From 5ddb17a089996a64fe271cf27af4c1fc21923677 Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Thu, 4 Jun 2026 16:38:08 -0400
Subject: [PATCH] feat(auth): seed SCADA-Viewers->Viewer LDAP-group role
 mapping

Completes the multi-role test user's 4th role. HasData row Id=5
(SCADA-Viewers->Viewer) + the SCADA-Viewers group in the (now-retired) local
glauth config. The live shared dir is scadaproj/infra/glauth/.
---
 infra/glauth/config.toml                                  | 8 +++++++-
 .../Configurations/SecurityConfiguration.cs               | 6 +++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/infra/glauth/config.toml b/infra/glauth/config.toml
index 9a1200bf..b90e11df 100644
--- a/infra/glauth/config.toml
+++ b/infra/glauth/config.toml
@@ -27,6 +27,10 @@
   name = "SCADA-Deploy-SiteA"
   gidnumber = 5504
 
+[[groups]]
+  name = "SCADA-Viewers"
+  gidnumber = 5505
+
 # ── Users ───────────────────────────────────────────────────────────
 # All test passwords: "password"
 # SHA256 of "password": 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8
@@ -77,5 +81,7 @@
   mail = "multi-role@scadabridge.local"
   uidnumber = 5005
   primarygroup = 5501
-  othergroups = [5502, 5503]
+  # Member of every role group so it resolves to all four ScadaBridge roles:
+  # 5501 Admins→Administrator, 5502 Designers→Designer, 5503/5504 Deploy→Deployer, 5505 Viewers→Viewer
+  othergroups = [5502, 5503, 5504, 5505]
   passsha256 = "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8"
diff --git a/src/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase/Configurations/SecurityConfiguration.cs b/src/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase/Configurations/SecurityConfiguration.cs
index 109b5142..6fdaa1b4 100644
--- a/src/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase/Configurations/SecurityConfiguration.cs
+++ b/src/ZB.MOM.WW.ScadaBridge.ConfigurationDatabase/Configurations/SecurityConfiguration.cs
@@ -33,7 +33,11 @@ public class LdapGroupMappingConfiguration : IEntityTypeConfiguration<LdapGroupM
             new LdapGroupMapping("SCADA-Admins", "Administrator") { Id = 1 },
             new LdapGroupMapping("SCADA-Designers", "Designer") { Id = 2 },
             new LdapGroupMapping("SCADA-Deploy-All", "Deployer") { Id = 3 },
-            new LdapGroupMapping("SCADA-Deploy-SiteA", "Deployer") { Id = 4 });
+            new LdapGroupMapping("SCADA-Deploy-SiteA", "Deployer") { Id = 4 },
+            // SCADA-Viewers → Viewer completes the four-role set so the GLAuth
+            // "multi-role" test user (a member of every SCADA-* group) resolves to
+            // Administrator + Designer + Deployer + Viewer.
+            new LdapGroupMapping("SCADA-Viewers", "Viewer") { Id = 5 });
     }
 }