d008a2ad8d
* [T1007-MG < T0997-MG] Authorization on paths (#501) * Added read authorization in paths operators * [T1007-MG < T1016-MG] Added authorization in create and delete operators (#513) * Added authorization in RemoveNodeCursor, RemoveExpandCursor, CreateNodeCursor, CreateExpandCursor,MergeCursor * [T1007-MG < T1014-MG] Add authorization to read operators (#520) Added label based access control to read operators (ScanAll). * [T1007-MG < T1015-MG] Add authorization to update operators (SetProperty, SetProperties, RemoveProperty) (#521) Added label based authorization to update operators Co-authored-by: niko4299 <51059248+niko4299@users.noreply.github.com> Co-authored-by: Josip Mrden <josip.mrden@memgraph.io>
52 lines
2.0 KiB
Python
52 lines
2.0 KiB
Python
# Copyright 2021 Memgraph Ltd.
|
|
#
|
|
# Use of this software is governed by the Business Source License
|
|
# included in the file licenses/BSL.txt; by using this file, you agree to be bound by the terms of the Business Source
|
|
# License, and you may not use this file except in compliance with the Business Source License.
|
|
#
|
|
# As of the Change Date specified in that file, in accordance with
|
|
# the Business Source License, use of this software will be governed
|
|
# by the Apache License, Version 2.0, included in the file
|
|
# licenses/APL.txt.
|
|
|
|
import mgclient
|
|
import typing
|
|
|
|
|
|
def execute_and_fetch_all(cursor: mgclient.Cursor, query: str, params: dict = {}) -> typing.List[tuple]:
|
|
cursor.execute(query, params)
|
|
return cursor.fetchall()
|
|
|
|
|
|
def connect(**kwargs) -> mgclient.Connection:
|
|
connection = mgclient.connect(host="localhost", port=7687, **kwargs)
|
|
connection.autocommit = True
|
|
return connection
|
|
|
|
|
|
def reset_permissions(admin_cursor: mgclient.Cursor, create_index: bool):
|
|
execute_and_fetch_all(admin_cursor, "REVOKE LABELS * FROM user;")
|
|
execute_and_fetch_all(admin_cursor, "REVOKE EDGE_TYPES * FROM user;")
|
|
execute_and_fetch_all(admin_cursor, "MATCH(n) DETACH DELETE n;")
|
|
execute_and_fetch_all(admin_cursor, "DROP INDEX ON :read_label(prop);")
|
|
execute_and_fetch_all(admin_cursor, "DROP INDEX ON :read_label;")
|
|
|
|
execute_and_fetch_all(admin_cursor, "CREATE (n:read_label {prop: 5});")
|
|
|
|
if create_index:
|
|
execute_and_fetch_all(admin_cursor, "CREATE INDEX ON :read_label;")
|
|
execute_and_fetch_all(admin_cursor, "CREATE INDEX ON :read_label(prop);")
|
|
|
|
|
|
def reset_update_permissions(admin_cursor: mgclient.Cursor):
|
|
execute_and_fetch_all(admin_cursor, "REVOKE LABELS * FROM user;")
|
|
execute_and_fetch_all(admin_cursor, "REVOKE EDGE_TYPES * FROM user;")
|
|
|
|
execute_and_fetch_all(admin_cursor, "MATCH(n) DETACH DELETE n;")
|
|
|
|
execute_and_fetch_all(admin_cursor, "CREATE (n:update_label {prop: 1});")
|
|
execute_and_fetch_all(
|
|
admin_cursor,
|
|
"CREATE (n:update_label_1)-[r:update_edge_type]->(m:update_label_2);",
|
|
)
|