feat: move Areas to Design role, fix logout, add Sign Out button

Areas management is a design concern, not admin. Moved Areas page authorization from RequireAdmin to RequireDesign, moved nav link from Admin to Design section, updated ManagementActor role check. Added GET /logout endpoint (was 404, now redirects to login). Improved Sign Out button visibility in sidebar next to username.
2026-03-18 00:28:35 -04:00
parent 75a6636a2c
commit 68115e7e38
5 changed files with 22 additions and 13 deletions
--- a/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
+++ b/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
@@ -23,9 +23,6 @@
                        <li class="nav-item">
                            <NavLink class="nav-link" href="/admin/data-connections">Data Connections</NavLink>
                        </li>
-                        <li class="nav-item">
-                            <NavLink class="nav-link" href="/admin/areas">Areas</NavLink>
-                        </li>
                        <li class="nav-item">
                            <NavLink class="nav-link" href="/admin/api-keys">API Keys</NavLink>
                        </li>
@@ -45,6 +42,9 @@
                        <li class="nav-item">
                            <NavLink class="nav-link" href="/design/external-systems">External Systems</NavLink>
                        </li>
+                        <li class="nav-item">
+                            <NavLink class="nav-link" href="/admin/areas">Areas</NavLink>
+                        </li>
                    </Authorized>
                </AuthorizeView>

@@ -90,11 +90,13 @@

    <AuthorizeView>
        <Authorized>
-            <div class="border-top border-secondary p-2">
-                <span class="d-block text-light small px-2">@context.User.FindFirst("DisplayName")?.Value</span>
-                <form method="post" action="/auth/logout" data-enhance="false">
-                    <button type="submit" class="btn btn-link btn-sm text-muted text-decoration-none px-2">Sign Out</button>
-                </form>
+            <div class="border-top border-secondary px-3 py-2">
+                <div class="d-flex justify-content-between align-items-center">
+                    <span class="text-light small">@context.User.FindFirst("DisplayName")?.Value</span>
+                    <form method="post" action="/auth/logout" data-enhance="false">
+                        <button type="submit" class="btn btn-outline-light btn-sm py-0 px-2">Sign Out</button>
+                    </form>
+                </div>
            </div>
        </Authorized>
    </AuthorizeView>
--- a/src/ScadaLink.CentralUI/Components/Pages/Admin/Areas.razor
+++ b/src/ScadaLink.CentralUI/Components/Pages/Admin/Areas.razor
@@ -3,7 +3,7 @@
@using ScadaLink.Commons.Entities.Instances
@using ScadaLink.Commons.Entities.Sites
@using ScadaLink.Commons.Interfaces.Repositories
-@attribute [Authorize(Policy = AuthorizationPolicies.RequireAdmin)]
+@attribute [Authorize(Policy = AuthorizationPolicies.RequireDesign)]
@inject ISiteRepository SiteRepository
@inject ITemplateEngineRepository TemplateEngineRepository