dohertj2/lmxopcua
1
0
Fork 0
Code Issues 2 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
ac1e1dfd12fbde7de18af4a78dfc163170477c6a
lmxopcua/src/Core/ZB.MOM.WW.OtOpcUa.Core.Abstractions/OpcUaOperation.cs
T
Joseph Doherty a25593a9c6 chore: organize solution into module folders (Core/Server/Drivers/Client/Tooling) 
Group all 69 projects into category subfolders under src/ and tests/ so the
Rider Solution Explorer mirrors the module structure. Folders: Core, Server,
Drivers (with a nested Driver CLIs subfolder), Client, Tooling.

- Move every project folder on disk with git mv (history preserved as renames).
- Recompute relative paths in 57 .csproj files: cross-category ProjectReferences,
  the lib/ HintPath+None refs in Driver.Historian.Wonderware, and the external
  mxaccessgw refs in Driver.Galaxy and its test project.
- Rebuild ZB.MOM.WW.OtOpcUa.slnx with nested solution folders.
- Re-prefix project paths in functional scripts (e2e, compliance, smoke SQL,
  integration, install).

Build green (0 errors); unit tests pass. Docs left for a separate pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 01:55:28 -04:00

60 lines
2.4 KiB
C#
Raw Blame History

namespace ZB.MOM.WW.OtOpcUa.Core.Abstractions;
/// <summary>
/// Every OPC UA operation surface the Phase 6.2 authorization evaluator gates, per
/// <c>docs/v2/implementation/phase-6-2-authorization-runtime.md</c> §Stream C and
/// decision #143. The evaluator maps each operation onto the corresponding
/// <c>NodePermissions</c> bit(s) to decide whether the calling session is allowed.
/// </summary>
/// <remarks>
/// Write is split out into <see cref="WriteOperate"/> / <see cref="WriteTune"/> /
/// <see cref="WriteConfigure"/> because the underlying driver-reported
/// <see cref="SecurityClassification"/> already carries that distinction — the
/// evaluator maps the requested tag's security class to the matching operation value
/// before checking the permission bit.
/// </remarks>
public enum OpcUaOperation
{
/// <summary>
/// <c>Browse</c> + <c>TranslateBrowsePathsToNodeIds</c>. Ancestor visibility implied
/// when any descendant has a grant; denied ancestors filter from browse results.
/// </summary>
Browse,
/// <summary><c>Read</c> on a variable node.</summary>
Read,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Operate"/> / <see cref="SecurityClassification.FreeAccess"/>.</summary>
WriteOperate,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Tune"/>.</summary>
WriteTune,
/// <summary><c>Write</c> when the target has <see cref="SecurityClassification.Configure"/>.</summary>
WriteConfigure,
/// <summary><c>HistoryRead</c> — uses its own <c>NodePermissions.HistoryRead</c> bit; Read alone is NOT sufficient (decision in Phase 6.2 Compliance).</summary>
HistoryRead,
/// <summary><c>HistoryUpdate</c> — annotation / insert / delete on historian.</summary>
HistoryUpdate,
/// <summary><c>CreateMonitoredItems</c>. Per-item denial in mixed-authorization batches.</summary>
CreateMonitoredItems,
/// <summary><c>TransferSubscriptions</c>. Re-evaluates transferred items against current auth state.</summary>
TransferSubscriptions,
/// <summary><c>Call</c> on a Method node.</summary>
Call,
/// <summary>Alarm <c>Acknowledge</c>.</summary>
AlarmAcknowledge,
/// <summary>Alarm <c>Confirm</c>.</summary>
AlarmConfirm,
/// <summary>Alarm <c>Shelve</c> / <c>Unshelve</c>.</summary>
AlarmShelve,
}
Reference in New Issue View Git Blame Copy Permalink