From 116262d9a0902383da242f0433abbe97b9292b36 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Boris=20Ta=C5=A1evski?=
 <36607228+BorisTasevski@users.noreply.github.com>
Date: Thu, 4 Aug 2022 19:20:17 +0200
Subject: [PATCH] [E129 < T0956] Filtering nodes in ScanAll cursor [Niko]
 (#492)

* implemented scanall filtering

* minor code refactor

* FindNextNode -> FindNextVertex
---
 src/query/fine_grained_access_checker.hpp |  2 +-
 src/query/interpreter.cpp                 |  4 ++--
 src/query/plan/operator.cpp               | 19 +++++++++++++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/query/fine_grained_access_checker.hpp b/src/query/fine_grained_access_checker.hpp
index cd508734a..7912372b4 100644
--- a/src/query/fine_grained_access_checker.hpp
+++ b/src/query/fine_grained_access_checker.hpp
@@ -19,6 +19,6 @@ namespace memgraph::query {
 class FineGrainedAccessChecker {
  public:
   virtual bool IsUserAuthorizedLabels(const std::vector<memgraph::storage::LabelId> &label,
-                                      memgraph::query::DbAccessor *dba) const = 0;
+                                      const memgraph::query::DbAccessor *dba) const = 0;
 };
 }  // namespace memgraph::query
diff --git a/src/query/interpreter.cpp b/src/query/interpreter.cpp
index b189bf778..f892c3c8d 100644
--- a/src/query/interpreter.cpp
+++ b/src/query/interpreter.cpp
@@ -266,10 +266,10 @@ class FineGrainedAccessChecker final : public memgraph::query::FineGrainedAccess
   explicit FineGrainedAccessChecker(memgraph::auth::User *user) : user_{user} {}
 
   bool IsUserAuthorizedLabels(const std::vector<memgraph::storage::LabelId> &labels,
-                              memgraph::query::DbAccessor *dba) const final {
+                              const memgraph::query::DbAccessor *dba) const final {
     auto labelPermissions = user_->GetFineGrainedAccessPermissions();
 
-    return std::any_of(labels.begin(), labels.end(), [&labelPermissions, &dba](const auto label) {
+    return std::any_of(labels.begin(), labels.end(), [&labelPermissions, dba](const auto label) {
       return labelPermissions.Has(dba->LabelToName(label)) == memgraph::auth::PermissionLevel::GRANT;
     });
   }
diff --git a/src/query/plan/operator.cpp b/src/query/plan/operator.cpp
index a4ae9da66..100ff010c 100644
--- a/src/query/plan/operator.cpp
+++ b/src/query/plan/operator.cpp
@@ -29,6 +29,7 @@
 #include "query/context.hpp"
 #include "query/db_accessor.hpp"
 #include "query/exceptions.hpp"
+#include "query/fine_grained_access_checker.hpp"
 #include "query/frontend/ast/ast.hpp"
 #include "query/frontend/semantic/symbol_table.hpp"
 #include "query/interpret/eval.hpp"
@@ -405,11 +406,29 @@ class ScanAllCursor : public Cursor {
       vertices_it_.emplace(vertices_.value().begin());
     }
 
+#ifdef MG_ENTERPRISE
+    if (context.fine_grained_access_checker && !FindNextVertex(context)) {
+      return false;
+    }
+#endif
+
     frame[output_symbol_] = *vertices_it_.value();
     ++vertices_it_.value();
     return true;
   }
 
+  bool FindNextVertex(const ExecutionContext &context) {
+    while (vertices_it_.value() != vertices_.value().end()) {
+      if (context.fine_grained_access_checker->IsUserAuthorizedLabels(
+              (*vertices_it_.value()).Labels(memgraph::storage::View::NEW).GetValue(), context.db_accessor)) {
+        return true;
+      }
+      ++vertices_it_.value();
+    }
+
+    return false;
+  }
+
   void Shutdown() override { input_cursor_->Shutdown(); }
 
   void Reset() override {