2023-06-29 17:44:55 +08:00
|
|
|
// Copyright 2023 Memgraph Ltd.
|
2021-10-26 14:53:56 +08:00
|
|
|
//
|
|
|
|
// Use of this software is governed by the Business Source License
|
|
|
|
// included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
|
|
|
|
// License, and you may not use this file except in compliance with the Business Source License.
|
|
|
|
//
|
|
|
|
// As of the Change Date specified in that file, in accordance with
|
|
|
|
// the Business Source License, use of this software will be governed
|
|
|
|
// by the Apache License, Version 2.0, included in the file
|
|
|
|
// licenses/APL.txt.
|
|
|
|
|
2018-10-04 21:23:07 +08:00
|
|
|
#include <gmock/gmock.h>
|
|
|
|
#include <gtest/gtest.h>
|
2022-08-22 20:11:43 +08:00
|
|
|
#include <unordered_map>
|
2018-08-16 16:13:04 +08:00
|
|
|
|
2022-11-04 22:23:43 +08:00
|
|
|
#include "license/license.hpp"
|
2021-06-30 18:31:30 +08:00
|
|
|
#include "query/frontend/ast/ast.hpp"
|
2021-05-26 16:02:25 +08:00
|
|
|
#include "query/frontend/ast/ast_visitor.hpp"
|
2018-08-16 16:13:04 +08:00
|
|
|
#include "query/frontend/semantic/required_privileges.hpp"
|
2020-01-22 23:20:13 +08:00
|
|
|
#include "storage/v2/id_types.hpp"
|
2018-08-16 16:13:04 +08:00
|
|
|
|
|
|
|
#include "query_common.hpp"
|
|
|
|
|
2022-02-22 20:33:45 +08:00
|
|
|
using namespace memgraph::query;
|
2018-08-16 16:13:04 +08:00
|
|
|
|
|
|
|
class FakeDbAccessor {};
|
|
|
|
|
Remove GraphDbAccessor and storage types from Ast
Summary:
This diff removes the need for a database when parsing a query and
creating an Ast. Instead of storing storage::{Label,Property,EdgeType}
in Ast nodes, we store the name and an index into all of the names. This
allows for easy creation of a map from {Label,Property,EdgeType} index
into the concrete storage type. Obviously, this comes with a performance
penalty during execution, but it should be minor. The upside is that the
query/frontend minimally depends on storage (PropertyValue), which makes
writing tests easier as well as running them a lot faster (there is no
database setup). This is most noticeable in the ast_serialization test
which took a long time due to start up of a distributed database.
Reviewers: mtomic, llugovic
Reviewed By: mtomic
Subscribers: mferencevic, pullbot
Differential Revision: https://phabricator.memgraph.io/D1774
2019-01-14 21:41:37 +08:00
|
|
|
const std::string EDGE_TYPE = "0";
|
|
|
|
const std::string LABEL_0 = "label0";
|
|
|
|
const std::string LABEL_1 = "label1";
|
|
|
|
const std::string PROP_0 = "prop0";
|
2018-08-16 16:13:04 +08:00
|
|
|
|
|
|
|
using ::testing::UnorderedElementsAre;
|
|
|
|
|
|
|
|
class TestPrivilegeExtractor : public ::testing::Test {
|
|
|
|
protected:
|
|
|
|
AstStorage storage;
|
|
|
|
FakeDbAccessor dba;
|
|
|
|
};
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, CreateNode) {
|
2018-10-10 21:19:34 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(CREATE(PATTERN(NODE("n")))));
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CREATE));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeDelete) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), DELETE(IDENT("n"))));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::DELETE));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeReturn) {
|
2018-10-10 21:19:34 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), RETURN("n")));
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MATCH));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchCreateExpand) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query =
|
|
|
|
QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))),
|
|
|
|
CREATE(PATTERN(NODE("n"), EDGE("r", EdgeAtom::Direction::OUT, {EDGE_TYPE}), NODE("m")))));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::CREATE));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeSetLabels) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), SET("n", {LABEL_0, LABEL_1})));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::SET));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeSetProperty) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))),
