codecov[bot]
commented
4 weeks ago Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 55.29%. Comparing base (
f433fa4) to head (f200a02).
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #2808 +/- ## ========================================== - Coverage 55.64% 55.29% -0.36% ========================================== Files 352 352 Lines 67326 67328 +2 Branches 13806 13807 +1 ========================================== - Hits 37464 37229 -235 - Misses 25825 26010 +185 - Partials 4037 4089 +52 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
Proposed changes
Adds a validation of the RolePermissions for MonitoredItems monitoring the Value of a Node.
The validation is already in place for event monitored items and is also added for dataChangeMonitoredItems with this PR.
Related Issues
Types of changes
Checklist
Further comments
After investigation I came to the following conclusion:
creating a MI is correctly validating the role permissions however changing the user identity after the MI exists you are still allowed to receive data changes. Test Setup:
Reference Server Node: ns=2 nodeId=AccessRights_RolePermissions_ConfigureAdmin node creation:
Client 1: Configure Admin (sysadmin) ->sucessfully monitor node Client 2: Anonymous -> cant create MI Client 1: -> change user identity to anonymous -> still monitors node Client 2: -> write node Client 1-> receives Data change even though it should not be able to