Search in sources :

Example 1 with HugeResource

use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.

the class RolePermissionTest method testHugeResourceFilter.

@Test
public void testHugeResourceFilter() {
    HugeResource all = HugeResource.ALL;
    // common
    ResourceObject<?> r1 = ResourceObject.of("g1", ResourceType.GREMLIN, NameObject.ANY);
    Assert.assertTrue(all.filter(r1));
    ResourceObject<?> r2 = ResourceObject.of("g1", ResourceType.META, NameObject.of("test"));
    Assert.assertTrue(all.filter(r2));
    HugeResource page = new HugeResource(ResourceType.META, "page", null);
    Assert.assertFalse(page.filter(r2));
    ResourceObject<?> r3 = ResourceObject.of("g1", ResourceType.META, NameObject.of("page"));
    Assert.assertTrue(page.filter(r3));
}
Also used : HugeResource(com.baidu.hugegraph.auth.HugeResource) Test(org.junit.Test)

Example 2 with HugeResource

use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.

the class RolePermissionTest method testHugeResourceFilterSchema.

@Test
public void testHugeResourceFilterSchema() {
    HugeResource all = HugeResource.ALL;
    HugeResource schema = new HugeResource(ResourceType.SCHEMA, HugeResource.ANY, null);
    HugeResource vlPrefix = new HugeResource(ResourceType.VERTEX_LABEL, "p-.*", null);
    ResourceObject<?> r3 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("test"));
    Assert.assertTrue(all.filter(r3));
    Assert.assertTrue(schema.filter(r3));
    Assert.assertFalse(vlPrefix.filter(r3));
    ResourceObject<?> r4 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("p-test"));
    Assert.assertTrue(all.filter(r4));
    Assert.assertTrue(schema.filter(r4));
    Assert.assertTrue(vlPrefix.filter(r4));
    FakeObjects fo = new FakeObjects();
    VertexLabel vl1 = fo.newVertexLabel(IdGenerator.of("id1"), "person", IdStrategy.PRIMARY_KEY, IdGenerator.of("1"));
    ResourceObject<?> r5 = ResourceObject.of("g1", vl1);
    Assert.assertTrue(all.filter(r5));
    Assert.assertTrue(schema.filter(r5));
    Assert.assertFalse(vlPrefix.filter(r5));
    VertexLabel vl2 = fo.newVertexLabel(IdGenerator.of("id1"), "p-person", IdStrategy.PRIMARY_KEY, IdGenerator.of("1"));
    ResourceObject<?> r6 = ResourceObject.of("g1", vl2);
    Assert.assertTrue(all.filter(r6));
    Assert.assertTrue(schema.filter(r6));
    Assert.assertTrue(vlPrefix.filter(r6));
}
Also used : FakeObjects(com.baidu.hugegraph.unit.FakeObjects) VertexLabel(com.baidu.hugegraph.schema.VertexLabel) HugeResource(com.baidu.hugegraph.auth.HugeResource) Test(org.junit.Test)

Example 3 with HugeResource

use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.

the class RolePermissionTest method testHugeResource.

@Test
public void testHugeResource() {
    HugeResource r = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Beijing"));
    String json = "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\"}}";
    Assert.assertEquals(json, r.toString());
    Assert.assertEquals(r, HugeResource.parseResource(json));
    HugeResource r1 = new HugeResource(null, null, null);
    HugeResource r2 = new HugeResource(null, null, null);
    String nullJson = "{\"type\":null,\"label\":null,\"properties\":null}";
    Assert.assertEquals(nullJson, r1.toString());
    Assert.assertEquals(r1, r2);
    HugeResource r3 = HugeResource.parseResource(nullJson);
    Assert.assertEquals(r1, r3);
    Assert.assertThrows(HugeException.class, () -> {
        new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "P.(1)"));
    }, e -> {
        Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
    });
    Assert.assertThrows(HugeException.class, () -> {
        String resource = "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"P.(1)\"}}";
        HugeResource.parseResource(resource);
    }, e -> {
        Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
    });
    Assert.assertThrows(HugeException.class, () -> {
        String resources = "[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"P.(1)\"}}]";
        HugeResource.parseResources(resources);
    }, e -> {
        Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
    });
}
Also used : HugeResource(com.baidu.hugegraph.auth.HugeResource) Test(org.junit.Test)

Example 4 with HugeResource

use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.

the class RolePermissionTest method testHugeResourceFilterVertexOrEdge.

@Test
public void testHugeResourceFilterVertexOrEdge() {
    HugeResource all = HugeResource.ALL;
    // vertex & edge
    FakeObjects fo = new FakeObjects();
    HugeEdge edge = fo.newEdge(1, 2);
    ResourceObject<?> r1 = ResourceObject.of("g1", edge.sourceVertex());
    ResourceObject<?> r2 = ResourceObject.of("g1", edge.targetVertex());
    ResourceObject<?> r3 = ResourceObject.of("g1", edge);
    Assert.assertTrue(all.filter(r1));
    Assert.assertTrue(all.filter(r2));
    Assert.assertTrue(all.filter(r3));
    HugeResource vr = new HugeResource(ResourceType.VERTEX, HugeResource.ANY, null);
    Assert.assertTrue(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", null);
    Assert.assertTrue(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Beijing"));
    Assert.assertTrue(vr.filter(r1));
    Assert.assertFalse(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Shanghai"));
    Assert.assertFalse(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "P.within(\"Beijing\", \"Shanghai\")"));
    Assert.assertTrue(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.gt(18)"));
    Assert.assertFalse(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.between(20, 21)"));
    Assert.assertFalse(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.between(18, 21)"));
    Assert.assertTrue(vr.filter(r1));
    Assert.assertTrue(vr.filter(r2));
    Assert.assertFalse(vr.filter(r3));
    HugeResource er = new HugeResource(ResourceType.EDGE, "knows", null);
    Assert.assertFalse(er.filter(r1));
    Assert.assertFalse(er.filter(r2));
    Assert.assertTrue(er.filter(r3));
    er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.gt(0.7)"));
    Assert.assertFalse(er.filter(r1));
    Assert.assertFalse(er.filter(r2));
    Assert.assertTrue(er.filter(r3));
    er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.gt(0.8)"));
    Assert.assertFalse(er.filter(r1));
    Assert.assertFalse(er.filter(r2));
    Assert.assertFalse(er.filter(r3));
    er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.lt(0.8)"));
    Assert.assertFalse(er.filter(r1));
    Assert.assertFalse(er.filter(r2));
    Assert.assertTrue(er.filter(r3));
}
Also used : FakeObjects(com.baidu.hugegraph.unit.FakeObjects) HugeResource(com.baidu.hugegraph.auth.HugeResource) HugeEdge(com.baidu.hugegraph.structure.HugeEdge) Test(org.junit.Test)

