From 1f94752c54d7df4fd0a9fe21c1d778e30229f04e Mon Sep 17 00:00:00 2001
From: ChiaraBm <chiara.bm04@gmail.com>
Date: Thu, 24 Jul 2025 18:28:10 +0200
Subject: [PATCH] Started improving server shares and general api controller
 structure

---
 .../Database/ServersDataContext.cs            |  3 -
 .../Admin/Nodes/NodeStatusController.cs       |  2 +-
 .../Admin/Nodes/StatisticsController.cs       | 11 +--
 .../Controllers/Client/FilesController.cs     | 26 +++----
 .../Controllers/Client/PowerController.cs     |  9 ++-
 .../Controllers/Client/ServersController.cs   | 50 +++++++++----
 .../Controllers/Client/SettingsController.cs  |  4 +-
 .../Controllers/Client/SharesController.cs    | 25 +++----
 .../Controllers/Client/VariablesController.cs | 72 +++++++++++++++----
 .../ServerAuthFilters/AdminAuthFilter.cs      |  6 +-
 .../ServerAuthFilters/OwnerAuthFilter.cs      | 16 +++--
 .../ServerAuthFilters/ShareAuthFilter.cs      | 21 ++++--
 .../Interfaces/IServerAuthorizationFilter.cs  | 10 ++-
 .../Models/ServerShareContent.cs              |  4 +-
 .../Services/ServerAuthorizeService.cs        | 18 +++--
 .../DefaultServerTabProvider.cs               | 10 +--
 MoonlightServers.Frontend/Models/ServerTab.cs |  9 ++-
 .../Components/Servers/CreateShareModal.razor | 61 ++++++++++------
 .../Components/Servers/UpdateShareModal.razor | 63 +++++++++-------
 .../UI/Views/Client/Manage.razor              | 34 +++++----
 .../Constants/ServerPermissionConstants.cs    | 11 +++
 ...issionType.cs => ServerPermissionLevel.cs} |  3 +-
 .../Servers/Shares/CreateShareRequest.cs      |  3 +-
 .../Servers/Shares/UpdateShareRequest.cs      |  4 +-
 .../Client/Servers/ServerDetailResponse.cs    |  3 +-
 .../Servers/Shares/ServerShareResponse.cs     |  3 +-
 .../Models/ServerSharePermission.cs           |  9 ---
 MoonlightServers.sln                          |  5 --
 plugin.json                                   | 24 -------
 29 files changed, 318 insertions(+), 201 deletions(-)
 create mode 100644 MoonlightServers.Shared/Constants/ServerPermissionConstants.cs
 rename MoonlightServers.Shared/Enums/{ServerPermissionType.cs => ServerPermissionLevel.cs} (61%)
 delete mode 100644 MoonlightServers.Shared/Models/ServerSharePermission.cs
 delete mode 100644 plugin.json

diff --git a/MoonlightServers.ApiServer/Database/ServersDataContext.cs b/MoonlightServers.ApiServer/Database/ServersDataContext.cs
index f704c8d..132df06 100644
--- a/MoonlightServers.ApiServer/Database/ServersDataContext.cs
+++ b/MoonlightServers.ApiServer/Database/ServersDataContext.cs
@@ -40,15 +40,12 @@ public class ServersDataContext : DatabaseContext
         #region Shares
 
         modelBuilder.Ignore<ServerShareContent>();
-        modelBuilder.Ignore<ServerSharePermission>();
         
         modelBuilder.Entity<ServerShare>(builder =>
         {
             builder.OwnsOne(x => x.Content, navigationBuilder =>
             {
                 navigationBuilder.ToJson();
-
-                navigationBuilder.OwnsMany(x => x.Permissions);
             });
         });
 
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/NodeStatusController.cs b/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/NodeStatusController.cs
index 44c00ae..4237bd3 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/NodeStatusController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/NodeStatusController.cs
@@ -22,7 +22,7 @@ public class NodeStatusController : Controller
         NodeService = nodeService;
     }
 
-    [HttpGet("{nodeId}/system/status")]
+    [HttpGet("{nodeId:int}/system/status")]
     [Authorize(Policy = "permissions:admin.servers.nodes.status")]
     public async Task<NodeSystemStatusResponse> GetStatus([FromRoute] int nodeId)
     {
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/StatisticsController.cs b/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/StatisticsController.cs
index f439c8d..38d146a 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/StatisticsController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Admin/Nodes/StatisticsController.cs
@@ -1,3 +1,4 @@
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
@@ -10,7 +11,7 @@ using MoonlightServers.Shared.Http.Responses.Admin.Nodes.Statistics;
 namespace MoonlightServers.ApiServer.Http.Controllers.Admin.Nodes;
 
 [ApiController]
-[Route("api/admin/servers/nodes")]
+[Route("api/admin/servers/nodes/{nodeId:int}/statistics")]
 [Authorize(Policy = "permissions:admin.servers.nodes.statistics")]
 public class StatisticsController : Controller
 {
@@ -23,7 +24,9 @@ public class StatisticsController : Controller
         NodeRepository = nodeRepository;
     }
 
-    [HttpGet("{nodeId:int}/statistics")]
+    [HttpGet]
+    [SuppressMessage("ReSharper.DPA", "DPA0011: High execution time of MVC action", MessageId = "time: 1142ms",
+        Justification = "The daemon has an artificial delay of one second to calculate accurate cpu usage values")]
     public async Task<StatisticsResponse> Get([FromRoute] int nodeId)
     {
         var node = await GetNode(nodeId);
@@ -58,7 +61,7 @@ public class StatisticsController : Controller
         };
     }
 
-    [HttpGet("{nodeId:int}/statistics/docker")]
+    [HttpGet("docker")]
     public async Task<DockerStatisticsResponse> GetDocker([FromRoute] int nodeId)
     {
         var node = await GetNode(nodeId);
@@ -75,7 +78,7 @@ public class StatisticsController : Controller
             Version = statistics.Version
         };
     }
-    
+
     private async Task<Node> GetNode(int nodeId)
     {
         var result = await NodeRepository
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/FilesController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/FilesController.cs
index ad4f698..f099de0 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/FilesController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/FilesController.cs
@@ -7,6 +7,7 @@ using Moonlight.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Services;
 using MoonlightServers.DaemonShared.Enums;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Http.Requests.Client.Servers.Files;
 using MoonlightServers.Shared.Http.Responses.Client.Servers.Files;
@@ -39,7 +40,7 @@ public class FilesController : Controller
     [HttpGet("list")]
     public async Task<ServerFilesEntryResponse[]> List([FromRoute] int serverId, [FromQuery] string path)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.Read);
+        var server = await GetServerById(serverId, ServerPermissionLevel.Read);
 
         var entries = await ServerFileSystemService.List(server, path);
 
