feat: move Areas to Design role, fix logout, add Sign Out button
Areas management is a design concern, not admin. Moved Areas page authorization from RequireAdmin to RequireDesign, moved nav link from Admin to Design section, updated ManagementActor role check. Added GET /logout endpoint (was 404, now redirects to login). Improved Sign Out button visibility in sidebar next to username.
This commit is contained in:
Joseph Doherty
@@ -177,7 +177,7 @@ At any level, an override is only permitted if the attribute has **not been lock
|
||||
- Areas support **parent-child relationships** (e.g., Plant → Building → Production Line → Cell).
|
||||
- Each instance is assigned to an area within its site.
|
||||
- Areas are used for **filtering and finding instances** in the central UI.
|
||||
- Area definitions are managed by users with the **Admin** role.
|
||||
- Area definitions are managed by users with the **Design** role.
|
||||
|
||||
### 3.11 Pre-Deployment Validation
|
||||
|
||||
@@ -394,7 +394,7 @@ The central cluster hosts a **configuration and management UI** (no live machine
|
||||
|
||||
### 9.3 Roles
|
||||
- **Admin**: System-wide permission to manage sites, data connections, LDAP group-to-role mappings, API keys, and system-level configuration.
|
||||
- **Design**: System-wide permission to author and edit templates, scripts, shared scripts, external system definitions, notification lists, and inbound API method definitions.
|
||||
- **Design**: System-wide permission to author and edit templates, scripts, shared scripts, external system definitions, notification lists, inbound API method definitions, and area definitions.
|
||||
- **Deployment**: Permission to manage instances (create, set overrides, bind connections, disable, delete) and deploy configurations to sites. Also triggers system-wide artifact deployment. Can be scoped **per site**.
|
||||
|
||||
### 9.4 Role Scoping
|
||||
|
||||
Reference in New Issue
Block a user