* [T1006-MG < T1017-MG] Add LBA checks to all read procedures in C API (#515)
* Initial Impl
* NextPermittedEdge introduced
* revert moving constructor to cpp
* edge from and edge to methods expanded with lba check
* minor fix
* added check to path expand procedure
* Added integration tests for read query procedures
* additional check
* changed iterator type to reference
* comments from pr
Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
* [T1006-MG < T1018-MG] Add LBA checks to all update procedures in C API (#516)
* Initial Impl
* NextPermittedEdge introduced
* revert moving constructor to cpp
* edge from and edge to methods expanded with lba check
* minor fix
* extended update methods
* added check to path expand procedure
* Added integration tests for read query procedures
* Added integration tests for update query modules
* additional check
* changed iterator type to reference
* fixed bug in Update property for node; fixed 2 e2e tests
* replaced enum
Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
* [T1006-MG < T1019-MG] Add LBA checks to all Create and Delete procedures in C API (#517)
* Initial Impl
* NextPermittedEdge introduced
* revert moving constructor to cpp
* edge from and edge to methods expanded with lba check
* minor fix
* extended update methods
* initial implementation
* added check to path expand procedure
* Added integration tests for read query procedures
* Added integration tests for update query modules
* Added unit tests for creation of vertex, adding and removing vertex label
* additional check
* changed iterator type to reference
* Added unit tests for create edge
* Corrected query module in create edge
* fixed bug in Update property for node; fixed 2 e2e tests
* fixed merge errors
* Expanded FineGrainedAuthChecker with HasGlobalPermissionOnVertices and HasGlobalPermissionOnEdges
* Removed two wrong checks; Added two global checks
* return null added
* introduced new mgp_error value
* fixed endless loop
* replaced enum
* intermediate
* tests updated
* PermissionDeniedError -> AuthorizationError rename
* rename in enum permission_denied error -> authorization error
* mgp_vertex_remove_label check improved
* quotes changed; order of imports fixed
* string constant introduced
* import fixed
* yaml format
Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
The fields of ROUTE message were not read from the input buffer, thus the
input buffer got corrupted. Sending a new message to the server would result
reading the remaining fields from the buffer, which means reading some values
instead of message signature. Because of this unmet expectation, Memgraph closed
the connection. With this fix, the fields of the ROUTE message are properly
read and ignored.
* Added enum for more granular access control; Expanded functionality of fine grained access checker; Propagated changes to Edit, Deny and Revoke permissions methods in interpreter
* Introduced Merge method for merging two colle with permissions
* e2e tests implementation started
* Expanded cypher to support fine grained permissions
* ast.lcp::AuthQuery removed labels, added support for label permissions
* promoted label permissions to vector
* removed unnecesary enum value
* expanded glue/auth with LabelPrivilegeToLabelPermission
* added const
* extended Grant Deny and Revoke Privileges with new label privileges
* extended Edit Grant Deny and Revoke Privileges to properly use new model
* Fixed unit tests
* FineGrainedAccessChecker Grant and Deny methods reworked
* Revoke cypher slightly reworked; Revoke for labels works without label permissions
* EditPermission's label_permission lambda now takes two parameters
* constants naming enforced; replaced asterisks with string constant
* removed faulty test addition
* Naming fixes; FineGrainedAccessChecker unit tests introduced
* unnecessary includes removed; minor code improvements
* minor fix
* Access checker reworked; denies and grant merged into single permission object; Created global_permission that applies to all non-created permissions. Grant, Deny and Revoke reworked; Merge method reworked
* Fixed wrong check;
* Fix after merge; renamed constants; removed unused constant
* Fix after merge; workloads.yaml for lbaprocedures e2e tests updated with new grammar
* Fixes after merge
* Fixes after merge
* fixed Revoke that was not fixed after the merge
* updated cypher main visitor tests
* PR review changes; Naming and const fixed, replaced double tertiary with lambda
* unwrapping the iterator fix
* merge 1003 minor fix
* minor spelling fixes
* Introduced visitPrivilegesList because of the doubled code
* const added
* string const to enum
* redundant braces
* added const
* minor code improvement
* e2e tests expanded
* if -> switch
* enum class inherits uint8_t now
* LabelPrililege::EDIT -> LabelPrivilege::UPDATE
* LabelPermission -> EntityPermission; LabelPrivilege -> EntityPrivilege
* EntityPrivilege -> FineGrainedPrivilege; EntityPermission -> FineGrainedPermission
* Added enum for more granular access control; Expanded functionality of fine grained access checker; Propagated changes to Edit, Deny and Revoke permissions methods in interpreter
* Introduced Merge method for merging two colle with permissions
* e2e tests implementation started
* FineGrainedAccessChecker Grant and Deny methods reworked
* removed faulty test addition
* Naming fixes; FineGrainedAccessChecker unit tests introduced
* unnecessary includes removed; minor code improvements
* Access checker reworked; denies and grant merged into single permission object; Created global_permission that applies to all non-created permissions. Grant, Deny and Revoke reworked; Merge method reworked
* Fixed wrong check;