@@ -56,7 +57,7 @@ public class FilesController : Controller
     [HttpPost("move")]
     public async Task Move([FromRoute] int serverId, [FromQuery] string oldPath, [FromQuery] string newPath)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         await ServerFileSystemService.Move(server, oldPath, newPath);
     }
@@ -64,7 +65,7 @@ public class FilesController : Controller
     [HttpDelete("delete")]
     public async Task Delete([FromRoute] int serverId, [FromQuery] string path)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         await ServerFileSystemService.Delete(server, path);
     }
@@ -72,15 +73,15 @@ public class FilesController : Controller
     [HttpPost("mkdir")]
     public async Task Mkdir([FromRoute] int serverId, [FromQuery] string path)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         await ServerFileSystemService.Mkdir(server, path);
     }
-    
+
     [HttpPost("touch")]
     public async Task Touch([FromRoute] int serverId, [FromQuery] string path)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         await ServerFileSystemService.Mkdir(server, path);
     }
@@ -88,7 +89,7 @@ public class FilesController : Controller
     [HttpGet("upload")]
     public async Task<ServerFilesUploadResponse> Upload([FromRoute] int serverId)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         var accessToken = NodeService.CreateAccessToken(
             server.Node,
@@ -115,7 +116,7 @@ public class FilesController : Controller
     [HttpGet("download")]
     public async Task<ServerFilesDownloadResponse> Download([FromRoute] int serverId, [FromQuery] string path)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.Read);
+        var server = await GetServerById(serverId, ServerPermissionLevel.Read);
 
         var accessToken = NodeService.CreateAccessToken(
             server.Node,
@@ -143,7 +144,7 @@ public class FilesController : Controller
     [HttpPost("compress")]
     public async Task Compress([FromRoute] int serverId, [FromBody] ServerFilesCompressRequest request)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         if (!Enum.TryParse(request.Type, true, out CompressType type))
             throw new HttpApiException("Invalid compress type provided", 400);
@@ -154,7 +155,7 @@ public class FilesController : Controller
     [HttpPost("decompress")]
     public async Task Decompress([FromRoute] int serverId, [FromBody] ServerFilesDecompressRequest request)
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         if (!Enum.TryParse(request.Type, true, out CompressType type))
             throw new HttpApiException("Invalid compress type provided", 400);
@@ -162,7 +163,7 @@ public class FilesController : Controller
         await ServerFileSystemService.Decompress(server, type, request.Path, request.Destination);
     }
 
-    private async Task<Server> GetServerById(int serverId, ServerPermissionType type)
+    private async Task<Server> GetServerById(int serverId, ServerPermissionLevel level)
     {
         var server = await ServerRepository
             .Get()
@@ -174,7 +175,8 @@ public class FilesController : Controller
 
         var authorizeResult = await AuthorizeService.Authorize(
             User, server,
-            permission => permission.Name == "files" && permission.Type >= type
+            ServerPermissionConstants.Files,
+            level
         );
 
         if (!authorizeResult.Succeeded)
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/PowerController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/PowerController.cs
index a2ce6c1..d5392ac 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/PowerController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/PowerController.cs
@@ -7,6 +7,7 @@ using MoonCore.Helpers;
 using Moonlight.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Services;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.ApiServer.Http.Controllers.Client;
@@ -17,19 +18,16 @@ namespace MoonlightServers.ApiServer.Http.Controllers.Client;
 public class PowerController : Controller
 {
     private readonly DatabaseRepository<Server> ServerRepository;
-    private readonly DatabaseRepository<User> UserRepository;
     private readonly ServerService ServerService;
     private readonly ServerAuthorizeService AuthorizeService;
 
     public PowerController(
         DatabaseRepository<Server> serverRepository,
-        DatabaseRepository<User> userRepository,
         ServerService serverService,
         ServerAuthorizeService authorizeService
     )
     {
         ServerRepository = serverRepository;
-        UserRepository = userRepository;
         ServerService = serverService;
         AuthorizeService = authorizeService;
     }
@@ -70,7 +68,8 @@ public class PowerController : Controller
 
         var authorizeResult = await AuthorizeService.Authorize(
             User, server,
-            permission => permission.Name == "power" && permission.Type >= ServerPermissionType.ReadWrite
+            ServerPermissionConstants.Power,
+            ServerPermissionLevel.ReadWrite
         );
 
         if (!authorizeResult.Succeeded)
@@ -80,7 +79,7 @@ public class PowerController : Controller
                 403
             );
         }
-        
+
         return server;
     }
 }
\ No newline at end of file
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/ServersController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/ServersController.cs
index d846d00..7799ef4 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/ServersController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/ServersController.cs
@@ -1,3 +1,4 @@
+using System.ComponentModel.DataAnnotations;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -10,6 +11,7 @@ using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Extensions;
 using MoonlightServers.ApiServer.Models;
 using MoonlightServers.ApiServer.Services;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Http.Requests.Client.Servers;
 using MoonlightServers.Shared.Http.Responses.Client.Servers;
@@ -48,7 +50,10 @@ public class ServersController : Controller
     }
 
     [HttpGet]
-    public async Task<PagedData<ServerDetailResponse>> GetAll([FromQuery] int page, [FromQuery] int pageSize)
+    public async Task<PagedData<ServerDetailResponse>> GetAll(
+        [FromQuery] [Range(0, int.MaxValue)] int page,
+        [FromQuery] [Range(0, 100)] int pageSize
+    )
     {
         var userIdClaim = User.FindFirstValue("userId");
 
@@ -95,7 +100,10 @@ public class ServersController : Controller
     }
 
     [HttpGet("shared")]
-    public async Task<PagedData<ServerDetailResponse>> GetAllShared([FromQuery] int page, [FromQuery] int pageSize)
+    public async Task<PagedData<ServerDetailResponse>> GetAllShared(
+        [FromQuery] [Range(0, int.MaxValue)] int page,
+        [FromQuery] [Range(0, 100)] int pageSize
+    )
     {
         var userIdClaim = User.FindFirstValue("userId");
 
@@ -145,7 +153,7 @@ public class ServersController : Controller
             Share = new()
             {
                 SharedBy = owners.First(y => y.Id == x.Server.OwnerId).Username,
-                Permissions = x.Content.Permissions.ToArray()
+                Permissions = x.Content.Permissions
             }
         }).ToArray();
 
@@ -172,7 +180,12 @@ public class ServersController : Controller
         if (server == null)
             throw new HttpApiException("No server with this id found", 404);
 
-        var authorizationResult = await AuthorizeService.Authorize(User, server);
+        var authorizationResult = await AuthorizeService.Authorize(
+            User,
+            server,
+            String.Empty,
+            ServerPermissionLevel.None
+        );
 
         if (!authorizationResult.Succeeded)
         {
@@ -210,7 +223,7 @@ public class ServersController : Controller
             response.Share = new()
             {
                 SharedBy = owner.Username,
-                Permissions = authorizationResult.Share.Content.Permissions.ToArray()
+                Permissions = authorizationResult.Share.Content.Permissions
             };
         }
 
