tursom/memgraph
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[E129-MG < T1030-MG] Tech debts (#540)

Browse Source 
* renamed parameters (#539)

* added variable declarations in ifs; minor code improvements; (#541)

* dba parameter removed (#543)

* Accept -> Has rename; HasGlobalPermissionOnVertices/Edges -> HasGlobalPrivilegeOnVertices/Edges (#545)

* replaced passing dba from reference to pointer
This commit is contained in:
Boris Taševski 2022-09-13 11:37:17 +02:00 committed by GitHub
parent b2d5a8eeca
commit aa02745915
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 260 additions and 284 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
src/glue/auth_checker.cpp
View File

@ -18,13 +18,13 @@
#include "utils/synchronized.hpp"
namespace {
bool IsUserAuthorizedLabels(const memgraph::auth::User &user, const memgraph::query::DbAccessor &dba,
bool IsUserAuthorizedLabels(const memgraph::auth::User &user, const memgraph::query::DbAccessor *dba,
const std::vector<memgraph::storage::LabelId> &labels,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) {
return std::all_of(labels.begin(), labels.end(), [&dba, &user, fine_grained_permission](const auto &label) {
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) {
return std::all_of(labels.begin(), labels.end(), [dba, &user, fine_grained_privilege](const auto &label) {
return user.GetFineGrainedAccessLabelPermissions().Has(
dba.LabelToName(label), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
fine_grained_permission)) == memgraph::auth::PermissionLevel::GRANT;
dba->LabelToName(label), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
fine_grained_privilege)) == memgraph::auth::PermissionLevel::GRANT;
});
}
@ -40,12 +40,12 @@ bool IsUserAuthorizedGloballyEdges(const memgraph::auth::User &user,
memgraph::auth::PermissionLevel::GRANT;
}
bool IsUserAuthorizedEdgeType(const memgraph::auth::User &user, const memgraph::query::DbAccessor &dba,
bool IsUserAuthorizedEdgeType(const memgraph::auth::User &user, const memgraph::query::DbAccessor *dba,
const memgraph::storage::EdgeTypeId &edgeType,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) {
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) {
return user.GetFineGrainedAccessEdgeTypePermissions().Has(
dba.EdgeTypeToName(edgeType), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
fine_grained_permission)) == memgraph::auth::PermissionLevel::GRANT;
dba->EdgeTypeToName(edgeType), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
fine_grained_privilege)) == memgraph::auth::PermissionLevel::GRANT;
}
} // namespace
@ -72,7 +72,7 @@ bool AuthChecker::IsUserAuthorized(const std::optional<std::string> &username,
}
std::unique_ptr<memgraph::query::FineGrainedAuthChecker> AuthChecker::GetFineGrainedAuthChecker(
const std::string &username) const {
const std::string &username, const memgraph::query::DbAccessor *dba) const {
try {
auto locked_auth = auth_->Lock();
auto user = locked_auth->GetUser(username);
@ -80,7 +80,7 @@ std::unique_ptr<memgraph::query::FineGrainedAuthChecker> AuthChecker::GetFineGra
throw memgraph::query::QueryRuntimeException("User '{}' doesn't exist .", username);
}
return std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(*user));
return std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(*user), dba);
} catch (const memgraph::auth::AuthException &e) {
throw memgraph::query::QueryRuntimeException(e.what());
@ -96,12 +96,11 @@ bool AuthChecker::IsUserAuthorized(const memgraph::auth::User &user,
});
}
FineGrainedAuthChecker::FineGrainedAuthChecker(auth::User user) : user_{std::move(user)} {};
FineGrainedAuthChecker::FineGrainedAuthChecker(auth::User user, const memgraph::query::DbAccessor *dba)
: user_{std::move(user)}, dba_(dba){};
bool FineGrainedAuthChecker::Accept(
const memgraph::query::DbAccessor &dba, const memgraph::query::VertexAccessor &vertex,
const memgraph::storage::View view,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
bool FineGrainedAuthChecker::Has(const memgraph::query::VertexAccessor &vertex, const memgraph::storage::View view,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
auto maybe_labels = vertex.Labels(view);
if (maybe_labels.HasError()) {
switch (maybe_labels.GetError()) {
@ -116,33 +115,30 @@ bool FineGrainedAuthChecker::Accept(
}
}
return IsUserAuthorizedLabels(user_, dba, *maybe_labels, fine_grained_permission);
return IsUserAuthorizedLabels(user_, dba_, *maybe_labels, fine_grained_privilege);
}
bool FineGrainedAuthChecker::Accept(
const memgraph::query::DbAccessor &dba, const memgraph::query::EdgeAccessor &edge,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
return IsUserAuthorizedEdgeType(user_, dba, edge.EdgeType(), fine_grained_permission);
bool FineGrainedAuthChecker::Has(const memgraph::query::EdgeAccessor &edge,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedEdgeType(user_, dba_, edge.EdgeType(), fine_grained_privilege);
}
bool FineGrainedAuthChecker::Accept(
const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
return IsUserAuthorizedLabels(user_, dba, labels, fine_grained_permission);
bool FineGrainedAuthChecker::Has(const std::vector<memgraph::storage::LabelId> &labels,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedLabels(user_, dba_, labels, fine_grained_privilege);
}
bool FineGrainedAuthChecker::Accept(
const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
return IsUserAuthorizedEdgeType(user_, dba, edge_type, fine_grained_permission);
bool FineGrainedAuthChecker::Has(const memgraph::storage::EdgeTypeId &edge_type,
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedEdgeType(user_, dba_, edge_type, fine_grained_privilege);
}
bool FineGrainedAuthChecker::HasGlobalPermissionOnVertices(
bool FineGrainedAuthChecker::HasGlobalPrivilegeOnVertices(
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedGloballyLabels(user_, FineGrainedPrivilegeToFineGrainedPermission(fine_grained_privilege));
}
bool FineGrainedAuthChecker::HasGlobalPermissionOnEdges(
bool FineGrainedAuthChecker::HasGlobalPrivilegeOnEdges(
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedGloballyEdges(user_, FineGrainedPrivilegeToFineGrainedPermission(fine_grained_privilege));
};

