Add user() helper

[rmartinoscar]

Supersedes #979

[coderabbitai]

📝 Walkthrough

Walkthrough

Replaces uses of auth()->user() with a new global user() helper across the codebase, switching many permission, visibility, timezone/language, and query-scoping calls to user() / user()?->. Adds user() in app/helpers.php. No public APIs or method signatures changed.

Changes

Cohort / File(s)	Summary
Helper Introduction app/helpers.php	Adds global user(): ?User helper and updates format_number to use user()->language.
Feature Schemas app/Extensions/Features/Schemas/*	Replace auth()->user() with user()/user()?-> in disabled/visibility/admin checks and Blade closures.
Filament Admin — Pages & Resources app/Filament/Admin/Pages/*, app/Filament/Admin/Resources/...	Swap auth()->user() → user()/user()?-> across access checks, defaults, relationship filters, navigation group lookups, replicate metadata, and action/table authorizations.
Filament Server & App — Pages/Widgets/Resources app/Filament/Server/**, app/Filament/App/Resources/Servers/Pages/*, app/Filament/Server/Widgets/*	Use user() for permissions, abort checks, token contexts, timezone/language for charts, base queries, and action visibility/disabled states.
Filament Components & Columns app/Filament/Components/Actions/*, app/Filament/Components/Tables/Columns/DateTimeColumn.php	Authorization and timezone resolution updated to user()/user()?->; minor notification/catch references adjusted.
Providers app/Providers/Filament/*PanelProvider.php, app/Providers/Filament/PanelProvider.php, app/Providers/Filament/ServerPanelProvider.php	Panel visibility, top-navigation/customization, and MFA checks now use user()/user()?->.
Services app/Services/Subusers/SubuserCreationService.php, app/Services/Subusers/SubuserUpdateService.php	Permission filtering uses user()/user()?-> when evaluating permissions.
Views & Blade Components resources/views/errors/500.blade.php, resources/views/filament/components/server-console.blade.php	Blade props and customization lookups switch to user()/user()?-> for admin checks and console preferences.
Miscellaneous App Areas app/Filament/Pages/Auth/EditProfile.php, app/Filament/Server/Pages/{Console,Settings,Startup}.php, app/Filament/Admin/Resources/Nodes/**, app/Filament/Server/Resources/**, app/Filament/App/Resources/..., etc.	Numerous replacements of auth()->user() with user()/user()?-> across forms, actions, callbacks, widgets, resource methods, and token generation to introduce null-safety and centralize user access.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  actor U as User
  participant UI as Filament UI / Blade
  participant H as user() helper
  participant P as Policies / Auth
  participant S as Service / DB

  U->>UI: Request page or trigger action
  UI->>H: call user()
  H-->>UI: returns User instance or null
  UI->>P: evaluate can(permission, subject) with user()
  P-->>UI: allowed / denied
  alt allowed
    UI->>S: perform operation using user() context
    S-->>UI: operation result
    UI-->>U: render success / data
  else denied
    UI-->>U: hide/disable UI or return 403
  end

Loading

Pre-merge checks

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The description “Supersedes #979” does not explain the changes made in the pull request and only references another issue, offering no information about the new helper or its usage.	Please provide a descriptive summary of the changes introduced, including details about the new user() helper function, how it replaces auth()->user(), and its impact across the codebase.
Docstring Coverage	⚠️ Warning	Docstring coverage is 30.61% which is insufficient. The required threshold is 80.00%.	You can run `@coderabbitai generate docstrings` to improve docstring coverage.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “Add `user()` helper” directly and concisely summarizes the primary change introduced by the pull request, namely the addition of the global user() helper and its adoption throughout the codebase.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e03bf6c and 0fe52c9.

📒 Files selected for processing (17)

• app/Extensions/Features/Schemas/GSLTokenSchema.php (1 hunks)
• app/Extensions/Features/Schemas/JavaVersionSchema.php (1 hunks)
• app/Filament/Admin/Pages/Settings.php (6 hunks)
• app/Filament/Admin/Resources/Servers/Pages/CreateServer.php (5 hunks)
• app/Filament/Admin/Resources/Servers/Pages/ListServers.php (2 hunks)
• app/Filament/Admin/Resources/Users/RelationManagers/ServersRelationManager.php (1 hunks)
• app/Filament/Server/Pages/Settings.php (6 hunks)
• app/Filament/Server/Pages/Startup.php (3 hunks)
• app/Filament/Server/Resources/Activities/ActivityResource.php (4 hunks)
• app/Filament/Server/Resources/Allocations/AllocationResource.php (4 hunks)
• app/Filament/Server/Resources/Backups/BackupResource.php (7 hunks)
• app/Filament/Server/Resources/Databases/DatabaseResource.php (3 hunks)
• app/Filament/Server/Resources/Files/Pages/DownloadFiles.php (2 hunks)
• app/Filament/Server/Resources/Files/Pages/EditFiles.php (3 hunks)
• app/Filament/Server/Resources/Files/Pages/ListFiles.php (14 hunks)
• app/Filament/Server/Resources/Schedules/ScheduleResource.php (2 hunks)
• app/helpers.php (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (6)

