use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.
the class RolePermissionTest method testHugeResourceFilter.
@Test
public void testHugeResourceFilter() {
HugeResource all = HugeResource.ALL;
// common
ResourceObject<?> r1 = ResourceObject.of("g1", ResourceType.GREMLIN, NameObject.ANY);
Assert.assertTrue(all.filter(r1));
ResourceObject<?> r2 = ResourceObject.of("g1", ResourceType.META, NameObject.of("test"));
Assert.assertTrue(all.filter(r2));
HugeResource page = new HugeResource(ResourceType.META, "page", null);
Assert.assertFalse(page.filter(r2));
ResourceObject<?> r3 = ResourceObject.of("g1", ResourceType.META, NameObject.of("page"));
Assert.assertTrue(page.filter(r3));
}
use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.
the class RolePermissionTest method testHugeResourceFilterSchema.
@Test
public void testHugeResourceFilterSchema() {
HugeResource all = HugeResource.ALL;
HugeResource schema = new HugeResource(ResourceType.SCHEMA, HugeResource.ANY, null);
HugeResource vlPrefix = new HugeResource(ResourceType.VERTEX_LABEL, "p-.*", null);
ResourceObject<?> r3 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("test"));
Assert.assertTrue(all.filter(r3));
Assert.assertTrue(schema.filter(r3));
Assert.assertFalse(vlPrefix.filter(r3));
ResourceObject<?> r4 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("p-test"));
Assert.assertTrue(all.filter(r4));
Assert.assertTrue(schema.filter(r4));
Assert.assertTrue(vlPrefix.filter(r4));
FakeObjects fo = new FakeObjects();
VertexLabel vl1 = fo.newVertexLabel(IdGenerator.of("id1"), "person", IdStrategy.PRIMARY_KEY, IdGenerator.of("1"));
ResourceObject<?> r5 = ResourceObject.of("g1", vl1);
Assert.assertTrue(all.filter(r5));
Assert.assertTrue(schema.filter(r5));
Assert.assertFalse(vlPrefix.filter(r5));
VertexLabel vl2 = fo.newVertexLabel(IdGenerator.of("id1"), "p-person", IdStrategy.PRIMARY_KEY, IdGenerator.of("1"));
ResourceObject<?> r6 = ResourceObject.of("g1", vl2);
Assert.assertTrue(all.filter(r6));
Assert.assertTrue(schema.filter(r6));
Assert.assertTrue(vlPrefix.filter(r6));
}
use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.
the class RolePermissionTest method testHugeResource.
@Test
public void testHugeResource() {
HugeResource r = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Beijing"));
String json = "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\"}}";
Assert.assertEquals(json, r.toString());
Assert.assertEquals(r, HugeResource.parseResource(json));
HugeResource r1 = new HugeResource(null, null, null);
HugeResource r2 = new HugeResource(null, null, null);
String nullJson = "{\"type\":null,\"label\":null,\"properties\":null}";
Assert.assertEquals(nullJson, r1.toString());
Assert.assertEquals(r1, r2);
HugeResource r3 = HugeResource.parseResource(nullJson);
Assert.assertEquals(r1, r3);
Assert.assertThrows(HugeException.class, () -> {
new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "P.(1)"));
}, e -> {
Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
});
Assert.assertThrows(HugeException.class, () -> {
String resource = "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"P.(1)\"}}";
HugeResource.parseResource(resource);
}, e -> {
Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
});
Assert.assertThrows(HugeException.class, () -> {
String resources = "[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"P.(1)\"}}]";
HugeResource.parseResources(resources);
}, e -> {
Assert.assertContains("Invalid predicate: P.(1)", e.getMessage());
});
}
use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.
the class RolePermissionTest method testHugeResourceFilterVertexOrEdge.
