From 3a183986c93f93554e5563d4d4f5da64513fa59b Mon Sep 17 00:00:00 2001
From: Boris Tasevski <bora83ns@gmail.com>
Date: Tue, 19 Jul 2022 15:30:04 +0200
Subject: [PATCH] improved Has method in LabelPermissions; LabelChecker lambda
 reworked a bit

---
 src/auth/models.cpp       | 4 ++--
 src/query/interpreter.cpp | 9 ++-------
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/auth/models.cpp b/src/auth/models.cpp
index dc0282086..8b07d1bf7 100644
--- a/src/auth/models.cpp
+++ b/src/auth/models.cpp
@@ -190,11 +190,11 @@ LabelPermissions::LabelPermissions(const std::unordered_set<std::string> &grants
     : grants_(grants), denies_(denies) {}
 
 PermissionLevel LabelPermissions::Has(const std::string &permission) const {
-  if (denies_.find(permission) != denies_.end()) {
+  if ((denies_.size() == 1 && denies_.find(ASTERISK) != denies_.end()) || denies_.find(permission) != denies_.end()) {
     return PermissionLevel::DENY;
   }
 
-  if (grants_.find(permission) != denies_.end()) {
+  if ((grants_.size() == 1 && grants_.find(ASTERISK) != grants_.end()) || grants_.find(permission) != denies_.end()) {
     return PermissionLevel::GRANT;
   }
 
diff --git a/src/query/interpreter.cpp b/src/query/interpreter.cpp
index 595fad46f..a21644ebc 100644
--- a/src/query/interpreter.cpp
+++ b/src/query/interpreter.cpp
@@ -264,13 +264,8 @@ class LabelChecker final : public memgraph::query::LabelChecker {
   explicit LabelChecker(memgraph::auth::User *user, memgraph::query::DbAccessor *dba) : user_{user}, dba_(dba) {}
 
   bool IsUserAuthorized(const std::vector<memgraph::storage::LabelId> &labels) const final {
-    const auto user_label_permissions = user_->GetLabelPermissions();
-    auto *dba = dba_;
-
-    if (user_label_permissions.Has("*") == memgraph::auth::PermissionLevel::GRANT) return true;
-
-    return std::all_of(labels.begin(), labels.end(), [&user_label_permissions, dba](const auto label) {
-      return user_label_permissions.Has(dba->LabelToName(label)) == memgraph::auth::PermissionLevel::GRANT;
+    return std::any_of(labels.begin(), labels.end(), [this](const auto label) {
+      return user_->GetLabelPermissions().Has(dba_->LabelToName(label)) == memgraph::auth::PermissionLevel::GRANT;
     });
   }