Remove static Users auth, use shared QualityMapper for historian, simplify LDAP permission checks

- Remove ConfigUserAuthenticationProvider and Users property — LDAP is the only auth mechanism - Fix historian quality mapping to use existing QualityMapper (OPC DA quality bytes, not custom mapping) - Add AppRoles constants, unify HasWritePermission/HasAlarmAckPermission into shared HasRole helper - Hoist write permission check out of per-item loop, eliminate redundant _ldapRolesEnabled field - Update docs (Configuration.md, Security.md, OpcUaServer.md, HistoricalDataAccess.md) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 19:23:20 -04:00
parent 74107ea95e
commit d9463d6998
19 changed files with 93 additions and 273 deletions
--- a/src/ZB.MOM.WW.LmxOpcUa.Host/appsettings.json
+++ b/src/ZB.MOM.WW.LmxOpcUa.Host/appsettings.json
@@ -36,7 +36,6 @@
  "Authentication": {
    "AllowAnonymous": true,
    "AnonymousCanWrite": false,
-    "Users": [],
    "Ldap": {
      "Enabled": false,
      "Host": "localhost",