Example 1 with AccessMode
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class BuiltInProcedures method listRelationshipTypes.
@SystemProcedure
@Description("List all available relationship types in the database.")
@Procedure(name = "db.relationshipTypes", mode = READ)
public Stream<RelationshipTypeResult> listRelationshipTypes() {
if (callContext.isSystemDatabase()) {
return Stream.empty();
}
AccessMode mode = kernelTransaction.securityContext().mode();
TokenRead tokenRead = kernelTransaction.tokenRead();
List<RelationshipTypeResult> relTypesInUse;
try (KernelTransaction.Revertable ignore = kernelTransaction.overrideWith(SecurityContext.AUTH_DISABLED)) {
// Get all relTypes that are in use as seen by a super user
relTypesInUse = stream(RELATIONSHIP_TYPES.inUse(kernelTransaction)).filter(type -> mode.allowsTraverseRelType(tokenRead.relationshipType(type.name()))).map(RelationshipTypeResult::new).collect(Collectors.toList());
}
return relTypesInUse.stream();
}
Also used :
Mode(org.neo4j.procedure.Mode)
Arrays(java.util.Arrays)
StoreIdProvider(org.neo4j.storageengine.api.StoreIdProvider)
SCHEMA(org.neo4j.procedure.Mode.SCHEMA)
Status(org.neo4j.kernel.api.exceptions.Status)
Iterators.asList(org.neo4j.internal.helpers.collection.Iterators.asList)
TokenNameLookup(org.neo4j.common.TokenNameLookup)
Config(org.neo4j.configuration.Config)
ProcedureException(org.neo4j.internal.kernel.api.exceptions.ProcedureException)
Value(org.neo4j.values.storable.Value)
ProceduresTimeFormatHelper.formatTime(org.neo4j.procedure.builtin.ProceduresTimeFormatHelper.formatTime)
ConstraintDescriptor(org.neo4j.internal.schema.ConstraintDescriptor)
InternalTransaction(org.neo4j.kernel.impl.coreapi.InternalTransaction)
SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure)
SchemaReadCore(org.neo4j.internal.kernel.api.SchemaReadCore)
IndexNotFoundKernelException(org.neo4j.internal.kernel.api.exceptions.schema.IndexNotFoundKernelException)
Map(java.util.Map)
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
Transaction(org.neo4j.graphdb.Transaction)
IndexProviderDescriptor(org.neo4j.internal.schema.IndexProviderDescriptor)
Procedure(org.neo4j.procedure.Procedure)
PopulationProgress(org.neo4j.internal.kernel.api.PopulationProgress)
LABELS(org.neo4j.kernel.impl.api.TokenAccess.LABELS)
Collectors(java.util.stream.Collectors)
ZoneId(java.time.ZoneId)
GraphDatabaseAPI(org.neo4j.kernel.internal.GraphDatabaseAPI)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
List(java.util.List)
Stream(java.util.stream.Stream)
SchemaDescriptor(org.neo4j.internal.schema.SchemaDescriptor)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
Name(org.neo4j.procedure.Name)
RelationshipType(org.neo4j.graphdb.RelationshipType)
StoreIdDecodeUtils.decodeId(org.neo4j.procedure.builtin.StoreIdDecodeUtils.decodeId)
IndexDescriptor(org.neo4j.internal.schema.IndexDescriptor)
Admin(org.neo4j.procedure.Admin)
IndexingService(org.neo4j.kernel.impl.api.index.IndexingService)
Label(org.neo4j.graphdb.Label)
QueryExecutionEngine(org.neo4j.kernel.impl.query.QueryExecutionEngine)
GraphDatabaseSettings(org.neo4j.configuration.GraphDatabaseSettings)
InternalIndexState(org.neo4j.internal.kernel.api.InternalIndexState)
Context(org.neo4j.procedure.Context)
TokenRead(org.neo4j.internal.kernel.api.TokenRead)
HashMap(java.util.HashMap)
Node(org.neo4j.graphdb.Node)
ArrayList(java.util.ArrayList)
Iterators.stream(org.neo4j.internal.helpers.collection.Iterators.stream)
DependencyResolver(org.neo4j.common.DependencyResolver)
RELATIONSHIP_TYPES(org.neo4j.kernel.impl.api.TokenAccess.RELATIONSHIP_TYPES)
READ(org.neo4j.procedure.Mode.READ)
Description(org.neo4j.procedure.Description)
TimeUnit(java.util.concurrent.TimeUnit)
PROPERTY_KEYS(org.neo4j.kernel.impl.api.TokenAccess.PROPERTY_KEYS)
ProcedureCallContext(org.neo4j.internal.kernel.api.procs.ProcedureCallContext)
Relationship(org.neo4j.graphdb.Relationship)
KernelTransaction(org.neo4j.kernel.api.KernelTransaction)
Comparator(java.util.Comparator)
KernelTransaction(org.neo4j.kernel.api.KernelTransaction)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
TokenRead(org.neo4j.internal.kernel.api.TokenRead)
Description(org.neo4j.procedure.Description)
SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure)
SystemProcedure(org.neo4j.kernel.api.procedure.SystemProcedure)
Procedure(org.neo4j.procedure.Procedure)
Example 2 with AccessMode
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class SchemaProcedure method buildSchemaGraph.
