Add allocation to role permission models & make sure user can target node of allocation

[Boy132]

No description provided.

[coderabbitai]

📝 Walkthrough

Walkthrough

The changes add support for allocation-related permissions through a new enum case and an authorization policy hook. The AllocationPolicy.before() method intercepts authorization checks to validate server tenancy and node targeting capabilities before standard permission checks.

Changes

Cohort / File(s)	Summary
Enum Extensions app/Enums/RolePermissionModels.php	Added Allocation enum case with value 'allocation' and new delete(): string method for constructing permission keys.
Authorization Policy app/Policies/AllocationPolicy.php	Added before() policy hook that intercepts allocation authorization checks. Early-denies if no tenant server exists and user cannot target the allocation's node, otherwise defers to standard permission checks.

Sequence Diagram

sequenceDiagram
    actor User
    participant AuthSystem as Authorization System
    participant AllocationPolicy
    participant Filament as Filament/Tenant
    participant User_obj as User Model

    User->>AuthSystem: Request allocation action
    AuthSystem->>AllocationPolicy: before(User, ability, Allocation)
    AllocationPolicy->>AllocationPolicy: Check if ability is 'viewAny'<br/>(string check)
    alt viewAny request
        AllocationPolicy-->>AuthSystem: return null (defer)
    else Other ability
        AllocationPolicy->>Filament: getTenant()
        alt No tenant server
            AllocationPolicy->>User_obj: cannotTarget(node)?
            alt Cannot target
                AllocationPolicy-->>AuthSystem: return false (deny)
            else Can target
                AllocationPolicy-->>AuthSystem: return null (defer)
            end
        else Tenant exists
            AllocationPolicy-->>AuthSystem: return null (defer)
        end
    end
    AuthSystem->>AuthSystem: Standard permission checks

Loading

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to evaluate whether the description relates to the changeset.	Add a pull request description that explains the purpose of these changes, the problem being solved, and how the implementation addresses it.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly summarizes the main changes: adding 'allocation' to role permission models and implementing a before policy hook to verify user can target the allocation's node.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@app/Policies/AllocationPolicy.php`:
- Around line 25-40: The PHPMD warning flags the unused $ability parameter in
the before(User $user, string $ability, string|Allocation $allocation) method;
fix it by either explicitly marking it used (add a no-op line like
(void)$ability; as the first statement) or add a PHPMD suppression docblock
above the before method (e.g. `@SuppressWarnings`(PHPMD.UnusedFormalParameter));
update the AllocationPolicy::before method accordingly so static analysis no
longer reports an unused-parameter warning.