26
src/glue/auth_checker.hpp
View File

@ -28,7 +28,7 @@ class AuthChecker : public query::AuthChecker {
const std::vector<query::AuthQuery::Privilege> &privileges) const override;
std::unique_ptr<memgraph::query::FineGrainedAuthChecker> GetFineGrainedAuthChecker(
const std::string &username) const override;
const std::string &username, const memgraph::query::DbAccessor *dba) const override;
[[nodiscard]] static bool IsUserAuthorized(const memgraph::auth::User &user,
const std::vector<memgraph::query::AuthQuery::Privilege> &privileges);
@ -39,28 +39,28 @@ class AuthChecker : public query::AuthChecker {
class FineGrainedAuthChecker : public query::FineGrainedAuthChecker {
public:
explicit FineGrainedAuthChecker(auth::User user);
explicit FineGrainedAuthChecker(auth::User user, const memgraph::query::DbAccessor *dba);
bool Accept(const memgraph::query::DbAccessor &dba, const query::VertexAccessor &vertex, memgraph::storage::View view,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
bool Has(const query::VertexAccessor &vertex, memgraph::storage::View view,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
bool Accept(const memgraph::query::DbAccessor &dba, const query::EdgeAccessor &edge,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
bool Has(const query::EdgeAccessor &edge,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
bool Accept(const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
bool Has(const std::vector<memgraph::storage::LabelId> &labels,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
bool Has(const memgraph::storage::EdgeTypeId &edge_type,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
bool HasGlobalPermissionOnVertices(
bool HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
bool HasGlobalPermissionOnEdges(
bool HasGlobalPrivilegeOnEdges(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
private:
auth::User user_;
const memgraph::query::DbAccessor *dba_;
};
} // namespace memgraph::glue

