feat(central-ui): add the Notifications nav section

2026-05-19 06:17:58 -04:00
parent 8bb860ad5f
commit 0be1feb561
2 changed files with 124 additions and 6 deletions
--- a/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
+++ b/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
@@ -24,9 +24,6 @@
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/admin/api-keys">API Keys</NavLink>
                            </li>
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/admin/smtp">SMTP Configuration</NavLink>
                            </li>
                        </Authorized>
                    </AuthorizeView>
@@ -65,6 +62,35 @@
                        </Authorized>
                    </AuthorizeView>
                    @* Notifications — mixed-role section; each item gated by its own policy.
                       The header is ungated: every authenticated user holds at least one of
                       Admin/Design/Deployment, so it always has a visible child. *@
                    <div role="presentation" class="nav-section-header">Notifications</div>
                    <AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin">
                        <Authorized Context="notifAdminContext">
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/notifications/smtp">SMTP Configuration</NavLink>
                            </li>
                        </Authorized>
                    </AuthorizeView>
                    <AuthorizeView Policy="@AuthorizationPolicies.RequireDesign">
                        <Authorized Context="notifDesignContext">
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/notifications/lists">Notification Lists</NavLink>
                            </li>
                        </Authorized>
                    </AuthorizeView>
                    <AuthorizeView Policy="@AuthorizationPolicies.RequireDeployment">
                        <Authorized Context="notifDeploymentContext">
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/notifications/report">Notification Report</NavLink>
                            </li>
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/notifications/kpis">Notification KPIs</NavLink>
                            </li>
                        </Authorized>
                    </AuthorizeView>
                    @* Monitoring — Health Dashboard is all-roles; Event Logs and
                       Parked Messages are Deployment-role only (Component-CentralUI). *@
                    <div role="presentation" class="nav-section-header">Monitoring</div>
@@ -79,9 +105,6 @@
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/monitoring/parked-messages">Parked Messages</NavLink>
                            </li>
                            <li class="nav-item">
                                <NavLink class="nav-link" href="/monitoring/notification-outbox">Notification Outbox</NavLink>
                            </li>
                        </Authorized>
                    </AuthorizeView>
--- a/tests/ScadaLink.CentralUI.Tests/Layout/NavMenuTests.cs
+++ b/tests/ScadaLink.CentralUI.Tests/Layout/NavMenuTests.cs
@@ -0,0 +1,95 @@
 using System.Security.Claims;
 using Bunit;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Components;
 using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Rendering;
 using Microsoft.Extensions.DependencyInjection;
 using ScadaLink.Security;
 using NavMenu = ScadaLink.CentralUI.Components.Layout.NavMenu;
 namespace ScadaLink.CentralUI.Tests.Layout;
 /// <summary>
 /// bUnit rendering tests for the sidebar <see cref="NavMenu"/>. They verify the
 /// new Notifications section: its items are gated per-policy, and the old
 /// <c>/admin/smtp</c> and <c>/monitoring/notification-outbox</c> routes are gone.
 /// The <c>AuthorizeView Policy=...</c> blocks evaluate the real policies, which
 /// require a claim of type <see cref="JwtTokenService.RoleClaimType"/> ("Role"),
 /// so the test principal carries claims of that exact type.
 /// </summary>
 public class NavMenuTests : BunitContext
 {
    /// <summary>
    /// Renders <see cref="NavMenu"/> under a principal holding the given roles.
    /// <see cref="NavMenu"/>'s top-level <c>AuthorizeView</c> requires the
    /// cascading <see cref="AuthenticationState"/>, so it is rendered inside a
    /// <see cref="CascadingAuthenticationState"/>; the real policies are
    /// registered so the per-item <c>AuthorizeView Policy=...</c> blocks are
    /// genuinely evaluated.
    /// </summary>
    private IRenderedComponent<NavMenu> RenderWithRoles(params string[] roles)
    {
        var claims = new List<Claim> { new("Username", "tester") };
        claims.AddRange(roles.Select(r => new Claim(JwtTokenService.RoleClaimType, r)));
        var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
        Services.AddSingleton<AuthenticationStateProvider>(new TestAuthStateProvider(user));
        Services.AddAuthorizationCore();
        AuthorizationPolicies.AddScadaLinkAuthorization(Services);
        // BunitContext pre-registers a placeholder IAuthorizationService that
        // throws when AuthorizeView evaluates a policy. Force the real service
        // so the per-item policy gating is genuinely exercised.
        Services.AddSingleton<IAuthorizationService, DefaultAuthorizationService>();
        var host = Render<CascadingAuthenticationState>(parameters => parameters
            .Add(p => p.ChildContent, (RenderFragment)(builder =>
            {
                builder.OpenComponent<NavMenu>(0);
                builder.CloseComponent();
            })));
        return host.FindComponent<NavMenu>();
    }
    [Fact]
    public void NotificationsSection_ShowsAllItems_ForMultiRoleUser()
    {
        var cut = RenderWithRoles("Admin", "Design", "Deployment");
        cut.WaitForAssertion(() =>
        {
            Assert.Contains("Notifications", cut.Markup);
            Assert.Contains("/notifications/smtp", cut.Markup);
            Assert.Contains("/notifications/lists", cut.Markup);
            Assert.Contains("/notifications/report", cut.Markup);
            Assert.Contains("/notifications/kpis", cut.Markup);
        });
    }
    [Fact]
    public void NotificationsSection_AdminOnlyUser_SeesOnlySmtp()
    {
        var cut = RenderWithRoles("Admin");
        cut.WaitForAssertion(() =>
        {
            Assert.Contains("/notifications/smtp", cut.Markup);
            Assert.DoesNotContain("/notifications/report", cut.Markup);
            Assert.DoesNotContain("/notifications/lists", cut.Markup);
            Assert.DoesNotContain("/notifications/kpis", cut.Markup);
        });
    }
    [Fact]
    public void OldRoutes_AreNoLongerLinked()
    {
        var cut = RenderWithRoles("Admin", "Design", "Deployment");
        cut.WaitForAssertion(() =>
        {
            Assert.DoesNotContain("/admin/smtp", cut.Markup);
            Assert.DoesNotContain("/monitoring/notification-outbox", cut.Markup);
        });
    }
 }