fix(adminui): cert page review — server-side FleetAdmin re-check, explicit delete switch, alert CSS

src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Certificates.razor

@@ -7,6 +7,8 @@
 @using ZB.MOM.WW.OtOpcUa.AdminUI.Certificates
 @inject IConfiguration Config
 @inject CertificateStoreManager CertManager
+@inject Microsoft.AspNetCore.Authorization.IAuthorizationService AuthorizationService
+@inject AuthenticationStateProvider AuthState
 @implements IDisposable
 
 <div class="d-flex justify-content-between align-items-center mb-3">
@@ -28,7 +30,7 @@ else
 {
     @if (_statusMsg is not null)
     {
-        <section class="panel @(_statusError ? "error" : "notice") rise mt-3">@_statusMsg</section>
+        <section class="panel notice rise mt-3" style="@(_statusError ? "border-color:var(--alert)" : null)">@_statusMsg</section>
     }
     @if (_pending is { } p)
     {
@@ -174,15 +176,32 @@ else
 
     private void CancelAction() => _pending = null;
 
-    private void ConfirmAction()
+    private async Task ConfirmAction()
     {
         if (_pending is not { } p) return;
+
+        // Defense-in-depth: the action buttons are FleetAdmin-gated in markup, but this handler
+        // runs on the server circuit — re-check the policy before mutating the trust store.
+        var authState = await AuthState.GetAuthenticationStateAsync();
+        if (!(await AuthorizationService.AuthorizeAsync(authState.User, null, "FleetAdmin")).Succeeded)
+        {
+            _statusError = true;
+            _statusMsg = "Unauthorized — FleetAdmin required.";
+            _pending = null;
+            return;
+        }
+
         var result = p.Verb switch
         {
             "trust"   => CertManager.Trust(p.Thumbprint),
             "untrust" => CertManager.Untrust(p.Thumbprint),
-            "delete"  => CertManager.Delete(p.Kind == StoreKind.Trusted ? "trusted" : "rejected", p.Thumbprint),
-            _         => CertActionResult.Fail("unknown action"),
+            "delete"  => p.Kind switch
+            {
+                StoreKind.Trusted  => CertManager.Delete("trusted", p.Thumbprint),
+                StoreKind.Rejected => CertManager.Delete("rejected", p.Thumbprint),
+                _                  => CertActionResult.Fail($"cannot delete from {p.Kind}"),
+            },
+            _ => CertActionResult.Fail("unknown action"),
         };
         _statusError = !result.Success;
         _statusMsg = result.Success