From aa02745915c4863cce79b055c2eb81d7d743f723 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Boris=20Ta=C5=A1evski?=
<36607228+BorisTasevski@users.noreply.github.com>
Date: Tue, 13 Sep 2022 11:37:17 +0200
Subject: [PATCH] [E129-MG < T1030-MG] Tech debts (#540)
* renamed parameters (#539)
* added variable declarations in ifs; minor code improvements; (#541)
* dba parameter removed (#543)
* Accept -> Has rename; HasGlobalPermissionOnVertices/Edges -> HasGlobalPrivilegeOnVertices/Edges (#545)
* replaced passing dba from reference to pointer
---
src/glue/auth_checker.cpp | 58 +++----
src/glue/auth_checker.hpp | 26 +--
src/query/auth_checker.hpp | 48 +++---
src/query/interpreter.cpp | 4 +-
src/query/plan/operator.cpp | 110 ++++++-------
src/query/procedure/mg_procedure_impl.cpp | 99 ++++++-----
tests/unit/auth_checker.cpp | 154 +++++++++---------
tests/unit/bfs_common.hpp | 2 +-
.../query_plan_create_set_remove_delete.cpp | 28 ++--
tests/unit/query_plan_match_filter_return.cpp | 10 +-
tests/unit/query_trigger.cpp | 5 +-
11 files changed, 260 insertions(+), 284 deletions(-)
diff --git a/src/glue/auth_checker.cpp b/src/glue/auth_checker.cpp
index cd66f6146..08e7fbbf1 100644
--- a/src/glue/auth_checker.cpp
+++ b/src/glue/auth_checker.cpp
@@ -18,13 +18,13 @@
#include "utils/synchronized.hpp"
namespace {
-bool IsUserAuthorizedLabels(const memgraph::auth::User &user, const memgraph::query::DbAccessor &dba,
+bool IsUserAuthorizedLabels(const memgraph::auth::User &user, const memgraph::query::DbAccessor *dba,
const std::vector<memgraph::storage::LabelId> &labels,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) {
- return std::all_of(labels.begin(), labels.end(), [&dba, &user, fine_grained_permission](const auto &label) {
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) {
+ return std::all_of(labels.begin(), labels.end(), [dba, &user, fine_grained_privilege](const auto &label) {
return user.GetFineGrainedAccessLabelPermissions().Has(
- dba.LabelToName(label), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
- fine_grained_permission)) == memgraph::auth::PermissionLevel::GRANT;
+ dba->LabelToName(label), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
+ fine_grained_privilege)) == memgraph::auth::PermissionLevel::GRANT;
});
}
@@ -40,12 +40,12 @@ bool IsUserAuthorizedGloballyEdges(const memgraph::auth::User &user,
memgraph::auth::PermissionLevel::GRANT;
}
-bool IsUserAuthorizedEdgeType(const memgraph::auth::User &user, const memgraph::query::DbAccessor &dba,
+bool IsUserAuthorizedEdgeType(const memgraph::auth::User &user, const memgraph::query::DbAccessor *dba,
const memgraph::storage::EdgeTypeId &edgeType,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) {
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) {
return user.GetFineGrainedAccessEdgeTypePermissions().Has(
- dba.EdgeTypeToName(edgeType), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
- fine_grained_permission)) == memgraph::auth::PermissionLevel::GRANT;
+ dba->EdgeTypeToName(edgeType), memgraph::glue::FineGrainedPrivilegeToFineGrainedPermission(
+ fine_grained_privilege)) == memgraph::auth::PermissionLevel::GRANT;
}
} // namespace
@@ -72,7 +72,7 @@ bool AuthChecker::IsUserAuthorized(const std::optional<std::string> &username,
}
std::unique_ptr<memgraph::query::FineGrainedAuthChecker> AuthChecker::GetFineGrainedAuthChecker(
- const std::string &username) const {
+ const std::string &username, const memgraph::query::DbAccessor *dba) const {
try {
auto locked_auth = auth_->Lock();
auto user = locked_auth->GetUser(username);
@@ -80,7 +80,7 @@ std::unique_ptr<memgraph::query::FineGrainedAuthChecker> AuthChecker::GetFineGra
throw memgraph::query::QueryRuntimeException("User '{}' doesn't exist .", username);
}
- return std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(*user));
+ return std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(*user), dba);
} catch (const memgraph::auth::AuthException &e) {
throw memgraph::query::QueryRuntimeException(e.what());
@@ -96,12 +96,11 @@ bool AuthChecker::IsUserAuthorized(const memgraph::auth::User &user,
});
}
-FineGrainedAuthChecker::FineGrainedAuthChecker(auth::User user) : user_{std::move(user)} {};
+FineGrainedAuthChecker::FineGrainedAuthChecker(auth::User user, const memgraph::query::DbAccessor *dba)
+ : user_{std::move(user)}, dba_(dba){};
-bool FineGrainedAuthChecker::Accept(
- const memgraph::query::DbAccessor &dba, const memgraph::query::VertexAccessor &vertex,
- const memgraph::storage::View view,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
+bool FineGrainedAuthChecker::Has(const memgraph::query::VertexAccessor &vertex, const memgraph::storage::View view,
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
auto maybe_labels = vertex.Labels(view);
if (maybe_labels.HasError()) {
switch (maybe_labels.GetError()) {
@@ -116,33 +115,30 @@ bool FineGrainedAuthChecker::Accept(
}
}
- return IsUserAuthorizedLabels(user_, dba, *maybe_labels, fine_grained_permission);
+ return IsUserAuthorizedLabels(user_, dba_, *maybe_labels, fine_grained_privilege);
}
-bool FineGrainedAuthChecker::Accept(
- const memgraph::query::DbAccessor &dba, const memgraph::query::EdgeAccessor &edge,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
- return IsUserAuthorizedEdgeType(user_, dba, edge.EdgeType(), fine_grained_permission);
+bool FineGrainedAuthChecker::Has(const memgraph::query::EdgeAccessor &edge,
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
+ return IsUserAuthorizedEdgeType(user_, dba_, edge.EdgeType(), fine_grained_privilege);
}
