellationToken);
 		
 		this.AgentRegistrationHandler = new AgentRegistrationHandler(AgentManager, InstanceLogManager, EventLogManager);
 		this.WebRegistrationHandler = new WebRegistrationHandler(webAuthToken, ControllerState, InstanceLogManager, UserManager, RoleManager, UserRoleManager, UserLoginManager, AuditLogManager, AgentManager, MinecraftVersions, EventLogManager);

Controller/Phantom.Controller.Services/Events/EventLogManager.cs

@@ -11,13 +11,11 @@ using Phantom.Utils.Actor;
 namespace Phantom.Controller.Services.Events; 
 
 sealed partial class EventLogManager {
-	private readonly ControllerState controllerState;
 	private readonly ActorRef<EventLogDatabaseStorageActor.ICommand> databaseStorageActor;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 
-	public EventLogManager(ControllerState controllerState, IActorRefFactory actorSystem, IDbContextProvider dbProvider, CancellationToken cancellationToken) {
+	public EventLogManager(IActorRefFactory actorSystem, IDbContextProvider dbProvider, CancellationToken cancellationToken) {
-		this.controllerState = controllerState;
 		this.databaseStorageActor = actorSystem.ActorOf(EventLogDatabaseStorageActor.Factory(new EventLogDatabaseStorageActor.Init(dbProvider, cancellationToken)), "EventLogDatabaseStorage");
 		this.dbProvider = dbProvider;
 		this.cancellationToken = cancellationToken;
@@ -32,9 +30,7 @@ sealed partial class EventLogManager {
 			return UserActionFailure.NotAuthorized;
 		}
 		
-		var accessibleAgentGuids = loggedInUser.FilterAccessibleAgentGuids(controllerState.AgentsByGuid.Keys.ToImmutableHashSet());
-		
 		await using var db = dbProvider.Lazy();
-		return await new EventLogRepository(db).GetMostRecentItems(accessibleAgentGuids, count, cancellationToken);
+		return await new EventLogRepository(db).GetMostRecentItems(count, cancellationToken);
 	}
 }

Controller/Phantom.Controller.Services/Rpc/WebMessageHandlerActor.cs

@@ -71,7 +71,7 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 
 		ReceiveAsync<RegisterWebMessage>(HandleRegisterWeb);
 		Receive<UnregisterWebMessage>(HandleUnregisterWeb);
-		ReceiveAndReplyLater<LogInMessage, Optional<LogInSuccess>>(HandleLogIn);
+		ReceiveAndReplyLater<LogInMessage, LogInSuccess?>(HandleLogIn);
 		Receive<LogOutMessage>(HandleLogOut);
 		ReceiveAndReply<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(GetAuthenticatedUser);
 		ReceiveAndReplyLater<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(HandleCreateOrUpdateAdministratorUser);
@@ -100,7 +100,7 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		connection.Close();
 	}
 
-	private Task<Optional<LogInSuccess>> HandleLogIn(LogInMessage message) {
+	private Task<LogInSuccess?> HandleLogIn(LogInMessage message) {
 		return userLoginManager.LogIn(message.Username, message.Password);
 	}
 
@@ -141,39 +141,19 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 	}
 
 	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> HandleCreateOrUpdateInstance(CreateOrUpdateInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.CreateOrUpdateInstanceCommand, CreateOrUpdateInstanceResult>(
+		return agentManager.DoInstanceAction<AgentActor.CreateOrUpdateInstanceCommand, CreateOrUpdateInstanceResult>(message.Configuration.AgentGuid, new AgentActor.CreateOrUpdateInstanceCommand(message.AuthToken, message.InstanceGuid, message.Configuration));
-			Permission.CreateInstances,
-			message.AuthToken,
-			message.Configuration.AgentGuid,
-			loggedInUserGuid => new AgentActor.CreateOrUpdateInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.Configuration)
-		);
 	}
 