* PR review changes; Naming and const fixed, replaced double tertiary with lambda
* unwrapping the iterator fix
* minor spelling fixes
* GRANT, REVOKE, DENY and access_checker DONE
* Added AccessChecker to ExecutionContext
* grammar expanded; (#462)
* current
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Fixed
* Removed extra lambda
* fixed
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* added
* Added FineGrainedAccessChecker to Context
* fixed
* Added filtering
* testing
* Added edge filtering to storage, need to add filtering in simple Expand in operator.cpp
* Removed storage changes
* MATCH filtering working
* EdgeTypeFiltering working, just need to test everything again
* Removed FineGrainedAccessChecker
* Removed Expand Path
* Fix
* Tested FineGrainedAccessHandler, need to test AuthChecker
* Added integration test for lba
* Fixed merge conflicts
* PR fix
* fixed
* PR fix
* Fix test
* removed .vscode, .cache, .githooks
* githooks
* added tests
* fixed build
* Changed ast.lcp and User pointer to value in context.hpp
* Fixed test
* Remove denies on grant all
* AuthChecker
* Pr fix, auth_checker still not fixed
* Create mg-glue and extract UserBasedAuthChecker from AuthChecker
* Build fixed, need to fix test
* e2e tests
* e2e test working
* Added unit test, e2e and FineGrainedChecker
* Mege E129, auth_checker tests
* Fixed test
* e2e fix
Co-authored-by: Boris Taševski <36607228+BorisTasevski@users.noreply.github.com>
Co-authored-by: josipmrden <josip.mrden@external-basf.com>
Co-authored-by: János Benjamin Antal <benjamin.antal@memgraph.io>
* implemented skipping vertices in Constructor and mgp_vertices_iterator_next
* Added utility function for moving iterator to next permitted vertex
* removed ifdef directive
* NextPermitted parameter type changed from mgp_vertices_iterator* to mgp_vertices_iterator&
* created support for lba-procedures e2e testing; Added test for vertex iterator skipping unauthorized vertices
* removed fixture from tests; converted generator to regular function;
Add a report for the case where a sync replica does not confirm within a timeout:
-Add a new exception: ReplicationException to be returned when one sync replica does not confirm the reception of messages (new data, new constraint/index, or for triggers)
-Update the logic to throw the ReplicationException when needed for insertion of new data, triggers, or creation of new constraint/index
-Add end-to-end tests to cover the loss of connection with sync/async replicas when adding new data, adding new constraint/indexes, and triggers
Add end-to-end tests to cover the creation and drop of indexes, existence constraints, and uniqueness constraints
Improved tooling function mg_sleep_and_assert to also show the last result when duration is exceeded
Add a new command that is able to return the set of configurations that that the
given instance of memgraph was started up with. The returned information
currently consists of the name, the default and the current value of each flag.
The hidden property of three flags were removed, namely --query-cost-planner,
--query-vertex-count-to-expand-existing and --query-max-plans. The flag
--log-link-basename was completely removed since it is not used.
* grammar expanded; (#462)
* T0954 mg expand user and role to hold permissions on labels (#465)
* added FineGrainedAccessPermissions class to model
* expanded user and role with fine grained access permissions
* fixed grammar
* [E129 < T0953-MG] GRANT, DENY, REVOKE added in interpreter and mainVisitor (#464)
* GRANT, DENY, REVOKE added in interpreter and mainVisitor
* Commented labelPermissons
* remove labelsPermission adding
* Removed extra lambda
* [E129<-T0955-MG] Expand ExecutionContext with label related information (#467)
* Added FineGrainedAccessChecker to Context
* fixed failing tests for label based authorization (#480)
* Marked FineGrainedAccessChecker ctor explicit; Introduced change to clang-tidy; (#483)
Co-authored-by: niko4299 <51059248+niko4299@users.noreply.github.com>
The `sum()` and `count()` functions were giving results different from the openCypher specification on null `input.` The aggregation functions also had a problem when they were used in a group-by context and were giving results that were not compliant with the openCypher specification.
* Make `IfOperator` return the `else_expression_` in case of `NULL`
* Add gql_behave tests
* Add gql_behave test to specifically check for the case when the test expression itself is null
* Modify `toString` to be able to handle `Date`, `LocalTime`, `LocalDateTime` and `Duration`
* Add unit tests
* Make `operator<<` use the `ToString()` implementations
* Add tests to verify the correctness of negative durations
* Add more tests to look for cases when the individual duration entities overflow.
* Storage takes care of the saving of setting when a new replica is added
* Restore replicas at startup
* Modify interactive_mg_runner + memgraph to support that data-directory can be configured in CONTEXT
* Extend e2e test
* Correct typo
* Add flag to config to specify when replication should be stored (true by default when starting Memgraph)
* Remove un-necessary "--" in yaml file
* Make sure Memgraph stops if a replica can't be restored.
* Add UT covering the parsing of ReplicaStatus to/from json
* Add assert in e2e script to check that a port is free before using it
* Add test covering crash on Jepsen
* Make sure applciaiton crashes if it starts on corrupted replications' info
Starting with a non-reponsive replica is allowed.
* Add temporary startup flag: this is needed so jepsen do not automatically restore replica on startup of main. This will be removed in T0835