@@ -220,7 +233,11 @@ public class ServersController : Controller
     [HttpGet("{serverId:int}/status")]
     public async Task<ServerStatusResponse> GetStatus([FromRoute] int serverId)
     {
-        var server = await GetServerById(serverId);
+        var server = await GetServerById(
+            serverId,
+            ServerPermissionConstants.Console,
+            ServerPermissionLevel.None
+        );
 
         var status = await ServerService.GetStatus(server);
 
@@ -235,7 +252,8 @@ public class ServersController : Controller
     {
         var server = await GetServerById(
             serverId,
-            permission => permission is { Name: "console", Type: >= ServerPermissionType.Read }
+            ServerPermissionConstants.Console,
+            ServerPermissionLevel.Read
         );
 
         // TODO: Handle transparent node proxy
@@ -263,7 +281,8 @@ public class ServersController : Controller
     {
         var server = await GetServerById(
             serverId,
-            permission => permission is { Name: "console", Type: >= ServerPermissionType.Read }
+            ServerPermissionConstants.Console,
+            ServerPermissionLevel.Read
         );
 
         var logs = await ServerService.GetLogs(server);
@@ -278,7 +297,9 @@ public class ServersController : Controller
     public async Task<ServerStatsResponse> GetStats([FromRoute] int serverId)
     {
         var server = await GetServerById(
-            serverId
+            serverId,
+            ServerPermissionConstants.Console,
+            ServerPermissionLevel.Read
         );
 
         var stats = await ServerService.GetStats(server);
@@ -295,17 +316,18 @@ public class ServersController : Controller
     }
 
     [HttpPost("{serverId:int}/command")]
-    public async Task RunCommand([FromRoute] int serverId, [FromBody] ServerCommandRequest request)
+    public async Task Command([FromRoute] int serverId, [FromBody] ServerCommandRequest request)
     {
         var server = await GetServerById(
             serverId,
-            permission => permission is { Name: "console", Type: >= ServerPermissionType.ReadWrite }
+            ServerPermissionConstants.Console,
+            ServerPermissionLevel.ReadWrite
         );
-        
+
         await ServerService.RunCommand(server, request.Command);
     }
 
-    private async Task<Server> GetServerById(int serverId, Func<ServerSharePermission, bool>? filter = null)
+    private async Task<Server> GetServerById(int serverId, string permissionId, ServerPermissionLevel level)
     {
         var server = await ServerRepository
             .Get()
@@ -315,7 +337,7 @@ public class ServersController : Controller
         if (server == null)
             throw new HttpApiException("No server with this id found", 404);
 
-        var authorizeResult = await AuthorizeService.Authorize(User, server, filter);
+        var authorizeResult = await AuthorizeService.Authorize(User, server, permissionId, level);
 
         if (!authorizeResult.Succeeded)
         {
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/SettingsController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/SettingsController.cs
index aa3b24f..e359030 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/SettingsController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/SettingsController.cs
@@ -5,6 +5,7 @@ using MoonCore.Exceptions;
 using MoonCore.Extended.Abstractions;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Services;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.ApiServer.Http.Controllers.Client;
@@ -49,7 +50,8 @@ public class SettingsController : Controller
 
         var authorizeResult = await AuthorizeService.Authorize(
             User, server,
-            permission => permission is { Name: "settings", Type: >= ServerPermissionType.ReadWrite }
+            ServerPermissionConstants.Settings,
+            ServerPermissionLevel.ReadWrite
         );
 
         if (!authorizeResult.Succeeded)
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/SharesController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/SharesController.cs
index 6635e9d..a6ef3f7 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/SharesController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/SharesController.cs
@@ -8,6 +8,7 @@ using MoonCore.Models;
 using Moonlight.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Services;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Http.Requests.Client.Servers.Shares;
 using MoonlightServers.Shared.Http.Responses.Client.Servers.Shares;
@@ -16,7 +17,7 @@ namespace MoonlightServers.ApiServer.Http.Controllers.Client;
 
 [Authorize]
 [ApiController]
-[Route("api/client/servers")]
+[Route("api/client/servers/{serverId:int}/shares")]
 public class SharesController : Controller
 {
     private readonly DatabaseRepository<Server> ServerRepository;
@@ -37,7 +38,7 @@ public class SharesController : Controller
         AuthorizeService = authorizeService;
     }
 
-    [HttpGet("{serverId:int}/shares")]
+    [HttpGet]
     public async Task<PagedData<ServerShareResponse>> GetAll(
         [FromRoute] int serverId,
         [FromQuery] [Range(0, int.MaxValue)] int page,
@@ -67,7 +68,7 @@ public class SharesController : Controller
         {
             Id = x.Id,
             Username = users.First(y => y.Id == x.UserId).Username,
-            Permissions = x.Content.Permissions.ToArray()
+            Permissions = x.Content.Permissions
         }).ToArray();
 
         return new PagedData<ServerShareResponse>()
@@ -80,7 +81,7 @@ public class SharesController : Controller
         };
     }
 
-    [HttpGet("{serverId:int}/shares/{id:int}")]
+    [HttpGet("{id:int}")]
     public async Task<ServerShareResponse> Get(
         [FromRoute] int serverId,
         [FromRoute] int id
@@ -103,13 +104,13 @@ public class SharesController : Controller
         {
             Id = share.Id,
             Username = user.Username,
-            Permissions = share.Content.Permissions.ToArray()
+            Permissions = share.Content.Permissions
         };
 
         return mappedItem;
     }
 
-    [HttpPost("{serverId:int}/shares")]
+    [HttpPost("")]
     public async Task<ServerShareResponse> Create(
         [FromRoute] int serverId,
         [FromBody] CreateShareRequest request
@@ -142,13 +143,13 @@ public class SharesController : Controller
         {
             Id = finalShare.Id,
             Username = user.Username,
-            Permissions = finalShare.Content.Permissions.ToArray()
+            Permissions = finalShare.Content.Permissions
         };
 
         return mappedItem;
     }
 
-    [HttpPatch("{serverId:int}/shares/{id:int}")]
+    [HttpPatch("{id:int}")]
     public async Task<ServerShareResponse> Update(
         [FromRoute] int serverId,
         [FromRoute] int id,
@@ -180,13 +181,13 @@ public class SharesController : Controller
         {
             Id = share.Id,
             Username = user.Username,
-            Permissions = share.Content.Permissions.ToArray()
+            Permissions = share.Content.Permissions
         };
 
         return mappedItem;
     }
 
-    [HttpDelete("{serverId:int}/shares/{id:int}")]
+    [HttpDelete("{id:int}")]
     public async Task Delete(
         [FromRoute] int serverId,
         [FromRoute] int id
@@ -208,7 +209,6 @@ public class SharesController : Controller
     {
         var server = await ServerRepository
             .Get()
-            .Include(x => x.Node)
             .FirstOrDefaultAsync(x => x.Id == serverId);
 
         if (server == null)
@@ -216,7 +216,8 @@ public class SharesController : Controller
 
         var authorizeResult = await AuthorizeService.Authorize(
             User, server,
-            permission => permission is { Name: "shares", Type: >= ServerPermissionType.ReadWrite }
+            ServerPermissionConstants.Shares,
+            ServerPermissionLevel.ReadWrite
         );
 