48
src/query/auth_checker.hpp
View File

@ -27,63 +27,60 @@ class AuthChecker {
const std::vector<query::AuthQuery::Privilege> &privileges) const = 0;
[[nodiscard]] virtual std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(
const std::string &username) const = 0;
const std::string &username, const memgraph::query::DbAccessor *db_accessor) const = 0;
};
class FineGrainedAuthChecker {
public:
virtual ~FineGrainedAuthChecker() = default;
[[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba, const query::VertexAccessor &vertex,
memgraph::storage::View view,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
[[nodiscard]] virtual bool Has(const query::VertexAccessor &vertex, memgraph::storage::View view,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
[[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba, const query::EdgeAccessor &edge,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
[[nodiscard]] virtual bool Has(const query::EdgeAccessor &edge,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
[[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba,
const std::vector<memgraph::storage::LabelId> &labels,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
[[nodiscard]] virtual bool Has(const std::vector<memgraph::storage::LabelId> &labels,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
[[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba,
const memgraph::storage::EdgeTypeId &edge_type,
query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
[[nodiscard]] virtual bool Has(const memgraph::storage::EdgeTypeId &edge_type,
query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
[[nodiscard]] virtual bool HasGlobalPermissionOnVertices(
[[nodiscard]] virtual bool HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
[[nodiscard]] virtual bool HasGlobalPermissionOnEdges(
[[nodiscard]] virtual bool HasGlobalPrivilegeOnEdges(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
};
class AllowEverythingFineGrainedAuthChecker final : public query::FineGrainedAuthChecker {
public:
bool Accept(const memgraph::query::DbAccessor &dba, const VertexAccessor &vertex, const memgraph::storage::View view,
const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
bool Has(const VertexAccessor & /*vertex*/, const memgraph::storage::View /*view*/,
const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::query::EdgeAccessor &edge,
const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
bool Has(const memgraph::query::EdgeAccessor & /*edge*/,
const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
bool Accept(const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
bool Has(const std::vector<memgraph::storage::LabelId> & /*labels*/,
const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
bool Has(const memgraph::storage::EdgeTypeId & /*edge_type*/,
const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
bool HasGlobalPermissionOnVertices(
bool HasGlobalPrivilegeOnVertices(
const memgraph::query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
bool HasGlobalPermissionOnEdges(
bool HasGlobalPrivilegeOnEdges(
const memgraph::query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
@ -96,7 +93,8 @@ class AllowEverythingAuthChecker final : public query::AuthChecker {
return true;
}
std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(const std::string & /*username*/) const override {
std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(const std::string & /*username*/,
const query::DbAccessor * /*dba*/) const override {
return std::make_unique<AllowEverythingFineGrainedAuthChecker>();
}
};

4
src/query/interpreter.cpp
View File

@ -985,8 +985,8 @@ PullPlan::PullPlan(const std::shared_ptr<CachedPlan> plan, const Parameters &par
ctx_.evaluation_context.properties = NamesToProperties(plan->ast_storage().properties_, dba);
ctx_.evaluation_context.labels = NamesToLabels(plan->ast_storage().labels_, dba);
#ifdef MG_ENTERPRISE
if (username.has_value()) {
ctx_.auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username);
if (username.has_value() && dba) {
ctx_.auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username, dba);
}
#endif
if (interpreter_context->config.execution_timeout_sec > 0) {

