feat: Implement Global Settings management with authorization and view model

Author: frasermolyneux

src/XtremeIdiots.Portal.Web.Tests/Controllers/GlobalSettingsControllerTests.cs

@@ -0,0 +1,77 @@
+using Microsoft.ApplicationInsights;
+using Microsoft.ApplicationInsights.Extensibility;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.Logging;
+using Moq;
+using System.Security.Claims;
+using XtremeIdiots.Portal.Repository.Api.Client.V1;
+using XtremeIdiots.Portal.Web.Controllers;
+
+namespace XtremeIdiots.Portal.Web.Tests.Controllers;
+
+public class GlobalSettingsControllerTests
+{
+    private readonly Mock<IRepositoryApiClient> mockRepositoryApiClient = new(MockBehavior.Default) { DefaultValue = DefaultValue.Mock };
+    private readonly TelemetryClient telemetryClient = new(new TelemetryConfiguration());
+    private readonly Mock<ILogger<GlobalSettingsController>> mockLogger = new();
+    private readonly Mock<IConfiguration> mockConfiguration = new();
+
+    private GlobalSettingsController CreateSut(ClaimsPrincipal? user = null)
+    {
+        var controller = new GlobalSettingsController(
+            mockRepositoryApiClient.Object,
+            telemetryClient,
+            mockLogger.Object,
+            mockConfiguration.Object);
+
+        var httpContext = new DefaultHttpContext
+        {
+            User = user ?? new ClaimsPrincipal(new ClaimsIdentity("TestAuth"))
+        };
+        controller.ControllerContext = new ControllerContext { HttpContext = httpContext };
+
+        return controller;
+    }
+
+    [Fact]
+    public void Constructor_WithValidDependencies_DoesNotThrow()
+    {
+        var sut = CreateSut();
+        Assert.NotNull(sut);
+    }
+
+    [Fact]
+    public void Constructor_WithNullTelemetryClient_ThrowsArgumentNullException()
+    {
+        Assert.Throws<ArgumentNullException>(() =>
+            new GlobalSettingsController(
+                mockRepositoryApiClient.Object,
+                null!,
+                mockLogger.Object,
+                mockConfiguration.Object));
+    }
+
+    [Fact]
+    public void Constructor_WithNullLogger_ThrowsArgumentNullException()
+    {
+        Assert.Throws<ArgumentNullException>(() =>
+            new GlobalSettingsController(
+                mockRepositoryApiClient.Object,
+                telemetryClient,
+                null!,
+                mockConfiguration.Object));
+    }
+
+    [Fact]
+    public void Constructor_WithNullConfiguration_ThrowsArgumentNullException()
+    {
+        Assert.Throws<ArgumentNullException>(() =>
+            new GlobalSettingsController(
+                mockRepositoryApiClient.Object,
+                telemetryClient,
+                mockLogger.Object,
+                null!));
+    }
+}

src/XtremeIdiots.Portal.Web/Auth/Constants/AuthPolicies.cs

@@ -33,6 +33,9 @@ public static class AuthPolicies
     public const string AccessDemos = nameof(AccessDemos);
     public const string DeleteDemo = nameof(DeleteDemo);
 
+    // Global Settings policies
+    public const string AccessGlobalSettings = nameof(AccessGlobalSettings);
+
     // Game Server policies
     public const string AccessGameServers = nameof(AccessGameServers);
     public const string CreateGameServer = nameof(CreateGameServer);

src/XtremeIdiots.Portal.Web/Auth/Handlers/GlobalSettingsAuthHandler.cs

@@ -0,0 +1,25 @@
+using Microsoft.AspNetCore.Authorization;
+using XtremeIdiots.Portal.Web.Auth.Requirements;
+
+namespace XtremeIdiots.Portal.Web.Auth.Handlers;
+
+/// <summary>
+/// Authorization handler for global settings operations — restricted to senior admins only
+/// </summary>
+public class GlobalSettingsAuthHandler : IAuthorizationHandler
+{
+    public Task HandleAsync(AuthorizationHandlerContext context)
+    {
+        var pendingRequirements = context.PendingRequirements;
+
+        foreach (var requirement in pendingRequirements)
+        {
+            if (requirement is AccessGlobalSettings)
+            {
+                BaseAuthorizationHelper.CheckSeniorAdminAccess(context, requirement);
+            }
+        }
+
+        return Task.CompletedTask;
+    }
+}