         if (!authorizeResult.Succeeded)
diff --git a/MoonlightServers.ApiServer/Http/Controllers/Client/VariablesController.cs b/MoonlightServers.ApiServer/Http/Controllers/Client/VariablesController.cs
index 72e3677..d51c719 100644
--- a/MoonlightServers.ApiServer/Http/Controllers/Client/VariablesController.cs
+++ b/MoonlightServers.ApiServer/Http/Controllers/Client/VariablesController.cs
@@ -1,42 +1,76 @@
+using System.ComponentModel.DataAnnotations;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.EntityFrameworkCore;
 using MoonCore.Exceptions;
 using MoonCore.Extended.Abstractions;
+using MoonCore.Models;
 using Moonlight.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Services;
+using MoonlightServers.Shared.Constants;
 using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Http.Requests.Client.Servers.Variables;
+using MoonlightServers.Shared.Http.Responses.Client.Servers.Shares;
 using MoonlightServers.Shared.Http.Responses.Client.Servers.Variables;
 
 namespace MoonlightServers.ApiServer.Http.Controllers.Client;
 
 [Authorize]
 [ApiController]
-[Route("api/client/servers")]
+[Route("api/client/servers/{serverId:int}/variables")]
 public class VariablesController : Controller
 {
     private readonly DatabaseRepository<Server> ServerRepository;
+    private readonly DatabaseRepository<ServerVariable> ServerVariableRepository;
+    private readonly DatabaseRepository<StarVariable> StarVariableRepository;
     private readonly ServerAuthorizeService AuthorizeService;
 
     public VariablesController(
         DatabaseRepository<Server> serverRepository,
-        ServerAuthorizeService authorizeService
+        ServerAuthorizeService authorizeService,
+        DatabaseRepository<ServerVariable> serverVariableRepository,
+        DatabaseRepository<StarVariable> starVariableRepository
     )
     {
         ServerRepository = serverRepository;
         AuthorizeService = authorizeService;
+        ServerVariableRepository = serverVariableRepository;
+        StarVariableRepository = starVariableRepository;
     }
 
-    [HttpGet("{serverId:int}/variables")]
-    public async Task<ServerVariableDetailResponse[]> Get([FromRoute] int serverId)
+    [HttpGet]
+    public async Task<PagedData<ServerVariableDetailResponse>> Get(
+        [FromRoute] int serverId,
+        [FromQuery] [Range(0, int.MaxValue)] int page,
+        [FromQuery] [Range(1, 100)] int pageSize
+    )
     {
-        var server = await GetServerById(serverId, ServerPermissionType.Read);
+        var server = await GetServerById(serverId, ServerPermissionLevel.Read);
 
-        return server.Star.Variables.Select(starVariable =>
+        var query = StarVariableRepository
+            .Get()
+            .Where(x => x.Star.Id == server.Star.Id);
+
+        var count = await query.CountAsync();
+
+        var starVariables = await query
+            .Skip(page * pageSize)
+            .Take(pageSize)
+            .ToArrayAsync();
+
+        var starVariableKeys = starVariables
+            .Select(x => x.Key)
+            .ToArray();
+
+        var serverVariables = await ServerVariableRepository
+            .Get()
+            .Where(x => x.Server.Id == server.Id && starVariableKeys.Contains(x.Key))
+            .ToArrayAsync();
+
+        var responses = starVariables.Select(starVariable =>
         {
-            var serverVariable = server.Variables.First(x => x.Key == starVariable.Key);
+            var serverVariable = serverVariables.First(x => x.Key == starVariable.Key);
 
             return new ServerVariableDetailResponse()
             {
@@ -48,9 +82,18 @@ public class VariablesController : Controller
                 Filter = starVariable.Filter
             };
         }).ToArray();
+
+        return new PagedData<ServerVariableDetailResponse>()
+        {
+            Items = responses,
+            CurrentPage = page,
+            PageSize = pageSize,
+            TotalItems = count,
+            TotalPages = count == 0 ? 0 : count / pageSize
+        };
     }
 
-    [HttpPut("{serverId:int}/variables")]
+    [HttpPut("")]
     public async Task<ServerVariableDetailResponse> UpdateSingle(
         [FromRoute] int serverId,
         [FromBody] UpdateServerVariableRequest request
@@ -58,7 +101,7 @@ public class VariablesController : Controller
     {
         // TODO: Handle filter
 
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         var serverVariable = server.Variables.FirstOrDefault(x => x.Key == request.Key);
         var starVariable = server.Star.Variables.FirstOrDefault(x => x.Key == request.Key);
@@ -80,13 +123,13 @@ public class VariablesController : Controller
         };
     }
 
-    [HttpPatch("{serverId:int}/variables")]
+    [HttpPatch("")]
     public async Task<ServerVariableDetailResponse[]> Update(
         [FromRoute] int serverId,
         [FromBody] UpdateServerVariableRangeRequest request
     )
     {
-        var server = await GetServerById(serverId, ServerPermissionType.ReadWrite);
+        var server = await GetServerById(serverId, ServerPermissionLevel.ReadWrite);
 
         foreach (var variable in request.Variables)
         {
@@ -120,13 +163,11 @@ public class VariablesController : Controller
         }).ToArray();
     }
 
-    private async Task<Server> GetServerById(int serverId, ServerPermissionType type)
+    private async Task<Server> GetServerById(int serverId, ServerPermissionLevel level)
     {
         var server = await ServerRepository
             .Get()
-            .Include(x => x.Variables)
             .Include(x => x.Star)
-            .ThenInclude(x => x.Variables)
             .FirstOrDefaultAsync(x => x.Id == serverId);
 
         if (server == null)
@@ -134,7 +175,8 @@ public class VariablesController : Controller
 
         var authorizeResult = await AuthorizeService.Authorize(
             User, server,
-            permission => permission.Name == "variables" && permission.Type >= type
+            ServerPermissionConstants.Variables,
+            level
         );
 
         if (!authorizeResult.Succeeded)
diff --git a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/AdminAuthFilter.cs b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/AdminAuthFilter.cs
index 06cab67..c4c224f 100644
--- a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/AdminAuthFilter.cs
+++ b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/AdminAuthFilter.cs
@@ -4,6 +4,7 @@ using MoonCore.Attributes;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Interfaces;
 using MoonlightServers.ApiServer.Models;
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.ApiServer.Implementations.ServerAuthFilters;
@@ -12,6 +13,8 @@ public class AdminAuthFilter : IServerAuthorizationFilter
 {
     private readonly IAuthorizationService AuthorizationService;
 
