[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
// Copyright 2022 Memgraph Ltd.
|
|
|
|
//
|
|
|
|
// Use of this software is governed by the Business Source License
|
|
|
|
// included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
|
|
|
|
// License, and you may not use this file except in compliance with the Business Source License.
|
|
|
|
//
|
|
|
|
// As of the Change Date specified in that file, in accordance with
|
|
|
|
// the Business Source License, use of this software will be governed
|
|
|
|
// by the Apache License, Version 2.0, included in the file
|
|
|
|
// licenses/APL.txt.
|
|
|
|
|
|
|
|
#include <gmock/gmock.h>
|
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
|
|
#include "auth/models.hpp"
|
|
|
|
#include "glue/auth_checker.hpp"
|
|
|
|
|
|
|
|
#include "query_plan_common.hpp"
|
|
|
|
#include "storage/v2/view.hpp"
|
|
|
|
|
|
|
|
class FineGrainedAuthCheckerFixture : public testing::Test {
|
|
|
|
protected:
|
|
|
|
memgraph::storage::Storage db;
|
|
|
|
memgraph::storage::Storage::Accessor storage_dba{db.Access()};
|
|
|
|
memgraph::query::DbAccessor dba{&storage_dba};
|
|
|
|
|
|
|
|
// make a V-graph (v3)<-[r2]-(v1)-[r1]->(v2)
|
|
|
|
memgraph::query::VertexAccessor v1{dba.InsertVertex()};
|
|
|
|
memgraph::query::VertexAccessor v2{dba.InsertVertex()};
|
|
|
|
memgraph::query::VertexAccessor v3{dba.InsertVertex()};
|
|
|
|
memgraph::storage::EdgeTypeId edge_type_one{db.NameToEdgeType("edge_type_1")};
|
|
|
|
memgraph::storage::EdgeTypeId edge_type_two{db.NameToEdgeType("edge_type_2")};
|
|
|
|
|
|
|
|
memgraph::query::EdgeAccessor r1{*dba.InsertEdge(&v1, &v2, edge_type_one)};
|
|
|
|
memgraph::query::EdgeAccessor r2{*dba.InsertEdge(&v1, &v3, edge_type_one)};
|
|
|
|
memgraph::query::EdgeAccessor r3{*dba.InsertEdge(&v1, &v2, edge_type_two)};
|
|
|
|
memgraph::query::EdgeAccessor r4{*dba.InsertEdge(&v1, &v3, edge_type_two)};
|
|
|
|
|
|
|
|
void SetUp() override {
|
|
|
|
ASSERT_TRUE(v1.AddLabel(dba.NameToLabel("l1")).HasValue());
|
|
|
|
ASSERT_TRUE(v2.AddLabel(dba.NameToLabel("l2")).HasValue());
|
|
|
|
ASSERT_TRUE(v3.AddLabel(dba.NameToLabel("l3")).HasValue());
|
|
|
|
dba.AdvanceCommand();
|
|
|
|
}
|
|
|
|
};
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantedAllLabels) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("*",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantedAllEdgeTypes) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Grant(
|
|
|
|
"*", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r1));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r2));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r3));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r4));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllLabels) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllEdgeTypes) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r1));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r2));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r3));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r4));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantLabel) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("l1",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, DenyLabel) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificLabels) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("l1",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("l2",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
|
|
|
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, MultipleVertexLabels) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("l1",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
|
|
|
user.fine_grained_access_handler().label_permissions().Grant("l2",
|
|
|
|
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
|
|
|
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
ASSERT_TRUE(v1.AddLabel(dba.NameToLabel("l3")).HasValue());
|
|
|
|
ASSERT_TRUE(v2.AddLabel(dba.NameToLabel("l1")).HasValue());
|
|
|
|
dba.AdvanceCommand();
|
|
|
|
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantEdgeType) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Grant(
|
|
|
|
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r1));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, DenyEdgeType) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_1",
|
|
|
|
memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r1));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificEdgeTypes) {
|
|
|
|
memgraph::auth::User user{"test"};
|
2022-08-22 20:11:43 +08:00
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Grant(
|
|
|
|
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
|
|
|
|
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_2",
|
|
|
|
memgraph::auth::FineGrainedPermission::READ);
|
[E129-MG <-T0982-MG] implement edge type filtering (#489)
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
2022-08-16 21:57:23 +08:00
|
|
|
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
|
|
|
|
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r1));
|
|
|
|
ASSERT_TRUE(auth_checker.Accept(dba, r2));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r3));
|
|
|
|
ASSERT_FALSE(auth_checker.Accept(dba, r4));
|
|
|
|
}
|