3f4f66b57f
* Add initial schema implementation * Add index to schema * List schemas and enable multiple properties * Implement SchemaTypes * Apply suggestions from code review Co-authored-by: Jeremy B <97525434+42jeremy@users.noreply.github.com> Co-authored-by: János Benjamin Antal <antaljanosbenjamin@users.noreply.github.com> * Address review comments * Remove Map and List * Add schema operations in storage * Add create and show schema queries * Add privileges for schema * Add missing keywords into lexer * Add drop schema query * Add schema visitors * Update metadata * Add PrepareSchemaQuery function * Implement show schemas * Add show schema query * Fix schema visitor * Add common schema type * Fix grammar * Temporary create ddl logic * Fix naming for schemaproperty type to schema type * Rename schemaproperty to schemapropertytype * Enable Create schema ddl * Override visitPropertyType * Add initial schema implementation * Add initial schema implementation * Add index to schema * List schemas and enable multiple properties * Implement SchemaTypes * Apply suggestions from code review Co-authored-by: Jeremy B <97525434+42jeremy@users.noreply.github.com> Co-authored-by: János Benjamin Antal <antaljanosbenjamin@users.noreply.github.com> * Address review comments * Remove Map and List * Apply suggestions from code review Co-authored-by: Kostas Kyrimis <kostaskyrim@gmail.com> Co-authored-by: Jeremy B <97525434+42jeremy@users.noreply.github.com> Co-authored-by: János Benjamin Antal <antaljanosbenjamin@users.noreply.github.com> Co-authored-by: Kostas Kyrimis <kostaskyrim@gmail.com> * Add verification on creation and deletion * Rename DeleteSchema to DropSchema * Remove list and map from lexer * Fix grammar with schemaTypeMap * Add privilege and cypher visitor tests * Catch repeating type name in schema definition * Fix conflicting keywords * Add notifications * Drop float support * Finish interpreter tests * Fix tests * Fix clang tidy errors * Fix GetSchema * Replace for with transfrom * Add cloning og schema_property_map * Address review comments * Rename SchemaPropertyType to SchemaType * Remove inline * Assert of schema properties Co-authored-by: Jeremy B <97525434+42jeremy@users.noreply.github.com> Co-authored-by: János Benjamin Antal <antaljanosbenjamin@users.noreply.github.com> Co-authored-by: Kostas Kyrimis <kostaskyrim@gmail.com>
158 lines
4.0 KiB
C++
158 lines
4.0 KiB
C++
// Copyright 2022 Memgraph Ltd.
|
|
//
|
|
// Licensed as a Memgraph Enterprise file under the Memgraph Enterprise
|
|
// License (the "License"); by using this file, you agree to be bound by the terms of the License, and you may not use
|
|
// this file except in compliance with the License. You may obtain a copy of the License at https://memgraph.com/legal.
|
|
//
|
|
//
|
|
|
|
#pragma once
|
|
|
|
#include <optional>
|
|
#include <string>
|
|
|
|
#include <json/json.hpp>
|
|
|
|
namespace memgraph::auth {
|
|
// These permissions must have values that are applicable for usage in a
|
|
// bitmask.
|
|
// clang-format off
|
|
enum class Permission : uint64_t {
|
|
MATCH = 1,
|
|
CREATE = 1U << 1U,
|
|
MERGE = 1U << 2U,
|
|
DELETE = 1U << 3U,
|
|
SET = 1U << 4U,
|
|
REMOVE = 1U << 5U,
|
|
INDEX = 1U << 6U,
|
|
STATS = 1U << 7U,
|
|
CONSTRAINT = 1U << 8U,
|
|
DUMP = 1U << 9U,
|
|
REPLICATION = 1U << 10U,
|
|
DURABILITY = 1U << 11U,
|
|
READ_FILE = 1U << 12U,
|
|
FREE_MEMORY = 1U << 13U,
|
|
TRIGGER = 1U << 14U,
|
|
CONFIG = 1U << 15U,
|
|
AUTH = 1U << 16U,
|
|
STREAM = 1U << 17U,
|
|
MODULE_READ = 1U << 18U,
|
|
MODULE_WRITE = 1U << 19U,
|
|
WEBSOCKET = 1U << 20U,
|
|
SCHEMA = 1U << 21U
|
|
};
|
|
// clang-format on
|
|
|
|
// Function that converts a permission to its string representation.