-bool FineGrainedAuthChecker::Accept(
- const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
- return IsUserAuthorizedLabels(user_, dba, labels, fine_grained_permission);
+bool FineGrainedAuthChecker::Has(const std::vector<memgraph::storage::LabelId> &labels,
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
+ return IsUserAuthorizedLabels(user_, dba_, labels, fine_grained_privilege);
}
-bool FineGrainedAuthChecker::Accept(
- const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
- const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const {
- return IsUserAuthorizedEdgeType(user_, dba, edge_type, fine_grained_permission);
+bool FineGrainedAuthChecker::Has(const memgraph::storage::EdgeTypeId &edge_type,
+ const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
+ return IsUserAuthorizedEdgeType(user_, dba_, edge_type, fine_grained_privilege);
}
-bool FineGrainedAuthChecker::HasGlobalPermissionOnVertices(
+bool FineGrainedAuthChecker::HasGlobalPrivilegeOnVertices(
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedGloballyLabels(user_, FineGrainedPrivilegeToFineGrainedPermission(fine_grained_privilege));
}
-bool FineGrainedAuthChecker::HasGlobalPermissionOnEdges(
+bool FineGrainedAuthChecker::HasGlobalPrivilegeOnEdges(
const memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const {
return IsUserAuthorizedGloballyEdges(user_, FineGrainedPrivilegeToFineGrainedPermission(fine_grained_privilege));
};
diff --git a/src/glue/auth_checker.hpp b/src/glue/auth_checker.hpp
index f80d0f441..56ffe4510 100644
--- a/src/glue/auth_checker.hpp
+++ b/src/glue/auth_checker.hpp
@@ -28,7 +28,7 @@ class AuthChecker : public query::AuthChecker {
const std::vector<query::AuthQuery::Privilege> &privileges) const override;
std::unique_ptr<memgraph::query::FineGrainedAuthChecker> GetFineGrainedAuthChecker(
- const std::string &username) const override;
+ const std::string &username, const memgraph::query::DbAccessor *dba) const override;
[[nodiscard]] static bool IsUserAuthorized(const memgraph::auth::User &user,
const std::vector<memgraph::query::AuthQuery::Privilege> &privileges);
@@ -39,28 +39,28 @@ class AuthChecker : public query::AuthChecker {
class FineGrainedAuthChecker : public query::FineGrainedAuthChecker {
public:
- explicit FineGrainedAuthChecker(auth::User user);
+ explicit FineGrainedAuthChecker(auth::User user, const memgraph::query::DbAccessor *dba);
- bool Accept(const memgraph::query::DbAccessor &dba, const query::VertexAccessor &vertex, memgraph::storage::View view,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
+ bool Has(const query::VertexAccessor &vertex, memgraph::storage::View view,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
- bool Accept(const memgraph::query::DbAccessor &dba, const query::EdgeAccessor &edge,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
+ bool Has(const query::EdgeAccessor &edge,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
- bool Accept(const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
+ bool Has(const std::vector<memgraph::storage::LabelId> &labels,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
- bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override;
+ bool Has(const memgraph::storage::EdgeTypeId &edge_type,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
- bool HasGlobalPermissionOnVertices(
+ bool HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
- bool HasGlobalPermissionOnEdges(
+ bool HasGlobalPrivilegeOnEdges(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const override;
private:
auth::User user_;
+ const memgraph::query::DbAccessor *dba_;
};
-
} // namespace memgraph::glue
diff --git a/src/query/auth_checker.hpp b/src/query/auth_checker.hpp
index 703406569..a76692a12 100644
--- a/src/query/auth_checker.hpp
+++ b/src/query/auth_checker.hpp
@@ -27,63 +27,60 @@ class AuthChecker {
const std::vector<query::AuthQuery::Privilege> &privileges) const = 0;
[[nodiscard]] virtual std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(
- const std::string &username) const = 0;
+ const std::string &username, const memgraph::query::DbAccessor *db_accessor) const = 0;
};
class FineGrainedAuthChecker {
public:
virtual ~FineGrainedAuthChecker() = default;
- [[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba, const query::VertexAccessor &vertex,
- memgraph::storage::View view,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
+ [[nodiscard]] virtual bool Has(const query::VertexAccessor &vertex, memgraph::storage::View view,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
- [[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba, const query::EdgeAccessor &edge,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
+ [[nodiscard]] virtual bool Has(const query::EdgeAccessor &edge,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
- [[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba,
- const std::vector<memgraph::storage::LabelId> &labels,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
+ [[nodiscard]] virtual bool Has(const std::vector<memgraph::storage::LabelId> &labels,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
- [[nodiscard]] virtual bool Accept(const memgraph::query::DbAccessor &dba,
- const memgraph::storage::EdgeTypeId &edge_type,
- query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const = 0;
+ [[nodiscard]] virtual bool Has(const memgraph::storage::EdgeTypeId &edge_type,
+ query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
- [[nodiscard]] virtual bool HasGlobalPermissionOnVertices(