 	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> HandleLaunchInstance(LaunchInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.LaunchInstanceCommand, LaunchInstanceResult>(
+		return agentManager.DoInstanceAction<AgentActor.LaunchInstanceCommand, LaunchInstanceResult>(message.AgentGuid, new AgentActor.LaunchInstanceCommand(message.AuthToken, message.InstanceGuid));
-			Permission.ControlInstances,
-			message.AuthToken,
-			message.AgentGuid,
-			loggedInUserGuid => new AgentActor.LaunchInstanceCommand(loggedInUserGuid, message.InstanceGuid)
-		);
 	}
 
 	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> HandleStopInstance(StopInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.StopInstanceCommand, StopInstanceResult>(
+		return agentManager.DoInstanceAction<AgentActor.StopInstanceCommand, StopInstanceResult>(message.AgentGuid, new AgentActor.StopInstanceCommand(message.AuthToken, message.InstanceGuid, message.StopStrategy));
-			Permission.ControlInstances,
-			message.AuthToken,
-			message.AgentGuid,
-			loggedInUserGuid => new AgentActor.StopInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.StopStrategy)
-		);
 	}
 
 	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> HandleSendCommandToInstance(SendCommandToInstanceMessage message) {
-		return agentManager.DoInstanceAction<AgentActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(
+		return agentManager.DoInstanceAction<AgentActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(message.AgentGuid, new AgentActor.SendCommandToInstanceCommand(message.AuthToken, message.InstanceGuid, message.Command));
-			Permission.ControlInstances,
-			message.AuthToken,
-			message.AgentGuid,
-			loggedInUserGuid => new AgentActor.SendCommandToInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.Command)
-		);
 	}
 
 	private Task<ImmutableArray<MinecraftVersion>> HandleGetMinecraftVersions(GetMinecraftVersionsMessage message) {

Controller/Phantom.Controller.Services/Users/Sessions/AuthenticatedUserCache.cs

@@ -14,12 +14,9 @@ sealed class AuthenticatedUserCache {
 	}
 
 	public async Task<AuthenticatedUserInfo?> Update(UserEntity user, ILazyDbContext db) {
-		var permissionRepository = new PermissionRepository(db);
-		var userPermissions = await permissionRepository.GetAllUserPermissions(user);
-		var userManagedAgentGuids = await permissionRepository.GetManagedAgentGuids(user);
-		
 		var userGuid = user.UserGuid;
-		var userInfo = new AuthenticatedUserInfo(userGuid, user.Name, userPermissions, userManagedAgentGuids);
+		var userPermissions = await new PermissionRepository(db).GetAllUserPermissions(user);
+		var userInfo = new AuthenticatedUserInfo(userGuid, user.Name, userPermissions);
 		return authenticatedUsersByGuid[userGuid] = userInfo;
 	}
 	

Controller/Phantom.Controller.Services/Users/Sessions/LoggedInUser.cs

@@ -1,5 +1,4 @@
-using System.Collections.Immutable;
+using Phantom.Common.Data.Web.Users;
-using Phantom.Common.Data.Web.Users;
 
 namespace Phantom.Controller.Services.Users.Sessions;
 
@@ -7,14 +6,6 @@ readonly record struct LoggedInUser(AuthenticatedUserInfo? AuthenticatedUserInfo
 	public Guid? Guid => AuthenticatedUserInfo?.Guid;
 	
 	public bool CheckPermission(Permission permission) {
-		return AuthenticatedUserInfo is {} info && info.CheckPermission(permission);
+		return AuthenticatedUserInfo != null && AuthenticatedUserInfo.Permissions.Check(permission);
-	}
-
-	public bool HasAccessToAgent(Guid agentGuid) {
-		return AuthenticatedUserInfo is {} info && info.HasAccessToAgent(agentGuid);
-	}
-
-	public ImmutableHashSet<Guid> FilterAccessibleAgentGuids(ImmutableHashSet<Guid> agentGuids) {
-		return AuthenticatedUserInfo is {} info ? info.FilterAccessibleAgentGuids(agentGuids) : ImmutableHashSet<Guid>.Empty;
 	}
 }