110
src/query/plan/operator.cpp
View File

@ -241,8 +241,8 @@ bool CreateNode::CreateNodeCursor::Pull(Frame &frame, ExecutionContext &context)
SCOPED_PROFILE_OP("CreateNode");
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, self_.node_info_.labels,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
!context.auth_checker->Has(self_.node_info_.labels,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw QueryRuntimeException("Vertex not created due to not having enough permission!");
}
@ -334,9 +334,9 @@ bool CreateExpand::CreateExpandCursor::Pull(Frame &frame, ExecutionContext &cont
? memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE
: memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE;
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, self_.edge_info_.edge_type,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
context.auth_checker->Accept(*context.db_accessor, self_.node_info_.labels, fine_grained_permission))) {
!(context.auth_checker->Has(self_.edge_info_.edge_type,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
context.auth_checker->Has(self_.node_info_.labels, fine_grained_permission))) {
throw QueryRuntimeException("Edge not created due to not having enough permission!");
}
// get the origin vertex
@ -435,8 +435,8 @@ class ScanAllCursor : public Cursor {
bool FindNextVertex(const ExecutionContext &context) {
while (vertices_it_.value() != vertices_.value().end()) {
if (context.auth_checker->Accept(*context.db_accessor, *vertices_it_.value(), memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
if (context.auth_checker->Has(*vertices_it_.value(), memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
return true;
}
++vertices_it_.value();
@ -719,10 +719,9 @@ bool Expand::ExpandCursor::Pull(Frame &frame, ExecutionContext &context) {
if (in_edges_ && *in_edges_it_ != in_edges_->end()) {
auto edge = *(*in_edges_it_)++;
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.From(), self_.view_,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.From(), self_.view_,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@ -739,10 +738,9 @@ bool Expand::ExpandCursor::Pull(Frame &frame, ExecutionContext &context) {
// already done in the block above
if (self_.common_.direction == EdgeAtom::Direction::BOTH && edge.IsCycle()) continue;
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.To(), self_.view_,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.To(), self_.view_,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@ -1077,10 +1075,9 @@ class ExpandVariableCursor : public Cursor {
current_edge.second == EdgeAtom::Direction::IN ? current_edge.first.From() : current_edge.first.To();
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, current_edge.first,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, current_vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(current_edge.first, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(current_vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
AppendEdge(current_edge.first, &edges_on_frame);
@ -1245,10 +1242,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto out_edges = UnwrapEdgesResult(vertex.OutEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : out_edges) {
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.To(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.To(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@ -1270,10 +1266,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto in_edges = UnwrapEdgesResult(vertex.InEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : in_edges) {
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.From(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.From(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@ -1309,10 +1304,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto out_edges = UnwrapEdgesResult(vertex.OutEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : out_edges) {
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.To(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.To(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
if (ShouldExpand(vertex, edge, frame, evaluator) && !Contains(out_edge, edge.To())) {
@ -1333,10 +1327,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto in_edges = UnwrapEdgesResult(vertex.InEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : in_edges) {
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge.From(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge.From(), storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
if (ShouldExpand(vertex, edge, frame, evaluator) && !Contains(out_edge, edge.From())) {
@ -1390,10 +1383,9 @@ class SingleSourceShortestPathCursor : public query::plan::Cursor {
if (processed_.find(vertex) != processed_.end()) return;
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
return;
}
frame[self_.filter_lambda_.inner_edge_symbol] = edge;
@ -1576,10 +1568,9 @@ class ExpandWeightedShortestPathCursor : public query::plan::Cursor {
auto *memory = evaluator.GetMemoryResource();
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Accept(*context.db_accessor, edge,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
!(context.auth_checker->Has(vertex, storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
return;
}
if (self_.filter_lambda_.expression) {
@ -2333,12 +2324,9 @@ bool Delete::DeleteCursor::Pull(Frame &frame, ExecutionContext &context) {
if (expression_result.type() == TypedValue::Type::Edge) {
auto &ea = expression_result.ValueEdge();
if (context.auth_checker &&
!(context.auth_checker->Accept(*context.db_accessor, ea,
query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
context.auth_checker->Accept(*context.db_accessor, ea.To(), storage::View::NEW,
query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
context.auth_checker->Accept(*context.db_accessor, ea.From(), storage::View::NEW,
query::AuthQuery::FineGrainedPrivilege::UPDATE))) {
!(context.auth_checker->Has(ea, query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
context.auth_checker->Has(ea.To(), storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
context.auth_checker->Has(ea.From(), storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::UPDATE))) {
throw QueryRuntimeException("Edge not deleted due to not having enough permission!");
}
auto maybe_value = dba.RemoveEdge(&ea);
@ -2367,8 +2355,7 @@ bool Delete::DeleteCursor::Pull(Frame &frame, ExecutionContext &context) {
case TypedValue::Type::Vertex: {
auto &va = expression_result.ValueVertex();
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, va, storage::View::NEW,
query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
!context.auth_checker->Has(va, storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw QueryRuntimeException("Vertex not deleted due to not having enough permission!");
}
if (self_.detach_) {
@ -2475,8 +2462,8 @@ bool SetProperty::SetPropertyCursor::Pull(Frame &frame, ExecutionContext &contex
switch (lhs.type()) {
case TypedValue::Type::Vertex: {
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex property not set due to not having enough permission!");
}
@ -2491,8 +2478,7 @@ bool SetProperty::SetPropertyCursor::Pull(Frame &frame, ExecutionContext &contex
}
case TypedValue::Type::Edge: {
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge property not set due to not having enough permission!");
}
@ -2689,8 +2675,8 @@ bool SetProperties::SetPropertiesCursor::Pull(Frame &frame, ExecutionContext &co
switch (lhs.type()) {
case TypedValue::Type::Vertex:
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex properties not set due to not having enough permission!");
}
@ -2698,8 +2684,7 @@ bool SetProperties::SetPropertiesCursor::Pull(Frame &frame, ExecutionContext &co
break;
case TypedValue::Type::Edge:
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge properties not set due to not having enough permission!");
}
@ -2830,8 +2815,8 @@ bool RemoveProperty::RemovePropertyCursor::Pull(Frame &frame, ExecutionContext &
switch (lhs.type()) {
case TypedValue::Type::Vertex:
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex property not removed due to not having enough permission!");
}
@ -2839,8 +2824,7 @@ bool RemoveProperty::RemovePropertyCursor::Pull(Frame &frame, ExecutionContext &
break;
case TypedValue::Type::Edge:
if (context.auth_checker &&
!context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
!context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge property not removed due to not having enough permission!");
}

