a25593a9c6
Group all 69 projects into category subfolders under src/ and tests/ so the Rider Solution Explorer mirrors the module structure. Folders: Core, Server, Drivers (with a nested Driver CLIs subfolder), Client, Tooling. - Move every project folder on disk with git mv (history preserved as renames). - Recompute relative paths in 57 .csproj files: cross-category ProjectReferences, the lib/ HintPath+None refs in Driver.Historian.Wonderware, and the external mxaccessgw refs in Driver.Galaxy and its test project. - Rebuild ZB.MOM.WW.OtOpcUa.slnx with nested solution folders. - Re-prefix project paths in functional scripts (e2e, compliance, smoke SQL, integration, install). Build green (0 errors); unit tests pass. Docs left for a separate pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
21 lines
999 B
C#
21 lines
999 B
C#
namespace ZB.MOM.WW.OtOpcUa.Server.Security;
|
|
|
|
/// <summary>
|
|
/// Minimal interface an <see cref="Opc.Ua.IUserIdentity"/> exposes so the Phase 6.2
|
|
/// authorization evaluator can read the session's resolved LDAP group DNs without a
|
|
/// hard dependency on any specific identity subtype. Implemented by OtOpcUaServer's
|
|
/// role-based identity; tests stub it to drive the evaluator under different group
|
|
/// memberships.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// Control/data-plane separation (decision #150): Admin UI role routing consumes
|
|
/// <see cref="IRoleBearer.Roles"/> via <c>LdapGroupRoleMapping</c>; the OPC UA data-path
|
|
/// evaluator consumes <see cref="LdapGroups"/> directly against <c>NodeAcl</c>. The two
|
|
/// are sourced from the same directory query at sign-in but never cross.
|
|
/// </remarks>
|
|
public interface ILdapGroupsBearer
|
|
{
|
|
/// <summary>Fully-qualified LDAP group DNs the user is a member of.</summary>
|
|
IReadOnlyList<string> LdapGroups { get; }
|
|
}
|