Controller/Phantom.Controller.Services/Users/Sessions/UserLoginManager.cs

@@ -1,6 +1,5 @@
 using System.Collections.Immutable;
 using System.Security.Cryptography;
-using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Repositories;
@@ -30,7 +29,7 @@ sealed class UserLoginManager {
 		return sessionBuckets[token[0]];
 	}
 
-	public async Task<Optional<LogInSuccess>> LogIn(string username, string password) {
+	public async Task<LogInSuccess?> LogIn(string username, string password) {
 		Guid userGuid;
 		AuthenticatedUserInfo? authenticatedUserInfo;
 		
@@ -39,12 +38,12 @@ sealed class UserLoginManager {
 
 			var user = await userRepository.GetByName(username);
 			if (user == null || !UserPasswords.Verify(password, user.PasswordHash)) {
-				return default;
+				return null;
 			}
 
 			authenticatedUserInfo = await authenticatedUserCache.Update(user, db);
 			if (authenticatedUserInfo == null) {
-				return default;
+				return null;
 			}
 
 			userGuid = user.UserGuid;

Web/Phantom.Web.Services/Agents/AgentManager.cs

@@ -2,7 +2,6 @@
 using Phantom.Common.Data.Web.Agent;
 using Phantom.Utils.Events;
 using Phantom.Utils.Logging;
-using Phantom.Web.Services.Authentication;
 
 namespace Phantom.Web.Services.Agents; 
 
@@ -19,13 +18,7 @@ public sealed class AgentManager {
 		return agents.Value;
 	}
 	
-	public ImmutableDictionary<Guid, Agent> ToDictionaryByGuid(AuthenticatedUser? authenticatedUser) {
+	public ImmutableDictionary<Guid, Agent> ToDictionaryByGuid() {
-		if (authenticatedUser == null) {
+		return agents.Value.ToImmutableDictionary(static agent => agent.AgentGuid);
-			return ImmutableDictionary<Guid, Agent>.Empty;
-		}
-		
-		return agents.Value
-		             .Where(agent => authenticatedUser.Info.HasAccessToAgent(agent.AgentGuid))
-		             .ToImmutableDictionary(static agent => agent.AgentGuid);
 	}
 }

Web/Phantom.Web.Services/Authentication/AuthenticatedUser.cs

@@ -3,4 +3,8 @@ using Phantom.Common.Data.Web.Users;
 
 namespace Phantom.Web.Services.Authentication;
 
-public sealed record AuthenticatedUser(AuthenticatedUserInfo Info, ImmutableArray<byte> Token);
+public sealed record AuthenticatedUser(AuthenticatedUserInfo Info, ImmutableArray<byte> Token) {
+	public bool CheckPermission(Permission permission) {
+		return Info.Permissions.Check(permission);
+	}
+}

Web/Phantom.Web.Services/Authentication/UserLoginManager.cs

@@ -1,5 +1,4 @@
-using Phantom.Common.Data;
+using Phantom.Common.Data.Web.Users;
-using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Web.ToController;
 using Phantom.Utils.Logging;
 using Phantom.Web.Services.Rpc;
@@ -23,20 +22,23 @@ public sealed class UserLoginManager {
 	}
 
 	public async Task<bool> LogIn(string username, string password, string? returnUrl = null) {
-		Optional<LogInSuccess> result;
+		LogInSuccess? success;
 		try {
-			result = await controllerConnection.Send<LogInMessage, Optional<LogInSuccess>>(new LogInMessage(username, password), TimeSpan.FromSeconds(30));
+			success = await controllerConnection.Send<LogInMessage, LogInSuccess?>(new LogInMessage(username, password), TimeSpan.FromSeconds(30));
 		} catch (Exception e) {
 			Logger.Error(e, "Could not log in {Username}.", username);
 			return false;
 		}
 
-		if (result.Value is not var (userInfo, authToken)) {
+		if (success == null) {
 			return false;
 		}
 
 		Logger.Information("Successfully logged in {Username}.", username);
 
+		var userInfo = success.UserInfo;
+		var authToken = success.AuthToken;
+		
 		authenticationStateProvider.SetUnloadedSession();
 		await sessionBrowserStorage.Store(userInfo.Guid, authToken);
 		await authenticationStateProvider.GetAuthenticationStateAsync();