+ [[nodiscard]] virtual bool HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
- [[nodiscard]] virtual bool HasGlobalPermissionOnEdges(
+ [[nodiscard]] virtual bool HasGlobalPrivilegeOnEdges(
memgraph::query::AuthQuery::FineGrainedPrivilege fine_grained_privilege) const = 0;
};
class AllowEverythingFineGrainedAuthChecker final : public query::FineGrainedAuthChecker {
public:
- bool Accept(const memgraph::query::DbAccessor &dba, const VertexAccessor &vertex, const memgraph::storage::View view,
- const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
+ bool Has(const VertexAccessor & /*vertex*/, const memgraph::storage::View /*view*/,
+ const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
- bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::query::EdgeAccessor &edge,
- const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
+ bool Has(const memgraph::query::EdgeAccessor & /*edge*/,
+ const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
- bool Accept(const memgraph::query::DbAccessor &dba, const std::vector<memgraph::storage::LabelId> &labels,
- const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
+ bool Has(const std::vector<memgraph::storage::LabelId> & /*labels*/,
+ const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
- bool Accept(const memgraph::query::DbAccessor &dba, const memgraph::storage::EdgeTypeId &edge_type,
- const query::AuthQuery::FineGrainedPrivilege fine_grained_permission) const override {
+ bool Has(const memgraph::storage::EdgeTypeId & /*edge_type*/,
+ const query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
- bool HasGlobalPermissionOnVertices(
+ bool HasGlobalPrivilegeOnVertices(
const memgraph::query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
- bool HasGlobalPermissionOnEdges(
+ bool HasGlobalPrivilegeOnEdges(
const memgraph::query::AuthQuery::FineGrainedPrivilege /*fine_grained_privilege*/) const override {
return true;
}
@@ -96,7 +93,8 @@ class AllowEverythingAuthChecker final : public query::AuthChecker {
return true;
}
- std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(const std::string & /*username*/) const override {
+ std::unique_ptr<FineGrainedAuthChecker> GetFineGrainedAuthChecker(const std::string & /*username*/,
+ const query::DbAccessor * /*dba*/) const override {
return std::make_unique<AllowEverythingFineGrainedAuthChecker>();
}
};
diff --git a/src/query/interpreter.cpp b/src/query/interpreter.cpp
index e0ae4f17b..f0aa35806 100644
--- a/src/query/interpreter.cpp
+++ b/src/query/interpreter.cpp
@@ -985,8 +985,8 @@ PullPlan::PullPlan(const std::shared_ptr<CachedPlan> plan, const Parameters &par
ctx_.evaluation_context.properties = NamesToProperties(plan->ast_storage().properties_, dba);
ctx_.evaluation_context.labels = NamesToLabels(plan->ast_storage().labels_, dba);
#ifdef MG_ENTERPRISE
- if (username.has_value()) {
- ctx_.auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username);
+ if (username.has_value() && dba) {
+ ctx_.auth_checker = interpreter_context->auth_checker->GetFineGrainedAuthChecker(*username, dba);
}
#endif
if (interpreter_context->config.execution_timeout_sec > 0) {
diff --git a/src/query/plan/operator.cpp b/src/query/plan/operator.cpp
index ea87bc411..1b92cae51 100644
--- a/src/query/plan/operator.cpp
+++ b/src/query/plan/operator.cpp
@@ -241,8 +241,8 @@ bool CreateNode::CreateNodeCursor::Pull(Frame &frame, ExecutionContext &context)
SCOPED_PROFILE_OP("CreateNode");
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, self_.node_info_.labels,
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ !context.auth_checker->Has(self_.node_info_.labels,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw QueryRuntimeException("Vertex not created due to not having enough permission!");
}
@@ -334,9 +334,9 @@ bool CreateExpand::CreateExpandCursor::Pull(Frame &frame, ExecutionContext &cont
? memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE
: memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE;
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, self_.edge_info_.edge_type,
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
- context.auth_checker->Accept(*context.db_accessor, self_.node_info_.labels, fine_grained_permission))) {
+ !(context.auth_checker->Has(self_.edge_info_.edge_type,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
+ context.auth_checker->Has(self_.node_info_.labels, fine_grained_permission))) {
throw QueryRuntimeException("Edge not created due to not having enough permission!");
}
// get the origin vertex
@@ -435,8 +435,8 @@ class ScanAllCursor : public Cursor {
bool FindNextVertex(const ExecutionContext &context) {
while (vertices_it_.value() != vertices_.value().end()) {
- if (context.auth_checker->Accept(*context.db_accessor, *vertices_it_.value(), memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
+ if (context.auth_checker->Has(*vertices_it_.value(), memgraph::storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
return true;
}
++vertices_it_.value();
@@ -719,10 +719,9 @@ bool Expand::ExpandCursor::Pull(Frame &frame, ExecutionContext &context) {
if (in_edges_ && *in_edges_it_ != in_edges_->end()) {
auto edge = *(*in_edges_it_)++;
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.From(), self_.view_,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.From(), self_.view_,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@@ -739,10 +738,9 @@ bool Expand::ExpandCursor::Pull(Frame &frame, ExecutionContext &context) {
// already done in the block above
if (self_.common_.direction == EdgeAtom::Direction::BOTH && edge.IsCycle()) continue;
