open62541pp/accesscontrol__default_8hpp_source.html

#pragma once


#include <vector>


#include "open62541pp/plugin/accesscontrol.hpp"

#include "open62541pp/span.hpp"

#include "open62541pp/types.hpp"


namespace opcua {


/// Login credentials.


struct Login {

    String username;

    String password;

};


/**

 * Default access control.

 *

 * This class implements the same logic as @ref UA_AccessControl_default().

 * The log-in can be anonymous or username-password. A logged-in user has all access rights.

 *

 * @warning Use less permissive access control in production!

 */


class AccessControlDefault : public AccessControlBase {

public:

    explicit AccessControlDefault(bool allowAnonymous = true, Span<const Login> logins = {});


    Span<UserTokenPolicy> getUserTokenPolicies() override;


    StatusCode activateSession(

        Session& session,

        const EndpointDescription& endpointDescription,

        const ByteString& secureChannelRemoteCertificate,

        const ExtensionObject& userIdentityToken

    ) override;


    void closeSession(Session& session) override;


    Bitmask<WriteMask> getUserRightsMask(Session& session, const NodeId& nodeId) override;


    Bitmask<AccessLevel> getUserAccessLevel(Session& session, const NodeId& nodeId) override;


    bool getUserExecutable(Session& session, const NodeId& methodId) override;


    bool getUserExecutableOnObject(Session& session, const NodeId& methodId, const NodeId& objectId)

        override;


    bool allowAddNode(Session& session, const AddNodesItem& item) override;


    bool allowAddReference(Session& session, const AddReferencesItem& item) override;


    bool allowDeleteNode(Session& session, const DeleteNodesItem& item) override;


    bool allowDeleteReference(Session& session, const DeleteReferencesItem& item) override;


    bool allowBrowseNode(Session& session, const NodeId& nodeId) override;


    bool allowTransferSubscription(Session& oldSession, Session& newSession) override;


    bool allowHistoryUpdate(

        Session& session,

        const NodeId& nodeId,

        PerformUpdateType performInsertReplace,

        const DataValue& value

    ) override;


    bool allowHistoryDelete(

        Session& session,

        const NodeId& nodeId,

        DateTime startTimestamp,

        DateTime endTimestamp,

        bool isDeleteModified

    ) override;


private:

    bool allowAnonymous_;

    std::vector<Login> logins_;

    std::vector<UserTokenPolicy> userTokenPolicies_;

};


}  // namespace opcua

accesscontrol.hpp

opcua::AccessControlBase
Access control base class.
Definition accesscontrol.hpp:34

opcua::AccessControlDefault
Default access control.
Definition accesscontrol_default.hpp:25

opcua::AccessControlDefault::allowAddNode
bool allowAddNode(Session &session, const AddNodesItem &item) override
Allow adding a node.

opcua::AccessControlDefault::getUserExecutable
bool getUserExecutable(Session &session, const NodeId &methodId) override
Additional access control for method nodes.

opcua::AccessControlDefault::getUserRightsMask
Bitmask< WriteMask > getUserRightsMask(Session &session, const NodeId &nodeId) override
Access control for all nodes.

opcua::AccessControlDefault::AccessControlDefault
AccessControlDefault(bool allowAnonymous=true, Span< const Login > logins={})

opcua::AccessControlDefault::allowAddReference
bool allowAddReference(Session &session, const AddReferencesItem &item) override
Allow adding a reference.

opcua::AccessControlDefault::closeSession
void closeSession(Session &session) override
Deauthenticate a session and cleanup session context.

opcua::AccessControlDefault::getUserTokenPolicies
Span< UserTokenPolicy > getUserTokenPolicies() override
Get available user token policies.

opcua::AccessControlDefault::allowDeleteNode
bool allowDeleteNode(Session &session, const DeleteNodesItem &item) override
Allow deleting a node.

opcua::AccessControlDefault::allowTransferSubscription
bool allowTransferSubscription(Session &oldSession, Session &newSession) override
Allow transfer of a subscription to another session.

opcua::AccessControlDefault::getUserExecutableOnObject
bool getUserExecutableOnObject(Session &session, const NodeId &methodId, const NodeId &objectId) override
Additional access control for calling a method node in the context of a specific object.

opcua::AccessControlDefault::activateSession
StatusCode activateSession(Session &session, const EndpointDescription &endpointDescription, const ByteString &secureChannelRemoteCertificate, const ExtensionObject &userIdentityToken) override
Authenticate a session.

opcua::AccessControlDefault::allowBrowseNode
bool allowBrowseNode(Session &session, const NodeId &nodeId) override
Allow browsing a node.

opcua::AccessControlDefault::allowHistoryDelete
bool allowHistoryDelete(Session &session, const NodeId &nodeId, DateTime startTimestamp, DateTime endTimestamp, bool isDeleteModified) override
Allow delete of historical data.

opcua::AccessControlDefault::allowHistoryUpdate
bool allowHistoryUpdate(Session &session, const NodeId &nodeId, PerformUpdateType performInsertReplace, const DataValue &value) override
Allow insert, replace, update of historical data.

opcua::AccessControlDefault::getUserAccessLevel
Bitmask< AccessLevel > getUserAccessLevel(Session &session, const NodeId &nodeId) override
Additional access control for variable nodes.

opcua::AccessControlDefault::allowDeleteReference
bool allowDeleteReference(Session &session, const DeleteReferencesItem &item) override
Allow deleting a reference.

opcua::Bitmask
Bitmask using (scoped) enums.
Definition bitmask.hpp:127

opcua::ByteString
UA_ByteString wrapper class.
Definition types.hpp:537

opcua::DataValue
UA_DataValue wrapper class.
Definition types.hpp:1568

opcua::DateTime
UA_DateTime wrapper class.
Definition types.hpp:381

opcua::ExtensionObject
UA_ExtensionObject wrapper class.
Definition types.hpp:1742

opcua::NodeId
UA_NodeId wrapper class.
Definition types.hpp:641

opcua::Session
High-level session class to manage client sessions.
Definition session.hpp:20

opcua::Span
View to a contiguous sequence of objects, similar to std::span in C++20.
Definition span.hpp:29

opcua::StatusCode
UA_StatusCode wrapper class.
Definition types.hpp:44

opcua::String
UA_String wrapper class.
Definition types.hpp:256

opcua::AddNodesItem
UA_AddNodesItem wrapper class.
Definition types.hpp:715

opcua::AddReferencesItem
UA_AddReferencesItem wrapper class.
Definition types.hpp:793

opcua::DeleteNodesItem
UA_DeleteNodesItem wrapper class.
Definition types.hpp:860

opcua::DeleteReferencesItem
UA_DeleteReferencesItem wrapper class.
Definition types.hpp:911

opcua::EndpointDescription
UA_EndpointDescription wrapper class.
Definition types.hpp:271

opcua::ua::PerformUpdateType
PerformUpdateType
Perform update type for structured data history updates.
Definition types.hpp:2447

opcua
Definition async.hpp:11

span.hpp

opcua::Login
Login credentials.
Definition accesscontrol_default.hpp:12

opcua::Login::username
String username
Definition accesscontrol_default.hpp:13

opcua::Login::password
String password
Definition accesscontrol_default.hpp:14

types.hpp