docs(security): document AdminUI policy tiers (ConfigEditor/AuthenticatedRead) + R2-05 status
This commit is contained in:
@@ -14,7 +14,7 @@
|
||||
{ "id": "T10", "subject": "Read pages to AuthenticatedRead (16 incl. Home insert) + RoleGrants to FleetAdmin constant", "status": "completed", "blockedBy": ["T4", "T5"] },
|
||||
{ "id": "T11", "subject": "Guard GREEN checkpoint + full AdminUI.Tests; commit the gate", "status": "completed", "blockedBy": ["T3", "T6", "T7", "T8", "T9", "T10"] },
|
||||
{ "id": "T12", "subject": "Converge non-page literals to constants (ScriptAnalysisEndpoints, imperative DriverOperator x4, Certificates FleetAdmin x2)", "status": "completed", "blockedBy": ["T11"] },
|
||||
{ "id": "T13", "subject": "Docs: CLAUDE.md ScriptAnalysis gate sentence, docs/security.md, STATUS.md R2-05 row", "status": "pending", "blockedBy": ["T11"] },
|
||||
{ "id": "T13", "subject": "Docs: CLAUDE.md ScriptAnalysis gate sentence, docs/security.md, STATUS.md R2-05 row", "status": "completed", "blockedBy": ["T11"] },
|
||||
{ "id": "T14", "subject": "Full-solution test sweep (dotnet test ZB.MOM.WW.OtOpcUa.slnx)", "status": "pending", "blockedBy": ["T12", "T13"] },
|
||||
{ "id": "T15", "subject": "Live /run positive pass on docker-dev :9200 (rebuild BOTH centrals; auto-admin drives all page tiers; negative proof stays in T2/T3)", "status": "pending", "blockedBy": ["T14"] },
|
||||
{ "id": "T16", "subject": "Merge + bookkeeping (flip 04/C-1 row, record Reservations/ClusterRedundancy corrections)", "status": "pending", "blockedBy": ["T15"] }
|
||||
|
||||
@@ -150,3 +150,9 @@ surface), 03/S2/S3 block-bridging, 03/P1 surgical adds (guard prerequisite in pl
|
||||
per-plan task counts, effort, and suggested execution order: [`00-INDEX.md`](00-INDEX.md) §"Round 2
|
||||
plans". 193 bite-sized TDD tasks total, ~18–24 dev-days end-to-end; R2-01/02/03 (the re-review's
|
||||
new-and-sharp items) are ~2 days combined.
|
||||
|
||||
### Round-2 remediation — in progress
|
||||
|
||||
| Plan | Finding | Status | Branch @ commit | Notes |
|
||||
|---|---|---|---|---|
|
||||
| **R2-05 — AdminUI authorization** | 04/C-1 (High) | ✅ code-complete (offline); live pass deferred | `r2/05-adminui-authz` | One authz idiom: all 38 routable pages carry an explicit named-policy `@attribute` via new `AdminUiPolicies` constants (`Security/Auth/`). New `ConfigEditor` (Administrator+Designer) gates the 20-page config-authoring surface incl. the 8 driver pages that author live `ResilienceConfig` + `/api/script-analysis/*`; new `AuthenticatedRead` on the 16 read pages; `FleetAdmin`/`DriverOperator` unchanged (literals→constants). Anti-drift guard `PageAuthorizationGuardTests` (bans bare `[Authorize]`/`Roles=`/unknown-policy/unclassified) + `AdminUiPoliciesTests` semantics matrix. **Verification corrections folded in:** Reservations + ClusterRedundancy are read-only (→`AuthenticatedRead`, not `ConfigEditor`); Home carried no attribute at all (now `AuthenticatedRead`). Live `/run` positive pass deferred — docker-dev `DisableLogin=true` auto-authenticates as full-access admin, so it can only regression-check over-gating, not observe deny; the negative proof is CI-side (both guard tests). |
|
||||
|
||||
Reference in New Issue
Block a user