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.To(), self_.view_,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.To(), self_.view_,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@@ -1077,10 +1075,9 @@ class ExpandVariableCursor : public Cursor {
current_edge.second == EdgeAtom::Direction::IN ? current_edge.first.From() : current_edge.first.To();
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, current_edge.first,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, current_vertex, storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(current_edge.first, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(current_vertex, storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
AppendEdge(current_edge.first, &edges_on_frame);
@@ -1245,10 +1242,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto out_edges = UnwrapEdgesResult(vertex.OutEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : out_edges) {
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.To(), storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.To(), storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@@ -1270,10 +1266,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto in_edges = UnwrapEdgesResult(vertex.InEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : in_edges) {
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.From(), storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.From(), storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
@@ -1309,10 +1304,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto out_edges = UnwrapEdgesResult(vertex.OutEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : out_edges) {
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.To(), storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.To(), storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
if (ShouldExpand(vertex, edge, frame, evaluator) && !Contains(out_edge, edge.To())) {
@@ -1333,10 +1327,9 @@ class STShortestPathCursor : public query::plan::Cursor {
auto in_edges = UnwrapEdgesResult(vertex.InEdges(storage::View::OLD, self_.common_.edge_types));
for (const auto &edge : in_edges) {
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge.From(), storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge.From(), storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
continue;
}
if (ShouldExpand(vertex, edge, frame, evaluator) && !Contains(out_edge, edge.From())) {
@@ -1390,10 +1383,9 @@ class SingleSourceShortestPathCursor : public query::plan::Cursor {
if (processed_.find(vertex) != processed_.end()) return;
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, vertex, storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(vertex, storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
return;
}
frame[self_.filter_lambda_.inner_edge_symbol] = edge;
@@ -1576,10 +1568,9 @@ class ExpandWeightedShortestPathCursor : public query::plan::Cursor {
auto *memory = evaluator.GetMemoryResource();
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, vertex, storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
- context.auth_checker->Accept(*context.db_accessor, edge,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
+ !(context.auth_checker->Has(vertex, storage::View::OLD,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ) &&
+ context.auth_checker->Has(edge, memgraph::query::AuthQuery::FineGrainedPrivilege::READ))) {
return;
}
if (self_.filter_lambda_.expression) {
@@ -2333,12 +2324,9 @@ bool Delete::DeleteCursor::Pull(Frame &frame, ExecutionContext &context) {
if (expression_result.type() == TypedValue::Type::Edge) {
auto &ea = expression_result.ValueEdge();
if (context.auth_checker &&
- !(context.auth_checker->Accept(*context.db_accessor, ea,
- query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
- context.auth_checker->Accept(*context.db_accessor, ea.To(), storage::View::NEW,
- query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
- context.auth_checker->Accept(*context.db_accessor, ea.From(), storage::View::NEW,
- query::AuthQuery::FineGrainedPrivilege::UPDATE))) {
+ !(context.auth_checker->Has(ea, query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE) &&
+ context.auth_checker->Has(ea.To(), storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
+ context.auth_checker->Has(ea.From(), storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::UPDATE))) {
throw QueryRuntimeException("Edge not deleted due to not having enough permission!");
}
auto maybe_value = dba.RemoveEdge(&ea);
@@ -2367,8 +2355,7 @@ bool Delete::DeleteCursor::Pull(Frame &frame, ExecutionContext &context) {
case TypedValue::Type::Vertex: {
auto &va = expression_result.ValueVertex();
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, va, storage::View::NEW,
- query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ !context.auth_checker->Has(va, storage::View::NEW, query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw QueryRuntimeException("Vertex not deleted due to not having enough permission!");
}
if (self_.detach_) {
@@ -2475,8 +2462,8 @@ bool SetProperty::SetPropertyCursor::Pull(Frame &frame, ExecutionContext &contex
switch (lhs.type()) {
case TypedValue::Type::Vertex: {
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex property not set due to not having enough permission!");
}
@@ -2491,8 +2478,7 @@ bool SetProperty::SetPropertyCursor::Pull(Frame &frame, ExecutionContext &contex
}
case TypedValue::Type::Edge: {
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge property not set due to not having enough permission!");