|
|
std::string PermissionToString(Permission permission);
|
|
|
|
// Class that indicates what permission level the user/role has.
|
|
enum class PermissionLevel {
|
|
GRANT,
|
|
NEUTRAL,
|
|
DENY,
|
|
};
|
|
|
|
// Function that converts a permission level to its string representation.
|
|
std::string PermissionLevelToString(PermissionLevel level);
|
|
|
|
class Permissions final {
|
|
public:
|
|
Permissions(uint64_t grants = 0, uint64_t denies = 0);
|
|
|
|
PermissionLevel Has(Permission permission) const;
|
|
|
|
void Grant(Permission permission);
|
|
|
|
void Revoke(Permission permission);
|
|
|
|
void Deny(Permission permission);
|
|
|
|
std::vector<Permission> GetGrants() const;
|
|
|
|
std::vector<Permission> GetDenies() const;
|
|
|
|
nlohmann::json Serialize() const;
|
|
|
|
/// @throw AuthException if unable to deserialize.
|
|
static Permissions Deserialize(const nlohmann::json &data);
|
|
|
|
uint64_t grants() const;
|
|
uint64_t denies() const;
|
|
|
|
private:
|
|
uint64_t grants_{0};
|
|
uint64_t denies_{0};
|
|
};
|
|
|
|
bool operator==(const Permissions &first, const Permissions &second);
|
|
|
|
bool operator!=(const Permissions &first, const Permissions &second);
|
|
|
|
class Role final {
|
|
public:
|
|
Role(const std::string &rolename);
|
|
|
|
Role(const std::string &rolename, const Permissions &permissions);
|
|
|
|
const std::string &rolename() const;
|
|
const Permissions &permissions() const;
|
|
Permissions &permissions();
|
|
|
|
nlohmann::json Serialize() const;
|
|
|
|
/// @throw AuthException if unable to deserialize.
|
|
static Role Deserialize(const nlohmann::json &data);
|
|
|
|
friend bool operator==(const Role &first, const Role &second);
|
|
|
|
private:
|
|
std::string rolename_;
|
|
Permissions permissions_;
|
|
};
|
|
|
|
bool operator==(const Role &first, const Role &second);
|
|
|
|
// TODO (mferencevic): Implement password expiry.
|
|
class User final {
|
|
public:
|
|
User(const std::string &username);
|
|
|
|
User(const std::string &username, const std::string &password_hash, const Permissions &permissions);
|
|
|
|
/// @throw AuthException if unable to verify the password.
|
|
bool CheckPassword(const std::string &password);
|
|
|
|
/// @throw AuthException if unable to set the password.
|
|
void UpdatePassword(const std::optional<std::string> &password = std::nullopt);
|
|
|
|
void SetRole(const Role &role);
|
|
|
|
void ClearRole();
|
|
|
|
Permissions GetPermissions() const;
|
|
|
|
const std::string &username() const;
|
|
|
|
const Permissions &permissions() const;
|
|
Permissions &permissions();
|
|
|
|
const Role *role() const;
|
|
|
|
nlohmann::json Serialize() const;
|
|
|
|
/// @throw AuthException if unable to deserialize.
|
|
static User Deserialize(const nlohmann::json &data);
|
|
|
|
friend bool operator==(const User &first, const User &second);
|
|
|
|
private:
|
|
std::string username_;
|
|
std::string password_hash_;
|
|
Permissions permissions_;
|
|
std::optional<Role> role_;
|
|
};
|
|
|
|
bool operator==(const User &first, const User &second);
|
|
} // namespace memgraph::auth
|