refactor(adminui): replace authorization string literals with AdminUiPolicies constants

This commit is contained in:
Joseph Doherty
2026-07-13 09:58:42 -04:00
parent b5bf4b73ff
commit aac3285468
7 changed files with 11 additions and 11 deletions
@@ -161,7 +161,7 @@ else
// permitted users. The username is re-read at click time (GetCurrentUserNameAsync) so a
// mid-session token refresh lands in the published command + audit accurately.
var auth = await AuthState.GetAuthenticationStateAsync();
var authResult = await AuthorizationService.AuthorizeAsync(auth.User, null, "DriverOperator");
var authResult = await AuthorizationService.AuthorizeAsync(auth.User, null, AdminUiPolicies.DriverOperator);
_canOperate = authResult.Succeeded;
}
@@ -87,7 +87,7 @@ else
@if (store.Kind is StoreKind.Trusted or StoreKind.Rejected)
{
<td>
<AuthorizeView Policy="FleetAdmin">
<AuthorizeView Policy="@AdminUiPolicies.FleetAdmin">
<Authorized>
@if (store.Kind == StoreKind.Rejected)
{
@@ -183,7 +183,7 @@ else
// Defense-in-depth: the action buttons are FleetAdmin-gated in markup, but this handler
// runs on the server circuit — re-check the policy before mutating the trust store.
var authState = await AuthState.GetAuthenticationStateAsync();
if (!(await AuthorizationService.AuthorizeAsync(authState.User, null, "FleetAdmin")).Succeeded)
if (!(await AuthorizationService.AuthorizeAsync(authState.User, null, AdminUiPolicies.FleetAdmin)).Succeeded)
{
_statusError = true;
_statusMsg = "Unauthorized — FleetAdmin required.";