}
@@ -2689,8 +2675,8 @@ bool SetProperties::SetPropertiesCursor::Pull(Frame &frame, ExecutionContext &co
switch (lhs.type()) {
case TypedValue::Type::Vertex:
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex properties not set due to not having enough permission!");
}
@@ -2698,8 +2684,7 @@ bool SetProperties::SetPropertiesCursor::Pull(Frame &frame, ExecutionContext &co
break;
case TypedValue::Type::Edge:
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge properties not set due to not having enough permission!");
}
@@ -2830,8 +2815,8 @@ bool RemoveProperty::RemovePropertyCursor::Pull(Frame &frame, ExecutionContext &
switch (lhs.type()) {
case TypedValue::Type::Vertex:
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueVertex(), storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueVertex(), storage::View::NEW,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Vertex property not removed due to not having enough permission!");
}
@@ -2839,8 +2824,7 @@ bool RemoveProperty::RemovePropertyCursor::Pull(Frame &frame, ExecutionContext &
break;
case TypedValue::Type::Edge:
if (context.auth_checker &&
- !context.auth_checker->Accept(*context.db_accessor, lhs.ValueEdge(),
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ !context.auth_checker->Has(lhs.ValueEdge(), memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw QueryRuntimeException("Edge property not removed due to not having enough permission!");
}
diff --git a/src/query/procedure/mg_procedure_impl.cpp b/src/query/procedure/mg_procedure_impl.cpp
index 25c809e5b..98217931e 100644
--- a/src/query/procedure/mg_procedure_impl.cpp
+++ b/src/query/procedure/mg_procedure_impl.cpp
@@ -1587,9 +1587,10 @@ memgraph::storage::PropertyValue ToPropertyValue(const mgp_value &value) {
mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_name, mgp_value *property_value) {
return WrapExceptions([=] {
- if (v->graph->ctx && v->graph->ctx->auth_checker &&
- !v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ auto *ctx = v->graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw AuthorizationException{"Insufficient permissions for setting a property on vertex!"};
}
@@ -1613,8 +1614,6 @@ mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_nam
}
}
- auto &ctx = v->graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::UPDATED_PROPERTIES] += 1;
auto *trigger_ctx_collector = ctx->trigger_context_collector;
@@ -1634,11 +1633,12 @@ mgp_error mgp_vertex_set_property(struct mgp_vertex *v, const char *property_nam
mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
return WrapExceptions([=] {
- if (v->graph->ctx && v->graph->ctx->auth_checker &&
- !(v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
- v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, {v->graph->impl->NameToLabel(label.name)},
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
+ auto *ctx = v->graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !(ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
+ ctx->auth_checker->Has({v->graph->impl->NameToLabel(label.name)},
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
throw AuthorizationException{"Insufficient permissions for adding a label to vertex!"};
}
@@ -1662,8 +1662,6 @@ mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
}
}
- auto &ctx = v->graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::CREATED_LABELS] += 1;
if (ctx->trigger_context_collector) {
@@ -1674,11 +1672,12 @@ mgp_error mgp_vertex_add_label(struct mgp_vertex *v, mgp_label label) {
mgp_error mgp_vertex_remove_label(struct mgp_vertex *v, mgp_label label) {
return WrapExceptions([=] {
- if (v->graph->ctx && v->graph->ctx->auth_checker &&
- !(v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, v->impl, v->graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
- v->graph->ctx->auth_checker->Accept(*v->graph->ctx->db_accessor, {v->graph->impl->NameToLabel(label.name)},
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
+ auto *ctx = v->graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !(ctx->auth_checker->Has(v->impl, v->graph->view, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE) &&
+ ctx->auth_checker->Has({v->graph->impl->NameToLabel(label.name)},
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE))) {
throw AuthorizationException{"Insufficient permissions for removing a label from vertex!"};
}
@@ -1702,8 +1701,6 @@ mgp_error mgp_vertex_remove_label(struct mgp_vertex *v, mgp_label label) {
}
}
- auto &ctx = v->graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_LABELS] += 1;
if (ctx->trigger_context_collector) {
@@ -1861,20 +1858,18 @@ void mgp_edges_iterator_destroy(mgp_edges_iterator *it) { DeleteRawMgpObject(it)
namespace {
void NextPermittedEdge(mgp_edges_iterator &it, const bool for_in) {
- if (!it.source_vertex.graph->ctx || !it.source_vertex.graph->ctx->auth_checker) return;
+ if (const auto *ctx = it.source_vertex.graph->ctx; !ctx || !ctx->auth_checker) return;
auto &impl_it = for_in ? it.in_it : it.out_it;
const auto end = for_in ? it.in->end() : it.out->end();
if (impl_it) {
const auto *auth_checker = it.source_vertex.graph->ctx->auth_checker.get();
- const auto db_accessor = *it.source_vertex.graph->ctx->db_accessor;
const auto view = it.source_vertex.graph->view;
while (*impl_it != end) {
- if (auth_checker->Accept(db_accessor, **impl_it, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
+ if (auth_checker->Has(**impl_it, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
