dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs(auth): ScadaBridge Task 1.7 review — correct stale role-name prose in NavMenu comments (Admin/Design/Deployment/Audit→canonical)

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-02 08:13:38 -04:00
parent b104760b3a
commit 4118452e72
1 changed files with 10 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/ZB.MOM.WW.ScadaBridge.CentralUI/Components/Layout/NavMenu.razor
+10 -9
View File
@@ -17,7 +17,7 @@
<AuthorizeView> <AuthorizeView>
<Authorized> <Authorized>
@* Admin section — Admin role only *@ @* Admin section — Administrator role only *@
<AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin"> <AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin">
<Authorized Context="adminContext"> <Authorized Context="adminContext">
<NavSection Title="Admin" <NavSection Title="Admin"
@@ -32,7 +32,7 @@
<li class="nav-item"> <li class="nav-item">
<NavLink class="nav-link" href="/admin/api-keys">API Keys</NavLink> <NavLink class="nav-link" href="/admin/api-keys">API Keys</NavLink>
</li> </li>
@* Import Bundle requires Admin only — Design role is not sufficient. @* Import Bundle requires Administrator only — Designer role is not sufficient.
Export Bundle lives in the Design section (RequireDesign). *@ Export Bundle lives in the Design section (RequireDesign). *@
<li class="nav-item"> <li class="nav-item">
<NavLink class="nav-link" href="/design/transport/import">Import Bundle</NavLink> <NavLink class="nav-link" href="/design/transport/import">Import Bundle</NavLink>
@@ -41,7 +41,7 @@
</Authorized> </Authorized>
</AuthorizeView> </AuthorizeView>
@* Design section — Design role *@ @* Design section — Designer role *@
<AuthorizeView Policy="@AuthorizationPolicies.RequireDesign"> <AuthorizeView Policy="@AuthorizationPolicies.RequireDesign">
<Authorized Context="designContext"> <Authorized Context="designContext">
<NavSection Title="Design" <NavSection Title="Design"
@@ -66,7 +66,7 @@
</Authorized> </Authorized>
</AuthorizeView> </AuthorizeView>
@* Deployment section — Deployment role *@ @* Deployment section — Deployer role *@
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment"> <AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
<Authorized Context="deploymentContext"> <Authorized Context="deploymentContext">
<NavSection Title="Deployment" <NavSection Title="Deployment"
@@ -117,9 +117,9 @@
</AuthorizeView> </AuthorizeView>
</NavSection> </NavSection>
@* Site Calls — Site Call Audit (#22). Deployment-role only, @* Site Calls — Site Call Audit (#22). Deployer-role only,
matching the Notification Report page's gate; the whole matching the Notification Report page's gate; the whole
section sits inside the policy block so a non-Deployment section sits inside the policy block so a non-Deployer
user does not see the heading. *@ user does not see the heading. *@
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment"> <AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
<Authorized Context="siteCallsContext"> <Authorized Context="siteCallsContext">
@@ -134,7 +134,7 @@
</AuthorizeView> </AuthorizeView>
@* Monitoring — Health Dashboard is all-roles; Event Logs and @* Monitoring — Health Dashboard is all-roles; Event Logs and
Parked Messages are Deployment-role only (Component-CentralUI). Parked Messages are Deployer-role only (Component-CentralUI).
The section is ungated because Health Dashboard is always The section is ungated because Health Dashboard is always
a visible child. *@ a visible child. *@
<NavSection Title="Monitoring" <NavSection Title="Monitoring"
@@ -160,8 +160,9 @@
Configuration Audit Log (IAuditService config-change Configuration Audit Log (IAuditService config-change
viewer). The whole section sits inside the policy block: viewer). The whole section sits inside the policy block:
a non-audit user does not even see the heading. a non-audit user does not even see the heading.
OperationalAudit is satisfied by the Admin, Audit, and OperationalAudit is satisfied by the Administrator and
AuditReadOnly roles. *@ Viewer roles (post-Task-1.7 canonical collapse: former
Audit→Administrator, AuditReadOnly→Viewer). *@
<AuthorizeView Policy="@AuthorizationPolicies.OperationalAudit"> <AuthorizeView Policy="@AuthorizationPolicies.OperationalAudit">
<Authorized Context="auditContext"> <Authorized Context="auditContext">
<NavSection Title="Audit" <NavSection Title="Audit"