|
2023-06-29 17:44:55 +08:00
|
|
|
SET(PROPERTY_LOOKUP(dba, storage.Create<Identifier>("n"), PROP_0), LITERAL(42))));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::SET));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeSetProperties) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), SET("n", LIST())));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::SET));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeRemoveLabels) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = QUERY(SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), REMOVE("n", {LABEL_0, LABEL_1})));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::REMOVE));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, MatchNodeRemoveProperty) {
|
2023-06-29 17:44:55 +08:00
|
|
|
auto *query = QUERY(
|
|
|
|
SINGLE_QUERY(MATCH(PATTERN(NODE("n"))), REMOVE(PROPERTY_LOOKUP(dba, storage.Create<Identifier>("n"), PROP_0))));
|
2018-10-10 21:19:34 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query),
|
2021-02-18 22:32:43 +08:00
|
|
|
UnorderedElementsAre(AuthQuery::Privilege::MATCH, AuthQuery::Privilege::REMOVE));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, CreateIndex) {
|
2021-02-18 22:32:43 +08:00
|
|
|
auto *query = CREATE_INDEX_ON(storage.GetLabelIx(LABEL_0), storage.GetPropertyIx(PROP_0));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::INDEX));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
2022-09-14 07:10:28 +08:00
|
|
|
#ifdef MG_ENTERPRISE
|
2018-08-16 16:13:04 +08:00
|
|
|
TEST_F(TestPrivilegeExtractor, AuthQuery) {
|
2022-11-04 22:23:43 +08:00
|
|
|
memgraph::license::global_license_checker.EnableTesting();
|
2022-08-22 20:11:43 +08:00
|
|
|
auto label_privileges = std::vector<std::unordered_map<AuthQuery::FineGrainedPrivilege, std::vector<std::string>>>{};
|
|
|
|
auto edge_type_privileges =
|
|
|
|
std::vector<std::unordered_map<AuthQuery::FineGrainedPrivilege, std::vector<std::string>>>{};
|
2023-08-02 00:49:11 +08:00
|
|
|
auto *query = AUTH_QUERY(AuthQuery::Action::CREATE_ROLE, "", "role", "", nullptr, "",
|
|
|
|
std::vector<AuthQuery::Privilege>{}, label_privileges, edge_type_privileges);
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::AUTH));
|
2018-08-16 16:13:04 +08:00
|
|
|
}
|
2022-09-14 07:10:28 +08:00
|
|
|
#endif
|
2018-08-16 16:13:04 +08:00
|
|
|
|
2019-02-19 20:31:46 +08:00
|
|
|
TEST_F(TestPrivilegeExtractor, ShowIndexInfo) {
|
|
|
|
auto *query = storage.Create<InfoQuery>();
|
|
|
|
query->info_type_ = InfoQuery::InfoType::INDEX;
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::INDEX));
|
2019-02-19 20:31:46 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, ShowStatsInfo) {
|
|
|
|
auto *query = storage.Create<InfoQuery>();
|
|
|
|
query->info_type_ = InfoQuery::InfoType::STORAGE;
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::STATS));
|
2019-02-19 20:31:46 +08:00
|
|
|
}
|
|
|
|
|
2019-02-22 22:02:31 +08:00
|
|
|
TEST_F(TestPrivilegeExtractor, ShowConstraintInfo) {
|
|
|
|
auto *query = storage.Create<InfoQuery>();
|
|
|
|
query->info_type_ = InfoQuery::InfoType::CONSTRAINT;
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CONSTRAINT));
|
2019-02-22 22:02:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, CreateConstraint) {
|
|
|
|
auto *query = storage.Create<ConstraintQuery>();
|
|
|
|
query->action_type_ = ConstraintQuery::ActionType::CREATE;
|
2019-03-28 19:49:23 +08:00
|
|
|
query->constraint_.label = storage.GetLabelIx("label");
|
|
|
|
query->constraint_.properties.push_back(storage.GetPropertyIx("prop0"));
|
|
|
|
query->constraint_.properties.push_back(storage.GetPropertyIx("prop1"));
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CONSTRAINT));
|
2019-02-22 22:02:31 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, DropConstraint) {
|
|
|
|