99
src/query/procedure/mg_procedure_impl.cpp
View File

@ -1587,9 +1587,10 @@ memgraph::storage::PropertyValue ToPropertyValue(const mgp_value &value) {
mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_name, mgp_value *property_value) {
return WrapExceptions([=] {
if (v->graph->ctx && v->graph->ctx->auth_checker &&
!v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
auto *ctx = v->graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw AuthorizationException{"Insufficient permissions for setting a property on vertex!"};
}
@ -1613,8 +1614,6 @@ mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_nam
}
}
auto &ctx = v->graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::UPDATED_PROPERTIES] += 1;
auto *trigger_ctx_collector = ctx->trigger_context_collector;
@ -1634,11 +1633,12 @@ mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_nam
mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
return WrapExceptions([=] {
if (v->graph->ctx && v->graph->ctx->auth_checker &&
!(v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, {v->graph->impl->NameToLabel(label.name)},
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
auto *ctx = v->graph->ctx;
if (ctx && ctx->auth_checker &&
!(ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
ctx->auth_checker->Has({v->graph->impl->NameToLabel(label.name)},
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
throw AuthorizationException{"Insufficient permissions for adding a label to vertex!"};
}
@ -1662,8 +1662,6 @@ mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
}
}
auto &ctx = v->graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::CREATED_LABELS] += 1;
if (ctx->trigger_context_collector) {
@ -1674,11 +1672,12 @@ mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
mgp_error mgp_vertex_remove_label(struct mgp_vertex *v, mgp_label label) {
return WrapExceptions([=] {
if (v->graph->ctx && v->graph->ctx->auth_checker &&
!(v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, {v->graph->impl->NameToLabel(label.name)},
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
auto *ctx = v->graph->ctx;
if (ctx && ctx->auth_checker &&
!(ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
ctx->auth_checker->Has({v->graph->impl->NameToLabel(label.name)},
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
throw AuthorizationException{"Insufficient permissions for removing a label from vertex!"};
}
@ -1702,8 +1701,6 @@ mgp_error mgp_vertex_remove_label(struct mgp_vertex *v, mgp_label label) {
}
}
auto &ctx = v->graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_LABELS] += 1;
if (ctx->trigger_context_collector) {
@ -1861,20 +1858,18 @@ void mgp_edges_iterator_destroy(mgp_edges_iterator *it) { DeleteRawMgpObject(it)
namespace {
void NextPermittedEdge(mgp_edges_iterator &it, const bool for_in) {
if (!it.source_vertex.graph->ctx || !it.source_vertex.graph->ctx->auth_checker) return;
if (const auto *ctx = it.source_vertex.graph->ctx; !ctx || !ctx->auth_checker) return;
auto &impl_it = for_in ? it.in_it : it.out_it;
const auto end = for_in ? it.in->end() : it.out->end();
if (impl_it) {
const auto *auth_checker = it.source_vertex.graph->ctx->auth_checker.get();
const auto db_accessor = *it.source_vertex.graph->ctx->db_accessor;
const auto view = it.source_vertex.graph->view;
while (*impl_it != end) {
if (auth_checker->Accept(db_accessor, **impl_it, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
if (auth_checker->Has(**impl_it, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
const auto &check_vertex = it.source_vertex.impl == (*impl_it)->From() ? (*impl_it)->To() : (*impl_it)->From();
if (auth_checker->Accept(db_accessor, check_vertex, view,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
if (auth_checker->Has(check_vertex, view, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
break;
}
}
@ -2076,9 +2071,10 @@ mgp_error mgp_edge_get_property(mgp_edge *e, const char *name, mgp_memory *memor
mgp_error mgp_edge_set_property(struct mgp_edge *e, const char *property_name, mgp_value *property_value) {
return WrapExceptions([=] {
if (e->from.graph->ctx && e->from.graph->ctx->auth_checker &&
!e->from.graph->ctx->auth_checker->Accept(*e->from.graph->ctx->db_accessor, e->impl,
memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
