feat(security): add AuthDisableLoginOptions + DevAuthRoles for dev login bypass

This commit is contained in:
Joseph Doherty
2026-06-11 04:26:20 -04:00
parent bc31b6a4de
commit a92ba6a10b
3 changed files with 55 additions and 0 deletions
@@ -0,0 +1,18 @@
using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
namespace ZB.MOM.WW.OtOpcUa.Security.Auth;
/// <summary>
/// The full canonical role set granted to the auto-login dev principal: every
/// <see cref="AdminRole"/> plus the appsettings-only control-plane role "Operator"
/// (required by the DriverOperator policy). Centralised so adding an AdminRole
/// automatically widens the grant.
/// </summary>
public static class DevAuthRoles
{
/// <summary>Operator role string — not an <see cref="AdminRole"/> enum member; used by the DriverOperator policy.</summary>
public const string Operator = "Operator";
/// <summary>All roles granted to the auto-login principal.</summary>
public static readonly string[] All = [.. Enum.GetNames<AdminRole>(), Operator];
}