@extends('admin.firewallplus.layout', ['fwpTab' => 'servers'])

@section('fwp_title')
    Firewall-Plus: Servers & SMART
@endsection

@section('fwp_subtitle')
    Fleet access, per-server overrides & access list
@endsection

@section('fwp')
@if (session('success'))
    <div class="alert alert-success alert-dismissible">
        <button type="button" class="close" data-dismiss="alert"><span>&times;</span></button>
        {{ session('success') }}
    </div>
@endif
@if (session('error'))
    <div class="alert alert-danger alert-dismissible">
        <button type="button" class="close" data-dismiss="alert"><span>&times;</span></button>
        {{ session('error') }}
    </div>
@endif
@if ($errors->any())
    <div class="alert alert-danger">
        <strong>Could not save:</strong>
        <ul style="margin-bottom:0;">
            @foreach ($errors->all() as $message)<li>{{ $message }}</li>@endforeach
        </ul>
    </div>
@endif

<div class="box box-primary fwp-tabs-box">
    <div class="box-header with-border">
        <ul class="nav nav-tabs fwp-sub-tabs" role="tablist">
            <li class="active">
                <a href="#fwp-srv-global" data-toggle="tab" role="tab">
                    <i class="fa fa-globe"></i> Global Access
                </a>
            </li>
            <li>
                <a href="#fwp-srv-uuid" data-toggle="tab" role="tab">
                    <i class="fa fa-id-card-o"></i> User / Server Access
                </a>
            </li>
            <li>
                <a href="#fwp-srv-list" data-toggle="tab" role="tab">
                    <i class="fa fa-list"></i> Access List
                </a>
            </li>
        </ul>
        <div class="box-tools pull-right">
            <button type="button" class="btn btn-default btn-sm"
                    data-toggle="modal" data-target="#fwp-servers-grants-guide-modal">
                <i class="fa fa-book"></i> Guide
            </button>
        </div>
        <div class="clearfix"></div>
    </div>

    <div class="tab-content">

        
        <div role="tabpanel" class="tab-pane active" id="fwp-srv-global">
            <form method="POST" action="{{ route('admin.firewallplus.servers.fleet') }}">
                @csrf
                <div class="box-body">
                    <p class="fwp-help-text">
                        These settings apply to <strong>every server</strong> on the panel.
                        Individual servers can still be overridden on the <em>User / Server Access</em> tab.
                    </p>
                    <div class="row">
                        <div class="col-md-4 form-group">
                            <label>
                                SMART fleet default
                                <i class="fa fa-info-circle text-muted" style="cursor:pointer;"
                                   data-toggle="tooltip" data-placement="top"
                                   title="Grant SMART to all servers automatically, or require it to be enabled per-server. Most setups use 'Don't auto-grant' and enable it server by server."></i>
                            </label>
                            <select name="grant_all_smart" class="form-control">
                                <option value="1" {{ ($fleet['grant_all_smart'] ?? false) ? 'selected' : '' }}>Grant all servers</option>
                                <option value="0" {{ !($fleet['grant_all_smart'] ?? false) ? 'selected' : '' }}>Don't auto-grant</option>
                            </select>
                            <p class="help-block">Auto-grant marks every new and existing server as SMART-allowed.</p>
                        </div>
                        <div class="col-md-4 form-group">
                            <label>
                                Firewall fleet access
                                <i class="fa fa-info-circle text-muted" style="cursor:pointer;"
                                   data-toggle="tooltip" data-placement="top"
                                   title="Disabling this flushes all managed FWP chains on all nodes and blocks client firewall API calls until re-enabled. Use 'Disable & revoke all' to also wipe every per-server/user grant."></i>
                            </label>
                            <select name="grant_all_firewall" id="grant_all_firewall" class="form-control">
                                <option value="1" {{ ($fleet['grant_all_firewall'] ?? true) ? 'selected' : '' }}>Enabled (recommended)</option>
                                <option value="0" {{ !($fleet['grant_all_firewall'] ?? true) ? 'selected' : '' }}>Disabled (flush &amp; block)</option>
                                <option value="revoke_all">Disable &amp; revoke all individual grants</option>
                            </select>
                            <p id="fwp-revoke-all-warning" class="help-block text-danger" style="display:none;">
                                <i class="fa fa-exclamation-triangle"></i>
                                This deletes <strong>all</strong> per-server/user grants immediately. Cannot be undone.
                            </p>
                        </div>
                        <div class="col-md-4 form-group">
                            <label>
                                Firewall tab visibility
                                <i class="fa fa-info-circle text-muted" style="cursor:pointer;"
                                   data-toggle="tooltip" data-placement="top"
                                   title="When hidden, users without a grant simply won't see the Firewall tab on their server. Users/servers with an explicit grant always see it regardless."></i>
                            </label>
                            <select name="hide_tab_if_not_granted" class="form-control">
                                <option value="0" {{ !($fleet['hide_tab_if_not_granted'] ?? false) ? 'selected' : '' }}>Show tab to all users</option>
                                <option value="1" {{ ($fleet['hide_tab_if_not_granted'] ?? false) ? 'selected' : '' }}>Hide tab when not granted</option>
                            </select>
                            <p class="help-block">Hiding the tab does not affect access - only visibility.</p>
                        </div>
                    </div>
                </div>
                <div class="box-body" style="padding-top:0;">
                    <button type="submit" class="btn btn-warning">
                        <i class="fa fa-save"></i> Save fleet settings
                    </button>
                </div>
            </form>
        </div>