const auto &check_vertex = it.source_vertex.impl == (*impl_it)->From() ? (*impl_it)->To() : (*impl_it)->From();
- if (auth_checker->Accept(db_accessor, check_vertex, view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
+ if (auth_checker->Has(check_vertex, view, memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
break;
}
}
@@ -2076,9 +2071,10 @@ mgp_error mgp_edge_get_property(mgp_edge *e, const char *name, mgp_memory *memor
mgp_error mgp_edge_set_property(struct mgp_edge *e, const char *property_name, mgp_value *property_value) {
return WrapExceptions([=] {
- if (e->from.graph->ctx && e->from.graph->ctx->auth_checker &&
- !e->from.graph->ctx->auth_checker->Accept(*e->from.graph->ctx->db_accessor, e->impl,
- memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
+ auto *ctx = e->from.graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(e->impl, memgraph::query::AuthQuery::FineGrainedPrivilege::UPDATE)) {
throw AuthorizationException{"Insufficient permissions for setting a property on edge!"};
}
@@ -2103,8 +2099,6 @@ mgp_error mgp_edge_set_property(struct mgp_edge *e, const char *property_name, m
}
}
- auto &ctx = e->from.graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::UPDATED_PROPERTIES] += 1;
auto *trigger_ctx_collector = e->from.graph->ctx->trigger_context_collector;
@@ -2171,7 +2165,7 @@ mgp_error mgp_graph_create_vertex(struct mgp_graph *graph, mgp_memory *memory, m
return WrapExceptions(
[=]() -> mgp_vertex * {
if (graph->ctx && graph->ctx->auth_checker &&
- !graph->ctx->auth_checker->HasGlobalPermissionOnVertices(
+ !graph->ctx->auth_checker->HasGlobalPrivilegeOnVertices(
memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for creating vertices!"};
}
@@ -2194,9 +2188,11 @@ mgp_error mgp_graph_create_vertex(struct mgp_graph *graph, mgp_memory *memory, m
mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return WrapExceptions([=] {
- if (graph->ctx && graph->ctx->auth_checker &&
- !graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, vertex->impl, graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ auto *ctx = graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(vertex->impl, graph->view,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting a vertex!"};
}
@@ -2223,8 +2219,6 @@ mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return;
}
- auto &ctx = graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_NODES] += 1;
if (ctx->trigger_context_collector) {
@@ -2235,9 +2229,11 @@ mgp_error mgp_graph_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
mgp_error mgp_graph_detach_delete_vertex(struct mgp_graph *graph, mgp_vertex *vertex) {
return WrapExceptions([=] {
- if (graph->ctx && graph->ctx->auth_checker &&
- !graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, vertex->impl, graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ auto *ctx = graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(vertex->impl, graph->view,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting a vertex!"};
}
@@ -2263,8 +2259,6 @@ mgp_error mgp_graph_detach_delete_vertex(struct mgp_graph *graph, mgp_vertex *ve
return;
}
- auto &ctx = graph->ctx;
-
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_NODES] += 1;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_EDGES] +=
static_cast<int64_t>((*result)->second.size());
@@ -2288,9 +2282,11 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
mgp_memory *memory, mgp_edge **result) {
return WrapExceptions(
[=]() -> mgp_edge * {
- if (graph->ctx && graph->ctx->auth_checker &&
- !graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, from->graph->impl->NameToEdgeType(type.name),
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ auto *ctx = graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(from->graph->impl->NameToEdgeType(type.name),
+ memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for creating edges!"};
}
@@ -2312,7 +2308,6 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
throw SerializationException{"Cannot serialize creating an edge."};
}
}
- auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::CREATED_EDGES] += 1;
@@ -2326,9 +2321,10 @@ mgp_error mgp_graph_create_edge(mgp_graph *graph, mgp_vertex *from, mgp_vertex *
mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
return WrapExceptions([=] {
- if (graph->ctx && graph->ctx->auth_checker &&
- !graph->ctx->auth_checker->Accept(*graph->ctx->db_accessor, edge->impl,
- memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
+ auto *ctx = graph->ctx;
+
+ if (ctx && ctx->auth_checker &&
+ !ctx->auth_checker->Has(edge->impl, memgraph::query::AuthQuery::FineGrainedPrivilege::CREATE_DELETE)) {
throw AuthorizationException{"Insufficient permissions for deleting an edge!"};
}
if (!MgpGraphIsMutable(*graph)) {
@@ -2352,7 +2348,6 @@ mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
if (!*result) {
return;
}
- auto &ctx = graph->ctx;
ctx->execution_stats[memgraph::query::ExecutionStats::Key::DELETED_EDGES] += 1;
if (ctx->trigger_context_collector) {
@@ -2363,13 +2358,15 @@ mgp_error mgp_graph_delete_edge(struct mgp_graph *graph, mgp_edge *edge) {
namespace {
void NextPermitted(mgp_vertices_iterator &it) {
- if (!it.graph->ctx || !it.graph->ctx->auth_checker) {
+ const auto *ctx = it.graph->ctx;
+
+ if (!ctx || !ctx->auth_checker) {
return;
}
while (it.current_it != it.vertices.end()) {
- if (it.graph->ctx->auth_checker->Accept(*it.graph->ctx->db_accessor, *it.current_it, it.graph->view,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
+ if (ctx->auth_checker->Has(*it.current_it, it.graph->view,
