dohertj2/ScadaBridge
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b104760b3af2c36b4d01848c16083c830d533575
ScadaBridge/tests/ZB.MOM.WW.ScadaBridge.CentralUI.Tests/Deployment/InstanceConfigureAuditDrillinTests.cs
T
Joseph Doherty b104760b3a feat(auth)!: ScadaBridge canonical roles + SoD collapse (Audit→Administrator, AuditReadOnly→Viewer) + config-DB migration (Task 1.7) 
Standardize role string VALUES on the canonical vocabulary
(Administrator/Designer/Deployer/Viewer; Operator/Engineer unused here):
  Admin        -> Administrator
  Design       -> Designer
  Deployment   -> Deployer
  Audit        -> Administrator   (COLLAPSE; accepted privilege escalation)
  AuditReadOnly-> Viewer          (COLLAPSE; keeps audit-read, no export)

SoD: OperationalAuditRoles = { Administrator, Viewer },
     AuditExportRoles      = { Administrator }
so Viewer reads the audit log + nav but cannot bulk-export, while
Administrator does both + holds the full admin surface (the documented,
accepted auditor/admin SoD collapse).

Atomic move across every enforcement site:
- Roles constants; AuthorizationPolicies (RequireClaim values + SoD arrays +
  honest XML-doc); RoleMapper Deployer check.
- ManagementActor.GetRequiredRole switch + the hard-coded site-scope
  admin-bypass (now Roles.Administrator at all 6 sites). Site-scoping logic
  is otherwise unchanged.
- DebugStreamHub Administrator/Deployer gates (Deployer kept case-sensitive).
- CentralUI BrowseService/BindingTester Designer guards; LdapMappingForm
  dropdown now offers canonical values (incl. Viewer).
- Config-DB seed (LdapGroupMappings Id 1-4) + EF migration CanonicalizeRoles:
  Id-keyed UpdateData for seed rows + idempotent raw catch-all UPDATEs for
  operator-added rows. Down is lossy on the collapse (documented in-file).
  No pending model changes.

Tests reworked to the collapsed model across Security/CentralUI/
ManagementService/ConfigurationDatabase/Integration suites, incl. explicit
Viewer-reads-not-exports and former-Audit-now-Administrator-escalation cases.

CHANGELOG: BREAKING security note documenting the canonicalization + SoD
collapse.
2026-06-02 08:00:47 -04:00