src/XtremeIdiots.Portal.Web/Auth/Requirements/GlobalSettingsAuthRequirements.cs

@@ -0,0 +1,10 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace XtremeIdiots.Portal.Web.Auth.Requirements;
+
+/// <summary>
+/// Authorization requirement for accessing the global settings management interface
+/// </summary>
+public class AccessGlobalSettings : IAuthorizationRequirement
+{
+}

src/XtremeIdiots.Portal.Web/Controllers/GlobalSettingsController.cs

@@ -0,0 +1,183 @@
+using System.Text.Json;
+using Microsoft.ApplicationInsights;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.Configurations;
+using XtremeIdiots.Portal.Repository.Api.Client.V1;
+using XtremeIdiots.Portal.Web.Auth.Constants;
+using XtremeIdiots.Portal.Web.Extensions;
+using XtremeIdiots.Portal.Web.ViewModels;
+
+namespace XtremeIdiots.Portal.Web.Controllers;
+
+/// <summary>
+/// Manages fleet-wide global configuration defaults for agents, ban files, moderation, and events
+/// </summary>
+[Authorize(Policy = AuthPolicies.AccessGlobalSettings)]
+public class GlobalSettingsController(
+    IRepositoryApiClient repositoryApiClient,
+    TelemetryClient telemetryClient,
+    ILogger<GlobalSettingsController> logger,
+    IConfiguration configuration) : BaseController(telemetryClient, logger, configuration)
+{
+    private readonly static JsonSerializerOptions configJsonOptions = new()
+    {
+        PropertyNameCaseInsensitive = true
+    };
+
+    [HttpGet]
+    public async Task<IActionResult> Index(CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var model = new GlobalSettingsViewModel();
+
+            try
+            {
+                var configsResult = await repositoryApiClient.GlobalConfigurations.V1
+                    .GetConfigurations(cancellationToken).ConfigureAwait(false);
+
+                if (configsResult.IsSuccess && configsResult.Result?.Data?.Items != null)
+                {
+                    foreach (var config in configsResult.Result.Data.Items)
+                    {
+                        PopulateModelFromNamespace(model, config);
+                    }
+                }
+                else
+                {
+                    Logger.LogWarning("Failed to retrieve global configurations, using defaults");
+                }
+            }
+            catch (Exception ex)
+            {
+                Logger.LogWarning(ex, "Failed to fetch global configurations, using defaults");
+            }
+
+            return View(model);
+        }, nameof(Index)).ConfigureAwait(false);
+    }
+
+    [HttpPost]
+    [ValidateAntiForgeryToken]
+    public async Task<IActionResult> Index(GlobalSettingsViewModel model, CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var modelStateResult = CheckModelState(model);
+            if (modelStateResult is not null)
+                return modelStateResult;
+
+            var errors = new List<string>();
+
+            await UpsertConfigSafeAsync("agent", JsonSerializer.Serialize(new
+            {
+                pollIntervalMs = model.AgentPollIntervalMs,
+                statusPublishIntervalSeconds = model.AgentStatusPublishIntervalSeconds,
+                rconSyncIntervalSeconds = model.AgentRconSyncIntervalSeconds,
+                offsetSaveIntervalSeconds = model.AgentOffsetSaveIntervalSeconds
+            }, configJsonOptions), errors, cancellationToken).ConfigureAwait(false);
+
+            await UpsertConfigSafeAsync("banfiles", JsonSerializer.Serialize(new
+            {
+                checkIntervalSeconds = model.BanFileSyncCheckIntervalSeconds
+            }, configJsonOptions), errors, cancellationToken).ConfigureAwait(false);
+
+            await UpsertConfigSafeAsync("moderation", JsonSerializer.Serialize(new
+            {
+                contentSafetySeverityThreshold = model.ModerationSeverityThreshold,
+                minMessageLength = model.ModerationMinMessageLength
+            }, configJsonOptions), errors, cancellationToken).ConfigureAwait(false);
+
+            await UpsertConfigSafeAsync("events", JsonSerializer.Serialize(new
+            {
+                staleThresholdSeconds = model.EventsStaleThresholdSeconds,
+                playerCacheExpirationSeconds = model.EventsPlayerCacheExpirationSeconds
