feat(auth)!: MxGateway canonical dashboard roles — Admin→Administrator (Task 1.7) · 04bce3ff9f - mxaccessgw

feat(auth)!: MxGateway canonical dashboard roles — Admin→Administrator (Task 1.7)

Standardize the dashboard role VALUE on the canonical six: Admin→Administrator
(Viewer unchanged). Pure value rename via DashboardRoles.Admin constant +
appsettings GroupToRole; the GatewayOptionsValidator allowed-set/message track
the constant so they now require 'Administrator' or 'Viewer'. Enforcement is
unchanged — Administrator authorizes exactly what Admin did.

Dashboard roles are derived at login from LDAP groups via GroupToRole and are
never persisted to the SQLite auth store, so no DB migration/seed change.

UNTOUCHED: the separate gRPC API-key scope GatewayScopes.Admin = "admin"
(lowercase) and every "admin" scope literal — a distinct data-plane system.

This commit is contained in:

Joseph Doherty

2026-06-02 07:22:42 -04:00

parent 9572045787

commit 04bce3ff9f

6 changed files with 47 additions and 4 deletions

									
										src/ZB.MOM.WW.MxGateway.Server/appsettings.json
									
		+1
		-1
	
												View File
												
				@@ -60,7 +60,7 @@

				      "RecentSessionLimit": 200,

				      "ShowTagValues": false,

				      "GroupToRole": {

				        "GwAdmin": "Admin",

				        "GwAdmin": "Administrator",

				        "GwReader": "Viewer"

				      }

				    },