Joseph Doherty
118 lines
6.2 KiB
Plaintext
118 lines
6.2 KiB
Plaintext
@using ZB.MOM.WW.ScadaBridge.Security
|
|
@using Microsoft.AspNetCore.Components.Routing
|
|
|
|
@* Rail navigation — rendered inside ThemeShell's <Nav> slot. The chassis
|
|
(brand bar + responsive hamburger) belongs to ThemeShell; this component
|
|
contributes only the nav items. Collapsible sections use the kit's
|
|
NavRailSection (<details>); their open/closed state is persisted client-side
|
|
by the kit's nav-state.js (localStorage, keyed by Key) — no JS interop here. *@
|
|
|
|
<NavRailItem Href="/" Text="Dashboard" Match="NavLinkMatch.All" />
|
|
|
|
<AuthorizeView>
|
|
<Authorized>
|
|
@* Admin section — Administrator role only *@
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin">
|
|
<Authorized Context="adminContext">
|
|
<NavRailSection Title="Admin" Key="admin">
|
|
<NavRailItem Href="/admin/ldap-mappings" Text="LDAP Mappings" />
|
|
<NavRailItem Href="/admin/sites" Text="Sites" />
|
|
<NavRailItem Href="/admin/api-keys" Text="API Keys" />
|
|
@* Import Bundle requires Administrator only — Designer role is not sufficient.
|
|
Export Bundle lives in the Design section (RequireDesign). *@
|
|
<NavRailItem Href="/design/transport/import" Text="Import Bundle" />
|
|
</NavRailSection>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
|
|
@* Design section — Designer role *@
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDesign">
|
|
<Authorized Context="designContext">
|
|
<NavRailSection Title="Design" Key="design">
|
|
<NavRailItem Href="/design/templates" Text="Templates" />
|
|
<NavRailItem Href="/design/shared-scripts" Text="Shared Scripts" />
|
|
<NavRailItem Href="/design/connections" Text="Connections" />
|
|
<NavRailItem Href="/design/external-systems" Text="External Systems" />
|
|
<NavRailItem Href="/design/transport/export" Text="Export Bundle" />
|
|
</NavRailSection>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
|
|
@* Deployment section — Deployer role *@
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
|
|
<Authorized Context="deploymentContext">
|
|
<NavRailSection Title="Deployment" Key="deployment">
|
|
<NavRailItem Href="/deployment/topology" Text="Topology" />
|
|
<NavRailItem Href="/deployment/deployments" Text="Deployments" />
|
|
<NavRailItem Href="/deployment/debug-view" Text="Debug View" />
|
|
</NavRailSection>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
|
|
@* Notifications — mixed-role section; each item gated by its own policy.
|
|
The section is ungated: every authenticated user holds at least one of
|
|
Admin/Design/Deployment, so it always has a visible child. *@
|
|
<NavRailSection Title="Notifications" Key="notifications">
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin">
|
|
<Authorized Context="notifAdminContext">
|
|
<NavRailItem Href="/notifications/smtp" Text="SMTP Configuration" />
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDesign">
|
|
<Authorized Context="notifDesignContext">
|
|
<NavRailItem Href="/notifications/lists" Text="Notification Lists" />
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
|
|
<Authorized Context="notifDeploymentContext">
|
|
<NavRailItem Href="/notifications/report" Text="Notification Report" />
|
|
<NavRailItem Href="/notifications/kpis" Text="Notification KPIs" />
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
</NavRailSection>
|
|
|
|
@* Site Calls — Site Call Audit (#22). Deployer-role only,
|
|
matching the Notification Report page's gate; the whole
|
|
section sits inside the policy block so a non-Deployer
|
|
user does not see the heading. *@
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
|
|
<Authorized Context="siteCallsContext">
|
|
<NavRailSection Title="Site Calls" Key="sitecalls">
|
|
<NavRailItem Href="/site-calls/report" Text="Site Calls" />
|
|
</NavRailSection>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
|
|
@* Monitoring — Health Dashboard is all-roles; Event Logs and
|
|
Parked Messages are Deployer-role only (Component-CentralUI).
|
|
The section is ungated because Health Dashboard is always
|
|
a visible child. *@
|
|
<NavRailSection Title="Monitoring" Key="monitoring">
|
|
<NavRailItem Href="/monitoring/health" Text="Health Dashboard" />
|
|
<AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
|
|
<Authorized Context="monitoringContext">
|
|
<NavRailItem Href="/monitoring/event-logs" Text="Event Logs" />
|
|
<NavRailItem Href="/monitoring/parked-messages" Text="Parked Messages" />
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
</NavRailSection>
|
|
|
|
@* Audit — gated on the OperationalAudit policy (#23 M7-T15
|
|
/ Bundle G). Hosts the Audit Log page (#23 M7) and the
|
|
Configuration Audit Log (IAuditService config-change
|
|
viewer). The whole section sits inside the policy block:
|
|
a non-audit user does not even see the heading.
|
|
OperationalAudit is satisfied by the Administrator and
|
|
Viewer roles (post-Task-1.7 canonical collapse: former
|
|
Audit→Administrator, AuditReadOnly→Viewer). *@
|
|
<AuthorizeView Policy="@AuthorizationPolicies.OperationalAudit">
|
|
<Authorized Context="auditContext">
|
|
<NavRailSection Title="Audit" Key="audit">
|
|
<NavRailItem Href="/audit/log" Text="Audit Log" />
|
|
<NavRailItem Href="/audit/configuration" Text="Configuration Audit Log" />
|
|
</NavRailSection>
|
|
</Authorized>
|
|
</AuthorizeView>
|
|
</Authorized>
|
|
</AuthorizeView>
|