9cad9ed0fc
v2-ci / build (push) Failing after 41s
v2-ci / unit-tests (tests/Core/ZB.MOM.WW.OtOpcUa.Cluster.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.ControlPlane.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Runtime.Tests) (push) Has been skipped
v2-ci / unit-tests (tests/Server/ZB.MOM.WW.OtOpcUa.Security.Tests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.Host.IntegrationTests) (push) Has been skipped
v2-ci / integration (tests/Server/ZB.MOM.WW.OtOpcUa.OpcUaServer.IntegrationTests) (push) Has been skipped
Adds <summary>/<param>/<returns>/<inheritdoc> where missing and removes project bookkeeping IDs (task/tracking refs) from shipped code comments, so the docs read cleanly and CommentChecker is quiet except for known false positives (PLC/protocol terms, event/IEqualityComparer inheritdoc). Doc/comment-only; no logic changed; solution builds clean.
60 lines
2.4 KiB
C#
60 lines
2.4 KiB
C#
namespace ZB.MOM.WW.OtOpcUa.Core.Abstractions;
|
|
|
|
/// <summary>
|
|
/// Every OPC UA operation surface the Phase 6.2 authorization evaluator gates, per
|
|
/// <c>docs/v2/implementation/phase-6-2-authorization-runtime.md</c> §Stream C.
|
|
/// The evaluator maps each operation onto the corresponding
|
|
/// <c>NodePermissions</c> bit(s) to decide whether the calling session is allowed.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Write is split out into <see cref="WriteOperate"/> / <see cref="WriteTune"/> /
|
|
/// <see cref="WriteConfigure"/> because the underlying driver-reported
|
|
/// <see cref="SecurityClassification"/> already carries that distinction — the
|
|
/// evaluator maps the requested tag's security class to the matching operation value
|
|
/// before checking the permission bit.
|
|
/// </remarks>
|
|
public enum OpcUaOperation
|
|
{
|
|
/// <summary>
|
|
/// <c>Browse</c> + <c>TranslateBrowsePathsToNodeIds</c>. Ancestor visibility implied
|
|
/// when any descendant has a grant; denied ancestors filter from browse results.
|
|
/// </summary>
|
|
Browse,
|
|
|
|
/// <summary><c>Read</c> on a variable node.</summary>
|
|
Read,
|
|
|
|
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Operate"/> / <see cref="SecurityClassification.FreeAccess"/>.</summary>
|
|
WriteOperate,
|
|
|
|
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Tune"/>.</summary>
|
|
WriteTune,
|
|
|
|
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Configure"/>.</summary>
|
|
WriteConfigure,
|
|
|
|
/// <summary><c>HistoryRead</c> — uses its own <c>NodePermissions.HistoryRead</c> bit; Read alone is NOT sufficient (decision in Phase 6.2 Compliance).</summary>
|
|
HistoryRead,
|
|
|
|
/// <summary><c>HistoryUpdate</c> — annotation / insert / delete on historian.</summary>
|
|
HistoryUpdate,
|
|
|
|
/// <summary><c>CreateMonitoredItems</c>. Per-item denial in mixed-authorization batches.</summary>
|
|
CreateMonitoredItems,
|
|
|
|
/// <summary><c>TransferSubscriptions</c>. Re-evaluates transferred items against current auth state.</summary>
|
|
TransferSubscriptions,
|
|
|
|
/// <summary><c>Call</c> on a Method node.</summary>
|
|
Call,
|
|
|
|
/// <summary>Alarm <c>Acknowledge</c>.</summary>
|
|
AlarmAcknowledge,
|
|
|
|
/// <summary>Alarm <c>Confirm</c>.</summary>
|
|
AlarmConfirm,
|
|
|
|
/// <summary>Alarm <c>Shelve</c> / <c>Unshelve</c>.</summary>
|
|
AlarmShelve,
|
|
}
|