@using ZB.MOM.WW.OtOpcUa.Admin.Services @using ZB.MOM.WW.OtOpcUa.Configuration.Entities @using ZB.MOM.WW.OtOpcUa.Configuration.Enums @inject NodeAclService AclSvc

Access-control grants

@if (_acls is null) {

Loading…

} else if (_acls.Count == 0) {

No ACL grants in this draft. Publish will result in a cluster with no external access.

} else { @foreach (var a in _acls) { }

LDAP group	Scope	Scope ID	Permissions
@a.LdapGroup	@a.ScopeKind	`@(a.ScopeId ?? "-")`	`@a.PermissionFlags`

} @if (_showForm) {

LDAP group

Scope kind

Scope ID (empty for Cluster-wide)

Permissions (bundled presets — per-flag editor in v2.1)

@if (_error is not null) {

@_error

}

} @code { [Parameter] public long GenerationId { get; set; } [Parameter] public string ClusterId { get; set; } = string.Empty; private List? _acls; private bool _showForm; private string _group = string.Empty; private NodeAclScopeKind _scopeKind = NodeAclScopeKind.Cluster; private string _scopeId = string.Empty; private string _preset = "Read"; private string? _error; protected override async Task OnParametersSetAsync() => _acls = await AclSvc.ListAsync(GenerationId, CancellationToken.None); private NodePermissions ResolvePreset() => _preset switch { "Read" => NodePermissions.Browse | NodePermissions.Read, "WriteOperate" => NodePermissions.Browse | NodePermissions.Read | NodePermissions.WriteOperate, "Engineer" => NodePermissions.Browse | NodePermissions.Read | NodePermissions.WriteTune | NodePermissions.WriteConfigure, "AlarmAck" => NodePermissions.Browse | NodePermissions.Read | NodePermissions.AlarmRead | NodePermissions.AlarmAcknowledge, "Full" => unchecked((NodePermissions)(-1)), _ => NodePermissions.Browse | NodePermissions.Read, }; private async Task SaveAsync() { _error = null; if (string.IsNullOrWhiteSpace(_group)) { _error = "LDAP group is required"; return; } var scopeId = _scopeKind == NodeAclScopeKind.Cluster ? null : string.IsNullOrWhiteSpace(_scopeId) ? null : _scopeId; if (_scopeKind != NodeAclScopeKind.Cluster && scopeId is null) { _error = $"ScopeId required for {_scopeKind}"; return; } try { await AclSvc.GrantAsync(GenerationId, ClusterId, _group, _scopeKind, scopeId, ResolvePreset(), notes: null, CancellationToken.None); _group = string.Empty; _scopeId = string.Empty; _showForm = false; _acls = await AclSvc.ListAsync(GenerationId, CancellationToken.None); } catch (Exception ex) { _error = ex.Message; } } private async Task RevokeAsync(Guid rowId) { await AclSvc.RevokeAsync(rowId, CancellationToken.None); _acls = await AclSvc.ListAsync(GenerationId, CancellationToken.None); } }