        
        <div role="tabpanel" class="tab-pane" id="fwp-srv-uuid">
            <div class="box-body" style="padding-bottom:8px;">
                <p class="fwp-help-text" style="margin-bottom:0;">
                    Grant or deny Firewall-Plus and SMART access to a specific server or user.
                    Use the server's UUID (found on the server's admin page) for server overrides.
                    Use the numeric user ID (visible in Admin &rarr; Users) for user overrides.
                    User overrides take priority over server overrides.
                </p>
            </div>

            <div class="box-body" style="padding-top:0;">
                <div class="row" style="margin:0 -8px;">

                    {{-- Server UUID grant --}}
                    <div class="col-md-6" style="padding:0 8px;">
                        <div style="background:rgba(255,255,255,0.03);border:1px solid rgba(255,255,255,0.09);border-radius:4px;padding:16px 18px;">
                            <h4 style="margin:0 0 14px;font-size:13px;font-weight:700;color:#ccc;text-transform:uppercase;letter-spacing:.5px;">
                                <i class="fa fa-server" style="margin-right:6px;"></i> Server UUID grant
                            </h4>
                            <form method="POST" action="{{ route('admin.firewallplus.servers.grants.server') }}">
                                @csrf
                                <div class="form-group" style="margin-bottom:10px;">
                                    <label style="font-size:12px;font-weight:600;color:#aaa;">Server UUID</label>
                                    <input type="text" name="server_uuid" class="form-control input-sm"
                                           value="{{ old('server_uuid') }}"
                                           placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" required>
                                    <span class="help-block" style="font-size:11px;">Found on the server admin page under About.</span>
                                </div>
                                <div class="row" style="margin:0 -6px;">
                                    <div class="col-xs-6" style="padding:0 6px;">
                                        <div class="form-group" style="margin-bottom:10px;">
                                            <label style="font-size:12px;font-weight:600;color:#aaa;">SMART</label>
                                            <select name="smart_allowed" class="form-control input-sm">
                                                <option value="1" selected>Grant</option>
                                                <option value="0">Deny</option>
                                            </select>
                                        </div>
                                    </div>
                                    <div class="col-xs-6" style="padding:0 6px;">
                                        <div class="form-group" style="margin-bottom:10px;">
                                            <label style="font-size:12px;font-weight:600;color:#aaa;">Firewall</label>
                                            <select name="firewall_allowed" class="form-control input-sm">
                                                <option value="1" selected>Grant</option>
                                                <option value="0">Deny</option>
                                            </select>
                                        </div>
                                    </div>
                                </div>
                                <button type="submit" class="btn btn-primary btn-sm" style="width:100%;">
                                    <i class="fa fa-save"></i> Save server grant
                                </button>
                            </form>
                        </div>
                    </div>

