feat(adminui): reject {{equip}} virtual tags whose equipment has no derivable base

2026-06-10 07:58:38 -04:00
parent 66ea9c56f6
commit cadd6c60b7
3 changed files with 252 additions and 0 deletions
@@ -0,0 +1,28 @@
 namespace ZB.MOM.WW.OtOpcUa.AdminUI.Uns;
 /// <summary>Extracts the driver-side <c>FullName</c> from a <c>Tag.TagConfig</c> JSON blob.
 /// Mirrors <c>ScriptTagCatalog.ExtractFullNameFromTagConfig</c> (kept as a small local copy so
 /// VirtualTag validation does not depend on the ScriptAnalysis catalog). Falls back to the raw
 /// blob when it is not a JSON object with a string <c>FullName</c>.</summary>
 internal static class TagConfigFullName
 {
    /// <summary>Extract the FullName, or the raw blob when absent.</summary>
    /// <param name="tagConfig">The Tag.TagConfig JSON.</param>
    /// <returns>The FullName string, or the raw blob.</returns>
    public static string Extract(string? tagConfig)
    {
        if (string.IsNullOrWhiteSpace(tagConfig)) return tagConfig ?? string.Empty;
        try
        {
            using var doc = System.Text.Json.JsonDocument.Parse(tagConfig);
            if (doc.RootElement.ValueKind == System.Text.Json.JsonValueKind.Object
                && doc.RootElement.TryGetProperty("FullName", out var fullName)
                && fullName.ValueKind == System.Text.Json.JsonValueKind.String)
            {
                return fullName.GetString() ?? tagConfig;
            }
        }
        catch (System.Text.Json.JsonException) { /* fall through */ }
        return tagConfig;
    }
 }
@@ -1,6 +1,7 @@
 using System.Security.Cryptography;
 using System.Text;
 using Microsoft.EntityFrameworkCore;
 using ZB.MOM.WW.OtOpcUa.Commons.Types;
 using ZB.MOM.WW.OtOpcUa.Configuration;
 using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
 using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
@@ -889,6 +890,34 @@ public sealed class UnsTreeService(IDbContextFactory<OtOpcUaConfigDbContext> dbF
            .ToList();
    }
    /// <summary>
    /// When the bound script uses the reserved <c>{{equip}}</c> token, the owning equipment must have
    /// a derivable tag base (≥1 driver tag, all sharing one object prefix). Returns a rejection result
    /// when the token is present but no base can be derived; <c>null</c> otherwise (token absent, or a
    /// base exists). The script source is fetched from the supplied (in-scope) context.
    /// </summary>
    private static async Task<UnsMutationResult?> ValidateEquipTokenAsync(
        OtOpcUaConfigDbContext db, string equipmentId, string scriptId, CancellationToken ct)
    {
        var src = await db.Scripts.Where(s => s.ScriptId == scriptId)
            .Select(s => s.SourceCode).FirstOrDefaultAsync(ct);
        if (!EquipmentScriptPaths.ContainsEquipToken(src)) return null;
        var configs = await db.Tags.Where(t => t.EquipmentId == equipmentId)
            .Select(t => t.TagConfig).ToListAsync(ct);
        var fullNames = configs.Select(TagConfigFullName.Extract);
        if (EquipmentScriptPaths.DeriveEquipmentBase(fullNames) is null)
        {
            // NOTE: literal {{equip}} must survive — in a C# interpolated string `{{`/`}}`
            // collapse to single braces, so keep the token text in a NON-interpolated segment.