• app/Filament/Admin/Pages/Settings.php
• app/Filament/Admin/Resources/Servers/Pages/ListServers.php
• app/Filament/Server/Pages/Settings.php
• app/Filament/Server/Resources/Files/Pages/ListFiles.php
• app/Filament/Server/Resources/Activities/ActivityResource.php
• app/Filament/Admin/Resources/Users/RelationManagers/ServersRelationManager.php

🧰 Additional context used

🧬 Code graph analysis (11)

app/Filament/Admin/Resources/Servers/Pages/CreateServer.php (2)

app/helpers.php (1)

• user (127-130)

app/Models/User.php (2)

• accessibleNodes (294-308)
• User (95-493)

app/helpers.php (1)

app/Models/User.php (1)

• User (95-493)

app/Filament/Server/Resources/Backups/BackupResource.php (3)

app/helpers.php (1)

• user (127-130)

app/Models/Permission.php (1)

• Permission (11-221)

app/Services/Backups/DownloadLinkService.php (1)

• DownloadLinkService (12-61)

app/Extensions/Features/Schemas/GSLTokenSchema.php (3)

app/helpers.php (1)

• user (127-130)

app/Models/User.php (1)

• can (358-371)

app/Models/Permission.php (1)

• Permission (11-221)

app/Filament/Server/Resources/Files/Pages/DownloadFiles.php (2)

app/Services/Nodes/NodeJWTService.php (1)

• setUser (43-48)

app/helpers.php (1)

• user (127-130)

app/Filament/Server/Pages/Startup.php (5)

app/helpers.php (1)

• user (127-130)

app/Models/User.php (1)

• can (358-371)

app/Models/Permission.php (1)

• Permission (11-221)

app/Filament/Admin/Pages/Settings.php (1)

• canAccess (83-86)

app/Filament/Admin/Pages/Health.php (1)

• canAccess (40-43)

app/Extensions/Features/Schemas/JavaVersionSchema.php (3)

app/helpers.php (1)

• user (127-130)

app/Models/User.php (1)

• can (358-371)

app/Models/Permission.php (1)

• Permission (11-221)

app/Filament/Server/Resources/Files/Pages/EditFiles.php (1)

app/helpers.php (1)

• user (127-130)

app/Filament/Server/Resources/Allocations/AllocationResource.php (2)

app/helpers.php (1)

• user (127-130)

app/Models/Permission.php (1)

• Permission (11-221)

app/Filament/Server/Resources/Databases/DatabaseResource.php (3)

app/helpers.php (1)

• user (127-130)

app/Filament/Components/Actions/RotateDatabasePasswordAction.php (1)

• RotateDatabasePasswordAction (14-67)

app/Filament/Server/Resources/Allocations/AllocationResource.php (1)

• canCreate (124-127)

app/Filament/Server/Resources/Schedules/ScheduleResource.php (3)

app/helpers.php (1)

• user (127-130)

app/Models/Permission.php (1)

• Permission (11-221)

app/Helpers/Utilities.php (2)

• Utilities (11-58)
• getScheduleNextRunDate (41-46)

🪛 PHPMD (2.15.0)

app/Filament/Server/Resources/Backups/BackupResource.php

309-309: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

app/Filament/Server/Resources/Allocations/AllocationResource.php

129-129: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

---

134-134: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

app/Filament/Server/Resources/Databases/DatabaseResource.php

216-216: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

---

226-226: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

---

231-231: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

app/Filament/Server/Resources/Schedules/ScheduleResource.php

77-77: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

---

82-82: Avoid unused parameters such as '$record'. (undefined)

(UnusedFormalParameter)

🔇 Additional comments (10)

app/Filament/Server/Pages/Startup.php (1)

132-132: LGTM! Null-safe operator correctly applied.

The change from auth()->user()->can(...) to user()?->can(...) is correct and consistent with similar access checks in Settings.php and Health.php. When user() returns null, the expression safely evaluates to a falsy value, correctly denying access to unauthenticated users.

app/Filament/Server/Resources/Databases/DatabaseResource.php (4)

91-91: LGTM!

The null-safe operator usage is correct for the password field visibility check. The permission guard ensures proper access control for viewing database passwords.

---

92-95: LGTM!

The authorization check for the password rotation action correctly uses the null-safe operator. This ensures the action is only available to users with update permissions.

---

106-106: LGTM!

The JDBC field visibility check correctly uses the null-safe operator with the same permission guard as the password field.

---

211-234: LGTM!

All authorization methods correctly use the null-safe user() helper with appropriate permission checks. The static analysis warnings about unused $record parameters are false positives—these parameters are required by Filament's authorization interface contract.

app/Filament/Admin/Resources/Servers/Pages/CreateServer.php (5)

118-124: LGTM!

The default node selection correctly uses the null-safe operator to fetch the user's latest accessible node. The null-safe chaining ensures graceful handling when no authenticated user is present.

---

144-144: LGTM!

The default owner value correctly uses the null-safe operator, addressing the previous review feedback about consistency with other lines in this file.

---

154-154: LGTM!

The authorization check for the user creation option correctly uses the null-safe operator with an appropriate permission guard.

---

215-215: LGTM!

The authorization check for the allocation creation option correctly uses the null-safe operator, properly passing the node instance for permission verification.

---

131-131: Null-safety confirmed: Filament requires authenticated users The null-safe operator is redundant here since user() always returns the current user in Filament, and the pattern is intentionally consistent across resources.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}