3b8280f08a
Ships the non-UI piece of Stream D: a draft-aware write surface over NodeAcl
that enforces the Phase 6.2 plan's scope-uniqueness + grant-shape invariants.
Blazor UI pieces (RoleGrantsTab + AclsTab refresh + SignalR invalidation +
visual-compliance reviewer signoff) are deferred to the Phase 6.1-style
follow-up task.
Admin.Services:
- ValidatedNodeAclAuthoringService — alongside existing NodeAclService (raw
CRUD, kept for read + revoke paths). GrantAsync enforces:
* Permissions != None (decision #129 — additive only, no empty grants).
* Cluster scope has null ScopeId.
* Sub-cluster scope requires a populated ScopeId.
* No duplicate (GenerationId, ClusterId, LdapGroup, ScopeKind, ScopeId)
tuple — operator updates the row instead of inserting a duplicate.
UpdatePermissionsAsync also rejects None (operator revokes via NodeAclService).
Violations throw InvalidNodeAclGrantException.
Tests (10 new in Admin.Tests/ValidatedNodeAclAuthoringServiceTests):
- Grant rejects None permissions.
- Grant rejects Cluster-scope with ScopeId / sub-cluster without ScopeId.
- Grant succeeds on well-formed row.
- Grant rejects duplicate (group, scope) in same draft.
- Grant allows same group at different scope.
- Grant allows same (group, scope) in different draft.
- UpdatePermissions rejects None.
- UpdatePermissions round-trips new flags + notes.
- UpdatePermissions on unknown rowid throws.
Microsoft.EntityFrameworkCore.InMemory 10.0.0 added to Admin.Tests csproj.
Full solution dotnet test: 1097 passing (was 1087, +10). Phase 6.2 total is
now 1087+10 = 1097; baseline 906 → +191 net across Phase 6.1 (all streams) +
Phase 6.2 (Streams A, B, C foundation, D data layer).
Stream D follow-up task tracks: RoleGrantsTab CRUD over LdapGroupRoleMapping,
AclsTab write-through + Probe-this-permission diagnostic, draft-diff ACL
section, SignalR PermissionTrieCache invalidation push.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
147 lines
5.3 KiB
C#
147 lines
5.3 KiB
C#
using Microsoft.EntityFrameworkCore;
|
|
using Shouldly;
|
|
using Xunit;
|
|
using ZB.MOM.WW.OtOpcUa.Admin.Services;
|
|
using ZB.MOM.WW.OtOpcUa.Configuration;
|
|
using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
|
|
|
|
namespace ZB.MOM.WW.OtOpcUa.Admin.Tests;
|
|
|
|
[Trait("Category", "Unit")]
|
|
public sealed class ValidatedNodeAclAuthoringServiceTests : IDisposable
|
|
{
|
|
private readonly OtOpcUaConfigDbContext _db;
|
|
|
|
public ValidatedNodeAclAuthoringServiceTests()
|
|
{
|
|
var options = new DbContextOptionsBuilder<OtOpcUaConfigDbContext>()
|
|
.UseInMemoryDatabase($"val-nodeacl-{Guid.NewGuid():N}")
|
|
.Options;
|
|
_db = new OtOpcUaConfigDbContext(options);
|
|
}
|
|
|
|
public void Dispose() => _db.Dispose();
|
|
|
|
[Fact]
|
|
public async Task Grant_Rejects_NonePermissions()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(() => svc.GrantAsync(
|
|
draftGenerationId: 1, clusterId: "c1", ldapGroup: "cn=ops",
|
|
scopeKind: NodeAclScopeKind.Cluster, scopeId: null,
|
|
permissions: NodePermissions.None, notes: null, CancellationToken.None));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_Rejects_ClusterScope_With_ScopeId()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(() => svc.GrantAsync(
|
|
1, "c1", "cn=ops",
|
|
NodeAclScopeKind.Cluster, scopeId: "not-null-wrong",
|
|
NodePermissions.Read, null, CancellationToken.None));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_Rejects_SubClusterScope_Without_ScopeId()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(() => svc.GrantAsync(
|
|
1, "c1", "cn=ops",
|
|
NodeAclScopeKind.Equipment, scopeId: null,
|
|
NodePermissions.Read, null, CancellationToken.None));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_Succeeds_When_Valid()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
|
|
var row = await svc.GrantAsync(
|
|
1, "c1", "cn=ops",
|
|
NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read | NodePermissions.Browse, "fleet reader", CancellationToken.None);
|
|
|
|
row.LdapGroup.ShouldBe("cn=ops");
|
|
row.PermissionFlags.ShouldBe(NodePermissions.Read | NodePermissions.Browse);
|
|
row.NodeAclId.ShouldNotBeNullOrWhiteSpace();
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_Rejects_DuplicateScopeGroup_Pair()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
await svc.GrantAsync(1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(() => svc.GrantAsync(
|
|
1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.WriteOperate, null, CancellationToken.None));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_SameGroup_DifferentScope_IsAllowed()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
await svc.GrantAsync(1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
var tagRow = await svc.GrantAsync(1, "c1", "cn=ops",
|
|
NodeAclScopeKind.Tag, scopeId: "tag-xyz",
|
|
NodePermissions.WriteOperate, null, CancellationToken.None);
|
|
|
|
tagRow.ScopeKind.ShouldBe(NodeAclScopeKind.Tag);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task Grant_SameGroupScope_DifferentDraft_IsAllowed()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
await svc.GrantAsync(1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
var draft2Row = await svc.GrantAsync(2, "c1", "cn=ops",
|
|
NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
draft2Row.GenerationId.ShouldBe(2);
|
|
}
|
|
|
|
[Fact]
|
|
public async Task UpdatePermissions_Rejects_None()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
var row = await svc.GrantAsync(1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(
|
|
() => svc.UpdatePermissionsAsync(row.NodeAclRowId, NodePermissions.None, null, CancellationToken.None));
|
|
}
|
|
|
|
[Fact]
|
|
public async Task UpdatePermissions_RoundTrips_NewFlags()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
var row = await svc.GrantAsync(1, "c1", "cn=ops", NodeAclScopeKind.Cluster, null,
|
|
NodePermissions.Read, null, CancellationToken.None);
|
|
|
|
var updated = await svc.UpdatePermissionsAsync(row.NodeAclRowId,
|
|
NodePermissions.Read | NodePermissions.WriteOperate, "bumped", CancellationToken.None);
|
|
|
|
updated.PermissionFlags.ShouldBe(NodePermissions.Read | NodePermissions.WriteOperate);
|
|
updated.Notes.ShouldBe("bumped");
|
|
}
|
|
|
|
[Fact]
|
|
public async Task UpdatePermissions_MissingRow_Throws()
|
|
{
|
|
var svc = new ValidatedNodeAclAuthoringService(_db);
|
|
|
|
await Should.ThrowAsync<InvalidNodeAclGrantException>(
|
|
() => svc.UpdatePermissionsAsync(Guid.NewGuid(), NodePermissions.Read, null, CancellationToken.None));
|
|
}
|
|
}
|