Examples with DatabaseScope org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope used on opensource projects

Example 1 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method killQueryTransaction.

private QueryTerminationResult killQueryTransaction(QueryId queryId, KernelTransactionHandle handle, NamedDatabaseId databaseId) {
    Optional<ExecutingQuery> query = handle.executingQuery();
    ExecutingQuery executingQuery = query.orElseThrow(() -> new IllegalStateException("Query should exist since we filtered based on query ids"));
    String username = executingQuery.username();
    var action = new AdminActionOnResource(TERMINATE_TRANSACTION, new DatabaseScope(databaseId.name()), new UserSegment(username));
    if (isSelfOrAllows(username, action)) {
        if (handle.isClosing()) {
            return new QueryFailedTerminationResult(queryId, username, "Unable to kill queries when underlying transaction is closing.");
        }
        handle.markForTermination(Status.Transaction.Terminated);
        return new QueryTerminationResult(queryId, username, "Query found");
    } else {
        throw kernelTransaction.securityAuthorizationHandler().logAndGetAuthorizationException(securityContext, format("Not allowed to terminate %s run by user %s.", queryId, username));
    }
}

Example 2 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method listTransactions.

@SystemProcedure
@Description("List all transactions currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listTransactions", mode = DBMS)
public Stream<TransactionStatusResult> listTransactions() throws InvalidArgumentsException {
    ZoneId zoneId = getConfiguredTimeZone();
    List<TransactionStatusResult> result = new ArrayList<>();
    for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
        if (databaseContext.database().isStarted()) {
            DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
            Map<KernelTransactionHandle, Optional<QuerySnapshot>> handleQuerySnapshotsMap = new HashMap<>();
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                String username = tx.subject().username();
                var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
                if (isSelfOrAllows(username, action)) {
                    handleQuerySnapshotsMap.put(tx, tx.executingQuery().map(ExecutingQuery::snapshot));
                }
            }
            TransactionDependenciesResolver transactionBlockerResolvers = new TransactionDependenciesResolver(handleQuerySnapshotsMap);
            for (KernelTransactionHandle tx : handleQuerySnapshotsMap.keySet()) {
                result.add(new TransactionStatusResult(databaseContext.databaseFacade().databaseName(), tx, transactionBlockerResolvers, handleQuerySnapshotsMap, zoneId));
            }
        }
    }
    return result.stream();
}

Example 3 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method listQueries.

@SystemProcedure
@Description("List all queries currently executing at this instance that are visible to the user.")
@Procedure(name = "dbms.listQueries", mode = DBMS)
public Stream<QueryStatusResult> listQueries() throws InvalidArgumentsException {
    ZoneId zoneId = getConfiguredTimeZone();
    List<QueryStatusResult> result = new ArrayList<>();
    for (FabricTransaction tx : getFabricTransactions()) {
        for (ExecutingQuery query : getActiveFabricQueries(tx)) {
            String username = query.username();
            var action = new AdminActionOnResource(SHOW_TRANSACTION, ALL, new UserSegment(username));
            if (isSelfOrAllows(username, action)) {
                result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, "none"));
            }
        }
    }
    for (DatabaseContext databaseContext : getDatabaseManager().registeredDatabases().values()) {
        if (databaseContext.database().isStarted()) {
            DatabaseScope dbScope = new DatabaseScope(databaseContext.database().getNamedDatabaseId().name());
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                if (tx.executingQuery().isPresent()) {
                    ExecutingQuery query = tx.executingQuery().get();
                    // Include both the executing query and any previous queries (parent queries of nested query) in the result.
                    while (query != null) {
                        String username = query.username();
                        var action = new AdminActionOnResource(SHOW_TRANSACTION, dbScope, new UserSegment(username));
                        if (isSelfOrAllows(username, action)) {
                            result.add(new QueryStatusResult(query, (InternalTransaction) transaction, zoneId, databaseContext.databaseFacade().databaseName()));
                        }
                        query = query.getPreviousQuery();
                    }
                }
            }
        }
    }
    return result.stream();
}

Example 4 with DatabaseScope

use of org.neo4j.internal.kernel.api.security.AdminActionOnResource.DatabaseScope in project neo4j by neo4j.

the class BuiltInDbmsProcedures method killTransactions.

@SystemProcedure
@Description("Kill transactions with provided ids.")
@Procedure(name = "dbms.killTransactions", mode = DBMS)
public Stream<TransactionMarkForTerminationResult> killTransactions(@Name("ids") List<String> transactionIds) throws InvalidArgumentsException {
    requireNonNull(transactionIds);
    log.warn("User %s trying to kill transactions: %s.", securityContext.subject().username(), transactionIds.toString());
    DatabaseManager<DatabaseContext> databaseManager = getDatabaseManager();
    DatabaseIdRepository databaseIdRepository = databaseManager.databaseIdRepository();
    Map<NamedDatabaseId, Set<TransactionId>> byDatabase = new HashMap<>();
    for (String idText : transactionIds) {
        TransactionId id = TransactionId.parse(idText);
        Optional<NamedDatabaseId> namedDatabaseId = databaseIdRepository.getByName(id.database());
        namedDatabaseId.ifPresent(databaseId -> byDatabase.computeIfAbsent(databaseId, ignore -> new HashSet<>()).add(id));
    }
    Map<String, KernelTransactionHandle> handles = new HashMap<>(transactionIds.size());
    for (Map.Entry<NamedDatabaseId, Set<TransactionId>> entry : byDatabase.entrySet()) {
        NamedDatabaseId databaseId = entry.getKey();
        var dbScope = new DatabaseScope(databaseId.name());
        Optional<DatabaseContext> maybeDatabaseContext = databaseManager.getDatabaseContext(databaseId);
        if (maybeDatabaseContext.isPresent()) {
            Set<TransactionId> txIds = entry.getValue();
            DatabaseContext databaseContext = maybeDatabaseContext.get();
            for (KernelTransactionHandle tx : getExecutingTransactions(databaseContext)) {
                String username = tx.subject().username();
                var action = new AdminActionOnResource(TERMINATE_TRANSACTION, dbScope, new UserSegment(username));
                if (!isSelfOrAllows(username, action)) {
                    continue;
                }
                TransactionId txIdRepresentation = new TransactionId(databaseId.name(), tx.getUserTransactionId());
                if (txIds.contains(txIdRepresentation)) {
                    handles.put(txIdRepresentation.toString(), tx);
                }
            }
        }
    }
    return transactionIds.stream().map(id -> terminateTransaction(handles, id));
}