Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ValidateRolePermissions for MIs montioring the Value of a Node #2808

Closed

Conversation

romanett
Copy link
Contributor

@romanett romanett commented Oct 23, 2024

Proposed changes

Adds a validation of the RolePermissions for MonitoredItems monitoring the Value of a Node.

The validation is already in place for event monitored items and is also added for dataChangeMonitoredItems with this PR.

Related Issues

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • Enhancement (non-breaking change which adds functionality)
  • Test enhancement (non-breaking change to increase test coverage)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected, requires version increase of Nuget packages)
  • Documentation Update (if none of the other choices apply)

Checklist

  • I have read the CONTRIBUTING doc.
  • I have signed the CLA.
  • I ran tests locally with my changes, all passed.
  • I fixed all failing tests in the CI pipelines.
  • I fixed all introduced issues with CodeQL and LGTM.
  • I have added tests that prove my fix is effective or that my feature works and increased code coverage.
  • I have added necessary documentation (if appropriate).
  • Any dependent changes have been merged and published in downstream modules.

Further comments

After investigation I came to the following conclusion:

creating a MI is correctly validating the role permissions
however changing the user identity after the MI exists you are still allowed to receive data changes.
Test Setup:

Reference Server
Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin
node creation:
image

Client 1: Configure Admin (sysadmin) ->sucessfully monitor node
Client 2: Anonymous -> cant create MI
Client 1: -> change user identity to anonymous -> still monitors node
Client 2: -> write node
Client 1-> receives Data change even though it should not be able to

@romanett romanett added the bug A bug was identified and should be fixed. label Oct 23, 2024
@romanett romanett added this to the 1.5.374 Oktober Update milestone Oct 23, 2024
@romanett romanett self-assigned this Oct 23, 2024
Copy link

codecov bot commented Oct 23, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 55.29%. Comparing base (f433fa4) to head (f200a02).

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #2808      +/-   ##
==========================================
- Coverage   55.64%   55.29%   -0.36%     
==========================================
  Files         352      352              
  Lines       67326    67328       +2     
  Branches    13806    13807       +1     
==========================================
- Hits        37464    37229     -235     
- Misses      25825    26010     +185     
- Partials     4037     4089      +52     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@romanett romanett changed the base branch from master to develop/main374 October 23, 2024 15:40
@romanett romanett changed the base branch from develop/main374 to master October 23, 2024 15:40
@romanett romanett closed this Oct 23, 2024
@romanett romanett deleted the MiFixClearChangeMasks branch October 23, 2024 15:44
@romanett romanett removed this from the 1.5.374 Oktober Update milestone Oct 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug A bug was identified and should be fixed.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Session is not provided by "ClearChangeMasks" when a change is notified
1 participant