2022-09-02 23:12:07 +08:00
|
|
|
# Copyright 2022 Memgraph Ltd.
|
|
|
|
#
|
|
|
|
# Use of this software is governed by the Business Source License
|
|
|
|
# included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
|
|
|
|
# License, and you may not use this file except in compliance with the Business Source License.
|
|
|
|
#
|
|
|
|
# As of the Change Date specified in that file, in accordance with
|
|
|
|
# the Business Source License, use of this software will be governed
|
|
|
|
# by the Apache License, Version 2.0, included in the file
|
|
|
|
# licenses/APL.txt.
|
|
|
|
|
|
|
|
import sys
|
|
|
|
import pytest
|
2022-09-12 20:04:40 +08:00
|
|
|
|
|
|
|
from mgclient import DatabaseError
|
|
|
|
|
2022-09-02 23:12:07 +08:00
|
|
|
from common import connect, execute_and_fetch_all, reset_update_permissions
|
|
|
|
|
|
|
|
update_property_query = "MATCH (n:update_label) SET n.prop = 2 RETURN n.prop;"
|
|
|
|
update_properties_query = "MATCH (n:update_label) SET n = {prop: 2, prop2: 3} RETURN n.prop;"
|
|
|
|
remove_property_query = "MATCH (n:update_label) REMOVE n.prop RETURN n.prop;"
|
|
|
|
|
|
|
|
|
|
|
|
def test_can_read_node_when_given_update_grant():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT UPDATE ON LABELS :update_label TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
results = execute_and_fetch_all(test_cursor, "MATCH (n:update_label) RETURN n;")
|
|
|
|
|
|
|
|
assert len(results) == 1
|
|
|
|
|
|
|
|
|
|
|
|
def test_can_update_node_when_given_update_grant():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT UPDATE ON LABELS :update_label TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
|
|
|
|
update_property_actual = execute_and_fetch_all(test_cursor, update_property_query)
|
|
|
|
update_properties_actual = execute_and_fetch_all(test_cursor, update_properties_query)
|
|
|
|
remove_property_actual = execute_and_fetch_all(test_cursor, remove_property_query)
|
|
|
|
|
|
|
|
assert update_property_actual[0][0] == 2
|
|
|
|
assert update_properties_actual[0][0] == 2
|
|
|
|
assert remove_property_actual[0][0] is None
|
|
|
|
|
|
|
|
|
|
|
|
def test_can_not_update_node_when_given_deny():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "DENY UPDATE ON LABELS :update_label TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_property_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_properties_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, remove_property_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
|
|
|
|
|
|
|
def test_can_not_update_node_when_given_read():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT READ ON LABELS :update_label TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_property_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_properties_query)
|
|
|
|
|
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, remove_property_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
|
|
|
|
|
|
|
def test_can_not_update_node_when_given_read_globally():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT READ ON LABELS * TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_property_query)
|
|
|
|
|
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, update_properties_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
2022-09-12 20:04:40 +08:00
|
|
|
with pytest.raises(DatabaseError):
|
|
|
|
execute_and_fetch_all(test_cursor, remove_property_query)
|
2022-09-02 23:12:07 +08:00
|
|
|
|
|
|
|
|
|
|
|
def test_can_update_node_when_given_update_globally():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT UPDATE ON LABELS * TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
update_property_actual = execute_and_fetch_all(test_cursor, update_property_query)
|
|
|
|
update_properties_actual = execute_and_fetch_all(test_cursor, update_properties_query)
|
|
|
|
remove_property_actual = execute_and_fetch_all(test_cursor, remove_property_query)
|
|
|
|
|
|
|
|
assert update_property_actual[0][0] == 2
|
|
|
|
assert update_properties_actual[0][0] == 2
|
|
|
|
assert remove_property_actual[0][0] is None
|
|
|
|
|
|
|
|
|
|
|
|
def test_can_update_node_when_given_create_delete_globally():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT CREATE_DELETE ON LABELS * TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
update_property_actual = execute_and_fetch_all(test_cursor, update_property_query)
|
|
|
|
update_properties_actual = execute_and_fetch_all(test_cursor, update_properties_query)
|
|
|
|
remove_property_actual = execute_and_fetch_all(test_cursor, remove_property_query)
|
|
|
|
|
|
|
|
assert update_property_actual[0][0] == 2
|
|
|
|
assert update_properties_actual[0][0] == 2
|
|
|
|
assert remove_property_actual[0][0] is None
|
|
|
|
|
|
|
|
|
|
|
|
def test_can_update_node_when_given_create_delete():
|
|
|
|
admin_cursor = connect(username="admin", password="test").cursor()
|
|
|
|
reset_update_permissions(admin_cursor)
|
|
|
|
execute_and_fetch_all(admin_cursor, "GRANT CREATE_DELETE ON LABELS :update_label TO user;")
|
|
|
|
|
|
|
|
test_cursor = connect(username="user", password="test").cursor()
|
|
|
|
|
|
|
|
update_property_actual = execute_and_fetch_all(test_cursor, update_property_query)
|
|
|
|
update_properties_actual = execute_and_fetch_all(test_cursor, update_properties_query)
|
|
|
|
remove_property_actual = execute_and_fetch_all(test_cursor, remove_property_query)
|
|
|
|
|
|
|
|
assert update_property_actual[0][0] == 2
|
|
|
|
assert update_properties_actual[0][0] == 2
|
|
|
|
assert remove_property_actual[0][0] is None
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
sys.exit(pytest.main([__file__, "-rA"]))
|