+ memgraph::query::AuthQuery::FineGrainedPrivilege::READ)) {
break;
}
diff --git a/tests/unit/auth_checker.cpp b/tests/unit/auth_checker.cpp
index 6bdd5b89e..a62909ba8 100644
--- a/tests/unit/auth_checker.cpp
+++ b/tests/unit/auth_checker.cpp
@@ -48,85 +48,85 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantedAllLabels) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Grant("*", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantedAllEdgeTypes) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Grant(
"*", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllLabels) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DeniedAllEdgeTypes) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Deny("*", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_FALSE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantLabel) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Grant("l1",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DenyLabel) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificLabels) {
@@ -136,20 +136,20 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificLabels) {
user.fine_grained_access_handler().label_permissions().Grant("l2",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v3, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v3, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, MultipleVertexLabels) {
@@ -159,37 +159,37 @@ TEST_F(FineGrainedAuthCheckerFixture, MultipleVertexLabels) {
user.fine_grained_access_handler().label_permissions().Grant("l2",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().label_permissions().Deny("l3", memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
ASSERT_TRUE(v1.AddLabel(dba.NameToLabel("l3")).HasValue());
ASSERT_TRUE(v2.AddLabel(dba.NameToLabel("l1")).HasValue());
dba.AdvanceCommand();
- ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, v1, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::NEW,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, v2, memgraph::storage::View::OLD,
- memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v1, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(
+ auth_checker.Has(v1, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::NEW, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(
+ auth_checker.Has(v2, memgraph::storage::View::OLD, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantEdgeType) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Grant(
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, DenyEdgeType) {
memgraph::auth::User user{"test"};
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_1",
memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_FALSE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificEdgeTypes) {
@@ -198,10 +198,10 @@ TEST_F(FineGrainedAuthCheckerFixture, GrantAndDenySpecificEdgeTypes) {
"edge_type_1", memgraph::auth::FineGrainedPermission::CREATE_DELETE);
user.fine_grained_access_handler().edge_type_permissions().Deny("edge_type_2",
memgraph::auth::FineGrainedPermission::READ);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
- ASSERT_TRUE(auth_checker.Accept(dba, r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_TRUE(auth_checker.Accept(dba, r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
- ASSERT_FALSE(auth_checker.Accept(dba, r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r1, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_TRUE(auth_checker.Has(r2, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r3, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
+ ASSERT_FALSE(auth_checker.Has(r4, memgraph::query::AuthQuery::FineGrainedPrivilege::READ));
}
diff --git a/tests/unit/bfs_common.hpp b/tests/unit/bfs_common.hpp
index acb55e784..76707f4b3 100644
--- a/tests/unit/bfs_common.hpp
+++ b/tests/unit/bfs_common.hpp
@@ -541,7 +541,7 @@ void BfsTestWithFineGrainedFiltering(Database *db, int lower_bound, int upper_bo
break;
}
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &db_accessor};
context.auth_checker = std::make_unique<memgraph::glue::FineGrainedAuthChecker>(std::move(auth_checker));
// We run BFS once from each vertex for each blocked entity.
input_operator = YieldVertices(&db_accessor, vertices, source_symbol, input_operator);
diff --git a/tests/unit/query_plan_create_set_remove_delete.cpp b/tests/unit/query_plan_create_set_remove_delete.cpp
index 5b559aa8c..f423aa1f6 100644
--- a/tests/unit/query_plan_create_set_remove_delete.cpp
+++ b/tests/unit/query_plan_create_set_remove_delete.cpp
@@ -94,7 +94,7 @@ TEST(QueryPlan, FineGrainedCreateNodeWithAttributes) {
node.labels.emplace_back(label);
const auto test_create = [&](memgraph::auth::User &user) {
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &execution_dba};
auto context = MakeContextWithFineGrainedChecker(ast, symbol_table, &execution_dba, &auth_checker);
auto create = std::make_shared<CreateNode>(nullptr, node);
@@ -189,7 +189,7 @@ TEST(QueryPlan, FineGrainedCreateReturn) {
memgraph::auth::User user{"Test"};
user.fine_grained_access_handler().label_permissions().Grant("label",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
auto results = CollectProduce(*produce, &context);
EXPECT_EQ(1, results.size());
@@ -210,7 +210,7 @@ TEST(QueryPlan, FineGrainedCreateReturn) {
memgraph::auth::User user{"Test"};
user.fine_grained_access_handler().label_permissions().Deny("label",
memgraph::auth::FineGrainedPermission::CREATE_DELETE);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
ASSERT_THROW(CollectProduce(*produce, &context), QueryRuntimeException);
}
