dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat(centralui): MainLayout/NavMenu delegate to ZB.MOM.WW.Theme ThemeShell + kit nav

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-03 03:31:10 -04:00
parent 6fb545d75b
commit 957203ec7b
5 changed files with 237 additions and 425 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Layout/NavMenuTests.cs
+102 -53
View File
@@ -11,26 +11,21 @@ using NavMenu = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Layout.NavMenu;
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Layout;
/// <summary>
/// bUnit rendering tests for the sidebar <see cref="NavMenu"/>. They verify the
/// collapsible section behaviour (sections collapsed by default, a toggle
/// reveals a section's items and persists state to a cookie) and that the
/// Notifications section's items are gated per-policy. The
/// <c>AuthorizeView Policy=...</c> blocks evaluate the real policies, which
/// require a claim of type <see cref="JwtTokenService.RoleClaimType"/> (the
/// canonical <c>ZbClaimTypes.Role</c> framework URI), so the test principal
/// carries claims of that exact type.
/// bUnit rendering tests for the rail <see cref="NavMenu"/>. After the
/// ZB.MOM.WW.Theme adoption (Task 2.4) the nav is composed of the kit's
/// <c>NavRailSection</c> (a native <c>&lt;details&gt;</c> disclosure, expanded
/// by default — no JS interop, works in static SSR) and <c>NavRailItem</c>
/// links. These tests verify the structure (sections render as
/// <c>details.rail-section</c>, not the old <c>button.nav-section-toggle</c>)
/// and — the load-bearing security behaviour — that each section's items are
/// gated by the correct authorization policy. The <c>AuthorizeView Policy=...</c>
/// blocks evaluate the real policies, which require a claim of type
/// <see cref="JwtTokenService.RoleClaimType"/> (the canonical
/// <c>ZbClaimTypes.Role</c> framework URI), so the test principal carries
/// claims of that exact type.
/// </summary>
public class NavMenuTests : BunitContext
{
public NavMenuTests()
{
// NavMenu reads the nav-collapse cookie via the navState.get JS interop
// call in OnAfterRenderAsync and writes it via navState.set on toggle.
// Loose mode lets navState.get no-op (returns null) so the sidebar
// renders collapsed, and still records navState.set invocations.
JSInterop.Mode = JSRuntimeMode.Loose;
}
/// <summary>
/// Renders <see cref="NavMenu"/> under a principal holding the given roles.
/// <see cref="NavMenu"/>'s top-level <c>AuthorizeView</c> requires the
@@ -44,7 +39,22 @@ public class NavMenuTests : BunitContext
var claims = new List<Claim> { new(JwtTokenService.UsernameClaimType, "tester") };
claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
// "TestAuth" authentication type → IsAuthenticated == true.
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
return RenderWithPrincipal(user);
}
/// <summary>
/// Renders <see cref="NavMenu"/> with an anonymous (unauthenticated)
/// principal — a bare <see cref="ClaimsIdentity"/> with no authentication
/// type, so <c>IsAuthenticated == false</c> and every <c>AuthorizeView</c>
/// renders its (empty) <c>NotAuthorized</c>/fallthrough branch.
/// </summary>
private IRenderedComponent<NavMenu> RenderAnonymous()
=> RenderWithPrincipal(new ClaimsPrincipal(new ClaimsIdentity()));
private IRenderedComponent<NavMenu> RenderWithPrincipal(ClaimsPrincipal user)
{
Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
Services.AddAuthorizationCore();
AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
@@ -63,62 +73,46 @@ public class NavMenuTests : BunitContext
return host.FindComponent<NavMenu>();
}
/// <summary>
/// Clicks the collapsible section header whose title matches, expanding it.
/// </summary>
private static void ExpandSection(IRenderedComponent<NavMenu> cut, string title)
{
var toggle = cut.FindAll("button.nav-section-toggle")
.Single(b => b.TextContent.Contains(title, StringComparison.Ordinal));
toggle.Click();
}
[Fact]
public void Sections_AreCollapsedByDefault()
public void Sections_RenderAsKitDetailsDisclosures_ExpandedByDefault()
{
var cut = RenderWithRoles("Administrator", "Designer", "Deployer");
cut.WaitForAssertion(() =>
{
// Section headers render unconditionally...
// Kit nav: sections are <details class="rail-section"> disclosures,
// NOT the old interactive button.nav-section-toggle.
Assert.Empty(cut.FindAll("button.nav-section-toggle"));
Assert.NotEmpty(cut.FindAll("details.rail-section"));
// Section eyebrows still render their titles.
Assert.Contains(">Notifications<", cut.Markup);
Assert.Contains(">Deployment<", cut.Markup);
// ...but their items stay out of the DOM until the section opens.
Assert.DoesNotContain("/notifications/smtp", cut.Markup);
Assert.DoesNotContain("/deployment/topology", cut.Markup);
// The kit's NavRailSection defaults to open, so items are in the DOM
// without any toggle/JS — this is the static-SSR-friendly behaviour.
