dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix(authz): give HistoryUpdate its own NodePermissions bit (was aliased to HistoryRead) [H2]

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-15 14:09:35 -04:00
parent 6ab3d8630b
commit c236263e8d
3 changed files with 38 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/Core/ZB.MOM.WW.OtOpcUa.Configuration/Enums/NodePermissions.cs
+5
View File
@@ -29,6 +29,11 @@ public enum NodePermissions : int
// OPC UA Part 4 §5.11
MethodCall = 1 << 11,
// OPC UA HistoryUpdate (annotation / insert / delete) — separate from HistoryRead so a
// read-only grant cannot authorize historian writes. Not included in any composite bundle
// until the HistoryUpdate service surface is implemented.
HistoryUpdate = 1 << 12,
// Bundles (one-click grants in Admin UI)
ReadOnly = Browse | Read | Subscribe | HistoryRead | AlarmRead,
Operator = ReadOnly | WriteOperate | AlarmAcknowledge | AlarmConfirm,
src/Core/ZB.MOM.WW.OtOpcUa.Core/Authorization/TriePermissionEvaluator.cs
+1 -1
View File
@@ -83,7 +83,7 @@ public sealed class TriePermissionEvaluator : IPermissionEvaluator
OpcUaOperation.WriteTune => NodePermissions.WriteTune,
OpcUaOperation.WriteConfigure => NodePermissions.WriteConfigure,
OpcUaOperation.HistoryRead => NodePermissions.HistoryRead,
OpcUaOperation.HistoryUpdate => NodePermissions.HistoryRead, // HistoryUpdate bit not yet in NodePermissions; TODO Stream C follow-up
OpcUaOperation.HistoryUpdate => NodePermissions.HistoryUpdate,
OpcUaOperation.CreateMonitoredItems => NodePermissions.Subscribe,
OpcUaOperation.TransferSubscriptions=> NodePermissions.Subscribe,
OpcUaOperation.Call => NodePermissions.MethodCall,