feat: Implement screenshot management for game servers with authorization and UI integration

Author: frasermolyneux

src/XtremeIdiots.Portal.Web.Tests/Auth/Handlers/GameServersAuthHandlerTests.cs

@@ -37,6 +37,45 @@ public async Task HandleAsync_FileTransportRead_SucceedsForFileTransportClaim()
         Assert.True(context.HasSucceeded);
     }
 
+    [Fact]
+    public async Task HandleAsync_ScreenshotsRead_SucceedsForMatchingGameScopedClaim()
+    {
+        var requirement = new GameServersAdminScreenshotsRead();
+        var user = CreateUser(new Claim(AuthPolicies.GameServers_Admin_Screenshots_Read, GameType.CallOfDuty4.ToString()));
+        var context = new AuthorizationHandlerContext([requirement], user, GameType.CallOfDuty4);
+
+        var sut = new GameServersAuthHandler();
+        await sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
+    [Fact]
+    public async Task HandleAsync_ScreenshotsRead_DoesNotSucceedForDifferentGameScopedClaim()
+    {
+        var requirement = new GameServersAdminScreenshotsRead();
+        var user = CreateUser(new Claim(AuthPolicies.GameServers_Admin_Screenshots_Read, GameType.Insurgency.ToString()));
+        var context = new AuthorizationHandlerContext([requirement], user, GameType.CallOfDuty4);
+
+        var sut = new GameServersAuthHandler();
+        await sut.HandleAsync(context);
+
+        Assert.False(context.HasSucceeded);
+    }
+
+    [Fact]
+    public async Task HandleAsync_RconScreenshot_SucceedsForMatchingGameScopedClaim()
+    {
+        var requirement = new GameServersAdminRconScreenshot();
+        var user = CreateUser(new Claim(AuthPolicies.GameServers_Admin_Rcon_Screenshot, GameType.CallOfDuty4.ToString()));
+        var context = new AuthorizationHandlerContext([requirement], user, GameType.CallOfDuty4);
+
+        var sut = new GameServersAuthHandler();
+        await sut.HandleAsync(context);
+
+        Assert.True(context.HasSucceeded);
+    }
+
     private static ClaimsPrincipal CreateUser(params Claim[] claims)
     {
         var identity = new ClaimsIdentity(claims, authenticationType: "TestAuthType");

src/XtremeIdiots.Portal.Web/Auth/Constants/AuthPolicies.cs

@@ -44,6 +44,9 @@ public static class AuthPolicies
     public const string GameServers_Admin_Rcon_Map = "GameServers.Admin.Rcon.Map";
     public const string GameServers_Admin_Rcon_Say = "GameServers.Admin.Rcon.Say";
     public const string GameServers_Admin_Rcon_Restart = "GameServers.Admin.Rcon.Restart";
+    public const string GameServers_Admin_Rcon_Screenshot = "GameServers.Admin.Rcon.Screenshot";
+    public const string GameServers_Admin_Screenshots_Read = "GameServers.Admin.Screenshots.Read";
+    public const string GameServers_Admin_Screenshots_Delete = "GameServers.Admin.Screenshots.Delete";
 
     // Chat Log
     public const string ChatLog_Read = "ChatLog.Read";

src/XtremeIdiots.Portal.Web/Auth/Handlers/GameServersAuthHandler.cs

@@ -80,6 +80,15 @@ public Task HandleAsync(AuthorizationHandlerContext context)
                 case GameServersAdminRconRestart:
                     HandleAdminRconRestart(context, requirement);
                     break;
+                case GameServersAdminRconScreenshot:
+                    HandleAdminRconScreenshot(context, requirement);
+                    break;
+                case GameServersAdminScreenshotsRead:
+                    HandleAdminScreenshotsRead(context, requirement);
+                    break;
+                case GameServersAdminScreenshotsDelete:
+                    HandleAdminScreenshotsDelete(context, requirement);
+                    break;
                 default:
                     break;
             }
@@ -264,5 +273,23 @@ private static void HandleAdminRconRestart(AuthorizationHandlerContext context,
         BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Admin.Rcon.Restart");
     }
 