+    public int Priority => 0;
+
     public AdminAuthFilter(IAuthorizationService authorizationService)
     {
         AuthorizationService = authorizationService;
@@ -20,7 +23,8 @@ public class AdminAuthFilter : IServerAuthorizationFilter
     public async Task<ServerAuthorizationResult?> Process(
         ClaimsPrincipal user,
         Server server,
-        Func<ServerSharePermission, bool>? filter = null
+        string permissionId,
+        ServerPermissionLevel requiredLevel
     )
     {
         var authResult = await AuthorizationService.AuthorizeAsync(
diff --git a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/OwnerAuthFilter.cs b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/OwnerAuthFilter.cs
index 7e33cb1..b4532f6 100644
--- a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/OwnerAuthFilter.cs
+++ b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/OwnerAuthFilter.cs
@@ -3,13 +3,21 @@ using MoonCore.Attributes;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Interfaces;
 using MoonlightServers.ApiServer.Models;
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.ApiServer.Implementations.ServerAuthFilters;
 
 public class OwnerAuthFilter : IServerAuthorizationFilter
 {
-    public Task<ServerAuthorizationResult?> Process(ClaimsPrincipal user, Server server, Func<ServerSharePermission, bool>? filter = null)
+    public int Priority => 0;
+
+    public Task<ServerAuthorizationResult?> Process(
+        ClaimsPrincipal user,
+        Server server,
+        string permissionId,
+        ServerPermissionLevel requiredLevel
+    )
     {
         var userIdValue = user.FindFirstValue("userId");
 
@@ -17,10 +25,10 @@ public class OwnerAuthFilter : IServerAuthorizationFilter
             return Task.FromResult<ServerAuthorizationResult?>(null);
 
         var userId = int.Parse(userIdValue);
-        
-        if(server.OwnerId != userId)
+
+        if (server.OwnerId != userId)
             return Task.FromResult<ServerAuthorizationResult?>(null);
-        
+
         return Task.FromResult<ServerAuthorizationResult?>(
             ServerAuthorizationResult.Success()
         );
diff --git a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/ShareAuthFilter.cs b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/ShareAuthFilter.cs
index 03dad84..a36471f 100644
--- a/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/ShareAuthFilter.cs
+++ b/MoonlightServers.ApiServer/Implementations/ServerAuthFilters/ShareAuthFilter.cs
@@ -5,6 +5,7 @@ using MoonCore.Extended.Abstractions;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Interfaces;
 using MoonlightServers.ApiServer.Models;
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.ApiServer.Implementations.ServerAuthFilters;
@@ -18,10 +19,13 @@ public class ShareAuthFilter : IServerAuthorizationFilter
         ShareRepository = shareRepository;
     }
 
+    public int Priority => 0;
+
     public async Task<ServerAuthorizationResult?> Process(
         ClaimsPrincipal user,
         Server server,
-        Func<ServerSharePermission, bool>? filter = null
+        string permissionId,
+        ServerPermissionLevel requiredLevel
     )
     {
         var userIdValue = user.FindFirstValue("userId");
@@ -30,19 +34,24 @@ public class ShareAuthFilter : IServerAuthorizationFilter
             return null;
 
         var userId = int.Parse(userIdValue);
-        
+
         var share = await ShareRepository
             .Get()
             .FirstOrDefaultAsync(x => x.Server.Id == server.Id && x.UserId == userId);
 
         if (share == null)
             return null;
-        
-        if(filter == null)
+
+        if (string.IsNullOrEmpty(permissionId) || requiredLevel == ServerPermissionLevel.None)
             return ServerAuthorizationResult.Success(share);
-        
-        if(share.Content.Permissions.Any(filter))
+
+        if (
+            share.Content.Permissions.TryGetValue(permissionId, out var shareLevel) &&
+            shareLevel >= requiredLevel
+        )
+        {
             return ServerAuthorizationResult.Success(share);
+        }
 
         return null;
     }
diff --git a/MoonlightServers.ApiServer/Interfaces/IServerAuthorizationFilter.cs b/MoonlightServers.ApiServer/Interfaces/IServerAuthorizationFilter.cs
index 94e9692..62e63a5 100644
--- a/MoonlightServers.ApiServer/Interfaces/IServerAuthorizationFilter.cs
+++ b/MoonlightServers.ApiServer/Interfaces/IServerAuthorizationFilter.cs
@@ -1,17 +1,21 @@
 using System.Security.Claims;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Models;
-using MoonlightServers.Shared.Models;
+using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.ApiServer.Interfaces;
 
 public interface IServerAuthorizationFilter
 {
     // Return null => skip to next filter / handler
-    // Return any value, instant return
+    // Return any value, instant complete
+
+    public int Priority { get; }
+    
     public Task<ServerAuthorizationResult?> Process(
         ClaimsPrincipal user,
         Server server,
-        Func<ServerSharePermission, bool>? filter = null
+        string permissionId,
+        ServerPermissionLevel requiredLevel
     );
 }
\ No newline at end of file
diff --git a/MoonlightServers.ApiServer/Models/ServerShareContent.cs b/MoonlightServers.ApiServer/Models/ServerShareContent.cs
index ee0c5ac..4b6b3ba 100644
--- a/MoonlightServers.ApiServer/Models/ServerShareContent.cs
+++ b/MoonlightServers.ApiServer/Models/ServerShareContent.cs
@@ -1,8 +1,8 @@
-using MoonlightServers.Shared.Models;
+using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.ApiServer.Models;
 
 public class ServerShareContent
 {
-    public List<ServerSharePermission> Permissions { get; set; } = [];
+    public Dictionary<string, ServerPermissionLevel> Permissions { get; set; } = new();
 }
\ No newline at end of file
diff --git a/MoonlightServers.ApiServer/Services/ServerAuthorizeService.cs b/MoonlightServers.ApiServer/Services/ServerAuthorizeService.cs
index f3fb118..a7e5037 100644
--- a/MoonlightServers.ApiServer/Services/ServerAuthorizeService.cs
+++ b/MoonlightServers.ApiServer/Services/ServerAuthorizeService.cs
@@ -3,36 +3,42 @@ using MoonCore.Attributes;
 using MoonlightServers.ApiServer.Database.Entities;
 using MoonlightServers.ApiServer.Interfaces;
 using MoonlightServers.ApiServer.Models;
-using MoonlightServers.Shared.Models;
+using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.ApiServer.Services;
 
