@using Microsoft.AspNetCore.Components.Authorization
@using Microsoft.AspNetCore.Components.Routing
@using ZB.MOM.WW.OtOpcUa.Admin.Components.Layout

<Router AppAssembly="@typeof(Program).Assembly">
    <Found Context="routeData">
        @* AuthorizeRouteView (not a plain RouteView) is what makes a page-level
           [Authorize] attribute actually enforced — with RouteView the attribute
           is inert (Admin-001). Unauthenticated users hit the NotAuthorized slot
           and are bounced to /login; the route is preserved as returnUrl. *@
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <NotAuthorized>
                @if (context.User.Identity?.IsAuthenticated != true)
                {
                    <RedirectToLogin/>
                }
                else
                {
                    <LayoutView Layout="@typeof(MainLayout)">
                        <p class="text-danger">You do not have permission to view this page.</p>
                    </LayoutView>
                }
            </NotAuthorized>
            <Authorizing>
                <LayoutView Layout="@typeof(MainLayout)"><p>Authorizing…</p></LayoutView>
            </Authorizing>
        </AuthorizeRouteView>
    </Found>
    <NotFound>
        <LayoutView Layout="@typeof(MainLayout)"><p>Not found.</p></LayoutView>
    </NotFound>
</Router>