                    {{-- User ID grant --}}
                    <div class="col-md-6" style="padding:0 8px;margin-top:0;" id="fwp-user-grant-col">
                        <div style="background:rgba(255,255,255,0.03);border:1px solid rgba(255,255,255,0.09);border-radius:4px;padding:16px 18px;">
                            <h4 style="margin:0 0 14px;font-size:13px;font-weight:700;color:#ccc;text-transform:uppercase;letter-spacing:.5px;">
                                <i class="fa fa-user-o" style="margin-right:6px;"></i> User ID grant
                            </h4>
                            <form method="POST" action="{{ route('admin.firewallplus.servers.grants.user') }}">
                                @csrf
                                <div class="form-group" style="margin-bottom:10px;">
                                    <label style="font-size:12px;font-weight:600;color:#aaa;">User ID</label>
                                    <input type="number" name="user_id" class="form-control input-sm"
                                           value="{{ old('user_id') }}"
                                           placeholder="e.g. 42" min="1" required>
                                    <span class="help-block" style="font-size:11px;">Numeric ID from Admin &rarr; Users.</span>
                                </div>
                                <div class="row" style="margin:0 -6px;">
                                    <div class="col-xs-6" style="padding:0 6px;">
                                        <div class="form-group" style="margin-bottom:10px;">
                                            <label style="font-size:12px;font-weight:600;color:#aaa;">SMART</label>
                                            <select name="smart_allowed" class="form-control input-sm">
                                                <option value="1" selected>Grant</option>
                                                <option value="0">Deny</option>
                                            </select>
                                        </div>
                                    </div>
                                    <div class="col-xs-6" style="padding:0 6px;">
                                        <div class="form-group" style="margin-bottom:10px;">
                                            <label style="font-size:12px;font-weight:600;color:#aaa;">Firewall</label>
                                            <select name="firewall_allowed" class="form-control input-sm">
                                                <option value="1" selected>Grant</option>
                                                <option value="0">Deny</option>
                                            </select>
                                        </div>
                                    </div>
                                </div>
                                <button type="submit" class="btn btn-primary btn-sm" style="width:100%;">
                                    <i class="fa fa-save"></i> Save user grant
                                </button>
                            </form>
                        </div>
                    </div>

                </div>{{-- /row --}}
            </div>
        </div>

        
        <div role="tabpanel" class="tab-pane" id="fwp-srv-list">
            {{-- Filter + sub-tabs header --}}
            <div class="box-body" style="border-bottom:1px solid rgba(255,255,255,0.08);padding-bottom:0;">
                <div style="display:flex;align-items:flex-end;justify-content:space-between;flex-wrap:wrap;gap:8px;">
                    <ul class="nav nav-tabs fwp-sub-tabs" style="border-bottom:none;margin-bottom:0;" role="tablist">
                        <li class="active">
                            <a href="#fwp-list-profiles" data-toggle="tab" role="tab">
                                <i class="fa fa-server"></i> Server profiles
                            </a>
                        </li>
                        <li>
                            <a href="#fwp-list-grants" data-toggle="tab" role="tab">
                                <i class="fa fa-users"></i> Access grants
                            </a>
                        </li>
                    </ul>
                    <form method="GET" action="{{ route('admin.firewallplus.servers') }}" class="form-inline" style="margin-bottom:8px;">
                        <div class="input-group input-group-sm">
                            <input type="number" name="server_id" class="form-control"
                                   placeholder="Filter by server ID" value="{{ $filter_server_id ?? '' }}" style="width:160px;">
                            <span class="input-group-btn">
                                <button type="submit" class="btn btn-default btn-sm"><i class="fa fa-filter"></i></button>
                                @if (!empty($filter_server_id))
                                    <a href="{{ route('admin.firewallplus.servers') }}" class="btn btn-default btn-sm"><i class="fa fa-times"></i></a>
                                @endif
                            </span>
                        </div>
                    </form>
                </div>
            </div>

