Search in sources :

Example 1 with RolePermission

use of com.baidu.hugegraph.auth.RolePermission in project incubator-hugegraph by apache.

the class RolePermissionTest method testBuiltinNone.

@Test
public void testBuiltinNone() {
    RolePermission none = RolePermission.none();
    RolePermission role1 = RolePermission.role("none", HugePermission.NONE);
    Assert.assertEquals(none, role1);
    Assert.assertSame(none, RolePermission.builtin(none));
    Assert.assertSame(none, RolePermission.builtin(role1));
    Assert.assertEquals("{\"roles\":{\"none\":{\"NONE\":[" + "{\"type\":\"ALL\",\"label\":\"*\",\"properties\":null}]}}}", none.toJson());
    RolePermission role = RolePermission.fromJson("{\"roles\":{\"none\":{\"NONE\":[" + "{\"type\":\"ALL\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(none, role));
}
Also used : RolePermission(com.baidu.hugegraph.auth.RolePermission) Test(org.junit.Test)

Example 2 with RolePermission

use of com.baidu.hugegraph.auth.RolePermission in project incubator-hugegraph by apache.

the class RolePermissionTest method testBuiltinAdmin.

@Test
public void testBuiltinAdmin() {
    RolePermission admin = RolePermission.admin();
    RolePermission role1 = RolePermission.role("admin", HugePermission.ANY);
    Assert.assertEquals(admin, role1);
    Assert.assertSame(admin, RolePermission.builtin(admin));
    Assert.assertSame(admin, RolePermission.builtin(role1));
    RolePermission role = RolePermission.fromJson("{\"roles\":{\"admin\":{\"ANY\":[" + "{\"type\":\"ALL\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(admin, role));
    RolePermission role2 = RolePermission.all("admin");
    Assert.assertSame(admin, RolePermission.builtin(role2));
    Assert.assertTrue(roleContains(admin, role2));
    Assert.assertTrue(roleContains(role2, role));
    RolePermission hg = RolePermission.all("hg1");
    RolePermission role3 = RolePermission.fromJson("{\"roles\":" + "{\"hg1\":{\"ANY\":" + "[{\"type\":\"ALL\",\"label\":" + "\"write\",\"properties\":null}" + "]}}");
    Assert.assertSame(hg, RolePermission.builtin(hg));
    Assert.assertSame(hg, RolePermission.fromJson(hg));
    Assert.assertTrue(roleContains(hg, role3));
    /*
         * NOTE: admin role not match graph role
         * if want do this, rely on upper-layer special judgment
         */
    Assert.assertFalse(roleContains(admin, hg));
}
Also used : RolePermission(com.baidu.hugegraph.auth.RolePermission) Test(org.junit.Test)

Example 3 with RolePermission

use of com.baidu.hugegraph.auth.RolePermission in project incubator-hugegraph by apache.

the class AuthTest method testRolePermission.

@Test
public void testRolePermission() {
    HugeGraph graph = graph();
    AuthManager authManager = graph.authManager();
    authManager.createUser(makeUser("admin", "pa"));
    Id user0 = authManager.createUser(makeUser("hugegraph", "p0"));
    Id user1 = authManager.createUser(makeUser("hugegraph1", "p1"));
    Id group1 = authManager.createGroup(makeGroup("group1"));
    Id group2 = authManager.createGroup(makeGroup("group2"));
    Id graph1 = authManager.createTarget(makeTarget("hugegraph", "url1"));
    Id graph2 = authManager.createTarget(makeTarget("hugegraph1", "url2"));
    List<HugeResource> rv = HugeResource.parseResources("[{\"type\": \"VERTEX\", \"label\": \"person\", " + "\"properties\":{\"city\": \"Beijing\", \"age\": \"P.gte(20)\"}}," + " {\"type\": \"VERTEX_LABEL\", \"label\": \"*\"}," + " {\"type\": \"PROPERTY_KEY\", \"label\": \"*\"}]");
    List<HugeResource> re = HugeResource.parseResources("[{\"type\": \"EDGE\", \"label\": \"write\"}, " + " {\"type\": \"PROPERTY_KEY\"}, {\"type\": \"VERTEX_LABEL\"}, " + " {\"type\": \"EDGE_LABEL\"}, {\"type\": \"INDEX_LABEL\"}]");
    List<HugeResource> rg = HugeResource.parseResources("[{\"type\": \"GREMLIN\"}]");
    Id graph1v = authManager.createTarget(makeTarget("hugegraph-v", "hugegraph", "url1", rv));
    Id graph1e = authManager.createTarget(makeTarget("hugegraph-e", "hugegraph", "url1", re));
    Id graph1gremlin = authManager.createTarget(makeTarget("hugegraph-g", "hugegraph", "url1", rg));
    Id belong1 = authManager.createBelong(makeBelong(user0, group1));
    Id belong2 = authManager.createBelong(makeBelong(user1, group2));
    authManager.createAccess(makeAccess(group1, graph1, HugePermission.READ));
    authManager.createAccess(makeAccess(group1, graph1, HugePermission.WRITE));
    authManager.createAccess(makeAccess(group1, graph2, HugePermission.READ));
    authManager.createAccess(makeAccess(group2, graph2, HugePermission.READ));
    Id access1v = authManager.createAccess(makeAccess(group1, graph1v, HugePermission.READ));
    authManager.createAccess(makeAccess(group1, graph1v, HugePermission.WRITE));
    authManager.createAccess(makeAccess(group1, graph1e, HugePermission.READ));
    Id access1g = authManager.createAccess(makeAccess(group1, graph1gremlin, HugePermission.EXECUTE));
    RolePermission role;
    role = authManager.rolePermission(authManager.getUser(user0));
    String expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"EDGE_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"INDEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"WRITE\":" + "[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"EXECUTE\":" + "[{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}," + "\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getBelong(belong1));
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getGroup(group1));
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getAccess(access1v));
    expected = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getAccess(access1g));
    expected = "{\"roles\":{\"hugegraph\":{\"EXECUTE\":[" + "{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getUser(user1));
    expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getBelong(belong2));
    expected = "{\"roles\":{\"hugegraph1\":{\"READ\":[]}}}";
    Assert.assertEquals(expected, role.toJson());
    role = authManager.rolePermission(authManager.getTarget(graph1v));
    expected = "{\"roles\":" + "{\"hugegraph\":" + "{\"READ\":[{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}]}}}";
    Assert.assertEquals(expected, role.toJson());
}
Also used : HugeGraph(com.baidu.hugegraph.HugeGraph) AuthManager(com.baidu.hugegraph.auth.AuthManager) HugeResource(com.baidu.hugegraph.auth.HugeResource) Id(com.baidu.hugegraph.backend.id.Id) RolePermission(com.baidu.hugegraph.auth.RolePermission) Test(org.junit.Test)

