Joseph Doherty
8ba289f975
Replace all dev-directory dc=lmxopcua,dc=local references with dc=zb,dc=local across LdapOptions default, integration harness overrides, docker-compose LDAP_ROOT, AclEdit placeholder DN, and dev/smoke-test docs. CN/OU prefixes preserved.
229 lines
11 KiB
Plaintext
229 lines
11 KiB
Plaintext
@page "/clusters/{ClusterId}/acls/new"
|
|
@page "/clusters/{ClusterId}/acls/{NodeAclId}"
|
|
@attribute [Microsoft.AspNetCore.Authorization.Authorize]
|
|
@rendermode RenderMode.InteractiveServer
|
|
@using Microsoft.AspNetCore.Components.Forms
|
|
@using Microsoft.EntityFrameworkCore
|
|
@using System.ComponentModel.DataAnnotations
|
|
@using ZB.MOM.WW.OtOpcUa.Configuration
|
|
@using ZB.MOM.WW.OtOpcUa.Configuration.Entities
|
|
@using ZB.MOM.WW.OtOpcUa.Configuration.Enums
|
|
@inject IDbContextFactory<OtOpcUaConfigDbContext> DbFactory
|
|
@inject NavigationManager Nav
|
|
|
|
<div class="d-flex justify-content-between align-items-center mb-3">
|
|
<h4 class="mb-0">@(IsNew ? "New ACL grant" : "Edit ACL grant") · <span class="mono">@ClusterId</span></h4>
|
|
<a href="/clusters/@ClusterId/acls" class="btn btn-outline-secondary btn-sm">Cancel</a>
|
|
</div>
|
|
|
|
<ClusterNav ClusterId="@ClusterId" ActiveTab="acls" />
|
|
|
|
@if (!_loaded)
|
|
{
|
|
<p>Loading…</p>
|
|
}
|
|
else if (!IsNew && _existing is null)
|
|
{
|
|
<section class="panel notice rise" style="animation-delay:.02s">ACL <span class="mono">@NodeAclId</span> not found.</section>
|
|
}
|
|
else
|
|
{
|
|
<EditForm Model="_form" OnValidSubmit="SubmitAsync" FormName="aclEdit">
|
|
<DataAnnotationsValidator />
|
|
<section class="panel rise" style="animation-delay:.02s">
|
|
<div class="panel-head">Grant</div>
|
|
<div style="padding:1rem">
|
|
<div class="row">
|
|
<div class="col-md-6 mb-3">
|
|
<label class="form-label" for="aid">NodeAclId</label>
|
|
<InputText id="aid" @bind-Value="_form.NodeAclId" disabled="@(!IsNew)" class="form-control form-control-sm mono" />
|
|
</div>
|
|
<div class="col-md-6 mb-3">
|
|
<label class="form-label" for="grp">LDAP group</label>
|
|
<InputText id="grp" @bind-Value="_form.LdapGroup" class="form-control form-control-sm mono"
|
|
placeholder="cn=Operators,ou=FleetAdmin,dc=zb,dc=local" />
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col-md-6 mb-3">
|
|
<label class="form-label" for="scope">Scope kind</label>
|
|
<InputSelect id="scope" @bind-Value="_form.ScopeKind" class="form-select form-select-sm">
|
|
<option value="@NodeAclScopeKind.Cluster">Cluster</option>
|
|
<option value="@NodeAclScopeKind.Namespace">Namespace</option>
|
|
<option value="@NodeAclScopeKind.UnsArea">UnsArea</option>
|
|
<option value="@NodeAclScopeKind.UnsLine">UnsLine</option>
|
|
<option value="@NodeAclScopeKind.Equipment">Equipment</option>
|
|
<option value="@NodeAclScopeKind.FolderSegment">FolderSegment</option>
|
|
<option value="@NodeAclScopeKind.Tag">Tag</option>
|
|
</InputSelect>
|
|
</div>
|
|
<div class="col-md-6 mb-3">
|
|
<label class="form-label" for="target">Scope target ID</label>
|
|
<InputText id="target" @bind-Value="_form.ScopeId" class="form-control form-control-sm mono"
|
|
placeholder="Leave blank for cluster-wide" />