+            }, configJsonOptions), errors, cancellationToken).ConfigureAwait(false);
+
+            if (errors.Count > 0)
+            {
+                this.AddAlertDanger($"Failed to save configuration for: {string.Join(", ", errors)}");
+            }
+            else
+            {
+                this.AddAlertSuccess("Global settings saved successfully.");
+            }
+
+            return RedirectToAction(nameof(Index));
+        }, nameof(Index)).ConfigureAwait(false);
+    }
+
+    private void PopulateModelFromNamespace(GlobalSettingsViewModel model, ConfigurationDto config)
+    {
+        try
+        {
+            if (string.IsNullOrWhiteSpace(config.Configuration))
+                return;
+
+            using var doc = JsonDocument.Parse(config.Configuration);
+            var root = doc.RootElement;
+
+            switch (config.Namespace)
+            {
+                case "agent":
+                    model.AgentPollIntervalMs = GetIntProperty(root, "pollIntervalMs", model.AgentPollIntervalMs);
+                    model.AgentStatusPublishIntervalSeconds = GetIntProperty(root, "statusPublishIntervalSeconds", model.AgentStatusPublishIntervalSeconds);
+                    model.AgentRconSyncIntervalSeconds = GetIntProperty(root, "rconSyncIntervalSeconds", model.AgentRconSyncIntervalSeconds);
+                    model.AgentOffsetSaveIntervalSeconds = GetIntProperty(root, "offsetSaveIntervalSeconds", model.AgentOffsetSaveIntervalSeconds);
+                    break;
+                case "banfiles":
+                    model.BanFileSyncCheckIntervalSeconds = GetIntProperty(root, "checkIntervalSeconds", model.BanFileSyncCheckIntervalSeconds);
+                    break;
+                case "moderation":
+                    model.ModerationSeverityThreshold = GetIntProperty(root, "contentSafetySeverityThreshold", model.ModerationSeverityThreshold);
+                    model.ModerationMinMessageLength = GetIntProperty(root, "minMessageLength", model.ModerationMinMessageLength);
+                    break;
+                case "events":
+                    model.EventsStaleThresholdSeconds = GetIntProperty(root, "staleThresholdSeconds", model.EventsStaleThresholdSeconds);
+                    model.EventsPlayerCacheExpirationSeconds = GetIntProperty(root, "playerCacheExpirationSeconds", model.EventsPlayerCacheExpirationSeconds);
+                    break;
+                default:
+                    Logger.LogDebug("Unknown global configuration namespace '{Namespace}'", config.Namespace);
+                    break;
+            }
+        }
+        catch (JsonException ex)
+        {
+            Logger.LogWarning(ex, "Failed to parse global configuration for namespace '{Namespace}'", config.Namespace);
+        }
+    }
+
+    private static int GetIntProperty(JsonElement root, string propertyName, int defaultValue)
+    {
+        return root.TryGetProperty(propertyName, out var prop) &&
+               prop.ValueKind == JsonValueKind.Number &&
+               prop.TryGetInt32(out var value)
+            ? value
+            : defaultValue;
+    }
+
+    private async Task UpsertConfigSafeAsync(
+        string ns,
+        string configJson,
+        List<string> errors,
+        CancellationToken cancellationToken)
+    {
+        try
+        {
+            var result = await repositoryApiClient.GlobalConfigurations.V1.UpsertConfiguration(
+                ns, new UpsertConfigurationDto { Configuration = configJson }, cancellationToken).ConfigureAwait(false);
+
+            if (!result.IsSuccess)
+            {
+                Logger.LogWarning("Failed to upsert global configuration namespace '{Namespace}'", ns);
+                errors.Add(ns);
+            }
+        }
+        catch (Exception ex)
+        {
+            Logger.LogWarning(ex, "Error upserting global configuration namespace '{Namespace}'", ns);
+            errors.Add(ns);
+        }
+    }
+}

src/XtremeIdiots.Portal.Web/Extensions/PolicyExtensions.cs

@@ -32,6 +32,8 @@ public static void AddXtremeIdiotsPolicies(this AuthorizationOptions options)
         options.AddPolicy(AuthPolicies.AccessDemos, policy => policy.Requirements.Add(new AccessDemos()));
         options.AddPolicy(AuthPolicies.DeleteDemo, policy => policy.Requirements.Add(new DeleteDemo()));
 