 [Scoped]
 public class ServerAuthorizeService
 {
-    private readonly IEnumerable<IServerAuthorizationFilter> AuthorizationFilters;
+    private readonly IServerAuthorizationFilter[] AuthorizationFilters;
 
     public ServerAuthorizeService(
         IEnumerable<IServerAuthorizationFilter> authorizationFilters
     )
     {
-        AuthorizationFilters = authorizationFilters;
+        AuthorizationFilters = authorizationFilters.ToArray();
     }
 
     public async Task<ServerAuthorizationResult> Authorize(
         ClaimsPrincipal user,
         Server server,
-        Func<ServerSharePermission, bool>? filter = null
+        string permissionIdentifier,
+        ServerPermissionLevel permissionLevel
     )
     {
         foreach (var authorizationFilter in AuthorizationFilters)
         {
-            var result = await authorizationFilter.Process(user, server, filter);
+            var result = await authorizationFilter.Process(
+                user,
+                server,
+                permissionIdentifier,
+                permissionLevel
+            );
 
             if (result != null)
                 return result;
         }
-        
+
         return ServerAuthorizationResult.Failed();
     }
 }
\ No newline at end of file
diff --git a/MoonlightServers.Frontend/Implementations/DefaultServerTabProvider.cs b/MoonlightServers.Frontend/Implementations/DefaultServerTabProvider.cs
index 814be1c..52731a7 100644
--- a/MoonlightServers.Frontend/Implementations/DefaultServerTabProvider.cs
+++ b/MoonlightServers.Frontend/Implementations/DefaultServerTabProvider.cs
@@ -11,11 +11,11 @@ public class DefaultServerTabProvider : IServerTabProvider
     {
         ServerTab[] tabs =
         [
-            ServerTab.CreateFromComponent<ConsoleTab>("Console", "console", 0, permission => permission.Name == "console"),
-            ServerTab.CreateFromComponent<FilesTab>("Files", "files", 1, permission => permission.Name == "files"),
-            ServerTab.CreateFromComponent<SharesTab>("Shares", "shares", 2, permission => permission.Name == "shares"),
-            ServerTab.CreateFromComponent<VariablesTab>("Variables", "variables", 9, permission => permission.Name == "variables"),
-            ServerTab.CreateFromComponent<SettingsTab>("Settings", "settings", 10, permission => permission.Name == "settings"),
+            ServerTab.CreateFromComponent<ConsoleTab>("Console", "console", 0, permission => permission.Identifier == "console"),
+            ServerTab.CreateFromComponent<FilesTab>("Files", "files", 1, permission => permission.Identifier == "files"),
+            ServerTab.CreateFromComponent<SharesTab>("Shares", "shares", 2, permission => permission.Identifier == "shares"),
+            ServerTab.CreateFromComponent<VariablesTab>("Variables", "variables", 9, permission => permission.Identifier == "variables"),
+            ServerTab.CreateFromComponent<SettingsTab>("Settings", "settings", 10, permission => permission.Identifier == "settings"),
         ];
 
         return Task.FromResult(tabs);
diff --git a/MoonlightServers.Frontend/Models/ServerTab.cs b/MoonlightServers.Frontend/Models/ServerTab.cs
index 82aeae2..954b39c 100644
--- a/MoonlightServers.Frontend/Models/ServerTab.cs
+++ b/MoonlightServers.Frontend/Models/ServerTab.cs
@@ -1,4 +1,5 @@
 using MoonlightServers.Frontend.UI.Components.Servers.ServerTabs;
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.Frontend.Models;
@@ -7,7 +8,8 @@ public record ServerTab
 {
     public string Name { get; private set; }
     public string Path { get; private set; }
-    public Func<ServerSharePermission, bool>? PermissionFilter { get; private set; }
+    public string PermissionId { get; set; }
+    public ServerPermissionLevel PermissionLevel { get; set; }
     public int Priority { get; private set; }
     public Type ComponentType { get; private set; }
 
@@ -15,7 +17,7 @@ public record ServerTab
         string name,
         string path,
         int priority,
-        Func<ServerSharePermission, bool>? filter = null) where T : BaseServerTab
+        string permissionId = "", ServerPermissionLevel permissionLevel = ServerPermissionLevel.None) where T : BaseServerTab
     {
         return new()
         {
@@ -23,7 +25,8 @@ public record ServerTab
             Path = path,
             Priority = priority,
             ComponentType = typeof(T),
-            PermissionFilter = filter
+            PermissionLevel = permissionLevel,
+            PermissionId = permissionId
         };
     }
 }
\ No newline at end of file
diff --git a/MoonlightServers.Frontend/UI/Components/Servers/CreateShareModal.razor b/MoonlightServers.Frontend/UI/Components/Servers/CreateShareModal.razor
index fb17726..3d13f9e 100644
--- a/MoonlightServers.Frontend/UI/Components/Servers/CreateShareModal.razor
+++ b/MoonlightServers.Frontend/UI/Components/Servers/CreateShareModal.razor
@@ -19,24 +19,39 @@
         {
             var i = Permissions.TryGetValue(name, out var permission) ? (int)permission : -1;
             
-            <div class="col-span-1 flex flex-row items-center justify-center lg:justify-start">
-                @name
+            <div class="col-span-1 flex flex-col justify-center lg:justify-start text-center lg:text-start">
+                <span>@name</span>
+                <span class="text-base-content/80 text-sm">This is a long description</span>
             </div>
-
-            <div class="col-span-1 flex flex-row items-center justify-center lg:justify-end">
-                <div class="tabs">
-                    <button @onclick="() => Reset(name)"
-                            class="tabs-segment @(i == -1 ? "tabs-segment-active" : "")">
-                        None
-                    </button>
-                    <button @onclick="() => Set(name, ServerPermissionType.Read)"
-                            class="tabs-segment @(i == 0 ? "tabs-segment-active" : "")">
-                        Read
-                    </button>
-                    <button @onclick="() => Set(name, ServerPermissionType.ReadWrite)"
-                            class="tabs-segment @(i == 1 ? "tabs-segment-active" : "")">
-                        Read & Write
-                    </button>
+            
+            <div class="col-span-1 flex justify-end">
+                <div class="join drop-shadow">
+                    @if (i == -1)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="None" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Reset(name)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="None"/>
+                    }
+                
+                    @if (i == 0)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Set(name, ServerPermissionLevel.Read)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read"/>
+                    }
+                
+                    @if (i == 1)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read & Write" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Set(name, ServerPermissionLevel.ReadWrite)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read & Write"/>
+                    }
                 </div>
             </div>
         }
@@ -56,7 +71,7 @@
     private HandleForm HandleForm;
     private CreateShareRequest Request;
 
-    private Dictionary<string, ServerPermissionType> Permissions = new();
+    private Dictionary<string, ServerPermissionLevel> Permissions = new();
 
     private string[] Names =
     [
@@ -76,9 +91,9 @@
         };
     }
 
-    private async Task Set(string name, ServerPermissionType type)
+    private async Task Set(string name, ServerPermissionLevel level)
     {
-        Permissions[name] = type;
+        Permissions[name] = level;
         await InvokeAsync(StateHasChanged);
     }
 
@@ -93,10 +108,10 @@
 
     private async Task OnValidSubmit()
     {
-        Request.Permissions = Permissions.Select(x => new ServerSharePermission()
+        Request.Permissions = Permissions.Select(x => new GrantedServerPermission()
         {
-            Name = x.Key,
-            Type = x.Value
+            Identifier = x.Key,
+            Level = x.Value
         }).ToList();
 
         await OnSubmit.Invoke(Request);
diff --git a/MoonlightServers.Frontend/UI/Components/Servers/UpdateShareModal.razor b/MoonlightServers.Frontend/UI/Components/Servers/UpdateShareModal.razor
index 47922c0..799d3e9 100644
--- a/MoonlightServers.Frontend/UI/Components/Servers/UpdateShareModal.razor
+++ b/MoonlightServers.Frontend/UI/Components/Servers/UpdateShareModal.razor
@@ -16,24 +16,39 @@
         {
             var i = Permissions.TryGetValue(name, out var permission) ? (int)permission : -1;
             