            <div class="tab-content">
                {{-- Server profiles --}}
                <div role="tabpanel" class="tab-pane active" id="fwp-list-profiles">
                    <div class="box-body table-responsive no-padding" style="overflow-x:hidden;">
                        <table class="table table-striped table-hover table-condensed fwp-admin-table">
                            <thead>
                                <tr>
                                    <th>Server</th>
                                    <th>SMART (profile)</th>
                                    <th>SMART (effective)</th>
                                    <th>Firewall (profile)</th>
                                    <th>Firewall (effective)</th>
                                    <th>Sync</th>
                                    <th>Actions</th>
                                </tr>
                            </thead>
                            <tbody>
                                @forelse ($profiles as $profile)
                                    @php($server = $profile->server ?? $servers->get($profile->server_id))
                                    @php($ex = $profile_extras[$profile->server_id] ?? ['smart_eff' => false, 'fw_eff' => false])
                                    <tr>
                                        <td>
                                            @if ($server)
                                                <strong>{{ $server->name }}</strong>
                                                <small class="text-muted">#{{ $server->id }}</small>
                                                @if (!empty($server->uuid))
                                                    <br><small class="text-muted"><code style="font-size:10px;">{{ $server->uuid }}</code></small>
                                                @endif
                                            @else
                                                <span class="text-muted">Server #{{ $profile->server_id }}</span>
                                            @endif
                                        </td>
                                        <td>{!! $profile->smart_mode_allowed ? '<span class="label label-success">Allowed</span>' : '<span class="label label-default">Denied</span>' !!}</td>
                                        <td>{!! $ex['smart_eff'] ? '<span class="label label-info">Yes</span>' : '<span class="label label-default">No</span>' !!}</td>
                                        <td>{!! ($profile->admin_firewall_allowed ?? true) ? '<span class="label label-success">Allowed</span>' : '<span class="label label-warning">Revoked</span>' !!}</td>
                                        <td>{!! $ex['fw_eff'] ? '<span class="label label-info">Yes</span>' : '<span class="label label-default">No</span>' !!}</td>
                                        <td><code>{{ $profile->sync_state }}</code></td>
                                        <td>
                                            <div style="display:flex;flex-wrap:wrap;gap:4px;">
                                                <form method="POST" action="{{ route('admin.firewallplus.servers.smart') }}" style="display:inline;">
                                                    @csrf
                                                    <input type="hidden" name="server_id" value="{{ $profile->server_id }}">
                                                    <input type="hidden" name="smart_mode_allowed" value="{{ $profile->smart_mode_allowed ? '0' : '1' }}">
                                                    <button type="submit" class="btn btn-xs btn-{{ $profile->smart_mode_allowed ? 'warning' : 'success' }}">
                                                        SMART {{ $profile->smart_mode_allowed ? 'Revoke' : 'Grant' }}
                                                    </button>
                                                </form>
                                                <form method="POST" action="{{ route('admin.firewallplus.servers.firewall') }}" style="display:inline;">
                                                    @csrf
                                                    <input type="hidden" name="server_id" value="{{ $profile->server_id }}">
                                                    <input type="hidden" name="admin_firewall_allowed" value="{{ ($profile->admin_firewall_allowed ?? true) ? '0' : '1' }}">
                                                    <button type="submit"
                                                            class="btn btn-xs btn-{{ ($profile->admin_firewall_allowed ?? true) ? 'warning' : 'success' }}"
                                                            onclick="return confirm('{{ ($profile->admin_firewall_allowed ?? true) ? 'Revoke firewall? Rules will be flushed from the node.' : 'Grant firewall access for this server?' }}');">
                                                        FW {{ ($profile->admin_firewall_allowed ?? true) ? 'Revoke' : 'Grant' }}
                                                    </button>
                                                </form>
                                            </div>
                                        </td>
                                    </tr>
                                @empty
                                    <tr><td colspan="7" class="text-center text-muted">No firewall profiles match these filters.</td></tr>
                                @endforelse
                            </tbody>
                        </table>
                    </div>
                    <div class="box-footer text-center">
                        {{ $profiles->links() }}
                    </div>
                </div>