auto *ctx = e->from.graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(e->impl, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw AuthorizationException{"Insufficient permissions for setting a property on edge!"};
}
@ -2103,8 +2099,6 @@ mgp_error mgp_edge_set_property(struct mgp_edge *e, const char *property_name, m
}
}
auto &ctx = e->from.graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::UPDATED_PROPERTIES] += 1;
auto *trigger_ctx_collector = e->from.graph->ctx->trigger_context_collector;
@ -2171,7 +2165,7 @@ mgp_error mgp_graph_create_vertex(struct mgp_graph *graph, mgp_memory *memory, m
return WrapExceptions(
[=]() -> mgp_vertex * {
if (graph->ctx && graph->ctx->auth_checker &&
!graph->ctx->auth_checker->HasGlobalPermissionOnVertices(
!graph->ctx->auth_checker->HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for creating vertices!"};
}
@ -2194,9 +2188,11 @@ mgp_error mgp_graph_create_vertex(struct mgp_graph *graph, mgp_memory *memory, m
mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return WrapExceptions([=] {
if (graph->ctx && graph->ctx->auth_checker &&
!graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, vertex->impl, graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
auto *ctx = graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(vertex->impl, graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting a vertex!"};
}
@ -2223,8 +2219,6 @@ mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return;
}
auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_NODES] += 1;
if (ctx->trigger_context_collector) {
@ -2235,9 +2229,11 @@ mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
mgp_error mgp_graph_detach_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return WrapExceptions([=] {
if (graph->ctx && graph->ctx->auth_checker &&
!graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, vertex->impl, graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
auto *ctx = graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(vertex->impl, graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting a vertex!"};
}
@ -2263,8 +2259,6 @@ mgp_error mgp_graph_detach_delete_vertex(struct mgp_graph *graph, mgp_vertex *ve
return;
}
auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_NODES] += 1;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_EDGES] +=
static_cast<int64_t>((*result)->second.size());
@ -2288,9 +2282,11 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
mgp_memory *memory, mgp_edge **result) {
return WrapExceptions(
[=]() -> mgp_edge * {
if (graph->ctx && graph->ctx->auth_checker &&
!graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, from->graph->impl->NameToEdgeType(type.name),
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
auto *ctx = graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(from->graph->impl->NameToEdgeType(type.name),
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for creating edges!"};
}
@ -2312,7 +2308,6 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
throw SerializationException{"Cannot serialize creating an edge."};
}
}
auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::CREATED_EDGES] += 1;
@ -2326,9 +2321,10 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
return WrapExceptions([=] {
if (graph->ctx && graph->ctx->auth_checker &&
!graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, edge->impl,
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
auto *ctx = graph->ctx;
if (ctx && ctx->auth_checker &&
!ctx->auth_checker->Has(edge->impl, memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting an edge!"};
}
if (!MgpGraphIsMutable(*graph)) {
@ -2352,7 +2348,6 @@ mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
if (!*result) {
return;
}
auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_EDGES] += 1;
if (ctx->trigger_context_collector) {
@ -2363,13 +2358,15 @@ mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
namespace {
void NextPermitted(mgp_vertices_iterator &it) {
if (!it.graph->ctx || !it.graph->ctx->auth_checker) {
const auto *ctx = it.graph->ctx;
if (!ctx || !ctx->auth_checker) {
return;
}
while (it.current_it != it.vertices.end()) {
if (it.graph->ctx->auth_checker->Accept(*it.graph->ctx->db_accessor, *it.current_it, it.graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
if (ctx->auth_checker->Has(*it.current_it, it.graph->view,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
break;
}

