new file: CHANGELOG.md

modified:   README.md
	modified:   support-provisioning-portal/assets/portal.css
	modified:   support-provisioning-portal/assets/portal.js
	modified:   support-provisioning-portal/includes/class-spp-activator.php
	modified:   support-provisioning-portal/includes/class-spp-admin-page.php
	modified:   support-provisioning-portal/includes/class-spp-http-proxmox-client.php
	modified:   support-provisioning-portal/includes/class-spp-mock-proxmox-client.php
	new file:   support-provisioning-portal/includes/class-spp-permissions.php
	modified:   support-provisioning-portal/includes/class-spp-plugin.php
	modified:   support-provisioning-portal/includes/class-spp-repository.php
	modified:   support-provisioning-portal/includes/class-spp-rest-controller.php
	modified:   support-provisioning-portal/includes/class-spp-shortcode.php
	modified:   support-provisioning-portal/includes/interface-spp-proxmox-client.php
	modified:   support-provisioning-portal/support-provisioning-portal.php

README.md

@@ -13,6 +13,7 @@ The application runs as a WordPress plugin and exposes both:
 - Custom database tables:
   - `wp_spp_templates`
   - `wp_spp_deployments`
+  - `wp_spp_deployment_shares`
   - `wp_spp_audit_logs`
 - Seed data for 3 approved templates
 - WordPress REST API endpoints:
@@ -25,6 +26,9 @@ The application runs as a WordPress plugin and exposes both:
   - `POST /wp-json/support-provisioning/v1/deployments/:id/stop`
   - `POST /wp-json/support-provisioning/v1/deployments/:id/prolong`
   - `POST /wp-json/support-provisioning/v1/deployments/:id/refresh-ips`
+  - `GET /wp-json/support-provisioning/v1/deployments/:id/shares`
+  - `POST /wp-json/support-provisioning/v1/deployments/:id/shares`
+  - `DELETE /wp-json/support-provisioning/v1/deployments/:id/shares/:user_id`
   - `DELETE /wp-json/support-provisioning/v1/deployments/:id`
 - Mock Proxmox adapter for local/no-cluster use
 - HTTP token-auth Proxmox adapter behind the same interface
@@ -34,6 +38,10 @@ The application runs as a WordPress plugin and exposes both:
 - IP address display for deployments when available from the mock adapter or Proxmox guest agent
 - Manual IP refresh action for deployments
 - Non-destructive expiration: expired VMs are stopped and locked, not deleted
+- Plugin-owned per-user rights for portal access, lifecycle actions, settings, and user-rights management
+- Admin-panel user rights management for WordPress and SSO-created users
+- Admin-panel template management for importing QEMU templates from the configured Proxmox node
+- Owner/private deployment visibility with explicit per-deployment sharing
 - Minimal admin/frontend UI for:
   - deployment dashboard
   - templates
@@ -63,10 +71,36 @@ The application runs as a WordPress plugin and exposes both:
 
 ## Permissions
 
-- Logged-in users with `read` can view templates and deployments.
-- Logged-in users with `edit_posts` can create, start, stop, and delete deployments.
+- The plugin uses its own per-user rights stored in user metadata, not WordPress roles.
+- SSO users from external identity providers can be granted access after their first WordPress sign-in creates or maps their WordPress user.
+- Available plugin rights:
+  - Open portal and view deployments
+  - Create deployments
+  - Start deployments
+  - Stop deployments
+  - Prolong deployments
+  - Refresh IP addresses
+  - Delete deployments
+  - View and manage all deployments
+  - Manage templates
+  - Manage Proxmox settings and quotas
+  - Manage user rights
+- Until the first user is granted **Manage user rights**, WordPress users with `manage_options` have bootstrap access so the first plugin rights manager can be assigned.
+- After that bootstrap, portal and lifecycle access are controlled by the plugin rights on each user.
 - WordPress REST nonces are required for UI mutations.
 
+## Deployment Visibility And Sharing
+
+Deployments are private by default:
+
+- Regular portal users see deployments they created.
+- Users can also see deployments explicitly shared with them.
+- Users with **View and manage all deployments** can see and operate on all deployments.
+
+The deployment owner, or a user with **View and manage all deployments**, can share a deployment from its detail view by entering another user's WordPress login or email address. The target user must already have **Open portal and view deployments**.
+
+Shared users can use lifecycle actions only when they also have the matching plugin right, such as **Start deployments** or **Stop deployments**. Shared users cannot delete someone else's deployment unless they also have **View and manage all deployments**.
+
 ## Expiration And Contingents
 
 Deployment creation supports either a TTL in hours or **Never expire**.
@@ -80,14 +114,14 @@ When a deployment reaches its TTL:
 - The user can either prolong the TTL or delete the deployment.
 - Deleted deployments are hidden from the active deployment list, but audit rows remain.
 
