use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class AllStoreHolder method createAggregationFunction.
private UserAggregator createAggregationFunction(int id) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!globalProcedures.isBuiltInAggregatingFunction(id) && !mode.allowsExecuteAggregatingFunction(id)) {
String message = format("Executing a user defined aggregating function is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext securityContext = mode.shouldBoostAggregatingFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
UserAggregator aggregator = globalProcedures.createAggregationFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id);
return new UserAggregator() {
@Override
public void update(AnyValue[] input) throws ProcedureException {
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
aggregator.update(input);
}
}
@Override
public AnyValue result() throws ProcedureException {
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
return aggregator.result();
}
}
};
}
}
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class AllStoreHolder method countsForRelationshipWithoutTxState.
@Override
public long countsForRelationshipWithoutTxState(int startLabelId, int typeId, int endLabelId) {
AccessMode mode = ktx.securityContext().mode();
CursorContext cursorContext = ktx.cursorContext();
if (mode.allowsTraverseRelType(typeId) && mode.allowsTraverseNode(startLabelId) && mode.allowsTraverseNode(endLabelId)) {
return storageReader.countsForRelationship(startLabelId, typeId, endLabelId, cursorContext);
}
if (mode.disallowsTraverseRelType(typeId) || mode.disallowsTraverseLabel(startLabelId) || mode.disallowsTraverseLabel(endLabelId)) {
// so the count will be 0.
return 0;
}
// token index scan can only scan for single relationship type
if (typeId != TokenRead.ANY_RELATIONSHIP_TYPE) {
try {
var index = findUsableTokenIndex(EntityType.RELATIONSHIP);
if (index != IndexDescriptor.NO_INDEX) {
long count = 0;
try (DefaultRelationshipTypeIndexCursor relationshipsWithType = cursors.allocateRelationshipTypeIndexCursor(cursorContext);
DefaultRelationshipScanCursor relationship = cursors.allocateRelationshipScanCursor(cursorContext);
DefaultNodeCursor sourceNode = cursors.allocateNodeCursor(cursorContext);
DefaultNodeCursor targetNode = cursors.allocateNodeCursor(cursorContext)) {
var session = tokenReadSession(index);
this.relationshipTypeScan(session, relationshipsWithType, unconstrained(), new TokenPredicate(typeId));
while (relationshipsWithType.next()) {
relationshipsWithType.relationship(relationship);
count += countRelationshipsWithEndLabels(relationship, sourceNode, targetNode, startLabelId, endLabelId);
}
}
return count - countsForRelationshipInTxState(startLabelId, typeId, endLabelId);
}
} catch (KernelException ignored) {
// ignore, fallback to allRelationshipsScan
}
}
long count;
try (DefaultRelationshipScanCursor rels = cursors.allocateRelationshipScanCursor(cursorContext);
DefaultNodeCursor sourceNode = cursors.allocateFullAccessNodeCursor(cursorContext);
DefaultNodeCursor targetNode = cursors.allocateFullAccessNodeCursor(cursorContext)) {
this.allRelationshipsScan(rels);
Predicate<RelationshipScanCursor> predicate = typeId == TokenRead.ANY_RELATIONSHIP_TYPE ? alwaysTrue() : CursorPredicates.hasType(typeId);
var filteredCursor = new FilteringRelationshipScanCursorWrapper(rels, predicate);
count = countRelationshipsWithEndLabels(filteredCursor, sourceNode, targetNode, startLabelId, endLabelId);
}
return count - countsForRelationshipInTxState(startLabelId, typeId, endLabelId);
}
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class KernelToken method propertyKeyGetAllTokens.
@Override
public Iterator<NamedToken> propertyKeyGetAllTokens() {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
return Iterators.stream(tokenHolders.propertyKeyTokens().getAllTokens().iterator()).filter(propKey -> mode.allowsSeePropertyKeyToken(propKey.id())).iterator();
}
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class KernelToken method relationshipTypesGetAllTokens.
@Override
public Iterator<NamedToken> relationshipTypesGetAllTokens() {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
return Iterators.stream(tokenHolders.relationshipTypeTokens().getAllTokens().iterator()).filter(relType -> mode.allowsTraverseRelType(relType.id())).iterator();
}
use of org.neo4j.internal.kernel.api.security.AccessMode in project neo4j by neo4j.
the class AllStoreHolder method callFunction.
private AnyValue callFunction(int id, AnyValue[] input) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!globalProcedures.isBuiltInFunction(id) && !mode.allowsExecuteFunction(id)) {
String message = format("Executing a user defined function is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext securityContext = mode.shouldBoostFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
return globalProcedures.callFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id, input);
}
}
Aggregations