-            <div class="col-span-1 flex flex-row items-center justify-center lg:justify-start">
-                @name
+            <div class="col-span-1 flex flex-col justify-center lg:justify-start text-center lg:text-start">
+                <span>@name</span>
+                <span class="text-base-content/80 text-sm">This is a long description</span>
             </div>
-
-            <div class="col-span-1 flex flex-row items-center justify-center lg:justify-end">
-                <div class="tabs">
-                    <button @onclick="() => Reset(name)"
-                            class="tabs-segment @(i == -1 ? "tabs-segment-active" : "")">
-                        None
-                    </button>
-                    <button @onclick="() => Set(name, ServerPermissionType.Read)"
-                            class="tabs-segment @(i == 0 ? "tabs-segment-active" : "")">
-                        Read
-                    </button>
-                    <button @onclick="() => Set(name, ServerPermissionType.ReadWrite)"
-                            class="tabs-segment @(i == 1 ? "tabs-segment-active" : "")">
-                        Read & Write
-                    </button>
+            
+            <div class="col-span-1 flex justify-end">
+                <div class="join drop-shadow">
+                    @if (i == -1)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="None" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Reset(name)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="None"/>
+                    }
+                
+                    @if (i == 0)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Set(name, ServerPermissionLevel.Read)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read"/>
+                    }
+                
+                    @if (i == 1)
+                    {
+                        <input class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read & Write" checked="checked"/>
+                    }
+                    else
+                    {
+                        <input @onclick="() => Set(name, ServerPermissionLevel.ReadWrite)" class="join-item btn btn-soft" type="radio" name="share-@name" aria-label="Read & Write"/>
+                    }
                 </div>
             </div>
         }
@@ -53,7 +68,7 @@
     private HandleForm HandleForm;
     private UpdateShareRequest Request;
 
-    private Dictionary<string, ServerPermissionType> Permissions = new();
+    private Dictionary<string, ServerPermissionLevel> Permissions = new();
 
     private string[] Names =
     [
@@ -69,12 +84,12 @@
     {
         Request = new();
 
-        Permissions = Share.Permissions.ToDictionary(x => x.Name, x => x.Type);
+        Permissions = Share.Permissions.ToDictionary(x => x.Identifier, x => x.Level);
     }
 
-    private async Task Set(string name, ServerPermissionType type)
+    private async Task Set(string name, ServerPermissionLevel level)
     {
-        Permissions[name] = type;
+        Permissions[name] = level;
         await InvokeAsync(StateHasChanged);
     }
 
@@ -89,10 +104,10 @@
 
     private async Task OnValidSubmit()
     {
-        Request.Permissions = Permissions.Select(x => new ServerSharePermission()
+        Request.Permissions = Permissions.Select(x => new GrantedServerPermission()
         {
-            Name = x.Key,
-            Type = x.Value
+            Identifier = x.Key,
+            Level = x.Value
         }).ToList();
 
         await OnSubmit.Invoke(Request);
diff --git a/MoonlightServers.Frontend/UI/Views/Client/Manage.razor b/MoonlightServers.Frontend/UI/Views/Client/Manage.razor
index 91e1246..8ae64e2 100644
--- a/MoonlightServers.Frontend/UI/Views/Client/Manage.razor
+++ b/MoonlightServers.Frontend/UI/Views/Client/Manage.razor
@@ -39,7 +39,7 @@
                         _ => "status-secondary"
                     };
                 }
-                
+
                 <div class="inline-grid *:[grid-area:1/1] me-3">
                     @if (State != ServerState.Offline)
                     {
@@ -65,7 +65,7 @@
             </div>
             <div class="flex flex-row items-center">
                 <div class="flex gap-x-1.5">
-                    @if (HasPermissionTo("power", ServerPermissionType.ReadWrite))
+                    @if (HasPermissionTo("power", ServerPermissionLevel.ReadWrite))
                     {
                         @if (State == ServerState.Offline)
                         {
@@ -128,12 +128,12 @@
                             <i class="icon-play align-middle"></i>
                             <span class="align-middle">Start</span>
                         </button>
-                        
+
                         <button type="button" class="btn btn-primary" disabled="disabled">
                             <i class="icon-rotate-ccw align-middle"></i>
                             <span class="align-middle">Restart</span>
                         </button>
-                        
+
                         <button type="button" class="btn btn-error" disabled="disabled">
                             <i class="icon-squircle align-middle"></i>
                             <span class="align-middle">Stop</span>
@@ -144,7 +144,7 @@
         </div>
 
         <div class="mt-3">
-            
+
             <nav class="tabs space-x-2 overflow-x-auto" aria-label="Tabs" role="tablist" aria-orientation="horizontal">
                 @foreach (var tab in Tabs)
                 {
@@ -154,8 +154,8 @@
                        role="tab"
                        @onclick:preventDefault
                        @onclick="() => SwitchTab(tab)">
-                        @tab.Name 
-                    </a> 
+                        @tab.Name
+                    </a>
                 }
             </nav>
 
@@ -217,13 +217,18 @@
             // If we are accessing a shared server, we need to handle permissions
             if (Server.Share != null)
             {
-                // This removes all tabs where the permission filter is not set
+                // This removes all tabs where the user doesn't have the required permissions
                 tmpTabs.RemoveAll(tab =>
                 {
-                    if (tab.PermissionFilter == null)
+                    if (string.IsNullOrEmpty(tab.PermissionId) || tab.PermissionLevel == ServerPermissionLevel.None)
                         return false;
 
-                    return !Server.Share.Permissions.Any(tab.PermissionFilter);
+                    // If permission is required but not set, we dont have access to it
+                    if (!Server.Share.Permissions.TryGetValue(tab.PermissionId, out var level))
+                        return true;
+
+                    // True if the acquired level is higher or equal than the required permission level for the tba
+                    return level >= tab.PermissionLevel;
                 });
             }
 
@@ -244,7 +249,7 @@
 
             State = status.State;
 
-            if (!HasPermissionTo("console", ServerPermissionType.Read))
+            if (!HasPermissionTo("console", ServerPermissionLevel.Read))
                 return; // Exit early if we don't have permissions to load the console
 
             // Load initial messages
@@ -300,13 +305,16 @@
         }
     }
 
-    private bool HasPermissionTo(string name, ServerPermissionType type)
+    private bool HasPermissionTo(string id, ServerPermissionLevel level)
     {
         // All non shares have permissions
         if (Server.Share == null)
             return true;
 
