@page "/admin/ldap-mappings/create" @page "/admin/ldap-mappings/{Id:int}/edit" @using ZB.MOM.WW.ScadaBridge.Commons.Entities.Security @using ZB.MOM.WW.ScadaBridge.Commons.Entities.Sites @using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Repositories @using ZB.MOM.WW.ScadaBridge.Security @attribute [Authorize(Policy = AuthorizationPolicies.RequireAdmin)] @inject ISecurityRepository SecurityRepository @inject ISiteRepository SiteRepository @inject NavigationManager NavigationManager @inject IDialogService Dialog

Mapping

LDAP Group Name

Role

Deployment role: configure site scope below after saving.

@if (_formError != null) {

@_formError

}

Site Scope Rules

@if (!IsEditMode) {

Save the mapping first to configure site scope.

} else { @if (_scopeRules.Count > 0) {

@foreach (var rule in _scopeRules) { var siteName = _siteLookup.GetValueOrDefault(rule.SiteId)?.Name ?? $"Site {rule.SiteId}"; @siteName }

} else {

All sites (no restrictions)

}

Site

@if (_scopeRuleError != null) {

@_scopeRuleError

} }

@code { [Parameter] public int? Id { get; set; } private bool IsEditMode => Id.HasValue; private LdapGroupMapping? _editingMapping; private string _formGroupName = string.Empty; private string _formRole = string.Empty; private string? _formError; private List _scopeRules = new(); private List _sites = new(); private Dictionary _siteLookup = new(); private int _scopeRuleSiteId; private string? _scopeRuleError; protected override async Task OnInitializedAsync() { _sites = (await SiteRepository.GetAllSitesAsync()).ToList(); _siteLookup = _sites.ToDictionary(s => s.Id); if (Id.HasValue) { _editingMapping = await SecurityRepository.GetMappingByIdAsync(Id.Value); if (_editingMapping != null) { _formGroupName = _editingMapping.LdapGroupName; _formRole = _editingMapping.Role; _scopeRules = (await SecurityRepository.GetScopeRulesForMappingAsync(Id.Value)).ToList(); } } } private void GoBack() { NavigationManager.NavigateTo("/admin/ldap-mappings"); } private async Task SaveMapping() { _formError = null; if (string.IsNullOrWhiteSpace(_formGroupName)) { _formError = "LDAP Group Name is required."; return; } if (string.IsNullOrWhiteSpace(_formRole)) { _formError = "Role is required."; return; } try { if (_editingMapping != null) { _editingMapping.LdapGroupName = _formGroupName.Trim(); _editingMapping.Role = _formRole; await SecurityRepository.UpdateMappingAsync(_editingMapping); } else { var mapping = new LdapGroupMapping(_formGroupName.Trim(), _formRole); await SecurityRepository.AddMappingAsync(mapping); } await SecurityRepository.SaveChangesAsync(); NavigationManager.NavigateTo("/admin/ldap-mappings"); } catch (Exception ex) { _formError = $"Save failed: {ex.Message}"; } } private async Task AddScopeRule() { _scopeRuleError = null; if (_scopeRuleSiteId <= 0) { _scopeRuleError = "Select a site to add a scope rule."; return; } try { var rule = new SiteScopeRule { LdapGroupMappingId = Id!.Value, SiteId = _scopeRuleSiteId }; await SecurityRepository.AddScopeRuleAsync(rule); await SecurityRepository.SaveChangesAsync(); _scopeRules = (await SecurityRepository.GetScopeRulesForMappingAsync(Id.Value)).ToList(); _scopeRuleSiteId = 0; } catch (Exception ex) { _scopeRuleError = $"Save failed: {ex.Message}"; } } private async Task DeleteScopeRule(SiteScopeRule rule) { var siteName = _siteLookup.GetValueOrDefault(rule.SiteId)?.Name ?? $"Site {rule.SiteId}"; var confirmed = await Dialog.ConfirmAsync( "Remove Scope Rule", $"Remove scope rule for '{siteName}'?", danger: true); if (!confirmed) return; try { await SecurityRepository.DeleteScopeRuleAsync(rule.Id); await SecurityRepository.SaveChangesAsync(); _scopeRules = (await SecurityRepository.GetScopeRulesForMappingAsync(Id!.Value)).ToList(); } catch (Exception ex) { _scopeRuleError = $"Delete failed: {ex.Message}"; } } }