+    private static void HandleAdminRconScreenshot(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
+    {
+        BaseAuthorizationHelper.CheckSeniorOrGameAdminAccessWithResource(context, requirement);
+        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Admin.Rcon.Screenshot");
+    }
+
+    private static void HandleAdminScreenshotsRead(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
+    {
+        BaseAuthorizationHelper.CheckSeniorOrGameAdminAccessWithResource(context, requirement);
+        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Admin.Screenshots.Read");
+    }
+
+    private static void HandleAdminScreenshotsDelete(AuthorizationHandlerContext context, IAuthorizationRequirement requirement)
+    {
+        BaseAuthorizationHelper.CheckSeniorOrGameAdminAccessWithResource(context, requirement);
+        BaseAuthorizationHelper.CheckDirectPermissionGrant(context, requirement, "GameServers.Admin.Screenshots.Delete");
+    }
+
     #endregion
 }

src/XtremeIdiots.Portal.Web/Auth/Requirements/AuthRequirements.cs

@@ -37,6 +37,9 @@ public class GameServersAdminRconBan : IAuthorizationRequirement { }
 public class GameServersAdminRconMap : IAuthorizationRequirement { }
 public class GameServersAdminRconSay : IAuthorizationRequirement { }
 public class GameServersAdminRconRestart : IAuthorizationRequirement { }
+public class GameServersAdminRconScreenshot : IAuthorizationRequirement { }
+public class GameServersAdminScreenshotsRead : IAuthorizationRequirement { }
+public class GameServersAdminScreenshotsDelete : IAuthorizationRequirement { }
 
 // Chat Log
 public class ChatLogRead : IAuthorizationRequirement { }

src/XtremeIdiots.Portal.Web/Controllers/ServerAdminController.cs

@@ -16,6 +16,7 @@
 using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.LiveStatus;
 using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.Maps;
 using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.Players;
+using XtremeIdiots.Portal.Repository.Abstractions.Models.V1.Screenshots;
 using XtremeIdiots.Portal.Repository.Api.Client.V1;
 using XtremeIdiots.Portal.Web.Auth.Constants;
 using XtremeIdiots.Portal.Web.Extensions;
@@ -155,13 +156,16 @@ public async Task<IActionResult> ServerDetail(Guid id, CancellationToken cancell
             var mapRotAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.MapRotations_Read);
             var statusAuth = authorizationService.AuthorizeAsync(User, AuthPolicies.GameServers_BanFileMonitors_Read);
             var editAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Write);
+            var screenshotsReadAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Screenshots_Read);
+            var screenshotsDeleteAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Screenshots_Delete);
 
             // Check fine-grained RCON sub-action permissions in parallel
             var sayAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Rcon_Say);
             var mapCmdAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Rcon_Map);
             var restartSrvAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Rcon_Restart);
+            var screenshotCmdAuth = authorizationService.AuthorizeAsync(User, gs.GameType, AuthPolicies.GameServers_Admin_Rcon_Screenshot);
 
-            await Task.WhenAll(rconAuth, chatAuth, mapRotAuth, statusAuth, editAuth, sayAuth, mapCmdAuth, restartSrvAuth).ConfigureAwait(false);
+            await Task.WhenAll(rconAuth, chatAuth, mapRotAuth, statusAuth, editAuth, screenshotsReadAuth, screenshotsDeleteAuth, sayAuth, mapCmdAuth, restartSrvAuth, screenshotCmdAuth).ConfigureAwait(false);
 
             var viewModel = new ServerDetailViewModel
             {
@@ -172,9 +176,12 @@ public async Task<IActionResult> ServerDetail(Guid id, CancellationToken cancell
                 CanViewMapRotation = (await mapRotAuth.ConfigureAwait(false)).Succeeded,
                 CanViewStatus = (await statusAuth.ConfigureAwait(false)).Succeeded,
                 CanEditServer = (await editAuth.ConfigureAwait(false)).Succeeded,
+                CanViewScreenshots = (await screenshotsReadAuth.ConfigureAwait(false)).Succeeded,
                 CanSay = (await sayAuth.ConfigureAwait(false)).Succeeded,
                 CanChangeMap = (await mapCmdAuth.ConfigureAwait(false)).Succeeded,
-                CanRestartServer = (await restartSrvAuth.ConfigureAwait(false)).Succeeded
+                CanRestartServer = (await restartSrvAuth.ConfigureAwait(false)).Succeeded,
+                CanTakeScreenshot = (await screenshotCmdAuth.ConfigureAwait(false)).Succeeded,
+                CanDeleteScreenshots = (await screenshotsDeleteAuth.ConfigureAwait(false)).Succeeded
             };
 
             // Fetch overview data (non-critical — page renders without it)
@@ -1151,6 +1158,196 @@ await CreateAdminActionForRconOperationAsync(
         }, nameof(BanRconPlayer)).ConfigureAwait(false);
     }
 
