feat: Refactor file transport handling across controllers and views

- Updated authorization policies to remove legacy FTP claims and replace them with file transport claims.
- Refactored GameServersController, CredentialsController, and MapRotationsController to use new file transport properties.
- Removed deprecated FTP handling from various models and extensions.
- Added new extension methods for setting file transport properties in CreateGameServerDto and EditGameServerDto.
- Updated tests to reflect changes in file transport logic and ensure proper authorization handling.

Author: frasermolyneux

.github/copilot-instructions.md

@@ -47,7 +47,7 @@ ASP.NET Core 9 web application (`src/XtremeIdiots.Portal.Web/`) providing the Xt
 
 ## Authorization Model
 
-The portal uses a `{Domain}.{Action}` policy naming convention (e.g., `AdminActions.Create`, `GameServers.Credentials.Ftp.Read`). Policies are defined as constants in the `AuthPolicies` class (`Auth/Constants/AuthPolicies.cs`) and registered via `PolicyExtensions.AddXtremeIdiotsPolicies()`. Each policy maps to a marker requirement class and a corresponding authorization handler.
+The portal uses a `{Domain}.{Action}` policy naming convention (e.g., `AdminActions.Create`, `GameServers.Credentials.FileTransport.Read`). Policies are defined as constants in the `AuthPolicies` class (`Auth/Constants/AuthPolicies.cs`) and registered via `PolicyExtensions.AddXtremeIdiotsPolicies()`. Each policy maps to a marker requirement class and a corresponding authorization handler.
 
 ### Role Hierarchy
 

docs/authorization-model.md

@@ -4,7 +4,7 @@ This document explains **how** the portal's authorization model works. For the e
 
 ## Policy Naming Convention
 
-All policies follow a `{Domain}.{Action}` naming pattern (e.g., `AdminActions.Create`, `GameServers.Credentials.Ftp.Read`). Policy name constants are defined in `AuthPolicies.cs` and registered via `PolicyExtensions.AddXtremeIdiotsPolicies()`. Each policy maps to a marker requirement class and a corresponding authorization handler.
+All policies follow a `{Domain}.{Action}` naming pattern (e.g., `AdminActions.Create`, `GameServers.Credentials.FileTransport.Read`). Policy name constants are defined in `AuthPolicies.cs` and registered via `PolicyExtensions.AddXtremeIdiotsPolicies()`. Each policy maps to a marker requirement class and a corresponding authorization handler.
 
 ## Role Hierarchy
 
@@ -36,7 +36,7 @@ Most policies are scoped to a `GameType`. A HeadAdmin for COD4 can only exercise
 
 ### Server Scoped
 
-Some additional permissions are scoped to a specific game server (identified by GUID). For example, a user can be granted `GameServers.Credentials.Ftp.Read` for a single server without access to FTP credentials for other servers in the same game type. Server-scoped checks typically appear as `(GameType, Guid)` resource tuples.
+Some additional permissions are scoped to a specific game server (identified by GUID). For example, a user can be granted `GameServers.Credentials.FileTransport.Read` for a single server without access to file transport credentials for other servers in the same game type. Server-scoped checks typically appear as `(GameType, Guid)` resource tuples.
 
 ### Ownership-Based
 

src/XtremeIdiots.Portal.Web.Tests/Auth/Handlers/GameServersAuthHandlerTests.cs

@@ -0,0 +1,45 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
+using XtremeIdiots.Portal.Repository.Abstractions.Constants.V1;
+using XtremeIdiots.Portal.Web.Auth.Constants;
+using XtremeIdiots.Portal.Web.Auth.Handlers;
+using XtremeIdiots.Portal.Web.Auth.Requirements;
+
+namespace XtremeIdiots.Portal.Web.Tests.Auth.Handlers;
+
+public class GameServersAuthHandlerTests
+{
+    [Fact]
+    public async Task HandleAsync_FileTransportRead_DoesNotSucceedForLegacyFtpClaim()
+    {
+        var serverId = Guid.NewGuid();
+        var requirement = new GameServersCredentialsFileTransportRead();
+        var user = CreateUser(new Claim("GameServers.Credentials.Ftp.Read", serverId.ToString()));
+        var context = new AuthorizationHandlerContext([requirement], user, (GameType.CallOfDuty4, serverId));
+
+        var sut = new GameServersAuthHandler();
+        await sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Fact]
+    public async Task HandleAsync_FileTransportRead_SucceedsForFileTransportClaim()
+    {
+        var serverId = Guid.NewGuid();
+        var requirement = new GameServersCredentialsFileTransportRead();
+        var user = CreateUser(new Claim(AuthPolicies.GameServers_Credentials_FileTransport_Read, serverId.ToString()));
+        var context = new AuthorizationHandlerContext([requirement], user, (GameType.CallOfDuty4, serverId));
+
+        var sut = new GameServersAuthHandler();
+        await sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    private static ClaimsPrincipal CreateUser(params Claim[] claims)
+    {
+        var identity = new ClaimsIdentity(claims, authenticationType: "TestAuthType");
+        return new ClaimsPrincipal(identity);
+    }
+}

