@* Cluster-scoped counterpart of . Renders Authorized/ChildContent only when the signed-in user's effective role for ClusterId meets MinRole; otherwise renders NotAuthorized. Effective role combines fleet-wide and cluster-scoped grants — see ClaimsPrincipalClusterExtensions. *@ @using System.Security.Claims @using ZB.MOM.WW.OtOpcUa.Admin.Security @using ZB.MOM.WW.OtOpcUa.Configuration.Enums @if (_authorized) { @(Authorized ?? ChildContent) } else { @NotAuthorized } @code { [CascadingParameter] private Task? AuthState { get; set; } ///

Cluster the grant is evaluated against.

[Parameter, EditorRequired] public string ClusterId { get; set; } = string.Empty; ///

Minimum effective role required to render the authorized content.

[Parameter] public AdminRole MinRole { get; set; } = AdminRole.ConfigViewer; ///

Content shown when authorized (alias-friendly: use this or ).

[Parameter] public RenderFragment? Authorized { get; set; } ///

Default content slot — shown when authorized if is unset.

[Parameter] public RenderFragment? ChildContent { get; set; } ///

Content shown when the user lacks the required role; renders nothing when unset.

[Parameter] public RenderFragment? NotAuthorized { get; set; } private bool _authorized; protected override async Task OnParametersSetAsync() { _authorized = false; if (AuthState is null) return; var user = (await AuthState).User; _authorized = user.HasClusterRole(ClusterId, MinRole); } }