            return new UnsMutationResult(false,
                $"Equipment '{equipmentId}' has no single tag base, so the "
                + "{{equip}} token can't be resolved. Add at least one driver tag under this "
                + "equipment (all sharing one object prefix), or remove {{equip}} from the script.");
        }
        return null;
    }
    /// <inheritdoc />
    public async Task<UnsMutationResult> CreateVirtualTagAsync(
        string equipmentId,
@@ -918,6 +947,9 @@ public sealed class UnsTreeService(IDbContextFactory<OtOpcUaConfigDbContext> dbF
            return new UnsMutationResult(false, $"A virtual tag named '{input.Name}' already exists on this equipment.");
        }
        var equipGuard = await ValidateEquipTokenAsync(db, equipmentId, input.ScriptId, ct);
        if (equipGuard is not null) return equipGuard.Value;
        db.VirtualTags.Add(new VirtualTag
        {
            VirtualTagId = input.VirtualTagId,
@@ -964,6 +996,9 @@ public sealed class UnsTreeService(IDbContextFactory<OtOpcUaConfigDbContext> dbF
            return new UnsMutationResult(false, $"A virtual tag named '{input.Name}' already exists on this equipment.");
        }
        var equipGuard = await ValidateEquipTokenAsync(db, entity.EquipmentId, input.ScriptId, ct);
        if (equipGuard is not null) return equipGuard.Value;
        // EquipmentId is preserved — virtual tags are always equipment-bound (plan decision #2).
        entity.Name = input.Name;
        entity.DataType = input.DataType;
@@ -0,0 +1,189 @@
 using Microsoft.EntityFrameworkCore;
 using Shouldly;
 using Xunit;
 using ZB.MOM.WW.OtOpcUa.AdminUI.Uns;
 using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
 using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
 namespace ZB.MOM.WW.OtOpcUa.AdminUI.Tests.Uns;
 /// <summary>
 /// Verifies the save-time equipment-relative-path guard on <see cref="UnsTreeService"/>: when a
 /// VirtualTag binds a script that uses the reserved <c>{{equip}}</c> token, the owning equipment
 /// must have a derivable tag base (≥1 driver tag, all sharing one object prefix). Otherwise the
 /// create/update is rejected with an error naming the equipment and the unresolvable token.
 /// </summary>
 /// <remarks>
 /// Reuses the shared <see cref="UnsTreeTestDb"/> InMemory fixture pattern: a uniquely-named
 /// InMemory database seeded with an area→line→equipment path plus a script, with driver tags
 /// added per-test so the base-derivation outcome is what each case isolates.
 /// </remarks>
 [Trait("Category", "Unit")]
 public sealed class VirtualTagEquipTokenValidationTests
 {
    private const string EquipBaseScript = "return ctx.GetTag(\"{{equip}}.X\");";
    private const string PlainScript = "return ctx.GetTag(\"TestMachine_001.X\");";
    private static (UnsTreeService Service, string DbName) Fresh()
    {
        var dbName = $"uns-equiptoken-{Guid.NewGuid():N}";
        return (new UnsTreeService(UnsTreeTestDb.Factory(dbName)), dbName);
    }
    /// <summary>
    /// Seeds an area→line→equipment path (equipment id <c>EQ-1</c>) plus one script whose source is
    /// <paramref name="scriptSource"/>, and optionally a driver tag whose <c>TagConfig</c> carries the
    /// supplied <c>FullName</c> so the equipment has a derivable base.
    /// </summary>
    private static void Seed(string dbName, string scriptSource, string? tagFullName)
    {
        using var db = UnsTreeTestDb.CreateNamed(dbName);
        db.UnsAreas.Add(new UnsArea { UnsAreaId = "AREA-1", ClusterId = "MAIN", Name = "a" });
        db.UnsLines.Add(new UnsLine { UnsLineId = "LINE-1", UnsAreaId = "AREA-1", Name = "l" });
        db.Equipment.Add(new Equipment
        {
            EquipmentId = "EQ-1",
            EquipmentUuid = Guid.NewGuid(),
            UnsLineId = "LINE-1",
            Name = "TestMachine_001",
            MachineCode = "machine_001",
        });
        db.Scripts.Add(new Script
        {
            ScriptId = "SCRIPT-1",
            Name = "compute",
            SourceCode = scriptSource,
            SourceHash = "hash-1",
            Language = "CSharp",
        });
        if (tagFullName is not null)
        {
            db.Tags.Add(new Tag
            {
                TagId = "TAG-1",
                DriverInstanceId = "DRV-1",
                EquipmentId = "EQ-1",
                Name = "x",