public GraphResult buildSchemaGraph() {
final Map<String, VirtualNodeHack> nodes = new HashMap<>();
final Map<String, Set<VirtualRelationshipHack>> relationships = new HashMap<>();
final KernelTransaction kernelTransaction = internalTransaction.kernelTransaction();
AccessMode mode = kernelTransaction.securityContext().mode();
try (KernelTransaction.Revertable ignore = kernelTransaction.overrideWith(SecurityContext.AUTH_DISABLED)) {
Read dataRead = kernelTransaction.dataRead();
TokenRead tokenRead = kernelTransaction.tokenRead();
SchemaRead schemaRead = kernelTransaction.schemaRead();
List<Pair<String, Integer>> labelNamesAndIds = new ArrayList<>();
// Get all labels that are in use as seen by a super user
List<Label> labelsInUse = stream(LABELS.inUse(kernelTransaction)).collect(Collectors.toList());
for (Label label : labelsInUse) {
String labelName = label.name();
int labelId = tokenRead.nodeLabel(labelName);
// Filter out labels that are denied or aren't explicitly allowed
if (mode.allowsTraverseNode(labelId)) {
labelNamesAndIds.add(Pair.of(labelName, labelId));
Map<String, Object> properties = new HashMap<>();
Iterator<IndexDescriptor> indexReferences = schemaRead.indexesGetForLabel(labelId);
List<String> indexes = new ArrayList<>();
while (indexReferences.hasNext()) {
IndexDescriptor index = indexReferences.next();
if (!index.isUnique()) {
String[] propertyNames = PropertyNameUtils.getPropertyKeys(tokenRead, index.schema().getPropertyIds());
indexes.add(String.join(",", propertyNames));
}
}
properties.put("indexes", indexes);
Iterator<ConstraintDescriptor> nodePropertyConstraintIterator = schemaRead.constraintsGetForLabel(labelId);
List<String> constraints = new ArrayList<>();
while (nodePropertyConstraintIterator.hasNext()) {
ConstraintDescriptor constraint = nodePropertyConstraintIterator.next();
constraints.add(constraint.userDescription(tokenRead));
}
properties.put("constraints", constraints);
getOrCreateLabel(label.name(), properties, nodes);
}
}
// Get all relTypes that are in use as seen by a super user
List<RelationshipType> relTypesInUse = stream(RELATIONSHIP_TYPES.inUse(kernelTransaction)).collect(Collectors.toList());
for (RelationshipType relationshipType : relTypesInUse) {
String relationshipTypeGetName = relationshipType.name();
int relId = tokenRead.relationshipType(relationshipTypeGetName);
// Filter out relTypes that are denied or aren't explicitly allowed
if (mode.allowsTraverseRelType(relId)) {
List<VirtualNodeHack> startNodes = new LinkedList<>();
List<VirtualNodeHack> endNodes = new LinkedList<>();
for (Pair<String, Integer> labelNameAndId : labelNamesAndIds) {
String labelName = labelNameAndId.first();
int labelId = labelNameAndId.other();
Map<String, Object> properties = new HashMap<>();
VirtualNodeHack node = getOrCreateLabel(labelName, properties, nodes);
if (dataRead.countsForRelationship(labelId, relId, TokenRead.ANY_LABEL) > 0) {
startNodes.add(node);
}
if (dataRead.countsForRelationship(TokenRead.ANY_LABEL, relId, labelId) > 0) {
endNodes.add(node);
}
}
for (VirtualNodeHack startNode : startNodes) {
for (VirtualNodeHack endNode : endNodes) {
addRelationship(startNode, endNode, relationshipTypeGetName, relationships);
}
}
}
}
}
return getGraphResult(nodes, relationships);
}
Also used :
KernelTransaction(org.neo4j.kernel.api.KernelTransaction)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Label(org.neo4j.graphdb.Label)
RelationshipType(org.neo4j.graphdb.RelationshipType)
IndexDescriptor(org.neo4j.internal.schema.IndexDescriptor)
TokenRead(org.neo4j.internal.kernel.api.TokenRead)
SchemaRead(org.neo4j.internal.kernel.api.SchemaRead)
Read(org.neo4j.internal.kernel.api.Read)
Pair(org.neo4j.internal.helpers.collection.Pair)
SchemaRead(org.neo4j.internal.kernel.api.SchemaRead)
LinkedList(java.util.LinkedList)
TokenRead(org.neo4j.internal.kernel.api.TokenRead)
ConstraintDescriptor(org.neo4j.internal.schema.ConstraintDescriptor)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
Example 3 with AccessMode
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class KernelToken method labelsGetAllTokens.
