fix(central-ui): resolve CentralUI-002/003/004 — site-scope enforcement, per-circuit console capture, cached auth state

2026-05-16 19:33:09 -04:00
parent 5a08b04535
commit 87f14c190a
17 changed files with 693 additions and 40 deletions
--- a/src/ScadaLink.CentralUI/Components/Pages/Monitoring/EventLogs.razor
+++ b/src/ScadaLink.CentralUI/Components/Pages/Monitoring/EventLogs.razor
@@ -5,6 +5,7 @@
@using ScadaLink.Commons.Messages.RemoteQuery
@using ScadaLink.Communication
@inject ISiteRepository SiteRepository
+@inject ScadaLink.CentralUI.Auth.SiteScopeService SiteScope
@inject CommunicationService CommunicationService

 <div class="container-fluid mt-3">
@@ -212,9 +213,16 @@

    protected override async Task OnInitializedAsync()
    {
-        _sites = (await SiteRepository.GetAllSitesAsync()).ToList();
+        // Site scoping (CentralUI-002): a scoped Deployment user may only query
+        // event logs for the sites they are permitted on.
+        _sites = await SiteScope.FilterSitesAsync(await SiteRepository.GetAllSitesAsync());
    }

+    // _sites is already filtered, so membership IS the scope check.
+    private bool SelectedSiteIsPermitted =>
+        !string.IsNullOrEmpty(_selectedSiteId)
+        && _sites.Any(s => s.SiteIdentifier == _selectedSiteId);
+
    private async Task Search()
    {
        _entries = new();
@@ -237,6 +245,14 @@
    {
        _searching = true;
        _errorMessage = null;
+        // Site scoping (CentralUI-002): re-check before querying — the dropdown is
+        // filtered, but the selection must not be trusted on its own.
+        if (!SelectedSiteIsPermitted)
+        {
+            _errorMessage = "You are not permitted to view event logs for that site.";
+            _searching = false;
+            return;
+        }
        try
        {
            var request = new EventLogQueryRequest(