-RAM contingents are configured from **Support Provisioning > Proxmox Settings**:
+RAM contingents are configured from the **Proxmox Settings** section on the **Support Provisioning** admin page:
 
 - Default per-user RAM limit (MB)
 - Global RAM limit (MB)
 
 Set either value to `0` for unlimited. Active allocations include deployments in `PROVISIONING`, `STOPPED`, `RUNNING`, and `DELETING` states.
 
-Per-user overrides are available on each WordPress user profile under **Support Provisioning Contingent**. Leave the override empty to use the default per-user limit.
+Per-user overrides are available in the **User Rights** section on the **Support Provisioning** admin page. Leave the override empty to use the default per-user limit.
 
 ## IP Addresses
 
@@ -100,9 +134,9 @@ If the guest agent reports IPs only after boot, use **Refresh IPs** in the deplo
 The plugin defaults to mock mode. Configure live Proxmox access from the **Support Provisioning** admin page:
 
 - Mode: `Mock` or `HTTP token auth`
-- Base URL, for example `https://proxmox.example.internal:8006`
+- Base URL, for example `https://proxmox.example.internal:8006`. HTTP mode requires an HTTPS URL.
 - Token ID, for example `user@realm!token-name`
-- Token Secret
+- Token Secret. The saved secret is not rendered back into the settings form; leave the field blank to keep it unchanged.
 - Node, for example `pve-01`
 
 No Proxmox secrets are committed to the repository.
@@ -113,9 +147,18 @@ Use this section when moving from mock mode to a real Proxmox VE node.
 
 ### 1. Prepare Proxmox Templates
 
-The plugin only provisions from approved templates. For a first real test, either create Proxmox VM templates with the seeded IDs or update the plugin database rows to match your real template IDs.
+The plugin only provisions from approved templates. Proxmox remains the source for actual VM templates, while the plugin stores an approved template policy row with display name, OS type, CPU, RAM, disk, default TTL, and Proxmox template VMID.
 
-Seeded template IDs:
+Open the **Templates** section on the **Support Provisioning** admin page to:
+
+- see approved plugin templates
+- import QEMU templates from the configured Proxmox node
+- edit the policy values used during provisioning
+- remove templates from new provisioning without breaking historical deployment records
+
+The plugin lists QEMU templates from the configured node via the Proxmox API. It does not provision from LXC templates.
+
+Seeded example template IDs:
 
 | Plugin template | Proxmox template VMID |
 | --- | ---: |
@@ -123,26 +166,16 @@ Seeded template IDs:
 | Windows Support Client | `9002` |
 | Linux Utility VM | `9003` |
 
-The fastest first test is to create one real Proxmox template with VMID `9003`, then use the **Linux Utility VM** option in the plugin.
+The fastest first test is to create one real Proxmox QEMU template, then import it from **Support Provisioning > Templates**.
 
 Template requirements:
 
 - The VM must be converted to a Proxmox template.
 - The template must exist on the Proxmox node configured in the plugin.
 - The plugin currently performs a full clone (`full=1`), so the target storage must have enough free capacity.
-- CPU and memory are set by the plugin after clone based on the template policy row.
+- CPU and memory are set by the plugin after clone based on the approved template policy row.
 - For IP address display, install and enable `qemu-guest-agent` inside the guest and enable the guest agent option on the VM/template.
 
-If you do not want to use VMIDs `9001`, `9002`, or `9003`, update the template rows after activation:
-
-```sql
-UPDATE wp_spp_templates
-SET proxmox_template_id = 1234
-WHERE template_key = 'linux-utility-vm';
-```
-
-Replace `wp_` with your WordPress table prefix.
-
 ### 2. Create A Dedicated Proxmox API User
 
 In Proxmox, create a dedicated user instead of using `root@pam` for the plugin.
@@ -180,6 +213,7 @@ Proxmox permissions are path based. For a first controlled test, grant the token
 The plugin needs permissions for:
 
 - getting the next VMID
+- listing QEMU templates on the configured node
 - cloning a template VM
 - changing CPU and memory after clone
 - starting and stopping VMs
@@ -225,7 +259,7 @@ If Proxmox still uses its default self-signed certificate, WordPress may reject
 
 ### 6. Configure WordPress Plugin Settings
 
-In WordPress admin, open **Support Provisioning > Proxmox Settings**:
+In WordPress admin, open **Support Provisioning** and use the **Proxmox Settings** section:
 
 | Setting | Value |
 | --- | --- |
@@ -279,7 +313,7 @@ Then test in this order:
 - Resource limits come from approved templates, not user input.
 - Deployment lifecycle operations are routed through a dedicated Proxmox client interface.
 - Live Proxmox access can be replaced or expanded without changing REST or UI code.
-- WordPress users are used as actors for audit logging. This keeps the first slice simple and leaves room for later RBAC/SSO mapping.
+- WordPress users are used as actors for audit logging. Portal permissions are assigned per user inside the plugin so users created by SSO or external identity providers do not need WordPress author/editor roles.
 
 ## Original Bootstrap Brief