Fix view all

[frankiejol]

Allows user see the view button when has been granted view_all permission.

fixes #2296

[Copilot]

Pull request overview

Fixes the “View” button visibility for users granted the view_all permission in the admin machines list (issue #2296).

Changes:

• Update frontend machine action initialization so view_all users get can_view on machines they don’t own.
• Add/extend grant tests to cover view_all behavior in both unit-style and Mojo (HTTP) scenarios.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.

File	Description
lib/Ravada/Front.pm	Include can_view_all in can_view computation so admin machines UI can show the View button.
t/user/20_grants.t	Adds assertions around list_machines() action flags for a view_all user.
t/mojo/30_grants.t	Adds an integration test ensuring /machine/view/:id.html returns 200 when view_all is granted.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This test dereferences $found without first asserting it exists. If the machine list doesn't include the domain for any reason, the failure will be a confusing undef deref rather than a clear assertion. Add an ok($found, ...) (or similar) before checking the can_* fields.

Suggested change

	is($found->{can_start},0);
	is($found->{can_view},1);
	is($found->{can_shutdown},0);
	is($found->{can_hibernate},0);
	is($found->{can_manage},0);
	ok($found, "Found domain " . $domain->name . " in machine list");
	if ($found) {
	is($found->{can_start},0);
	is($found->{can_view},1);
	is($found->{can_shutdown},0);
	is($found->{can_hibernate},0);
	is($found->{can_manage},0);
	}

[Copilot]

test_view_all creates a clone via Ravada::Request->create_domain but never waits for the request to complete or checks $req->status/$req->error. Polling $base->clones() with sleep can make the test slow/flaky on failure. Prefer wait_request() (or opening the request by id and waiting) and asserting success before proceeding.

Suggested change

	my $clone;
	for ( 1 .. 60 ) {
	($clone) = grep { $_->{name} eq $name } $base->clones();
	last if $clone;
	sleep 1;
	}
	wait_request();
	my $request = Ravada::Request->open($req->id);
	is($request->status, 'done');
	is($request->error, '');
	my ($clone) = grep { $_->{name} eq $name } $base->clones();

[Copilot]

test_view_all creates additional resources ($user2 and the clone domain) but doesn't remove them. Other tests in this file clean up created clones/users; leaving these behind can bloat the DB and cause cross-test interference. Remove the created clone (and $user2) at the end of the test.

Suggested change

	my $domain = Ravada::Domain->open($clone->{id});
	$domain->remove if $domain;
	$user2->remove();

[Copilot]

can_start is asserted as 0 for a user with view_all, but view_all already grants start capability (e.g., can_start_machine returns true for can_view_all, and start requests in this same test succeed). Keeping can_start at 0 makes the UI state inconsistent with actual permissions (Start button stays hidden while start is allowed). Either update _init_available_actions to set can_start when can_view_all is true, or change/remove this assertion to match the intended semantics of view_all.

Suggested change

	is($found->{can_start},0);
	is($found->{can_start},1);