src/XtremeIdiots.Portal.Web.Tests/Controllers/GameServersControllerTests.cs

@@ -286,7 +286,6 @@ public async Task Edit_WhenUserCannotEditFileTransport_PreservesExistingFileTran
         var redirect = Assert.IsType<RedirectToActionResult>(result);
         Assert.Equal("Index", redirect.ActionName);
         Assert.NotNull(capturedUpdate);
-        Assert.True(capturedUpdate.FtpEnabled);
         Assert.True(capturedUpdate.FileTransportEnabled);
         Assert.Equal(XtremeIdiots.Portal.Repository.Abstractions.Constants.V1.FileTransportType.Ftp, capturedUpdate.FileTransportType);
     }
@@ -354,7 +353,7 @@ public async Task Edit_WhenUserSelectsSftp_PersistsTransportEnabledAndType()
         Assert.NotNull(capturedUpdate);
         Assert.True(capturedUpdate.FileTransportEnabled);
         Assert.Equal(XtremeIdiots.Portal.Repository.Abstractions.Constants.V1.FileTransportType.Sftp, capturedUpdate.FileTransportType);
-        Assert.False(capturedUpdate.FtpEnabled);
+        Assert.Null(capturedUpdate.FtpEnabled);
     }
 
     private static GameServerDto CreateGameServerDto(bool ftpEnabled, bool fileTransportEnabled, string fileTransportType)

src/XtremeIdiots.Portal.Web.Tests/Extensions/FileTransportCompatibilityExtensionsTests.cs

@@ -44,7 +44,7 @@ public void ToViewModel_MapsAllProperties()
         // Arrange
         var dto = CreateGameServerDto(agentEnabled: true,
             ftpEnabled: true, rconEnabled: true, banFileSyncEnabled: true, serverListEnabled: true,
-            serverListPosition: 5);
+            serverListPosition: 5, fileTransportEnabled: true, fileTransportType: "Ftp");
 
         // Act
         var viewModel = dto.ToViewModel();
@@ -80,7 +80,7 @@ public void ToViewModel_MapsAgentEnabled(bool agentEnabled)
     }
 
     [Fact]
-    public void ToViewModel_WhenLegacyFtpEnabledWithoutFileTransportType_InfersFtp()
+    public void ToViewModel_WhenTransportTypeIsMissing_UsesUnknown()
     {
         // Arrange
         var dto = CreateGameServerDto(ftpEnabled: true);
@@ -89,7 +89,7 @@ public void ToViewModel_WhenLegacyFtpEnabledWithoutFileTransportType_InfersFtp()
         var viewModel = dto.ToViewModel();
 
         // Assert
-        Assert.Equal(FileTransportType.Ftp, viewModel.FileTransportType);
+        Assert.Equal(FileTransportType.Unknown, viewModel.FileTransportType);
     }
 
     [Fact]

src/XtremeIdiots.Portal.Web.Tests/Extensions/GameServerDtoExtensionsTests.cs

@@ -0,0 +1,30 @@
+using XtremeIdiots.Portal.Repository.Abstractions.Constants.V1;
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.GameServers;
+using XtremeIdiots.Portal.Web.Extensions;
+
+namespace XtremeIdiots.Portal.Web.Tests.Extensions;
+
+public class GameServerFileTransportExtensionsTests
+{
+    [Fact]
+    public void SetFileTransportProperties_WhenEnabledAndUnknown_DefaultsToFtp()
+    {
+        var dto = new CreateGameServerDto("Server", GameType.CallOfDuty4, "host", 28960);
+
+        dto.SetFileTransportProperties(true, FileTransportType.Unknown);
+
+        Assert.True(dto.FileTransportEnabled);
+        Assert.Equal(FileTransportType.Ftp, dto.FileTransportType);
+    }
+
+    [Fact]
+    public void SetFileTransportProperties_WhenDisabled_UsesUnknown()
+    {
+        var dto = new EditGameServerDto(Guid.NewGuid());
+
+        dto.SetFileTransportProperties(false, FileTransportType.Sftp);
+
+        Assert.False(dto.FileTransportEnabled);
+        Assert.Equal(FileTransportType.Unknown, dto.FileTransportType);
+    }
+}

src/XtremeIdiots.Portal.Web.Tests/Extensions/GameServerFileTransportExtensionsTests.cs