Assert.Contains("/notifications/smtp", cut.Markup);
Assert.Contains("/deployment/topology", cut.Markup);
});
}
[Fact]
public void TogglingSection_RevealsItsItems()
{
var cut = RenderWithRoles("Deployer");
Assert.DoesNotContain("/deployment/topology", cut.Markup);
ExpandSection(cut, "Deployment");
Assert.Contains("/deployment/topology", cut.Markup);
Assert.Contains("/deployment/deployments", cut.Markup);
Assert.Contains("/deployment/debug-view", cut.Markup);
}
[Fact]
public void TogglingSection_PersistsStateToCookie()
public void DeploymentSection_RendersAllItems_ForDeployer()
{
var cut = RenderWithRoles("Deployer");
ExpandSection(cut, "Deployment");
// Expanding wrote the cookie through the navState.set JS interop call.
var invocation = JSInterop.Invocations.Last(i => i.Identifier == "navState.set");
Assert.Equal("deployment", invocation.Arguments[0]);
cut.WaitForAssertion(() =>
{
Assert.Contains("/deployment/topology", cut.Markup);
Assert.Contains("/deployment/deployments", cut.Markup);
Assert.Contains("/deployment/debug-view", cut.Markup);
});
}
[Fact]
public void NotificationsSection_ShowsAllItems_ForMultiRoleUser()
{
var cut = RenderWithRoles("Administrator", "Designer", "Deployer");
ExpandSection(cut, "Notifications");
cut.WaitForAssertion(() =>
{
@@ -134,7 +128,6 @@ public class NavMenuTests : BunitContext
public void NotificationsSection_AdminOnlyUser_SeesOnlySmtp()
{
var cut = RenderWithRoles("Administrator");
ExpandSection(cut, "Notifications");
cut.WaitForAssertion(() =>
{
@@ -156,4 +149,60 @@ public class NavMenuTests : BunitContext
Assert.DoesNotContain("/monitoring/notification-outbox", cut.Markup);
});
}
// ── AuthorizeView-gated SECTION visibility (the GAPS open question) ──────
// A whole NavRailSection wrapped in <AuthorizeView Policy="..."> must SHOW
// (heading + items) for an authorized principal and be entirely ABSENT for
// an unauthorized/anonymous one. The Audit section (OperationalAudit policy)
// is the witness — its heading lives inside the policy block, so a denied
// user must not even see the eyebrow.
[Fact]
public void PolicyGatedSection_IsVisible_ForAuthorizedPrincipal()
{
// OperationalAudit is satisfied by the Administrator role.
var cut = RenderWithRoles("Administrator");
cut.WaitForAssertion(() =>
{
Assert.Contains(">Audit<", cut.Markup); // section heading present
Assert.Contains("/audit/log", cut.Markup); // gated items present
Assert.Contains("/audit/configuration", cut.Markup);
});
}
[Fact]
public void PolicyGatedSection_IsAbsent_ForUnauthorizedPrincipal()
{
// Designer satisfies RequireDesign but NOT OperationalAudit.
var cut = RenderWithRoles("Designer");
cut.WaitForAssertion(() =>
{
Assert.DoesNotContain(">Audit<", cut.Markup); // heading hidden, not just items
Assert.DoesNotContain("/audit/log", cut.Markup);
Assert.DoesNotContain("/audit/configuration", cut.Markup);
});
}
[Fact]
public void PolicyGatedSections_AllAbsent_ForAnonymousPrincipal()
{
var cut = RenderAnonymous();
cut.WaitForAssertion(() =>
{
// The Dashboard link is always-visible (outside every AuthorizeView)...
Assert.Contains("Dashboard", cut.Markup);
// ...but no policy-gated section or its items leak to an anonymous user.
Assert.DoesNotContain(">Admin<", cut.Markup);
Assert.DoesNotContain(">Design<", cut.Markup);
Assert.DoesNotContain(">Deployment<", cut.Markup);
Assert.DoesNotContain(">Notifications<", cut.Markup);
Assert.DoesNotContain(">Audit<", cut.Markup);
Assert.DoesNotContain("/admin/sites", cut.Markup);
Assert.DoesNotContain("/design/templates", cut.Markup);
Assert.DoesNotContain("/audit/log", cut.Markup);
});
}
}
tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Pages/AuditLogPageScaffoldTests.cs
+9 -6
View File
@@ -103,15 +103,18 @@ public class AuditLogPageScaffoldTests : BunitContext
}
/// <summary>
/// Clicks the collapsible section header whose title matches, expanding it.
/// Nav sections are collapsed by default, so a section's items are only in
/// the DOM once expanded.
/// Asserts the named rail section is present. After the ZB.MOM.WW.Theme
/// adoption (Task 2.4) nav sections are the kit's <c>NavRailSection</c> —
/// native <c>&lt;details class="rail-section"&gt;</c> disclosures that are
/// open by default, so a section's items are already in the DOM (no click
/// needed, no JS). This helper just confirms the section's
/// <c>summary.rail-eyebrow-toggle</c> eyebrow exists for the given title.
/// </summary>
private static void ExpandNavSection(IRenderedComponent<NavMenu> cut, string title)
{
var toggle = cut.FindAll("button.nav-section-toggle")
.Single(b => b.TextContent.Contains(title, StringComparison.Ordinal));
toggle.Click();
Assert.Contains(
cut.FindAll("details.rail-section > summary.rail-eyebrow-toggle"),
s => s.TextContent.Contains(title, StringComparison.Ordinal));
}
[Fact]