auto *query = storage.Create<ConstraintQuery>();
|
|
|
|
query->action_type_ = ConstraintQuery::ActionType::DROP;
|
2019-03-28 19:49:23 +08:00
|
|
|
query->constraint_.label = storage.GetLabelIx("label");
|
|
|
|
query->constraint_.properties.push_back(storage.GetPropertyIx("prop0"));
|
|
|
|
query->constraint_.properties.push_back(storage.GetPropertyIx("prop1"));
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CONSTRAINT));
|
2019-02-22 22:02:31 +08:00
|
|
|
}
|
2019-05-28 17:08:49 +08:00
|
|
|
|
|
|
|
// NOLINTNEXTLINE(hicpp-special-member-functions)
|
|
|
|
TEST_F(TestPrivilegeExtractor, DumpDatabase) {
|
|
|
|
auto *query = storage.Create<DumpQuery>();
|
2021-02-18 22:32:43 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::DUMP));
|
2019-05-28 17:08:49 +08:00
|
|
|
}
|
2021-05-26 16:02:25 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, ReadFile) {
|
|
|
|
auto load_csv = storage.Create<LoadCsv>();
|
|
|
|
load_csv->row_var_ = IDENT("row");
|
|
|
|
auto *query = QUERY(SINGLE_QUERY(load_csv));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::READ_FILE));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, LockPathQuery) {
|
|
|
|
auto *query = storage.Create<LockPathQuery>();
|
2021-06-30 18:31:30 +08:00
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::DURABILITY));
|
2021-05-26 16:02:25 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, FreeMemoryQuery) {
|
|
|
|
auto *query = storage.Create<FreeMemoryQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::FREE_MEMORY));
|
|
|
|
}
|
2021-05-14 21:38:59 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, TriggerQuery) {
|
|
|
|
auto *query = storage.Create<TriggerQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::TRIGGER));
|
|
|
|
}
|
2021-06-14 21:47:57 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, SetIsolationLevelQuery) {
|
|
|
|
auto *query = storage.Create<IsolationLevelQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CONFIG));
|
|
|
|
}
|
2021-06-30 18:31:30 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, CreateSnapshotQuery) {
|
|
|
|
auto *query = storage.Create<CreateSnapshotQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::DURABILITY));
|
|
|
|
}
|
2021-06-28 23:21:13 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, StreamQuery) {
|
|
|
|
auto *query = storage.Create<StreamQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::STREAM));
|
|
|
|
}
|
2021-09-30 01:14:39 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, SettingQuery) {
|
|
|
|
auto *query = storage.Create<SettingQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::CONFIG));
|
|
|
|
}
|
2022-02-10 17:30:14 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, ShowVersion) {
|
|
|
|
auto *query = storage.Create<VersionQuery>();
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::STATS));
|
|
|
|
}
|
2022-02-11 18:29:41 +08:00
|
|
|
|
|
|
|
TEST_F(TestPrivilegeExtractor, CallProcedureQuery) {
|
|
|
|
{
|
|
|
|
auto *query = QUERY(SINGLE_QUERY(CALL_PROCEDURE("mg.get_module_files")));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MODULE_READ));
|
|
|
|
}
|
|
|
|
{
|
|
|
|
auto *query = QUERY(SINGLE_QUERY(CALL_PROCEDURE("mg.create_module_file", {LITERAL("some_name.py")})));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MODULE_WRITE));
|
|
|
|
}
|
|
|
|
{
|
|
|
|
auto *query = QUERY(
|
|
|
|
SINGLE_QUERY(CALL_PROCEDURE("mg.update_module_file", {LITERAL("some_name.py"), LITERAL("some content")})));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MODULE_WRITE));
|
|
|
|
}
|
|
|
|
{
|
|
|
|
auto *query = QUERY(SINGLE_QUERY(CALL_PROCEDURE("mg.get_module_file", {LITERAL("some_name.py")})));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MODULE_READ));
|
|
|
|
}
|
|
|
|
{
|
|
|
|
auto *query = QUERY(SINGLE_QUERY(CALL_PROCEDURE("mg.delete_module_file", {LITERAL("some_name.py")})));
|
|
|
|
EXPECT_THAT(GetRequiredPrivileges(query), UnorderedElementsAre(AuthQuery::Privilege::MODULE_WRITE));
|
|
|
|
}
|
|
|
|
}
|