@Test
public void testHugeResourceFilterVertexOrEdge() {
HugeResource all = HugeResource.ALL;
// vertex & edge
FakeObjects fo = new FakeObjects();
HugeEdge edge = fo.newEdge(1, 2);
ResourceObject<?> r1 = ResourceObject.of("g1", edge.sourceVertex());
ResourceObject<?> r2 = ResourceObject.of("g1", edge.targetVertex());
ResourceObject<?> r3 = ResourceObject.of("g1", edge);
Assert.assertTrue(all.filter(r1));
Assert.assertTrue(all.filter(r2));
Assert.assertTrue(all.filter(r3));
HugeResource vr = new HugeResource(ResourceType.VERTEX, HugeResource.ANY, null);
Assert.assertTrue(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", null);
Assert.assertTrue(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Beijing"));
Assert.assertTrue(vr.filter(r1));
Assert.assertFalse(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "Shanghai"));
Assert.assertFalse(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("city", "P.within(\"Beijing\", \"Shanghai\")"));
Assert.assertTrue(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.gt(18)"));
Assert.assertFalse(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.between(20, 21)"));
Assert.assertFalse(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
vr = new HugeResource(ResourceType.VERTEX, "person", ImmutableMap.of("age", "P.between(18, 21)"));
Assert.assertTrue(vr.filter(r1));
Assert.assertTrue(vr.filter(r2));
Assert.assertFalse(vr.filter(r3));
HugeResource er = new HugeResource(ResourceType.EDGE, "knows", null);
Assert.assertFalse(er.filter(r1));
Assert.assertFalse(er.filter(r2));
Assert.assertTrue(er.filter(r3));
er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.gt(0.7)"));
Assert.assertFalse(er.filter(r1));
Assert.assertFalse(er.filter(r2));
Assert.assertTrue(er.filter(r3));
er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.gt(0.8)"));
Assert.assertFalse(er.filter(r1));
Assert.assertFalse(er.filter(r2));
Assert.assertFalse(er.filter(r3));
er = new HugeResource(ResourceType.EDGE, "knows", ImmutableMap.of("weight", "P.lt(0.8)"));
Assert.assertFalse(er.filter(r1));
Assert.assertFalse(er.filter(r2));
Assert.assertTrue(er.filter(r3));
}
use of com.baidu.hugegraph.auth.HugeResource in project incubator-hugegraph by apache.
the class AuthTest method testRolePermission.
@Test
public void testRolePermission() {
HugeGraph graph = graph();
AuthManager authManager = graph.authManager();
authManager.createUser(makeUser("admin", "pa"));
Id user0 = authManager.createUser(makeUser("hugegraph", "p0"));
Id user1 = authManager.createUser(makeUser("hugegraph1", "p1"));
Id group1 = authManager.createGroup(makeGroup("group1"));
Id group2 = authManager.createGroup(makeGroup("group2"));
Id graph1 = authManager.createTarget(makeTarget("hugegraph", "url1"));
Id graph2 = authManager.createTarget(makeTarget("hugegraph1", "url2"));
List<HugeResource> rv = HugeResource.parseResources("[{\"type\": \"VERTEX\", \"label\": \"person\", " + "\"properties\":{\"city\": \"Beijing\", \"age\": \"P.gte(20)\"}}," + " {\"type\": \"VERTEX_LABEL\", \"label\": \"*\"}," + " {\"type\": \"PROPERTY_KEY\", \"label\": \"*\"}]");
List<HugeResource> re = HugeResource.parseResources("[{\"type\": \"EDGE\", \"label\": \"write\"}, " + " {\"type\": \"PROPERTY_KEY\"}, {\"type\": \"VERTEX_LABEL\"}, " + " {\"type\": \"EDGE_LABEL\"}, {\"type\": \"INDEX_LABEL\"}]");
List<HugeResource> rg = HugeResource.parseResources("[{\"type\": \"GREMLIN\"}]");
Id graph1v = authManager.createTarget(makeTarget("hugegraph-v", "hugegraph", "url1", rv));
Id graph1e = authManager.createTarget(makeTarget("hugegraph-e", "hugegraph", "url1", re));
Id graph1gremlin = authManager.createTarget(makeTarget("hugegraph-g", "hugegraph", "url1", rg));
Id belong1 = authManager.createBelong(makeBelong(user0, group1));
Id belong2 = authManager.createBelong(makeBelong(user1, group2));
authManager.createAccess(makeAccess(group1, graph1, HugePermission.READ));
authManager.createAccess(makeAccess(group1, graph1, HugePermission.WRITE));
authManager.createAccess(makeAccess(group1, graph2, HugePermission.READ));
authManager.createAccess(makeAccess(group2, graph2, HugePermission.READ));
Id access1v = authManager.createAccess(makeAccess(group1, graph1v, HugePermission.READ));
authManager.createAccess(makeAccess(group1, graph1v, HugePermission.WRITE));
authManager.createAccess(makeAccess(group1, graph1e, HugePermission.READ));
Id access1g = authManager.createAccess(makeAccess(group1, graph1gremlin, HugePermission.EXECUTE));
RolePermission role;
role = authManager.rolePermission(authManager.getUser(user0));
String expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"EDGE_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"INDEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"WRITE\":" + "[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"EXECUTE\":" + "[{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}," + "\"hugegraph1\":{\"READ\":[]}}}";
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getBelong(belong1));
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getGroup(group1));
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getAccess(access1v));
expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getAccess(access1g));
expected = "{\"roles\":{\"hugegraph\":{\"EXECUTE\":[" + "{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}}}";
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getUser(user1));
expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getBelong(belong2));
expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
Assert.assertEquals(expected, role.toJson());
role = authManager.rolePermission(authManager.getTarget(graph1v));
expected = "{\"roles\":" + "{\"hugegraph\":" + "{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
Assert.assertEquals(expected, role.toJson());
}
Aggregations