154
tests/unit/auth_checker.cpp
View File

@ -48,85 +48,85 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantedAllLabels) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Grant("*", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantedAllEdgeTypes) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Grant(
"*", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllLabels) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllEdgeTypes) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_FALSE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantLabel) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Grant("l1",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DenyLabel) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificLabels) {
@ -136,20 +136,20 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificLabels) {
user.fine_grained_access_handler().label_permissions().Grant("l2",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, MultipleVertexLabels) {
@ -159,37 +159,37 @@ TEST_F(FineGrainedAuthCheckerFixture, MultipleVertexLabels) {
user.fine_grained_access_handler().label_permissions().Grant("l2",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(v1.AddLabel(dba.NameToLabel("l3")).HasValue());
ASSERT_TRUE(v2.AddLabel(dba.NameToLabel("l1")).HasValue());
dba.AdvanceCommand();
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(
auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(
auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantEdgeType) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Grant(
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DenyEdgeType) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_1",
memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_FALSE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificEdgeTypes) {
@ -198,10 +198,10 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificEdgeTypes) {
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_2",
memgraph::auth::FineGrainedPermission::READ);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_TRUE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
ASSERT_FALSE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}

2
tests/unit/bfs_common.hpp
View File

@ -541,7 +541,7 @@ void BfsTestWithFineGrainedFiltering(Database *db, int lower_bound, int upper_bo
break;
}
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &db_accessor};
context.auth_checker = std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(auth_checker));
// We run BFS once from each vertex for each blocked entity.
input_operator = YieldVertices(&db_accessor, vertices, source_symbol, input_operator);