+    [HttpPost]
+    [ValidateAntiForgeryToken]
+    public async Task<IActionResult> TakeRconScreenshot(Guid id, string playerIdentifier, string playerName, CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var (actionResult, gameServerData) = await GetAuthorizedGameServerAsync(id, nameof(TakeRconScreenshot), cancellationToken).ConfigureAwait(false);
+            if (actionResult is not null)
+                return actionResult;
+
+            var screenshotAuthResult = await CheckAuthorizationAsync(
+                authorizationService,
+                gameServerData!.GameType,
+                AuthPolicies.GameServers_Admin_Rcon_Screenshot,
+                nameof(TakeRconScreenshot),
+                "GameServer",
+                $"ServerId:{id},GameType:{gameServerData.GameType}",
+                gameServerData).ConfigureAwait(false);
+
+            if (screenshotAuthResult is not null)
+                return Json(new { success = false, message = "You don't have permission to request screenshots" });
+
+            if (string.IsNullOrWhiteSpace(playerIdentifier))
+            {
+                return Json(new { success = false, message = "Player identifier is required" });
+            }
+
+            var result = await serversApiClient.Rcon.V1.TakeScreenshot(id, new TakeScreenshotRequestDto
+            {
+                PlayerIdentifier = playerIdentifier.Trim()
+            }, cancellationToken).ConfigureAwait(false);
+
+            if (!result.IsSuccess)
+            {
+                return Json(new { success = false, message = "Failed to request screenshot from game server" });
+            }
+
+            TrackSuccessTelemetry("RconScreenshotRequested", nameof(TakeRconScreenshot), new Dictionary<string, string>
+            {
+                { "ServerId", id.ToString() },
+                { "GameType", gameServerData.GameType.ToString() },
+                { "PlayerIdentifier", playerIdentifier.Trim() }
+            });
+
+            return Json(new { success = true, message = $"Screenshot requested for {(string.IsNullOrWhiteSpace(playerName) ? "player" : playerName)}. It may take a short time to appear." });
+        }, nameof(TakeRconScreenshot)).ConfigureAwait(false);
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> GetScreenshots(Guid id, int skipEntries = 0, int takeEntries = 1000, CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var gameServerResponse = await repositoryApiClient.GameServers.V1.GetGameServer(id, cancellationToken).ConfigureAwait(false);
+            if (gameServerResponse.IsNotFound || gameServerResponse.Result?.Data is null)
+            {
+                return NotFound();
+            }
+
+            var gameServer = gameServerResponse.Result.Data;
+            var authResult = await CheckAuthorizationAsync(
+                authorizationService,
+                gameServer.GameType,
+                AuthPolicies.GameServers_Admin_Screenshots_Read,
+                nameof(GetScreenshots),
+                "GameServer",
+                $"ServerId:{id},GameType:{gameServer.GameType}",
+                gameServer).ConfigureAwait(false);
+
+            if (authResult is not null)
+                return authResult;
+
+            var screenshotsResponse = await repositoryApiClient.Screenshots.V1.GetScreenshots(
+                id,
+                Math.Max(skipEntries, 0),
+                Math.Clamp(takeEntries, 1, 2000),
+                ScreenshotOrder.CapturedUtcDesc,
+                cancellationToken).ConfigureAwait(false);
+
+            if (!screenshotsResponse.IsSuccess || screenshotsResponse.Result?.Data?.Items is null)
+            {
+                return Json(new { data = Array.Empty<object>() });
+            }
+
+            var data = screenshotsResponse.Result.Data.Items.Select(s => new
+            {
+                screenshotId = s.ScreenshotId,
+                capturedUtc = s.CapturedUtc,
+                playerIdentifier = s.PlayerIdentifier,
+                playerName = s.PlayerName,
+                sourceFileName = s.SourceFileName,
+                sizeBytes = s.SizeBytes,
+                contentType = s.ContentType
+            });
+
+            return Json(new { data });
+        }, nameof(GetScreenshots)).ConfigureAwait(false);
+    }
+
+    [HttpGet]
+    public async Task<IActionResult> GetScreenshotContent(Guid id, Guid screenshotId, CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var screenshotResponse = await repositoryApiClient.Screenshots.V1.GetScreenshot(screenshotId, cancellationToken).ConfigureAwait(false);
+            if (screenshotResponse.IsNotFound || screenshotResponse.Result?.Data is null)
+            {
+                return NotFound();
+            }
+
+            var screenshot = screenshotResponse.Result.Data;
+            if (screenshot.GameServerId != id)
+            {
+                return NotFound();
+            }
+
+            if (!Enum.TryParse<GameType>(screenshot.GameType, true, out var gameType) || gameType == GameType.Unknown)
+            {
+                return BadRequest();
+            }
+
+            var authResult = await CheckAuthorizationAsync(
+                authorizationService,
+                gameType,
+                AuthPolicies.GameServers_Admin_Screenshots_Read,
+                nameof(GetScreenshotContent),
+                "Screenshot",
+                $"ScreenshotId:{screenshotId},ServerId:{id},GameType:{gameType}",
+                screenshot).ConfigureAwait(false);
+
+            if (authResult is not null)
+                return authResult;
+
+            var contentResponse = await repositoryApiClient.Screenshots.V1.GetScreenshotContent(screenshotId, cancellationToken).ConfigureAwait(false);
+            if (!contentResponse.IsSuccess || contentResponse.Result?.Data is null)
+            {
+                return NotFound();
+            }
+
+            var content = contentResponse.Result.Data;
+            var fileName = string.IsNullOrWhiteSpace(content.FileName) ? $"{screenshotId}.jpg" : content.FileName;
+            return File(content.Content, content.ContentType, fileName);
+        }, nameof(GetScreenshotContent)).ConfigureAwait(false);
+    }
+
+    [HttpPost]
+    [ValidateAntiForgeryToken]
+    public async Task<IActionResult> DeleteScreenshot(Guid id, Guid screenshotId, CancellationToken cancellationToken = default)
+    {
+        return await ExecuteWithErrorHandlingAsync(async () =>
+        {
+            var screenshotResponse = await repositoryApiClient.Screenshots.V1.GetScreenshot(screenshotId, cancellationToken).ConfigureAwait(false);
+            if (screenshotResponse.IsNotFound || screenshotResponse.Result?.Data is null)
+            {
+                return Json(new { success = false, message = "Screenshot not found" });
+            }
+
+            var screenshot = screenshotResponse.Result.Data;
+            if (screenshot.GameServerId != id)
+            {
+                return Json(new { success = false, message = "Screenshot not found" });
+            }
+
+            if (!Enum.TryParse<GameType>(screenshot.GameType, true, out var gameType) || gameType == GameType.Unknown)
+            {
+                return Json(new { success = false, message = "Invalid screenshot game type" });
+            }
+
+            var authResult = await CheckAuthorizationAsync(
+                authorizationService,
+                gameType,
+                AuthPolicies.GameServers_Admin_Screenshots_Delete,
+                nameof(DeleteScreenshot),
+                "Screenshot",
+                $"ScreenshotId:{screenshotId},ServerId:{id},GameType:{gameType}",
+                screenshot).ConfigureAwait(false);
+
+            if (authResult is not null)
+                return Json(new { success = false, message = "You don't have permission to delete screenshots" });
+
+            var deleteResponse = await repositoryApiClient.Screenshots.V1.DeleteScreenshot(screenshotId, cancellationToken).ConfigureAwait(false);
+            if (!deleteResponse.IsSuccess)
+            {
+                return Json(new { success = false, message = "Failed to delete screenshot" });
+            }
+
+            return Json(new { success = true, message = "Screenshot deleted" });
+        }, nameof(DeleteScreenshot)).ConfigureAwait(false);
+    }
+
     /// <summary>
     /// Creates an admin action record for an RCON operation (kick/ban)
     /// </summary>