                {{-- UUID grants --}}
                <div role="tabpanel" class="tab-pane" id="fwp-list-grants">
                    <div class="box-body" style="padding-bottom:4px;">
                        <h4 style="margin:0 0 4px;"><i class="fa fa-user-o"></i> User ID grants</h4>
                    </div>
                    <div class="box-body table-responsive no-padding" style="overflow-x:hidden;">
                        <table class="table table-striped table-condensed fwp-admin-table">
                            <thead>
                                <tr>
                                    <th>User</th>
                                    <th>UUID</th>
                                    <th>SMART</th>
                                    <th>Firewall</th>
                                    <th style="width:90px;"></th>
                                </tr>
                            </thead>
                            <tbody>
                                @forelse ($user_grants as $g)
                                    @php($u = $users_by_uuid->get($g->subject_uuid))
                                    <tr>
                                        <td>
                                            @if ($u)<strong>{{ $u->username }}</strong> <small class="text-muted">#{{ $u->id }}</small>
                                            @else<span class="text-muted">(unknown user)</span>@endif
                                        </td>
                                        <td><code style="font-size:11px;">{{ $g->subject_uuid }}</code></td>
                                        <td>{!! $g->smart_allowed ? '<span class="label label-success">Grant</span>' : '<span class="label label-danger">Deny</span>' !!}</td>
                                        <td>{!! $g->firewall_allowed ? '<span class="label label-success">Grant</span>' : '<span class="label label-danger">Deny</span>' !!}</td>
                                        <td>
                                            <form method="POST" action="{{ route('admin.firewallplus.servers.grants.delete') }}"
                                                  style="display:inline;" onsubmit="return confirm('Remove this UUID override?');">
                                                @csrf
                                                <input type="hidden" name="subject_type" value="user">
                                                <input type="hidden" name="subject_uuid" value="{{ $g->subject_uuid }}">
                                                <button type="submit" class="btn btn-xs btn-danger">Remove</button>
                                            </form>
                                        </td>
                                    </tr>
                                @empty
                                    <tr><td colspan="5" class="text-center text-muted">No user ID grants.</td></tr>
                                @endforelse
                            </tbody>
                        </table>
                    </div>

                    <div class="box-body" style="padding-top:16px;padding-bottom:4px;border-top:1px solid rgba(255,255,255,0.06);">
                        <h4 style="margin:0 0 4px;"><i class="fa fa-server"></i> Server UUID grants</h4>
                    </div>
                    <div class="box-body table-responsive no-padding" style="overflow-x:hidden;">
                        <table class="table table-striped table-condensed fwp-admin-table">
                            <thead>
                                <tr>
                                    <th>Server</th>
                                    <th>UUID</th>
                                    <th>SMART</th>
                                    <th>Firewall</th>
                                    <th style="width:90px;"></th>
                                </tr>
                            </thead>
                            <tbody>
                                @forelse ($server_grants as $g)
                                    @php($sv = $servers_by_grant_uuid->get($g->subject_uuid))
                                    <tr>
                                        <td>
                                            @if ($sv)<strong>{{ $sv->name }}</strong> <small class="text-muted">#{{ $sv->id }}</small>
                                            @else<span class="text-muted">(unknown server)</span>@endif
                                        </td>
                                        <td><code style="font-size:11px;">{{ $g->subject_uuid }}</code></td>
                                        <td>{!! $g->smart_allowed ? '<span class="label label-success">Grant</span>' : '<span class="label label-danger">Deny</span>' !!}</td>
                                        <td>{!! $g->firewall_allowed ? '<span class="label label-success">Grant</span>' : '<span class="label label-danger">Deny</span>' !!}</td>
                                        <td>
                                            <form method="POST" action="{{ route('admin.firewallplus.servers.grants.delete') }}"
                                                  style="display:inline;" onsubmit="return confirm('Remove this UUID override?');">
                                                @csrf
                                                <input type="hidden" name="subject_type" value="server">
                                                <input type="hidden" name="subject_uuid" value="{{ $g->subject_uuid }}">
                                                <button type="submit" class="btn btn-xs btn-danger">Remove</button>
                                            </form>
                                        </td>
                                    </tr>
                                @empty
                                    <tr><td colspan="5" class="text-center text-muted">No server UUID grants.</td></tr>
                                @endforelse
                            </tbody>
                        </table>
                    </div>
                </div>
            </div>
        </div>