Web/Phantom.Web.Services/Events/EventLogManager.cs

@@ -16,7 +16,7 @@ public sealed class EventLogManager {
 	}
 
 	public async Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> GetMostRecentItems(AuthenticatedUser? authenticatedUser, int count, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.ViewEvents)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ViewEvents)) {
 			var message = new GetEventLogMessage(authenticatedUser.Token, count);
 			return await controllerConnection.Send<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(message, cancellationToken);
 		}

Web/Phantom.Web.Services/Instances/InstanceManager.cs

@@ -33,17 +33,12 @@ public sealed class InstanceManager {
 		return instances.Value;
 	}
 
-	public Instance? GetByGuid(AuthenticatedUser? authenticatedUser, Guid instanceGuid) {
+	public Instance? GetByGuid(Guid instanceGuid) {
-		if (authenticatedUser == null) {
+		return instances.Value.GetValueOrDefault(instanceGuid);
-			return null;
-		}
-		
-		var instance = instances.Value.GetValueOrDefault(instanceGuid);
-		return instance != null && authenticatedUser.Info.HasAccessToAgent(instance.Configuration.AgentGuid) ? instance : null;
 	}
 
 	public async Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance(AuthenticatedUser? authenticatedUser, Guid instanceGuid, InstanceConfiguration configuration, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.CreateInstances)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.CreateInstances)) {
 			var message = new CreateOrUpdateInstanceMessage(authenticatedUser.Token, instanceGuid, configuration);
 			return await controllerConnection.Send<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
 		}
@@ -53,7 +48,7 @@ public sealed class InstanceManager {
 	}
 
 	public async Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> LaunchInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.ControlInstances)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
 			var message = new LaunchInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid);
 			return await controllerConnection.Send<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
 		}
@@ -63,7 +58,7 @@ public sealed class InstanceManager {
 	}
 
 	public async Task<Result<StopInstanceResult, UserInstanceActionFailure>> StopInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, MinecraftStopStrategy stopStrategy, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.ControlInstances)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
 			var message = new StopInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid, stopStrategy);
 			return await controllerConnection.Send<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
 		}
@@ -73,7 +68,7 @@ public sealed class InstanceManager {
 	}
 
 	public async Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> SendCommandToInstance(AuthenticatedUser? authenticatedUser, Guid agentGuid, Guid instanceGuid, string command, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.ControlInstances)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ControlInstances)) {
 			var message = new SendCommandToInstanceMessage(authenticatedUser.Token, agentGuid, instanceGuid, command);
 			return await controllerConnection.Send<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(message, cancellationToken);
 		}

Web/Phantom.Web.Services/Users/AuditLogManager.cs

@@ -16,7 +16,7 @@ public sealed class AuditLogManager {
 	}
 
 	public async Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> GetMostRecentItems(AuthenticatedUser? authenticatedUser, int count, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.ViewAudit)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.ViewAudit)) {
 			var message = new GetAuditLogMessage(authenticatedUser.Token, count);
 			return await controllerConnection.Send<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(message, cancellationToken);
 		}

Web/Phantom.Web.Services/Users/UserManager.cs

@@ -19,7 +19,7 @@ public sealed class UserManager {
 	}
 
 	public async Task<Result<CreateUserResult, UserActionFailure>> Create(AuthenticatedUser? authenticatedUser, string username, string password, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.EditUsers)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
 			return await controllerConnection.Send<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(new CreateUserMessage(authenticatedUser.Token, username, password), cancellationToken);
 		}
 		else {
@@ -28,7 +28,7 @@ public sealed class UserManager {
 	}
 	
 	public async Task<Result<DeleteUserResult, UserActionFailure>> DeleteByGuid(AuthenticatedUser? authenticatedUser, Guid userGuid, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.EditUsers)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
 			return await controllerConnection.Send<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(new DeleteUserMessage(authenticatedUser.Token, userGuid), cancellationToken);
 		}
 		else {