src/XtremeIdiots.Portal.Web/Extensions/PolicyExtensions.cs

@@ -44,6 +44,9 @@ public static void AddXtremeIdiotsPolicies(this AuthorizationOptions options)
         options.AddPolicy(AuthPolicies.GameServers_Admin_Rcon_Map, policy => policy.Requirements.Add(new GameServersAdminRconMap()));
         options.AddPolicy(AuthPolicies.GameServers_Admin_Rcon_Say, policy => policy.Requirements.Add(new GameServersAdminRconSay()));
         options.AddPolicy(AuthPolicies.GameServers_Admin_Rcon_Restart, policy => policy.Requirements.Add(new GameServersAdminRconRestart()));
+        options.AddPolicy(AuthPolicies.GameServers_Admin_Rcon_Screenshot, policy => policy.Requirements.Add(new GameServersAdminRconScreenshot()));
+        options.AddPolicy(AuthPolicies.GameServers_Admin_Screenshots_Read, policy => policy.Requirements.Add(new GameServersAdminScreenshotsRead()));
+        options.AddPolicy(AuthPolicies.GameServers_Admin_Screenshots_Delete, policy => policy.Requirements.Add(new GameServersAdminScreenshotsDelete()));
 
         // Chat Log
         options.AddPolicy(AuthPolicies.ChatLog_Read, policy => policy.Requirements.Add(new ChatLogRead()));

src/XtremeIdiots.Portal.Web/ViewModels/ServerDetailViewModel.cs

@@ -20,11 +20,14 @@ public class ServerDetailViewModel
     public bool CanViewMapRotation { get; set; }
     public bool CanViewStatus { get; set; }
     public bool CanEditServer { get; set; }
+    public bool CanViewScreenshots { get; set; }
 
     // Fine-grained RCON action flags — determines which buttons are rendered within the RCON tab
     public bool CanSay { get; set; }
     public bool CanChangeMap { get; set; }
     public bool CanRestartServer { get; set; }
+    public bool CanTakeScreenshot { get; set; }
+    public bool CanDeleteScreenshots { get; set; }
 
     // Overview tab data
     public AgentServerStatus? AgentStatus { get; set; }