dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4b374fd1772aba1c9795daff41e29ffcbd83b28b
lmxopcua/src/Server/ZB.MOM.WW.OtOpcUa.AdminUI/Components/Pages/Account.razor
T
Joseph Doherty 850d6774ea
v2-ci / build (push) Failing after 38s
Details
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
Details
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
Details
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
Details
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
Details
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
Details
v2-ci / integration (push) Has been skipped
Details
feat(adminui): F15 Phase A — shell + auth + fleet + hosts pages 
Implements Phase A of the F15 rebuild plan: minimum-viable Admin surface
with a working sign-in path and a fleet-state landing page. Decisions Q1–Q5
of docs/v2/AdminUI-rebuild-plan.md were taken as recommended.

- App.razor (moved into AdminUI library from the Host stub; vendored
  Bootstrap from RCL wwwroot — no public CDN, air-gap safe)
- Routes.razor (AuthorizeRouteView enforces page-level [Authorize])
- RedirectToLogin.razor (preserves returnUrl through the auth hop)
- Login.razor (static SSR, posts to /auth/login; Q5 wording about
  generic-vs-specific LDAP errors)
- Account.razor (identity + fleet roles + raw LDAP groups; Q4 — no
  per-cluster grants; fleet-wide LDAP-group → role mapping only)
- Fleet.razor (per-node deployment status: reads NodeDeploymentState
  + unions with IClusterRoleInfo.MembersWithRole("driver") so freshly-
  joined nodes appear as "waiting"; 10s auto-refresh)
- Hosts.razor (Akka cluster topology: members, status, roles, role-
  leader; 5s auto-refresh)

Host's stub App.razor deleted; Program.cs now points at
AdminUI.Components.App via an added using.

All 104 v2 tests remain green.
2026-05-26 07:49:35 -04:00

79 lines
3.4 KiB
Plaintext
Raw Blame History

@page "/account"
@* v1's Account page surfaced per-cluster role grants alongside identity. v2 dropped per-cluster
grants in favour of fleet-wide LDAP-group → role mapping (Q4 of the AdminUI rebuild plan), so
this version only shows identity + the resolved fleet roles + raw LDAP groups for
troubleshooting. *@
@attribute [Microsoft.AspNetCore.Authorization.Authorize]
@using System.Security.Claims
<div class="d-flex justify-content-between align-items-center mb-3">
<h4 class="mb-0">My account</h4>
</div>
<AuthorizeView>
<Authorized>
@{
var username = context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value
?? context.User.Identity?.Name ?? "—";
var displayName = context.User.Identity?.Name ?? "—";
var roles = context.User.Claims
.Where(c => c.Type == ClaimTypes.Role).Select(c => c.Value)
.OrderBy(s => s, StringComparer.OrdinalIgnoreCase).ToList();
var ldapGroups = context.User.Claims
.Where(c => c.Type == "ldap_group").Select(c => c.Value)
.OrderBy(s => s, StringComparer.OrdinalIgnoreCase).ToList();
}
<section class="card-grid rise" style="animation-delay:.02s">
<div class="metric-card">
<div class="panel-head">Identity</div>
<div class="kv"><span class="k">Username</span><span class="v mono">@username</span></div>
<div class="kv"><span class="k">Display name</span><span class="v">@displayName</span></div>
</div>
<div class="metric-card">
<div class="panel-head">Fleet roles</div>
<div class="kv">
<span class="k">Resolved roles</span>
<span class="v">
@if (roles.Count == 0)
{
<span class="text-muted">none — sign-in should have been blocked; session claim is likely stale</span>
}
else
{
@foreach (var r in roles)
{
<span class="chip chip-idle me-1">@r</span>
}
}
</span>
</div>
<div class="kv">
<span class="k">LDAP groups</span>
<span class="v">
@if (ldapGroups.Count == 0)
{
<span class="text-muted">none</span>
}
else
{
@foreach (var g in ldapGroups)
{
<span class="chip me-1 mono">@g</span>
}
}
</span>
</div>
</div>
</section>
<section class="panel notice rise" style="animation-delay:.08s">
Fleet roles come from LDAP group membership via the
<span class="mono">Authentication:Ldap:GroupToRole</span> mapping. To change them,
edit the LDAP group on the directory server; the next sign-in picks up the change.
Sign out + sign back in to refresh the cookie claim.
</section>
</Authorized>
</AuthorizeView>
Reference in New Issue View Git Blame Copy Permalink