Web/Phantom.Web.Services/Users/UserRoleManager.cs

@@ -23,7 +23,7 @@ public sealed class UserRoleManager {
 	}
 
 	public async Task<Result<ChangeUserRolesResult, UserActionFailure>> ChangeUserRoles(AuthenticatedUser? authenticatedUser, Guid subjectUserGuid, ImmutableHashSet<Guid> addToRoleGuids, ImmutableHashSet<Guid> removeFromRoleGuids, CancellationToken cancellationToken) {
-		if (authenticatedUser != null && authenticatedUser.Info.CheckPermission(Permission.EditUsers)) {
+		if (authenticatedUser != null && authenticatedUser.CheckPermission(Permission.EditUsers)) {
 			return await controllerConnection.Send<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(new ChangeUserRolesMessage(authenticatedUser.Token, subjectUserGuid, addToRoleGuids, removeFromRoleGuids), cancellationToken);
 		}
 		else {

Web/Phantom.Web/Pages/Agents.razor

@@ -1,5 +1,4 @@
 @page "/agents"
-@using System.Collections.Immutable
 @using Phantom.Common.Data.Web.Agent
 @using Phantom.Utils.Collections
 @using Phantom.Web.Services.Agents
@@ -47,45 +46,33 @@
         <Cell class="fw-semibold text-center text-success">Online</Cell>
         <Cell class="text-end">-</Cell>
         break;
-
       case AgentIsOffline:
         <Cell class="fw-semibold text-center">Offline</Cell>
         <Cell class="text-end">N/A</Cell>
         break;
-
       case AgentIsDisconnected status:
         <Cell class="fw-semibold text-center">Offline</Cell>
         <Cell class="text-end">
           <TimeWithOffset Time="status.LastPingTime" />
         </Cell>
         break;
-
       default:
         <Cell class="fw-semibold text-center">N/A</Cell>
         break;
     }
   </ItemRow>
   <NoItemsRow>
-    No agents found.
+    No agents registered.
   </NoItemsRow>
 </Table>
 
 @code {
 
-  private TableData<Agent, Guid>? agentTable;
+  private readonly TableData<Agent, Guid> agentTable = new();
-
-  protected override async Task OnInitializedAsync() {
-    var authenticatedUser = await GetAuthenticatedUser();
-    if (authenticatedUser == null) {
-      return;
-    }
 
+  protected override void OnInitialized() {
     AgentManager.AgentsChanged.Subscribe(this, agents => {
-      var sortedAgents = agents.Where(agent => authenticatedUser.Info.HasAccessToAgent(agent.AgentGuid))
+      var sortedAgents = agents.Sort(static (a1, a2) => a1.Configuration.AgentName.CompareTo(a2.Configuration.AgentName));
-                               .OrderBy(static agent => agent.Configuration.AgentName)
-                               .ToImmutableArray();
-
-      agentTable ??= new TableData<Agent, Guid>();
       agentTable.UpdateFrom(sortedAgents, static agent => agent.AgentGuid, static agent => agent, static (agent, _) => agent);
       InvokeAsync(StateHasChanged);
     });

Web/Phantom.Web/Pages/InstanceDetail.razor

@@ -7,15 +7,9 @@
 @using Phantom.Common.Data.Instance
 @using Phantom.Web.Services.Instances
 @using Phantom.Web.Services.Authorization
-@inherits PhantomComponent
+@inherits Phantom.Web.Components.PhantomComponent
 @inject InstanceManager InstanceManager
 
-@if (isLoading) {
-  <h1>Instance</h1>
-  <p>Loading...</p>
-  return;
-}
-
 @if (Instance == null) {
   <h1>Instance Not Found</h1>
   <p>Return to <a href="instances">all instances</a>.</p>
@@ -60,25 +54,19 @@
   [Parameter]
   public Guid InstanceGuid { get; init; }
 
-  private Instance? Instance { get; set; }
-  private bool isLoading = true;
-
   private string? lastError = null;
   private bool isLaunchingInstance = false;
 
-  protected override async Task OnInitializedAsync() {
+  private Instance? Instance { get; set; }
-    Instance = InstanceManager.GetByGuid(await GetAuthenticatedUser(), InstanceGuid);
-    isLoading = false;
 