@Override
public Iterator<NamedToken> labelsGetAllTokens() {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
return Iterators.stream(tokenHolders.labelTokens().getAllTokens().iterator()).filter(label -> mode.allowsTraverseNode(label.id())).iterator();
}
Also used :
KernelTransactionImplementation(org.neo4j.kernel.impl.api.KernelTransactionImplementation)
LabelNotFoundKernelException(org.neo4j.internal.kernel.api.exceptions.LabelNotFoundKernelException)
Iterator(java.util.Iterator)
Iterators(org.neo4j.internal.helpers.collection.Iterators)
PrivilegeAction(org.neo4j.internal.kernel.api.security.PrivilegeAction)
RelationshipTypeIdNotFoundKernelException(org.neo4j.internal.kernel.api.exceptions.RelationshipTypeIdNotFoundKernelException)
TransactionState(org.neo4j.kernel.api.txstate.TransactionState)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
TokenHolder(org.neo4j.token.api.TokenHolder)
PropertyKeyIdNotFoundKernelException(org.neo4j.internal.kernel.api.exceptions.PropertyKeyIdNotFoundKernelException)
CommandCreationContext(org.neo4j.storageengine.api.CommandCreationContext)
KernelException(org.neo4j.exceptions.KernelException)
TokenHolders(org.neo4j.token.TokenHolders)
TokenNotFoundException(org.neo4j.token.api.TokenNotFoundException)
NamedToken(org.neo4j.token.api.NamedToken)
TokenWrite.checkValidTokenName(org.neo4j.internal.kernel.api.TokenWrite.checkValidTokenName)
StorageReader(org.neo4j.storageengine.api.StorageReader)
IntSupplier(java.util.function.IntSupplier)
IdCapacityExceededException(org.neo4j.internal.id.IdCapacityExceededException)
Token(org.neo4j.internal.kernel.api.Token)
TokenCapacityExceededKernelException(org.neo4j.internal.kernel.api.exceptions.schema.TokenCapacityExceededKernelException)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
Example 4 with AccessMode
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class AllStoreHolder method nodeExists.
@Override
public boolean nodeExists(long reference) {
ktx.assertOpen();
if (hasTxStateWithChanges()) {
TransactionState txState = txState();
if (txState.nodeIsDeletedInThisTx(reference)) {
return false;
} else if (txState.nodeIsAddedInThisTx(reference)) {
return true;
}
}
AccessMode mode = ktx.securityContext().mode();
boolean existsInNodeStore = storageReader.nodeExists(reference, ktx.cursorContext());
if (mode.allowsTraverseAllLabels()) {
return existsInNodeStore;
} else if (!existsInNodeStore) {
return false;
} else {
// DefaultNodeCursor already contains traversal checks within next()
try (DefaultNodeCursor node = cursors.allocateNodeCursor(ktx.cursorContext())) {
ktx.dataRead().singleNode(reference, node);
return node.next();
}
}
}
Also used :
TransactionState(org.neo4j.kernel.api.txstate.TransactionState)
AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)
Example 5 with AccessMode
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class AllStoreHolder method callProcedure.
private RawIterator<AnyValue[], ProcedureException> callProcedure(int id, AnyValue[] input, final AccessMode.Static procedureMode, ProcedureCallContext procedureCallContext) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!mode.allowsExecuteProcedure(id)) {
String message = format("Executing procedure is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext procedureSecurityContext = mode.shouldBoostProcedure(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, procedureMode)).withMode(AdminAccessMode.FULL) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, procedureMode));
final RawIterator<AnyValue[], ProcedureException> procedureCall;
try (KernelTransaction.Revertable ignore = ktx.overrideWith(procedureSecurityContext);
Statement statement = ktx.acquireStatement()) {
procedureCall = globalProcedures.callProcedure(prepareContext(procedureSecurityContext, procedureCallContext), id, input, statement);
}
return createIterator(procedureSecurityContext, procedureCall);
}
Also used :
KernelTransaction(org.neo4j.kernel.api.KernelTransaction)
OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
Statement(org.neo4j.kernel.api.Statement)
SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext)
AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode)
AccessMode(org.neo4j.internal.kernel.api.security.AccessMode)
RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode)
OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)
ProcedureException(org.neo4j.internal.kernel.api.exceptions.ProcedureException)
Aggregations
AccessMode (org.neo4j.internal.kernel.api.security.AccessMode)12
AdminAccessMode (org.neo4j.internal.kernel.api.security.AdminAccessMode)6
KernelTransaction (org.neo4j.kernel.api.KernelTransaction)6
OverriddenAccessMode (org.neo4j.kernel.impl.api.security.OverriddenAccessMode)6
RestrictedAccessMode (org.neo4j.kernel.impl.api.security.RestrictedAccessMode)6
SecurityContext (org.neo4j.internal.kernel.api.security.SecurityContext)5
TransactionState (org.neo4j.kernel.api.txstate.TransactionState)5
KernelException (org.neo4j.exceptions.KernelException)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
Iterator (java.util.Iterator)3
IntSupplier (java.util.function.IntSupplier)3
Iterators (org.neo4j.internal.helpers.collection.Iterators)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
ZoneId (java.time.ZoneId)2
Arrays (java.util.Arrays)2
Comparator (java.util.Comparator)2
List (java.util.List)2
Map (java.util.Map)2
TimeUnit (java.util.concurrent.TimeUnit)2