-        return Server.Share.Permissions.Any(x => x.Name == name && x.Type >= type);
+        if (!Server.Share.Permissions.TryGetValue(id, out var acquiredLevel))
+            return false;
+
+        return acquiredLevel >= level;
     }
 
     private async Task SwitchTab(ServerTab tab)
diff --git a/MoonlightServers.Shared/Constants/ServerPermissionConstants.cs b/MoonlightServers.Shared/Constants/ServerPermissionConstants.cs
new file mode 100644
index 0000000..032b300
--- /dev/null
+++ b/MoonlightServers.Shared/Constants/ServerPermissionConstants.cs
@@ -0,0 +1,11 @@
+namespace MoonlightServers.Shared.Constants;
+
+public class ServerPermissionConstants
+{
+    public const string Console = "console";
+    public const string Power = "power";
+    public const string Shares = "shares";
+    public const string Files = "files";
+    public const string Variables = "variables";
+    public const string Settings = "settings";
+}
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Enums/ServerPermissionType.cs b/MoonlightServers.Shared/Enums/ServerPermissionLevel.cs
similarity index 61%
rename from MoonlightServers.Shared/Enums/ServerPermissionType.cs
rename to MoonlightServers.Shared/Enums/ServerPermissionLevel.cs
index a088411..445a000 100644
--- a/MoonlightServers.Shared/Enums/ServerPermissionType.cs
+++ b/MoonlightServers.Shared/Enums/ServerPermissionLevel.cs
@@ -1,7 +1,8 @@
 namespace MoonlightServers.Shared.Enums;
 
-public enum ServerPermissionType
+public enum ServerPermissionLevel
 {
+    None = -1,
     Read = 0,
     ReadWrite = 1
 }
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/CreateShareRequest.cs b/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/CreateShareRequest.cs
index 7e04e1e..8ab8e39 100644
--- a/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/CreateShareRequest.cs
+++ b/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/CreateShareRequest.cs
@@ -1,4 +1,5 @@
 using System.ComponentModel.DataAnnotations;
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.Shared.Http.Requests.Client.Servers.Shares;
@@ -8,5 +9,5 @@ public record CreateShareRequest
     [Required(ErrorMessage = "You need to provide a username")]
     public string Username { get; set; }
     
-    public List<ServerSharePermission> Permissions { get; set; } = [];
+    public Dictionary<string, ServerPermissionLevel> Permissions { get; set; } = [];
 }
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/UpdateShareRequest.cs b/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/UpdateShareRequest.cs
index 9b3cbb5..064b525 100644
--- a/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/UpdateShareRequest.cs
+++ b/MoonlightServers.Shared/Http/Requests/Client/Servers/Shares/UpdateShareRequest.cs
@@ -1,8 +1,8 @@
-using MoonlightServers.Shared.Models;
+using MoonlightServers.Shared.Enums;
 
 namespace MoonlightServers.Shared.Http.Requests.Client.Servers.Shares;
 
 public record UpdateShareRequest
 {
-    public List<ServerSharePermission> Permissions { get; set; } = [];
+    public Dictionary<string, ServerPermissionLevel> Permissions { get; set; } = [];
 }
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Http/Responses/Client/Servers/ServerDetailResponse.cs b/MoonlightServers.Shared/Http/Responses/Client/Servers/ServerDetailResponse.cs
index 0c99d9f..0cb4e47 100644
--- a/MoonlightServers.Shared/Http/Responses/Client/Servers/ServerDetailResponse.cs
+++ b/MoonlightServers.Shared/Http/Responses/Client/Servers/ServerDetailResponse.cs
@@ -1,3 +1,4 @@
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Http.Responses.Client.Servers.Allocations;
 using MoonlightServers.Shared.Models;
 
@@ -23,6 +24,6 @@ public record ServerDetailResponse
     public record ShareData
     {
         public string SharedBy { get; set; }
-        public ServerSharePermission[] Permissions { get; set; }
+        public Dictionary<string, ServerPermissionLevel> Permissions { get; set; }
     }
 }
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Http/Responses/Client/Servers/Shares/ServerShareResponse.cs b/MoonlightServers.Shared/Http/Responses/Client/Servers/Shares/ServerShareResponse.cs
index a34a45a..3837f0d 100644
--- a/MoonlightServers.Shared/Http/Responses/Client/Servers/Shares/ServerShareResponse.cs
+++ b/MoonlightServers.Shared/Http/Responses/Client/Servers/Shares/ServerShareResponse.cs
@@ -1,3 +1,4 @@
+using MoonlightServers.Shared.Enums;
 using MoonlightServers.Shared.Models;
 
 namespace MoonlightServers.Shared.Http.Responses.Client.Servers.Shares;
@@ -6,5 +7,5 @@ public class ServerShareResponse
 {
     public int Id { get; set; }
     public string Username { get; set; }
-    public ServerSharePermission[] Permissions { get; set; }
+    public Dictionary<string, ServerPermissionLevel> Permissions { get; set; }
 }
\ No newline at end of file
diff --git a/MoonlightServers.Shared/Models/ServerSharePermission.cs b/MoonlightServers.Shared/Models/ServerSharePermission.cs
deleted file mode 100644
index d6d5d1a..0000000
--- a/MoonlightServers.Shared/Models/ServerSharePermission.cs
+++ /dev/null
@@ -1,9 +0,0 @@
-using MoonlightServers.Shared.Enums;
-
-namespace MoonlightServers.Shared.Models;
-
-public record ServerSharePermission
-{
-    public string Name { get; set; }
-    public ServerPermissionType Type { get; set; }
-}
\ No newline at end of file
diff --git a/MoonlightServers.sln b/MoonlightServers.sln
index b262b1c..16b3c37 100644
--- a/MoonlightServers.sln
+++ b/MoonlightServers.sln
@@ -10,11 +10,6 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MoonlightServers.Daemon", "
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MoonlightServers.DaemonShared", "MoonlightServers.DaemonShared\MoonlightServers.DaemonShared.csproj", "{15EBCC5D-2440-4B5B-A046-F8327E0C1CB8}"
 EndProject
-Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{B20EF01B-C5D6-47E7-B0DF-143E85332513}"
-	ProjectSection(SolutionItems) = preProject
-		plugin.json = plugin.json
-	EndProjectSection
-EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Runtime", "Runtime", "{7836BC34-096D-440C-9DF9-81116EACAABA}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MoonlightServers.ApiServer.Runtime", "MoonlightServers.ApiServer.Runtime\MoonlightServers.ApiServer.Runtime.csproj", "{9F4370FA-C38D-4E84-892F-12ED5DD40FC6}"
diff --git a/plugin.json b/plugin.json
deleted file mode 100644
index 80695ef..0000000
--- a/plugin.json
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "id": "servers",
-  "name": "Servers",
-  "author": "Moonlight-Panel/Servers contributors",
-  "assemblies": {
-    "apiServer": [
-      "MoonlightServers.ApiServer.dll",
-      "MoonlightServers.DaemonShared.dll",
-      "MoonlightServers.Shared.dll"
-    ],
-    "client": [
-      "MoonlightServers.Frontend.dll",
-      "MoonlightServers.Shared.dll"
-    ]
-  },
-  "styles": [
-    "css/XtermBlazor.min.css"
-  ],
-  "scripts": [
-    "js/XtermBlazor.min.js",
-    "js/addon-fit.js",
-    "js/moonlightServers.js"
-  ]
-}
\ No newline at end of file