28
tests/unit/query_plan_create_set_remove_delete.cpp
View File

@ -94,7 +94,7 @@ TEST(QueryPlan, FineGrainedCreateNodeWithAttributes) {
node.labels.emplace_back(label);
const auto test_create = [&](memgraph::auth::User &user) {
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &execution_dba};
auto context = MakeContextWithFineGrainedChecker(ast, symbol_table, &execution_dba, &auth_checker);
auto create = std::make_shared<CreateNode>(nullptr, node);
@ -189,7 +189,7 @@ TEST(QueryPlan, FineGrainedCreateReturn) {
memgraph::auth::User user{"Test"};
user.fine_grained_access_handler().label_permissions().Grant("label",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
auto results = CollectProduce(*produce, &context);
EXPECT_EQ(1, results.size());
@ -210,7 +210,7 @@ TEST(QueryPlan, FineGrainedCreateReturn) {
memgraph::auth::User user{"Test"};
user.fine_grained_access_handler().label_permissions().Deny("label",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
ASSERT_THROW(CollectProduce(*produce, &context), QueryRuntimeException);
}
@ -328,7 +328,7 @@ class CreateExpandWithAuthFixture : public testing::Test {
auto create_op = std::make_shared<CreateNode>(nullptr, n);
auto create_expand = std::make_shared<CreateExpand>(m, r, create_op, n.symbol, cycle);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_expand, &context);
dba.AdvanceCommand();
@ -486,7 +486,7 @@ class MatchCreateNodeWithAuthFixture : public testing::Test {
m.labels = labels;
// creation op
auto create_node = std::make_shared<CreateNode>(n_scan_all.op_, m);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_node, &context);
@ -622,7 +622,7 @@ class MatchCreateExpandWithAuthFixture : public testing::Test {
;
auto create_expand = std::make_shared<CreateExpand>(m, r, n_scan_all.op_, n_scan_all.sym_, cycle);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_expand, &context);
dba.AdvanceCommand();
@ -837,7 +837,7 @@ class DeleteOperatorWithAuthFixture : public testing::Test {
auto n = MakeScanAll(storage, symbol_table, "n");
auto n_get = storage.Create<Identifier>("n")->MapTo(n.sym_);
Frame frame(symbol_table.max_position());
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
auto delete_op = std::make_shared<plan::Delete>(n.op_, std::vector<Expression *>{n_get}, true);
PullAll(*delete_op, &context);
@ -861,7 +861,7 @@ class DeleteOperatorWithAuthFixture : public testing::Test {
memgraph::storage::View::NEW);
auto r_get = storage.Create<Identifier>("r")->MapTo(r_m.edge_sym_);
auto delete_op = std::make_shared<plan::Delete>(r_m.op_, std::vector<Expression *>{r_get}, false);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*delete_op, &context);
dba.AdvanceCommand();
@ -1749,7 +1749,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_property, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@ -1766,7 +1766,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
auto n_p = PROPERTY_LOOKUP(IDENT("r")->MapTo(expand.edge_sym_), entity_prop);
auto set_property = std::make_shared<plan::SetProperty>(expand.op_, entity_prop, n_p, literal);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*set_property, &context);
@ -1788,7 +1788,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_properties, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@ -1812,7 +1812,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_properties, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@ -1831,7 +1831,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(remove_property, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@ -1847,7 +1847,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
auto n_p = PROPERTY_LOOKUP(IDENT("n")->MapTo(expand.edge_sym_), entity_prop);
auto remove_property = std::make_shared<plan::RemoveProperty>(expand.op_, entity_prop, n_p);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*remove_property, &context);

10
tests/unit/query_plan_match_filter_return.cpp
View File

@ -61,7 +61,7 @@ class MatchReturnFixture : public testing::Test {
auto output =
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(scan_all.op_, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
return PullAll(*produce, &context);
}
@ -515,7 +515,7 @@ TEST_F(ExpandFixture, ExpandWithEdgeFiltering) {
auto output =
NEXPR("m", IDENT("m")->MapTo(r_m.node_sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(r_m.op_, output);
memgraph::glue::FineGrainedAuthChecker auth_checker{user};
memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
return PullAll(*produce, &context);
};
@ -703,7 +703,7 @@ class QueryPlanExpandVariable : public testing::Test {
auto cursor = input_op->MakeCursor(memgraph::utils::NewDeleteResource());
ExecutionContext context;
if (user) {
memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);
@ -721,7 +721,7 @@ class QueryPlanExpandVariable : public testing::Test {
auto cursor = input_op->MakeCursor(memgraph::utils::NewDeleteResource());
ExecutionContext context;
if (user) {
memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);
@ -1796,7 +1796,7 @@ class QueryPlanExpandWeightedShortestPath : public testing::Test {
std::vector<ResultType> results;
memgraph::query::ExecutionContext context;
if (user) {
memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);

5
tests/unit/query_trigger.cpp
View File

@ -39,8 +39,9 @@ class MockAuthChecker : public memgraph::query::AuthChecker {
public:
MOCK_CONST_METHOD2(IsUserAuthorized, bool(const std::optional<std::string> &username,
const std::vector<memgraph::query::AuthQuery::Privilege> &privileges));
MOCK_CONST_METHOD1(GetFineGrainedAuthChecker,
std::unique_ptr<memgraph::query::FineGrainedAuthChecker>(const std::string &username));
MOCK_CONST_METHOD2(GetFineGrainedAuthChecker,
std::unique_ptr<memgraph::query::FineGrainedAuthChecker>(
const std::string &username, const memgraph::query::DbAccessor *db_accessor));
};
} // namespace