@@ -328,7 +328,7 @@ class CreateExpandWithAuthFixture : public testing::Test {
auto create_op = std::make_shared<CreateNode>(nullptr, n);
auto create_expand = std::make_shared<CreateExpand>(m, r, create_op, n.symbol, cycle);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_expand, &context);
dba.AdvanceCommand();
@@ -486,7 +486,7 @@ class MatchCreateNodeWithAuthFixture : public testing::Test {
m.labels = labels;
// creation op
auto create_node = std::make_shared<CreateNode>(n_scan_all.op_, m);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_node, &context);
@@ -622,7 +622,7 @@ class MatchCreateExpandWithAuthFixture : public testing::Test {
;
auto create_expand = std::make_shared<CreateExpand>(m, r, n_scan_all.op_, n_scan_all.sym_, cycle);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*create_expand, &context);
dba.AdvanceCommand();
@@ -837,7 +837,7 @@ class DeleteOperatorWithAuthFixture : public testing::Test {
auto n = MakeScanAll(storage, symbol_table, "n");
auto n_get = storage.Create<Identifier>("n")->MapTo(n.sym_);
Frame frame(symbol_table.max_position());
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
auto delete_op = std::make_shared<plan::Delete>(n.op_, std::vector<Expression *>{n_get}, true);
PullAll(*delete_op, &context);
@@ -861,7 +861,7 @@ class DeleteOperatorWithAuthFixture : public testing::Test {
memgraph::storage::View::NEW);
auto r_get = storage.Create<Identifier>("r")->MapTo(r_m.edge_sym_);
auto delete_op = std::make_shared<plan::Delete>(r_m.op_, std::vector<Expression *>{r_get}, false);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*delete_op, &context);
dba.AdvanceCommand();
@@ -1749,7 +1749,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_property, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@@ -1766,7 +1766,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
auto n_p = PROPERTY_LOOKUP(IDENT("r")->MapTo(expand.edge_sym_), entity_prop);
auto set_property = std::make_shared<plan::SetProperty>(expand.op_, entity_prop, n_p, literal);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*set_property, &context);
@@ -1788,7 +1788,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_properties, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@@ -1812,7 +1812,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(set_properties, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@@ -1831,7 +1831,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(remove_property, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*produce, &context);
@@ -1847,7 +1847,7 @@ class UpdatePropertiesWithAuthFixture : public testing::Test {
auto n_p = PROPERTY_LOOKUP(IDENT("n")->MapTo(expand.edge_sym_), entity_prop);
auto remove_property = std::make_shared<plan::RemoveProperty>(expand.op_, entity_prop, n_p);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
PullAll(*remove_property, &context);
diff --git a/tests/unit/query_plan_match_filter_return.cpp b/tests/unit/query_plan_match_filter_return.cpp
index 8a6aded1e..ece795e2c 100644
--- a/tests/unit/query_plan_match_filter_return.cpp
+++ b/tests/unit/query_plan_match_filter_return.cpp
@@ -61,7 +61,7 @@ class MatchReturnFixture : public testing::Test {
auto output =
NEXPR("n", IDENT("n")->MapTo(scan_all.sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(scan_all.op_, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
return PullAll(*produce, &context);
}
@@ -515,7 +515,7 @@ TEST_F(ExpandFixture, ExpandWithEdgeFiltering) {
auto output =
NEXPR("m", IDENT("m")->MapTo(r_m.node_sym_))->MapTo(symbol_table.CreateSymbol("named_expression_1", true));
auto produce = MakeProduce(r_m.op_, output);
- memgraph::glue::FineGrainedAuthChecker auth_checker{user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{user, &dba};
auto context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
return PullAll(*produce, &context);
};
@@ -703,7 +703,7 @@ class QueryPlanExpandVariable : public testing::Test {
auto cursor = input_op->MakeCursor(memgraph::utils::NewDeleteResource());
ExecutionContext context;
if (user) {
- memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);
@@ -721,7 +721,7 @@ class QueryPlanExpandVariable : public testing::Test {
auto cursor = input_op->MakeCursor(memgraph::utils::NewDeleteResource());
ExecutionContext context;
if (user) {
- memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);
@@ -1796,7 +1796,7 @@ class QueryPlanExpandWeightedShortestPath : public testing::Test {
std::vector<ResultType> results;
memgraph::query::ExecutionContext context;
if (user) {
- memgraph::glue::FineGrainedAuthChecker auth_checker{*user};
+ memgraph::glue::FineGrainedAuthChecker auth_checker{*user, &dba};
context = MakeContextWithFineGrainedChecker(storage, symbol_table, &dba, &auth_checker);
} else {
context = MakeContext(storage, symbol_table, &dba);
diff --git a/tests/unit/query_trigger.cpp b/tests/unit/query_trigger.cpp
index cecdb9198..e1325e76a 100644
--- a/tests/unit/query_trigger.cpp
+++ b/tests/unit/query_trigger.cpp
@@ -39,8 +39,9 @@ class MockAuthChecker : public memgraph::query::AuthChecker {
public:
MOCK_CONST_METHOD2(IsUserAuthorized, bool(const std::optional<std::string> &username,
const std::vector<memgraph::query::AuthQuery::Privilege> &privileges));
- MOCK_CONST_METHOD1(GetFineGrainedAuthChecker,
- std::unique_ptr<memgraph::query::FineGrainedAuthChecker>(const std::string &username));
+ MOCK_CONST_METHOD2(GetFineGrainedAuthChecker,
+ std::unique_ptr<memgraph::query::FineGrainedAuthChecker>(
+ const std::string &username, const memgraph::query::DbAccessor *db_accessor));
};
} // namespace