|
|
</div>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label class="form-label">Permissions</label>
|
|
<div>
|
|
@foreach (var bit in PermissionBits)
|
|
{
|
|
<div class="form-check form-check-inline">
|
|
<input type="checkbox" class="form-check-input"
|
|
id="perm-@bit"
|
|
checked="@_form.HasPerm(bit)"
|
|
@onchange="e => _form.SetPerm(bit, (bool)e.Value!)" />
|
|
<label class="form-check-label" for="perm-@bit">@bit</label>
|
|
</div>
|
|
}
|
|
</div>
|
|
<div class="form-text mt-2">
|
|
Bundles:
|
|
<button type="button" class="btn btn-sm btn-link p-0 ms-1" @onclick="() => _form.PermissionFlags = NodePermissions.ReadOnly">ReadOnly</button>
|
|
·
|
|
<button type="button" class="btn btn-sm btn-link p-0" @onclick="() => _form.PermissionFlags = NodePermissions.Operator">Operator</button>
|
|
·
|
|
<button type="button" class="btn btn-sm btn-link p-0" @onclick="() => _form.PermissionFlags = NodePermissions.Engineer">Engineer</button>
|
|
·
|
|
<button type="button" class="btn btn-sm btn-link p-0" @onclick="() => _form.PermissionFlags = NodePermissions.Admin">Admin</button>
|
|
</div>
|
|
</div>
|
|
<div class="mb-3">
|
|
<label class="form-label">Notes</label>
|
|
<InputTextArea @bind-Value="_form.Notes" class="form-control form-control-sm" rows="3" />
|
|
</div>
|
|
</div>
|
|
</section>
|
|
|
|
@if (!string.IsNullOrWhiteSpace(_error)) { <div class="panel notice mt-3" style="border-color:var(--alert)">@_error</div> }
|
|
|
|
<div class="mt-3 d-flex gap-2">
|
|
<button type="submit" class="btn btn-primary" disabled="@_busy">@(IsNew ? "Create" : "Save changes")</button>
|
|
<a href="/clusters/@ClusterId/acls" class="btn btn-outline-secondary">Cancel</a>
|
|
@if (!IsNew) { <button type="button" class="btn btn-outline-danger ms-auto" @onclick="DeleteAsync" disabled="@_busy">Delete</button> }
|
|
</div>
|
|
</EditForm>
|
|
}
|
|
|
|
@code {
|
|
private static readonly NodePermissions[] PermissionBits =
|
|
[
|
|
NodePermissions.Browse, NodePermissions.Read, NodePermissions.Subscribe, NodePermissions.HistoryRead,
|
|
NodePermissions.WriteOperate, NodePermissions.WriteTune, NodePermissions.WriteConfigure,
|
|
NodePermissions.AlarmRead, NodePermissions.AlarmAcknowledge, NodePermissions.AlarmConfirm, NodePermissions.AlarmShelve,
|
|
NodePermissions.MethodCall,
|
|
];
|
|
|
|
[Parameter] public string ClusterId { get; set; } = "";
|
|
[Parameter] public string? NodeAclId { get; set; }
|
|
|
|
private bool IsNew => string.IsNullOrEmpty(NodeAclId);
|
|
|
|
private FormModel _form = new();
|
|
private NodeAcl? _existing;
|
|
private bool _loaded;
|
|
private bool _busy;
|
|
private string? _error;
|
|
|
|
protected override async Task OnInitializedAsync()
|
|
{
|
|
if (!IsNew)
|
|
{
|
|
await using var db = await DbFactory.CreateDbContextAsync();
|
|
_existing = await db.NodeAcls.AsNoTracking().FirstOrDefaultAsync(
|
|
a => a.ClusterId == ClusterId && a.NodeAclId == NodeAclId);
|
|
if (_existing is not null)
|
|
{
|
|
_form = new FormModel
|
|
{
|
|
NodeAclId = _existing.NodeAclId,
|
|
LdapGroup = _existing.LdapGroup,
|
|
ScopeKind = _existing.ScopeKind,
|
|
ScopeId = _existing.ScopeId,
|
|
PermissionFlags = _existing.PermissionFlags,
|