@@ -25,8 +25,6 @@ public static class AuthPolicies
     // Game Servers — Credentials
     public const string GameServers_Credentials_FileTransport_Read = "GameServers.Credentials.FileTransport.Read";
     public const string GameServers_Credentials_FileTransport_Write = "GameServers.Credentials.FileTransport.Write";
-    public const string GameServers_Credentials_Ftp_Read = "GameServers.Credentials.Ftp.Read";
-    public const string GameServers_Credentials_Ftp_Write = "GameServers.Credentials.Ftp.Write";
     public const string GameServers_Credentials_Rcon_Read = "GameServers.Credentials.Rcon.Read";
     public const string GameServers_Credentials_Rcon_Write = "GameServers.Credentials.Rcon.Write";
 

src/XtremeIdiots.Portal.Web/Auth/Constants/AuthPolicies.cs

@@ -40,8 +40,7 @@ public static class ClaimGroups
             UserProfileClaimType.HeadAdmin,
             UserProfileClaimType.GameAdmin,
             AuthPolicies.GameServers_Credentials_FileTransport_Read,
-            AdditionalPermission.GameServers_Credentials_Rcon_Read,
-            AdditionalPermission.GameServers_Credentials_Ftp_Read
+            AdditionalPermission.GameServers_Credentials_Rcon_Read
         ];
 
         public readonly static string[] GameServerAccessLevels =
@@ -359,29 +358,15 @@ public static void CheckRconCredentialsAccess(AuthorizationHandlerContext contex
             context.Succeed(requirement);
     }
 
-    /// <summary>
-    /// Checks if the user has FTP credentials access for a specific game server
-    /// </summary>
-    /// <param name="context">The authorization context</param>
-    /// <param name="requirement">The authorization requirement to succeed if access is granted</param>
-    /// <param name="gameServerId">The game server ID to check permissions for</param>
-    public static void CheckFtpCredentialsAccess(AuthorizationHandlerContext context, IAuthorizationRequirement requirement, Guid gameServerId)
-    {
-        if (context.User.HasClaim(AdditionalPermission.GameServers_Credentials_Ftp_Read, gameServerId.ToString()))
-            context.Succeed(requirement);
-    }
-
     /// <summary>
     /// Checks if the user has file transport credentials access for a specific game server.
-    /// Accepts both the new transport-neutral claim and the legacy FTP claim during migration.
     /// </summary>
     /// <param name="context">The authorization context</param>
     /// <param name="requirement">The authorization requirement to succeed if access is granted</param>
     /// <param name="gameServerId">The game server ID to check permissions for</param>
     public static void CheckFileTransportCredentialsAccess(AuthorizationHandlerContext context, IAuthorizationRequirement requirement, Guid gameServerId)
     {
-        if (context.User.HasClaim(AuthPolicies.GameServers_Credentials_FileTransport_Read, gameServerId.ToString()) ||
-            context.User.HasClaim(AdditionalPermission.GameServers_Credentials_Ftp_Read, gameServerId.ToString()))
+        if (context.User.HasClaim(AuthPolicies.GameServers_Credentials_FileTransport_Read, gameServerId.ToString()))
         {
             context.Succeed(requirement);
         }

src/XtremeIdiots.Portal.Web/Auth/Handlers/BaseAuthorizationHelper.cs

@@ -35,12 +35,6 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                 case GameServersCredentialsFileTransportWrite:
                     HandleCredentialsFileTransportWrite(context, requirement);
                     break;
-                case GameServersCredentialsFtpRead:
-                    HandleCredentialsFtpRead(context, requirement);
-                    break;
-                case GameServersCredentialsFtpWrite:
-                    HandleCredentialsFtpWrite(context, requirement);
-                    break;
                 case GameServersCredentialsRconRead:
                     HandleCredentialsRconRead(context, requirement);
                     break;
@@ -146,42 +140,12 @@ private static void HandleCredentialsFileTransportRead(AuthorizationHandlerConte
         }
 
         BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.FileTransport.Read");
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.Ftp.Read");
     }
 
     private static void HandleCredentialsFileTransportWrite(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
     {
         BaseAuthorizationHelper.CheckSeniorOrHeadAdminAccessWithResource(context, requirement);
         BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.FileTransport.Write");
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.Ftp.Write");
-    }
-
-    private static void HandleCredentialsFtpRead(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
-    {
-        BaseAuthorizationHelper.CheckSeniorAdminAccess(context, requirement);
-
-        if (context.Resource is Tuple<GameType, Guid> refTuple)
-        {
-            BaseAuthorizationHelper.CheckHeadAdminAccess(context, requirement, refTuple.Item1);
-            if (!context.HasSucceeded)
-                BaseAuthorizationHelper.CheckFileTransportCredentialsAccess(context, requirement, refTuple.Item2);
-        }
-        else if (context.Resource is (GameType gameType, Guid gameServerId))
-        {
-            BaseAuthorizationHelper.CheckHeadAdminAccess(context, requirement, gameType);
-            if (!context.HasSucceeded)
-                BaseAuthorizationHelper.CheckFileTransportCredentialsAccess(context, requirement, gameServerId);
-        }
-
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.Ftp.Read");
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.FileTransport.Read");
-    }
-
-    private static void HandleCredentialsFtpWrite(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
-    {
-        BaseAuthorizationHelper.CheckSeniorOrHeadAdminAccessWithResource(context, requirement);
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.Ftp.Write");
-        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Credentials.FileTransport.Write");
     }
 
     private static void HandleCredentialsRconRead(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)