dohertj2/lmxopcua
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
bb1854b2f84c38ac159ee0a66bca349e2c172069
lmxopcua/src/Server/ZB.MOM.WW.OtOpcUa.Admin/Services/ValidatedNodeAclAuthoringService.cs
Joseph Doherty a25593a9c6 chore: organize solution into module folders (Core/Server/Drivers/Client/Tooling) 
Group all 69 projects into category subfolders under src/ and tests/ so the
Rider Solution Explorer mirrors the module structure. Folders: Core, Server,
Drivers (with a nested Driver CLIs subfolder), Client, Tooling.

- Move every project folder on disk with git mv (history preserved as renames).
- Recompute relative paths in 57 .csproj files: cross-category ProjectReferences,
  the lib/ HintPath+None refs in Driver.Historian.Wonderware, and the external
  mxaccessgw refs in Driver.Galaxy and its test project.
- Rebuild ZB.MOM.WW.OtOpcUa.slnx with nested solution folders.
- Re-prefix project paths in functional scripts (e2e, compliance, smoke SQL,
  integration, install).

Build green (0 errors); unit tests pass. Docs left for a separate pass.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 01:55:28 -04:00

118 lines
5.3 KiB
C#
Raw Blame History

using Microsoft.EntityFrameworkCore;
using ZB.MOM.WW.OtOpcUa.Configuration;
using ZB.MOM.WW.OtOpcUa.Configuration.Entities;
using ZB.MOM.WW.OtOpcUa.Configuration.Enums;
namespace ZB.MOM.WW.OtOpcUa.Admin.Services;
/// <summary>
/// Draft-aware write surface over <see cref="NodeAcl"/>. Replaces direct
/// <see cref="NodeAclService"/> CRUD for Admin UI grant authoring; the raw service stays
/// as the read / delete surface. Enforces the invariants listed in Phase 6.2 Stream D.2:
/// scope-uniqueness per (LdapGroup, ScopeKind, ScopeId, GenerationId), grant shape
/// consistency, and no empty permission masks.
/// </summary>
/// <remarks>
/// <para>Per decision #129 grants are additive — <see cref="NodePermissions.None"/> is
/// rejected at write time. Explicit Deny is v2.1 and is not representable in the current
/// <c>NodeAcl</c> row; attempts to express it (e.g. empty permission set) surface as
/// <see cref="InvalidNodeAclGrantException"/>.</para>
///
/// <para>Draft scope: writes always target an unpublished (Draft-state) generation id.
/// Once a generation publishes, its rows are frozen.</para>
/// </remarks>
public sealed class ValidatedNodeAclAuthoringService(OtOpcUaConfigDbContext db)
{
/// <summary>Add a new grant row to the given draft generation.</summary>
public async Task<NodeAcl> GrantAsync(
long draftGenerationId,
string clusterId,
string ldapGroup,
NodeAclScopeKind scopeKind,
string? scopeId,
NodePermissions permissions,
string? notes,
CancellationToken cancellationToken)
{
ArgumentException.ThrowIfNullOrWhiteSpace(clusterId);
ArgumentException.ThrowIfNullOrWhiteSpace(ldapGroup);
ValidateGrantShape(scopeKind, scopeId, permissions);
await EnsureNoDuplicate(draftGenerationId, clusterId, ldapGroup, scopeKind, scopeId, cancellationToken).ConfigureAwait(false);
var row = new NodeAcl
{
GenerationId = draftGenerationId,
NodeAclId = $"acl-{Guid.NewGuid():N}"[..20],
ClusterId = clusterId,
LdapGroup = ldapGroup,
ScopeKind = scopeKind,
ScopeId = scopeId,
PermissionFlags = permissions,
Notes = notes,
};
db.NodeAcls.Add(row);
await db.SaveChangesAsync(cancellationToken).ConfigureAwait(false);
return row;
}
/// <summary>
/// Replace an existing grant's permission set in place. Validates the new shape;
/// rejects attempts to blank-out to None (that's a Revoke via <see cref="NodeAclService"/>).
/// </summary>
public async Task<NodeAcl> UpdatePermissionsAsync(
Guid nodeAclRowId,
NodePermissions newPermissions,
string? notes,
CancellationToken cancellationToken)
{
if (newPermissions == NodePermissions.None)
throw new InvalidNodeAclGrantException(
"Permission set cannot be None — revoke the row instead of writing an empty grant.");
var row = await db.NodeAcls.FirstOrDefaultAsync(a => a.NodeAclRowId == nodeAclRowId, cancellationToken).ConfigureAwait(false)
?? throw new InvalidNodeAclGrantException($"NodeAcl row {nodeAclRowId} not found.");
row.PermissionFlags = newPermissions;
if (notes is not null) row.Notes = notes;
await db.SaveChangesAsync(cancellationToken).ConfigureAwait(false);
return row;
}
private static void ValidateGrantShape(NodeAclScopeKind scopeKind, string? scopeId, NodePermissions permissions)
{
if (permissions == NodePermissions.None)
throw new InvalidNodeAclGrantException(
"Permission set cannot be None — grants must carry at least one flag (decision #129, additive only).");
if (scopeKind == NodeAclScopeKind.Cluster && !string.IsNullOrEmpty(scopeId))
throw new InvalidNodeAclGrantException(
"Cluster-scope grants must have null ScopeId. ScopeId only applies to sub-cluster scopes.");
if (scopeKind != NodeAclScopeKind.Cluster && string.IsNullOrEmpty(scopeId))
throw new InvalidNodeAclGrantException(
$"ScopeKind={scopeKind} requires a populated ScopeId.");
}
private async Task EnsureNoDuplicate(
long generationId, string clusterId, string ldapGroup, NodeAclScopeKind scopeKind, string? scopeId,
CancellationToken cancellationToken)
{
var exists = await db.NodeAcls.AsNoTracking()
.AnyAsync(a => a.GenerationId == generationId
&& a.ClusterId == clusterId
&& a.LdapGroup == ldapGroup
&& a.ScopeKind == scopeKind
&& a.ScopeId == scopeId,
cancellationToken).ConfigureAwait(false);
if (exists)
throw new InvalidNodeAclGrantException(
$"A grant for (LdapGroup={ldapGroup}, ScopeKind={scopeKind}, ScopeId={scopeId}) already exists in generation {generationId}. " +
"Update the existing row's permissions instead of inserting a duplicate.");
}
}
/// <summary>Thrown when a <see cref="NodeAcl"/> grant authoring request violates an invariant.</summary>
public sealed class InvalidNodeAclGrantException(string message) : Exception(message);
Reference in New Issue View Git Blame Copy Permalink