167 lines
8.0 KiB
C#
Raw Blame History

using System.Security.Claims;
using Bunit;
using Microsoft.AspNetCore.Components;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.Extensions.DependencyInjection;
using NSubstitute;
using ZB.MOM.WW.ScadaBridge.CentralUI.Auth;
using ZB.MOM.WW.ScadaBridge.CentralUI.Services;
using ZB.MOM.WW.ScadaBridge.Commons.Entities.Instances;
using ZB.MOM.WW.ScadaBridge.Commons.Entities.Sites;
using ZB.MOM.WW.ScadaBridge.Commons.Entities.Templates;
using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Repositories;
using ZB.MOM.WW.ScadaBridge.Commons.Interfaces.Services;
using ZB.MOM.WW.ScadaBridge.DeploymentManager;
using ZB.MOM.WW.ScadaBridge.Security;
using ZB.MOM.WW.ScadaBridge.TemplateEngine.Services;
using InstanceConfigurePage = ZB.MOM.WW.ScadaBridge.CentralUI.Components.Pages.Deployment.InstanceConfigure;
namespace ZB.MOM.WW.ScadaBridge.CentralUI.Tests.Deployment;
/// <summary>
/// Bundle D drill-in test (#23 M7-T12) for the Instance Configure page. The
/// chip routes operators into the central Audit Log pre-filtered by
/// <c>?instance={Instance.UniqueName}</c>. Instance is UI-only on the filter
/// bar (the repository filter contract has no instance column), so the page
/// uses the UI-text seam — the Audit Log's filter bar pre-populates its
/// Instance free-text input from this query string.
/// </summary>
public class InstanceConfigureAuditDrillinTests : BunitContext
{
private readonly ITemplateEngineRepository _templateRepo =
Substitute.For<ITemplateEngineRepository>();
private readonly ISiteRepository _siteRepo = Substitute.For<ISiteRepository>();
public InstanceConfigureAuditDrillinTests()
{
// Loose JS interop because shared components on the page render
// localStorage / clipboard touches that we don't care about here.
JSInterop.Mode = JSRuntimeMode.Loose;
Services.AddSingleton(_templateRepo);
Services.AddSingleton(_siteRepo);
Services.AddSingleton(new InstanceService(_templateRepo, Substitute.For<IAuditService>()));
Services.AddSingleton(Substitute.For<IFlatteningPipeline>());
// The page renders <NodeBrowserDialog/> and <TestBindingsDialog/> at
// the bottom; their @inject directives need a registered service even
// though this test doesn't open either dialog.
Services.AddSingleton(Substitute.For<IBrowseService>());
Services.AddSingleton(Substitute.For<IBindingTester>());
// Auth: a system-wide Deployment user so SiteScope grants everything.
var claims = new[]
{
new Claim(JwtTokenService.UsernameClaimType, "deployer"),
new Claim(JwtTokenService.RoleClaimType, "Deployer"),
};
var user = new ClaimsPrincipal(new ClaimsIdentity(claims, "TestAuth"));
var authProvider = new TestAuthStateProvider(user);
Services.AddSingleton<AuthenticationStateProvider>(authProvider);
Services.AddSingleton(new SiteScopeService(authProvider));
Services.AddAuthorizationCore();
AuthorizationPolicies.AddScadaBridgeAuthorization(Services);
}
[Fact]
public void Page_HasRecentAuditActivityLink_WithInstanceUniqueName()
{
var instance = new Instance("Pump-Station-007")
{
Id = 42,
TemplateId = 1,
SiteId = 1,
State = ZB.MOM.WW.ScadaBridge.Commons.Types.Enums.InstanceState.NotDeployed,
};
_templateRepo.GetInstanceByIdAsync(42, Arg.Any<CancellationToken>()).Returns(instance);
_templateRepo.GetTemplateByIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new Template("Pump") { Id = 1 });
_siteRepo.GetAllSitesAsync(Arg.Any<CancellationToken>())
.Returns(new List<Site> { new("Plant A", "plant-a") { Id = 1 } });
_templateRepo.GetAreasBySiteIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<Area>());
_templateRepo.GetAttributesByTemplateIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<TemplateAttribute>());
_siteRepo.GetDataConnectionsBySiteIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<DataConnection>());
_templateRepo.GetBindingsByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceConnectionBinding>());
_templateRepo.GetOverridesByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceAttributeOverride>());
_templateRepo.GetAlarmsByTemplateIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<TemplateAlarm>());
_templateRepo.GetAlarmOverridesByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceAlarmOverride>());
var cut = Render<InstanceConfigurePage>(p => p.Add(c => c.Id, 42));
cut.WaitForAssertion(() =>
{
var link = cut.Find("a[data-test=\"audit-link\"]");
Assert.Equal("/audit/log?instance=Pump-Station-007", link.GetAttribute("href"));
Assert.Contains("Recent audit activity", link.TextContent);
});
}
/// <summary>
/// Regression: the Test Bindings button must be enabled for an attribute
/// bound to an MxGateway connection. The site-side ReadTagValuesCommand
/// path is protocol-agnostic (routes through IDataConnection.ReadBatchAsync,
/// which MxGateway implements), so the UI must not gate the button on
/// protocol == "OpcUa". Previously BuildTestableRows filtered to OPC UA
/// only, leaving the button greyed for MxGateway bindings.
/// </summary>
[Theory]
[InlineData("MxGateway")]
[InlineData("OpcUa")]
public void TestBindingsButton_Enabled_ForReadableProtocol(string protocol)
{
var instance = new Instance("Pump-42")
{
Id = 42,
TemplateId = 1,
SiteId = 1,
State = ZB.MOM.WW.ScadaBridge.Commons.Types.Enums.InstanceState.NotDeployed,
};
_templateRepo.GetInstanceByIdAsync(42, Arg.Any<CancellationToken>()).Returns(instance);
_templateRepo.GetTemplateByIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new Template("Pump") { Id = 1 });
_siteRepo.GetAllSitesAsync(Arg.Any<CancellationToken>())
.Returns(new List<Site> { new("Plant A", "plant-a") { Id = 1 } });
_templateRepo.GetAreasBySiteIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<Area>());
// One data-sourced attribute (non-empty DataSourceReference => testable row).
_templateRepo.GetAttributesByTemplateIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<TemplateAttribute>
{
new("Speed") { Id = 1, DataSourceReference = "TestMachine_001.TestHistoryValue" },
});
// A connection on the attribute's chosen protocol.
_siteRepo.GetDataConnectionsBySiteIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<DataConnection> { new("Shared", protocol, 1) { Id = 7 } });
_templateRepo.GetBindingsByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceConnectionBinding>
{
new("Speed") { Id = 1, InstanceId = 42, DataConnectionId = 7 },
});
_templateRepo.GetOverridesByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceAttributeOverride>());
_templateRepo.GetAlarmsByTemplateIdAsync(1, Arg.Any<CancellationToken>())
.Returns(new List<TemplateAlarm>());
_templateRepo.GetAlarmOverridesByInstanceIdAsync(42, Arg.Any<CancellationToken>())
.Returns(new List<InstanceAlarmOverride>());
var cut = Render<InstanceConfigurePage>(p => p.Add(c => c.Id, 42));
cut.WaitForAssertion(() =>
{
var testButton = cut.FindAll("button").Single(b => b.TextContent.Trim() == "Test Bindings");
Assert.False(testButton.HasAttribute("disabled"),
$"Test Bindings should be enabled for a {protocol} binding.");
});
}
}
Reference in New Issue View Git Blame Copy Permalink