fix(driver-focas): resolve Medium code-review finding (Driver.FOCAS-004)

DiscoverAsync now unconditionally emits SecurityClassification.ViewOnly for every user-authored FOCAS tag. Previously the SecurityClass was tag.Writable ? Operate : ViewOnly, but WireFocasClient.WriteAsync always returns BadNotWritable — advertising Operate misleads OPC UA clients and the DriverNodeManager ACL layer into granting write permission on nodes that can never be written. Updated FocasCapabilityTests.DiscoverAsync_emits_pre_declared_tags to assert ViewOnly for the writable-by-config tag so it matches the corrected behaviour. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 09:26:24 -04:00
parent 5b5e9ad83b
commit f23cea201d
2 changed files with 6 additions and 4 deletions
--- a/tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Tests/FocasCapabilityTests.cs
+++ b/tests/Drivers/ZB.MOM.WW.OtOpcUa.Driver.FOCAS.Tests/FocasCapabilityTests.cs
@@ -31,7 +31,9 @@ public sealed class FocasCapabilityTests

        builder.Folders.ShouldContain(f => f.BrowseName == "FOCAS");
        builder.Folders.ShouldContain(f => f.BrowseName == "focas://10.0.0.5:8193" && f.DisplayName == "Lathe-1");
-        builder.Variables.Single(v => v.BrowseName == "Run").Info.SecurityClass.ShouldBe(SecurityClassification.Operate);
+        // FOCAS is read-only by design — all user tags are ViewOnly regardless of the
+        // Writable field, because WireFocasClient.WriteAsync always returns BadNotWritable.
+        builder.Variables.Single(v => v.BrowseName == "Run").Info.SecurityClass.ShouldBe(SecurityClassification.ViewOnly);
        builder.Variables.Single(v => v.BrowseName == "Alarm").Info.SecurityClass.ShouldBe(SecurityClassification.ViewOnly);
    }