    </div>{{-- /outer tab-content --}}
</div>{{-- /box --}}

{{-- Guide modal --}}
<div class="modal fade fwp-modal" id="fwp-servers-grants-guide-modal" tabindex="-1" role="dialog">
    <div class="modal-dialog modal-lg" role="document">
        <div class="modal-content">
            <div class="modal-header">
                <button type="button" class="close" data-dismiss="modal"><span>&times;</span></button>
                <h4 class="modal-title">Servers &amp; SMART: administrator guide</h4>
            </div>
            <div class="modal-body">
                <h4><i class="fa fa-globe"></i> Global Access</h4>
                <p><strong>SMART fleet default:</strong> Set to "Grant all servers" to automatically SMART-allow every server, new and existing. Use "Don't auto-grant" to manage SMART on a per-server basis from the Access List tab.</p>
                <p><strong>Firewall fleet access:</strong> Should normally stay Enabled. Disabling it flushes all managed iptables chains from every online node and blocks client API calls until you re-enable. "Disable &amp; revoke all" does this and also deletes every per-server and per-user grant. This cannot be undone.</p>
                <p><strong>Hide tab when not granted:</strong> Removes the Firewall tab from servers and users without a grant. Users and servers with an explicit grant still see it regardless.</p>
                <h4 style="margin-top:16px;"><i class="fa fa-id-card-o"></i> User / Server Access</h4>
                <p>Add a grant to give or deny SMART and Firewall access for a specific server or user, overriding fleet defaults. User overrides take priority over server overrides. Use the server's UUID from its admin page for server grants, and the numeric user ID from Admin > Users for user grants.</p>
                <h4 style="margin-top:16px;"><i class="fa fa-list"></i> Access List</h4>
                <p><strong>Server profiles:</strong> Live access state for every server. The profile columns show stored values; the effective columns show the final resolved state after overrides. Use the action buttons to grant or revoke on a per-server basis.</p>
                <p><strong>Access grants:</strong> All active per-user and per-server overrides. Remove any that are no longer needed.</p>
            </div>
            <div class="modal-footer">
                <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
            </div>
        </div>
    </div>
</div>

<script>
(function () {
    if (window.jQuery) jQuery('[data-toggle="tooltip"]').tooltip({ container: 'body' });

    var sel = document.getElementById('grant_all_firewall');
    var warn = document.getElementById('fwp-revoke-all-warning');
    if (sel && warn) {
        sel.addEventListener('change', function () {
            warn.style.display = sel.value === 'revoke_all' ? '' : 'none';
        });
    }

    var h = window.location.hash;
    var tabs = { '#fwp-srv-global': true, '#fwp-srv-uuid': true, '#fwp-srv-list': true };
    if (h && tabs[h] && window.jQuery) jQuery('a[href="' + h + '"]').tab('show');
})();
</script>
@endsection