-    if (Instance != null) {
+  protected override void OnInitialized() {
-      InstanceManager.InstancesChanged.Subscribe(this, instances => {
+    InstanceManager.InstancesChanged.Subscribe(this, instances => {
-        var newInstance = instances.TryGetValue(InstanceGuid, out var instance) ? instance : null;
+      var newInstance = instances.TryGetValue(InstanceGuid, out var instance) ? instance : null;
-        if (newInstance != Instance) {
+      if (newInstance != Instance) {
-          Instance = newInstance;
+        Instance = newInstance;
-          InvokeAsync(StateHasChanged);
+        InvokeAsync(StateHasChanged);
-        }
+      }
-      });
+    });
-    }
   }
 
   private async Task LaunchInstance() {

Web/Phantom.Web/Pages/InstanceEdit.razor

@@ -6,20 +6,14 @@
 @inherits PhantomComponent
 @inject InstanceManager InstanceManager
 
-@if (isLoading) {
-  <h1>Edit Instance</h1>
-  <p>Loading...</p>
-  return;
-}
-
 @if (Instance == null) {
   <h1>Instance Not Found</h1>
   <p>Return to <a href="instances">all instances</a>.</p>
-  return;
 }
-
+else {
-<h1>Edit Instance: @Instance.Configuration.InstanceName</h1>
+  <h1>Edit Instance: @Instance.Configuration.InstanceName</h1>
-<InstanceAddOrEditForm EditedInstance="Instance" />
+  <InstanceAddOrEditForm EditedInstance="Instance" />
+}
 
 @code {
 
@@ -27,11 +21,9 @@
   public Guid InstanceGuid { get; init; }
 
   private Instance? Instance { get; set; }
-  private bool isLoading = true;
 
-  protected override async Task OnInitializedAsync() {
+  protected override void OnInitialized() {
-    Instance = InstanceManager.GetByGuid(await GetAuthenticatedUser(), InstanceGuid);
+    Instance = InstanceManager.GetByGuid(InstanceGuid);
-    isLoading = false;
   }
 
 }

Web/Phantom.Web/Pages/Instances.razor

@@ -69,18 +69,9 @@
       this.agentNamesByGuid = agents.ToImmutableDictionary(static agent => agent.AgentGuid, static agent => agent.Configuration.AgentName);
       InvokeAsync(StateHasChanged);
     });
-  }
-
-  protected override async Task OnInitializedAsync() {
-    var authenticatedUser = await GetAuthenticatedUser();
-    if (authenticatedUser == null) {
-      instances = ImmutableArray<Instance>.Empty;
-      return;
-    }
 
     InstanceManager.InstancesChanged.Subscribe(this, instances => {
       this.instances = instances.Values
-                                .Where(instance => authenticatedUser.Info.HasAccessToAgent(instance.Configuration.AgentGuid))
                                 .OrderBy(instance => agentNamesByGuid.TryGetValue(instance.Configuration.AgentGuid, out var agentName) ? agentName : string.Empty)
                                 .ThenBy(static instance => instance.Configuration.InstanceName)
                                 .ToImmutableArray();

Web/Phantom.Web/Shared/InstanceAddOrEditForm.razor

@@ -278,11 +278,10 @@
   }
 
   protected override async Task OnInitializedAsync() {
-    var authenticatedUser = await GetAuthenticatedUser();
     var agentJavaRuntimesTask = ControllerConnection.Send<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(new GetAgentJavaRuntimesMessage(), TimeSpan.FromSeconds(30));
     var minecraftVersionsTask = ControllerConnection.Send<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(new GetMinecraftVersionsMessage(), TimeSpan.FromSeconds(30));
 
-    allAgentsByGuid = AgentManager.ToDictionaryByGuid(authenticatedUser);
+    allAgentsByGuid = AgentManager.ToDictionaryByGuid();
     allAgentJavaRuntimes = await agentJavaRuntimesTask;
     allMinecraftVersions = await minecraftVersionsTask;