|
Notes = _existing.Notes,
|
|
RowVersion = _existing.RowVersion,
|
|
};
|
|
}
|
|
}
|
|
_loaded = true;
|
|
}
|
|
|
|
private async Task SubmitAsync()
|
|
{
|
|
_busy = true; _error = null;
|
|
try
|
|
{
|
|
await using var db = await DbFactory.CreateDbContextAsync();
|
|
if (IsNew)
|
|
{
|
|
if (await db.NodeAcls.AnyAsync(a => a.NodeAclId == _form.NodeAclId))
|
|
{ _error = $"ACL '{_form.NodeAclId}' already exists."; return; }
|
|
db.NodeAcls.Add(new NodeAcl
|
|
{
|
|
NodeAclId = _form.NodeAclId,
|
|
ClusterId = ClusterId,
|
|
LdapGroup = _form.LdapGroup,
|
|
ScopeKind = _form.ScopeKind,
|
|
ScopeId = string.IsNullOrWhiteSpace(_form.ScopeId) ? null : _form.ScopeId,
|
|
PermissionFlags = _form.PermissionFlags,
|
|
Notes = string.IsNullOrWhiteSpace(_form.Notes) ? null : _form.Notes,
|
|
});
|
|
}
|
|
else
|
|
{
|
|
var entity = await db.NodeAcls.FirstOrDefaultAsync(a => a.ClusterId == ClusterId && a.NodeAclId == NodeAclId);
|
|
if (entity is null) { _error = "Row no longer exists."; return; }
|
|
db.Entry(entity).Property(e => e.RowVersion).OriginalValue = _form.RowVersion;
|
|
entity.LdapGroup = _form.LdapGroup;
|
|
entity.ScopeKind = _form.ScopeKind;
|
|
entity.ScopeId = string.IsNullOrWhiteSpace(_form.ScopeId) ? null : _form.ScopeId;
|
|
entity.PermissionFlags = _form.PermissionFlags;
|
|
entity.Notes = string.IsNullOrWhiteSpace(_form.Notes) ? null : _form.Notes;
|
|
}
|
|
await db.SaveChangesAsync();
|
|
Nav.NavigateTo($"/clusters/{ClusterId}/acls");
|
|
}
|
|
catch (DbUpdateConcurrencyException) { _error = "Another user changed this ACL while you were editing."; }
|
|
catch (Exception ex) { _error = ex.Message; }
|
|
finally { _busy = false; }
|
|
}
|
|
|
|
private async Task DeleteAsync()
|
|
{
|
|
if (IsNew) return;
|
|
_busy = true; _error = null;
|
|
try
|
|
{
|
|
await using var db = await DbFactory.CreateDbContextAsync();
|
|
var entity = await db.NodeAcls.FirstOrDefaultAsync(a => a.ClusterId == ClusterId && a.NodeAclId == NodeAclId);
|
|
if (entity is null) { Nav.NavigateTo($"/clusters/{ClusterId}/acls"); return; }
|
|
db.Entry(entity).Property(e => e.RowVersion).OriginalValue = _form.RowVersion;
|
|
db.NodeAcls.Remove(entity);
|
|
await db.SaveChangesAsync();
|
|
Nav.NavigateTo($"/clusters/{ClusterId}/acls");
|
|
}
|
|
catch (DbUpdateConcurrencyException) { _error = "Another user changed this ACL while you were viewing it."; }
|
|
catch (Exception ex) { _error = ex.Message; }
|
|
finally { _busy = false; }
|
|
}
|
|
|
|
private sealed class FormModel
|
|
{
|
|
[Required, RegularExpression("^[A-Za-z0-9_-]+$")] public string NodeAclId { get; set; } = "";
|
|
[Required] public string LdapGroup { get; set; } = "";
|
|
public NodeAclScopeKind ScopeKind { get; set; } = NodeAclScopeKind.Cluster;
|
|
public string? ScopeId { get; set; }
|
|
public NodePermissions PermissionFlags { get; set; } = NodePermissions.None;
|
|
public string? Notes { get; set; }
|
|
public byte[] RowVersion { get; set; } = [];
|
|
|
|
public bool HasPerm(NodePermissions bit) => PermissionFlags.HasFlag(bit);
|
|
public void SetPerm(NodePermissions bit, bool on)
|
|
{
|
|
if (on) PermissionFlags |= bit;
|
|
else PermissionFlags &= ~bit;
|
|
}
|
|
}
|
|
}
|