@* Router with AuthorizeRouteView so page-level [Authorize] attributes are enforced
   (with plain RouteView, the attribute is inert — Admin-001). Unauthenticated users
   hit the NotAuthorized slot and are bounced to /login; the route they came from is
   round-tripped as ?returnUrl=. *@

@using ZB.MOM.WW.OtOpcUa.AdminUI.Components.Layout

<Router AppAssembly="@typeof(Routes).Assembly" AdditionalAssemblies="@AdditionalAssemblies">
    <Found Context="routeData">
        <AuthorizeRouteView RouteData="@routeData" DefaultLayout="@typeof(MainLayout)">
            <NotAuthorized>
                @if (context.User.Identity?.IsAuthenticated != true)
                {
                    <RedirectToLogin/>
                }
                else
                {
                    <LayoutView Layout="@typeof(MainLayout)">
                        <p class="text-danger">You do not have permission to view this page.</p>
                    </LayoutView>
                }
            </NotAuthorized>
            <Authorizing>
                <LayoutView Layout="@typeof(MainLayout)"><p>Authorizing…</p></LayoutView>
            </Authorizing>
        </AuthorizeRouteView>
    </Found>
</Router>

@code {
    /// <summary>
    /// Hosts that want to expose pages defined in their own assembly pass them here. The fused
    /// Host doesn't currently host its own routable pages — everything lives in this RCL — but
    /// the parameter is here so a downstream consumer (or test rig) can extend without forking
    /// Routes.razor.
    /// </summary>
    [Parameter]
    public IEnumerable<System.Reflection.Assembly>? AdditionalAssemblies { get; set; }
}