+        options.AddPolicy(AuthPolicies.AccessGlobalSettings, policy => policy.Requirements.Add(new AccessGlobalSettings()));
+
         options.AddPolicy(AuthPolicies.AccessGameServers, policy => policy.Requirements.Add(new AccessGameServers()));
         options.AddPolicy(AuthPolicies.CreateGameServer, policy => policy.Requirements.Add(new CreateGameServer()));
         options.AddPolicy(AuthPolicies.DeleteGameServer, policy => policy.Requirements.Add(new DeleteGameServer()));

src/XtremeIdiots.Portal.Web/Extensions/ServiceCollectionExtensions.cs

@@ -16,6 +16,7 @@ public static void AddXtremeIdiotsAuth(this IServiceCollection services)
         services.AddSingleton<IAuthorizationHandler, CredentialsAuthHandler>();
         services.AddSingleton<IAuthorizationHandler, DemosAuthHandler>();
         services.AddSingleton<IAuthorizationHandler, GameServersAuthHandler>();
+        services.AddSingleton<IAuthorizationHandler, GlobalSettingsAuthHandler>();
         services.AddSingleton<IAuthorizationHandler, DashboardAuthHandler>();
         services.AddSingleton<IAuthorizationHandler, HomeAuthHandler>();
         services.AddSingleton<IAuthorizationHandler, ProfileAuthHandler>();

src/XtremeIdiots.Portal.Web/ViewModels/GlobalSettingsViewModel.cs

@@ -0,0 +1,50 @@
+using System.ComponentModel;
+using System.ComponentModel.DataAnnotations;
+
+namespace XtremeIdiots.Portal.Web.ViewModels;
+
+/// <summary>
+/// View model for the global settings admin page, representing fleet-wide configuration defaults
+/// </summary>
+public class GlobalSettingsViewModel
+{
+    // Agent defaults
+    [DisplayName("Poll Interval (ms)")]
+    [Range(100, int.MaxValue, ErrorMessage = "Poll interval must be at least 100ms.")]
+    public int AgentPollIntervalMs { get; set; } = 500;
+
+    [DisplayName("Status Publish Interval (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "Status publish interval must be at least 1 second.")]
+    public int AgentStatusPublishIntervalSeconds { get; set; } = 60;
+
+    [DisplayName("RCON Sync Interval (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "RCON sync interval must be at least 1 second.")]
+    public int AgentRconSyncIntervalSeconds { get; set; } = 300;
+
+    [DisplayName("Offset Save Interval (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "Offset save interval must be at least 1 second.")]
+    public int AgentOffsetSaveIntervalSeconds { get; set; } = 30;
+
+    // Ban file sync defaults
+    [DisplayName("Check Interval (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "Check interval must be at least 1 second.")]
+    public int BanFileSyncCheckIntervalSeconds { get; set; } = 60;
+
+    // Moderation defaults
+    [DisplayName("Severity Threshold")]
+    [Range(0, 6, ErrorMessage = "Severity threshold must be between 0 and 6.")]
+    public int ModerationSeverityThreshold { get; set; } = 4;
+
+    [DisplayName("Minimum Message Length")]
+    [Range(1, int.MaxValue, ErrorMessage = "Minimum message length must be at least 1.")]
+    public int ModerationMinMessageLength { get; set; } = 5;
+
+    // Events defaults
+    [DisplayName("Stale Event Threshold (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "Stale event threshold must be at least 1 second.")]
+    public int EventsStaleThresholdSeconds { get; set; } = 120;
+
+    [DisplayName("Player Cache Expiration (s)")]
+    [Range(1, int.MaxValue, ErrorMessage = "Player cache expiration must be at least 1 second.")]
+    public int EventsPlayerCacheExpirationSeconds { get; set; } = 900;
+}