Example 5 with HugeResource

use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.

the class AuthTest method testRolePermission.

@Test
public void testRolePermission() {
    HugeGraph graph = graph();
    AuthManager authManager = graph.authManager();
    authManager.createUser(makeUser("admin", "pa"));
    Id user0 = authManager.createUser(makeUser("hugegraph", "p0"));
    Id user1 = authManager.createUser(makeUser("hugegraph1", "p1"));
    Id group1 = authManager.createGroup(makeGroup("group1"));
    Id group2 = authManager.createGroup(makeGroup("group2"));
    Id graph1 = authManager.createTarget(makeTarget("hugegraph", "url1"));
    Id graph2 = authManager.createTarget(makeTarget("hugegraph1", "url2"));
    List<HugeResource> rv = HugeResource.parseResources("[{\"type\": \"VERTEX\", \"label\": \"person\", " + "\"properties\":{\"city\": \"Beijing\", \"age\": \"P.gte(20)\"}}," + " {\"type\": \"VERTEX_LABEL\", \"label\": \"*\"}," + " {\"type\": \"PROPERTY_KEY\", \"label\": \"*\"}]");
    List<HugeResource> re = HugeResource.parseResources("[{\"type\": \"EDGE\", \"label\": \"write\"}, " + " {\"type\": \"PROPERTY_KEY\"}, {\"type\": \"VERTEX_LABEL\"}, " + " {\"type\": \"EDGE_LABEL\"}, {\"type\": \"INDEX_LABEL\"}]");
    List<HugeResource> rg = HugeResource.parseResources("[{\"type\": \"GREMLIN\"}]");
    Id graph1v = authManager.createTarget(makeTarget("hugegraph-v", "hugegraph", "url1", rv));
    Id graph1e = authManager.createTarget(makeTarget("hugegraph-e", "hugegraph", "url1", re));
    Id graph1gremlin = authManager.createTarget(makeTarget("hugegraph-g", "hugegraph", "url1", rg));
    Id belong1 = authManager.createBelong(makeBelong(user0, group1));
    Id belong2 = authManager.createBelong(makeBelong(user1, group2));
    authManager.createAccess(makeAccess(group1, graph1, HugePermission.READ));
    authManager.createAccess(makeAccess(group1, graph1, HugePermission.WRITE));
    authManager.createAccess(makeAccess(group1, graph2, HugePermission.READ));
    authManager.createAccess(makeAccess(group2, graph2, HugePermission.READ));
    Id access1v = authManager.createAccess(makeAccess(group1, graph1v, HugePermission.READ));
    authManager.createAccess(makeAccess(group1, graph1v, HugePermission.WRITE));
    authManager.createAccess(makeAccess(group1, graph1e, HugePermission.READ));
    Id access1g = authManager.createAccess(makeAccess(group1, graph1gremlin, HugePermission.EXECUTE));
    RolePermission role;
    role = authManager.rolePermission(authManager.getUser(user0));
    String expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"EDGE_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"INDEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"WRITE\":" + "[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"EXECUTE\":" + "[{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}," + "\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getBelong(belong1));
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getGroup(group1));
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getAccess(access1v));
    expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getAccess(access1g));
    expected = "{\"roles\":{\"hugegraph\":{\"EXECUTE\":[" + "{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getUser(user1));
    expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getBelong(belong2));
    expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getTarget(graph1v));
    expected = "{\"roles\":" + "{\"hugegraph\":" + "{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
}
Also used : HugeGraph(com.baidu.hugegraph.HugeGraph) AuthManager(com.baidu.hugegraph.auth.AuthManager) HugeResource(com.baidu.hugegraph.auth.HugeResource) Id(com.baidu.hugegraph.backend.id.Id) RolePermission(com.baidu.hugegraph.auth.RolePermission) Test(org.junit.Test)

Aggregations

HugeResource (com.baidu.hugegraph.auth.HugeResource)7 Test (org.junit.Test)7 FakeObjects (com.baidu.hugegraph.unit.FakeObjects)2 HugeGraph (com.baidu.hugegraph.HugeGraph)1 AuthManager (com.baidu.hugegraph.auth.AuthManager)1 HugeProject (com.baidu.hugegraph.auth.HugeProject)1 HugeTarget (com.baidu.hugegraph.auth.HugeTarget)1 HugeUser (com.baidu.hugegraph.auth.HugeUser)1 RolePermission (com.baidu.hugegraph.auth.RolePermission)1 Id (com.baidu.hugegraph.backend.id.Id)1 VertexLabel (com.baidu.hugegraph.schema.VertexLabel)1 HugeEdge (com.baidu.hugegraph.structure.HugeEdge)1