                DataType = "Float",
                AccessLevel = TagAccessLevel.Read,
                TagConfig = $"{{\"FullName\":\"{tagFullName}\"}}",
            });
        }
        db.SaveChanges();
    }
    private static VirtualTagInput Input(string virtualTagId = "VTAG-1", string name = "computed") =>
        new(virtualTagId, name, DataType: "Double", ScriptId: "SCRIPT-1",
            ChangeTriggered: true, TimerIntervalMs: null, Historize: false, Enabled: true);
    /// <summary>Seeds an existing VirtualTag and returns its RowVersion (for update-path tests).</summary>
    private static byte[] SeedVirtualTagAndRowVersion(string dbName)
    {
        using var db = UnsTreeTestDb.CreateNamed(dbName);
        db.VirtualTags.Add(new VirtualTag
        {
            VirtualTagId = "VTAG-1",
            EquipmentId = "EQ-1",
            Name = "computed",
            DataType = "Double",
            ScriptId = "SCRIPT-1",
        });
        db.SaveChanges();
        return db.VirtualTags.Single(v => v.VirtualTagId == "VTAG-1").RowVersion;
    }
    // ----- Create -----
    /// <summary>{{equip}} script + a driver tag whose FullName gives a base → create succeeds.</summary>
    [Fact]
    public async Task Create_equip_token_with_derivable_base_succeeds()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, EquipBaseScript, tagFullName: "TestMachine_001.X");
        var result = await service.CreateVirtualTagAsync("EQ-1", Input());
        result.Ok.ShouldBeTrue();
        result.Error.ShouldBeNull();
    }
    /// <summary>{{equip}} script + no driver tags → create rejected, error names equipment + token.</summary>
    [Fact]
    public async Task Create_equip_token_without_base_rejected()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, EquipBaseScript, tagFullName: null);
        var result = await service.CreateVirtualTagAsync("EQ-1", Input());
        result.Ok.ShouldBeFalse();
        result.Error.ShouldNotBeNull();
        result.Error.ShouldContain("EQ-1");
        result.Error.ShouldContain("{{equip}}");
        using var db = UnsTreeTestDb.CreateNamed(dbName);
        db.VirtualTags.Any(v => v.VirtualTagId == "VTAG-1").ShouldBeFalse();
    }
    /// <summary>A script with no {{equip}} token → create succeeds regardless of tags.</summary>
    [Fact]
    public async Task Create_no_equip_token_succeeds_without_tags()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, PlainScript, tagFullName: null);
        var result = await service.CreateVirtualTagAsync("EQ-1", Input());
        result.Ok.ShouldBeTrue();
        result.Error.ShouldBeNull();
    }
    // ----- Update -----
    /// <summary>{{equip}} script + a derivable base → update succeeds.</summary>
    [Fact]
    public async Task Update_equip_token_with_derivable_base_succeeds()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, EquipBaseScript, tagFullName: "TestMachine_001.X");
        var rv = SeedVirtualTagAndRowVersion(dbName);
        var result = await service.UpdateVirtualTagAsync("VTAG-1", Input(name: "renamed"), rv);
        result.Ok.ShouldBeTrue();
        result.Error.ShouldBeNull();
    }
    /// <summary>{{equip}} script + no driver tags → update rejected, error names equipment + token.</summary>
    [Fact]
    public async Task Update_equip_token_without_base_rejected()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, EquipBaseScript, tagFullName: null);
        var rv = SeedVirtualTagAndRowVersion(dbName);
        var result = await service.UpdateVirtualTagAsync("VTAG-1", Input(name: "renamed"), rv);
        result.Ok.ShouldBeFalse();
        result.Error.ShouldNotBeNull();
        result.Error.ShouldContain("EQ-1");
        result.Error.ShouldContain("{{equip}}");
        using var db = UnsTreeTestDb.CreateNamed(dbName);
        db.VirtualTags.Single(v => v.VirtualTagId == "VTAG-1").Name.ShouldBe("computed");
    }
    /// <summary>A script with no {{equip}} token → update succeeds regardless of tags.</summary>
    [Fact]
    public async Task Update_no_equip_token_succeeds_without_tags()
    {
        var (service, dbName) = Fresh();
        Seed(dbName, PlainScript, tagFullName: null);
        var rv = SeedVirtualTagAndRowVersion(dbName);
        var result = await service.UpdateVirtualTagAsync("VTAG-1", Input(name: "renamed"), rv);
        result.Ok.ShouldBeTrue();
        result.Error.ShouldBeNull();
    }
 }