2022-08-31 18:14:16 +08:00
|
|
|
# Copyright 2022 Memgraph Ltd.
|
|
|
|
#
|
|
|
|
# Use of this software is governed by the Business Source License
|
|
|
|
# included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
|
|
|
|
# License, and you may not use this file except in compliance with the Business Source License.
|
|
|
|
#
|
|
|
|
# As of the Change Date specified in that file, in accordance with
|
|
|
|
# the Business Source License, use of this software will be governed
|
|
|
|
# by the Apache License, Version 2.0, included in the file
|
|
|
|
# licenses/APL.txt.
|
|
|
|
|
|
|
|
import sys
|
2023-03-27 21:46:00 +08:00
|
|
|
|
2022-08-31 18:14:16 +08:00
|
|
|
import pytest
|
|
|
|
from common import connect, execute_and_fetch_all
|
|
|
|
|
|
|
|
BASIC_PRIVILEGES = [
|
|
|
|
"CREATE",
|
|
|
|
"DELETE",
|
|
|
|
"MATCH",
|
|
|
|
"MERGE",
|
|
|
|
"SET",
|
|
|
|
"REMOVE",
|
|
|
|
"INDEX",
|
|
|
|
"STATS",
|
|
|
|
"AUTH",
|
|
|
|
"REPLICATION",
|
|
|
|
"READ_FILE",
|
|
|
|
"DURABILITY",
|
|
|
|
"FREE_MEMORY",
|
|
|
|
"TRIGGER",
|
|
|
|
"STREAM",
|
|
|
|
"CONFIG",
|
|
|
|
"CONSTRAINT",
|
|
|
|
"DUMP",
|
|
|
|
"MODULE_READ",
|
|
|
|
"WEBSOCKET",
|
|
|
|
"MODULE_WRITE",
|
2023-03-27 21:46:00 +08:00
|
|
|
"TRANSACTION_MANAGEMENT",
|
2023-04-05 00:46:26 +08:00
|
|
|
"STORAGE_MODE",
|
2023-08-02 00:49:11 +08:00
|
|
|
"MULTI_DATABASE_EDIT",
|
|
|
|
"MULTI_DATABASE_USE",
|
2024-01-24 20:07:51 +08:00
|
|
|
"COORDINATOR",
|
2022-08-31 18:14:16 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
def test_lba_procedures_show_privileges_first_user():
|
|
|
|
expected_assertions_josip = [
|
|
|
|
("ALL LABELS", "CREATE_DELETE", "GLOBAL LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
(
|
|
|
|
"ALL EDGE_TYPES",
|
|
|
|
"CREATE_DELETE",
|
|
|
|
"GLOBAL EDGE_TYPE PERMISSION GRANTED TO USER",
|
|
|
|
),
|
|
|
|
("LABEL :Label1", "READ", "LABEL PERMISSION GRANTED TO USER"),
|
2022-09-14 18:39:23 +08:00
|
|
|
("LABEL :Label2", "NOTHING", "LABEL PERMISSION DENIED TO USER"),
|
2022-08-31 18:14:16 +08:00
|
|
|
("LABEL :Label3", "UPDATE", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label4", "READ", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label5", "CREATE_DELETE", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label6", "UPDATE", "LABEL PERMISSION GRANTED TO USER"),
|
2022-09-14 18:39:23 +08:00
|
|
|
("LABEL :Label7", "NOTHING", "LABEL PERMISSION DENIED TO USER"),
|
2022-08-31 18:14:16 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
cursor = connect(username="Josip", password="").cursor()
|
|
|
|
result = execute_and_fetch_all(cursor, "SHOW PRIVILEGES FOR Josip;")
|
|
|
|
|
2024-01-24 20:07:51 +08:00
|
|
|
assert len(result) == 35
|
2022-08-31 18:14:16 +08:00
|
|
|
|
|
|
|
fine_privilege_results = [res for res in result if res[0] not in BASIC_PRIVILEGES]
|
|
|
|
|
|
|
|
assert len(fine_privilege_results) == len(expected_assertions_josip)
|
|
|
|
assert set(expected_assertions_josip) == set(fine_privilege_results)
|
|
|
|
|
|
|
|
|
|
|
|
def test_lba_procedures_show_privileges_second_user():
|
|
|
|
expected_assertions_boris = [
|
|
|
|
("AUTH", "GRANT", "GRANTED TO USER"),
|
|
|
|
("LABEL :Label1", "READ", "LABEL PERMISSION GRANTED TO USER"),
|
2022-09-14 18:39:23 +08:00
|
|
|
("LABEL :Label2", "NOTHING", "LABEL PERMISSION DENIED TO USER"),
|
2022-08-31 18:14:16 +08:00
|
|
|
("LABEL :Label3", "UPDATE", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label4", "READ", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label5", "CREATE_DELETE", "LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
("LABEL :Label6", "UPDATE", "LABEL PERMISSION GRANTED TO USER"),
|
2022-09-14 18:39:23 +08:00
|
|
|
("LABEL :Label7", "NOTHING", "LABEL PERMISSION DENIED TO USER"),
|
2022-08-31 18:14:16 +08:00
|
|
|
]
|
|
|
|
|
|
|
|
cursor = connect(username="Boris", password="").cursor()
|
|
|
|
result = execute_and_fetch_all(cursor, "SHOW PRIVILEGES FOR Boris;")
|
|
|
|
|
|
|
|
assert len(result) == len(expected_assertions_boris)
|
|
|
|
assert set(result) == set(expected_assertions_boris)
|
|
|
|
|
|
|
|
|
|
|
|
def test_lba_procedures_show_privileges_third_user():
|
|
|
|
expected_assertions_niko = [
|
|
|
|
("AUTH", "GRANT", "GRANTED TO USER"),
|
|
|
|
("ALL LABELS", "READ", "GLOBAL LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
]
|
|
|
|
|
|
|
|
cursor = connect(username="Niko", password="").cursor()
|
|
|
|
result = execute_and_fetch_all(cursor, "SHOW PRIVILEGES FOR Niko;")
|
|
|
|
|
|
|
|
assert len(result) == len(expected_assertions_niko)
|
|
|
|
assert set(result) == set(expected_assertions_niko)
|
|
|
|
|
|
|
|
|
|
|
|
def test_lba_procedures_show_privileges_fourth_user():
|
|
|
|
expected_assertions_bruno = [
|
|
|
|
("AUTH", "GRANT", "GRANTED TO USER"),
|
|
|
|
("ALL LABELS", "UPDATE", "GLOBAL LABEL PERMISSION GRANTED TO USER"),
|
|
|
|
]
|
|
|
|
|
|
|
|
# TODO: Revisit behaviour of this test
|
|
|
|
|
|
|
|
cursor = connect(username="Bruno", password="").cursor()
|
|
|
|
result = execute_and_fetch_all(cursor, "SHOW PRIVILEGES FOR Bruno;")
|
|
|
|
|
|
|
|
assert len(result) == len(expected_assertions_bruno)
|
|
|
|
assert set(result) == set(expected_assertions_bruno)
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
sys.exit(pytest.main([__file__, "-rA"]))
|