R2-05 AdminUI authorization (arch-review round 2) #428
Reference in New Issue
Block a user
Delete Branch "r2/05-adminui-authz"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Round-2 arch-review plan R2-05 (finding 04/C-1, High — under-gated AdminUI config surfaces; stakes raised because ResilienceConfig rides the config-authoring surface).
AdminUiPoliciesconstants (single source of truth for the 4 policy names)./api/script-analysis/*); AuthenticatedRead on the 16 read pages. FleetAdmin/DriverOperator literals→constants.[Authorize], zeroRoles=.PageAuthorizationGuardTests(the no-bUnit substitute) +AdminUiPoliciesTestsrole matrix.15/16 tasks; T15 deferred-live (docker-dev DisableLogin=true auto-admin makes role-deny unobservable there — deny proof is CI-side, green). Build clean; AdminUI.Tests 517/517, Security.Tests 80/80. Plan:
archreview/plans/R2-05-adminui-authz-plan.md.Landed on
mastervia merge commit12b32065(local --no-ff merge, STATUS.md conflict resolved additively, clean build barrier). Closing as merged.Pull request closed