Example 4 with RolePermission

use of com.baidu.hugegraph.auth.RolePermission in project incubator-hugegraph by apache.

the class RolePermissionTest method testContains.

@Test
public void testContains() {
    String json = "{\"roles\":" + "{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"EDGE_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"INDEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"person\",\"properties\":" + "{\"city\":\"Beijing\",\"age\":\"P.gte(20)\"}}," + "{\"type\":\"VERTEX_LABEL\",\"label\":\"*\",\"properties\":null}," + "{\"type\":\"PROPERTY_KEY\",\"label\":\"*\",\"properties\":null}],\"EXECUTE\":[" + "{\"type\":\"GREMLIN\",\"label\":\"*\",\"properties\":null}]}," + "\"hugegraph1\":{\"READ\":[]}}}";
    RolePermission role = RolePermission.fromJson(json);
    RolePermission r1 = RolePermission.fromJson(json);
    Assert.assertEquals(role, r1);
    Assert.assertTrue(roleContains(role, r1));
    RolePermission r2 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(role, r2));
    RolePermission r3 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\"," + "\"properties\":{\"date\":\"2018-8-8\"}}]}}");
    Assert.assertTrue(roleContains(role, r3));
    RolePermission r4 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\"," + "\"age\":\"P.gte(20)\"}}]}}");
    Assert.assertTrue(roleContains(role, r4));
    RolePermission r5 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\"," + "\"age\":\"P.gte(21)\"}}]}}");
    Assert.assertFalse(roleContains(role, r5));
    RolePermission r6 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":null}]}}");
    Assert.assertFalse(roleContains(role, r6));
    RolePermission r7 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"person2\"," + "\"properties\":{\"city\":\"Beijing\"," + "\"age\":\"P.gte(20)\"}}]}}");
    Assert.assertFalse(roleContains(role, r7));
    RolePermission r8 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"EDGE\",\"label\":\"person\"," + "\"properties\":{\"city\":\"Beijing\"," + "\"age\":\"P.gte(20)\"}}]}}");
    Assert.assertFalse(roleContains(role, r8));
    role = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"ALL\",\"label\":\"write\"," + "\"properties\":null}]}}");
    RolePermission r9 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"ALL\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(role, r9));
    RolePermission r10 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"EDGE\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(role, r10));
    RolePermission r11 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"VERTEX\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertTrue(roleContains(role, r11));
    RolePermission r12 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"READ\":[" + "{\"type\":\"VERTEX\",\"label\":\"person\"," + "\"properties\":null}]}}");
    Assert.assertFalse(roleContains(role, r12));
    RolePermission r13 = RolePermission.fromJson("{\"roles\":{\"hugegraph\":{\"WRITE\":[" + "{\"type\":\"VERTEX\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertFalse(roleContains(role, r13));
    RolePermission r14 = RolePermission.fromJson("{\"roles\":{\"hugegraph2\":{\"READ\":[" + "{\"type\":\"VERTEX\",\"label\":\"write\"," + "\"properties\":null}]}}");
    Assert.assertFalse(roleContains(role, r14));
}
Also used : RolePermission(com.baidu.hugegraph.auth.RolePermission) Test(org.junit.Test)

Aggregations

RolePermission (com.baidu.hugegraph.auth.RolePermission)4 Test (org.junit.Test)4 HugeGraph (com.baidu.hugegraph.HugeGraph)1 AuthManager (com.baidu.hugegraph.auth.AuthManager)1 HugeResource (com.baidu.hugegraph.auth.HugeResource)1 Id (com.baidu.hugegraph.backend.id.Id)1