Search in sources :

Example 1 with OverriddenAccessMode

use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.

the class EnterpriseSecurityContextDescriptionTest method shouldMakeNiceDescriptionOverridden.

@Test
public void shouldMakeNiceDescriptionOverridden() throws Throwable {
    manager.newRole("role1", "mats");
    manager.addRoleToUser(PUBLISHER, "mats");
    EnterpriseSecurityContext overridden = context.withMode(new OverriddenAccessMode(context.mode(), AccessMode.Static.READ));
    assertThat(overridden.description(), equalTo("user 'mats' with roles [publisher,role1] overridden by READ"));
}
Also used : EnterpriseSecurityContext(org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) Test(org.junit.Test)

Example 2 with OverriddenAccessMode

use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.

the class SecurityContextDescriptionTest method shouldMakeNiceDescriptionOverridden.

@Test
void shouldMakeNiceDescriptionOverridden() {
    SecurityContext overridden = context.withMode(new OverriddenAccessMode(context.mode(), AccessMode.Static.READ));
    assertThat(overridden.description()).isEqualTo("user 'johan' with FULL overridden by READ");
}
Also used : OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) Test(org.junit.jupiter.api.Test)

Example 3 with OverriddenAccessMode

use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.

the class AllStoreHolder method callProcedure.

private RawIterator<AnyValue[], ProcedureException> callProcedure(int id, AnyValue[] input, final AccessMode.Static procedureMode, ProcedureCallContext procedureCallContext) throws ProcedureException {
    ktx.assertOpen();
    AccessMode mode = ktx.securityContext().mode();
    if (!mode.allowsExecuteProcedure(id)) {
        String message = format("Executing procedure is not allowed for %s.", ktx.securityContext().description());
        throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
    }
    final SecurityContext procedureSecurityContext = mode.shouldBoostProcedure(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, procedureMode)).withMode(AdminAccessMode.FULL) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, procedureMode));
    final RawIterator<AnyValue[], ProcedureException> procedureCall;
    try (KernelTransaction.Revertable ignore = ktx.overrideWith(procedureSecurityContext);
        Statement statement = ktx.acquireStatement()) {
        procedureCall = globalProcedures.callProcedure(prepareContext(procedureSecurityContext, procedureCallContext), id, input, statement);
    }
    return createIterator(procedureSecurityContext, procedureCall);
}
Also used : KernelTransaction(org.neo4j.kernel.api.KernelTransaction) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) Statement(org.neo4j.kernel.api.Statement) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode) AccessMode(org.neo4j.internal.kernel.api.security.AccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) ProcedureException(org.neo4j.internal.kernel.api.exceptions.ProcedureException)

Example 4 with OverriddenAccessMode

use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.

the class AllStoreHolder method createAggregationFunction.

private UserAggregator createAggregationFunction(int id) throws ProcedureException {
    ktx.assertOpen();
    AccessMode mode = ktx.securityContext().mode();
    if (!globalProcedures.isBuiltInAggregatingFunction(id) && !mode.allowsExecuteAggregatingFunction(id)) {
        String message = format("Executing a user defined aggregating function is not allowed for %s.", ktx.securityContext().description());
        throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
    }
    final SecurityContext securityContext = mode.shouldBoostAggregatingFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
    try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
        UserAggregator aggregator = globalProcedures.createAggregationFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id);
        return new UserAggregator() {

            @Override
            public void update(AnyValue[] input) throws ProcedureException {
                try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
                    aggregator.update(input);
                }
            }

            @Override
            public AnyValue result() throws ProcedureException {
                try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
                    return aggregator.result();
                }
            }
        };
    }
}
Also used : KernelTransaction(org.neo4j.kernel.api.KernelTransaction) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) UserAggregator(org.neo4j.internal.kernel.api.procs.UserAggregator) AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode) AccessMode(org.neo4j.internal.kernel.api.security.AccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)

Example 5 with OverriddenAccessMode

use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.

the class AllStoreHolder method callFunction.

private AnyValue callFunction(int id, AnyValue[] input) throws ProcedureException {
    ktx.assertOpen();
    AccessMode mode = ktx.securityContext().mode();
    if (!globalProcedures.isBuiltInFunction(id) && !mode.allowsExecuteFunction(id)) {
        String message = format("Executing a user defined function is not allowed for %s.", ktx.securityContext().description());
        throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
    }
    final SecurityContext securityContext = mode.shouldBoostFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
    try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
        return globalProcedures.callFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id, input);
    }
}
Also used : KernelTransaction(org.neo4j.kernel.api.KernelTransaction) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) SecurityContext(org.neo4j.internal.kernel.api.security.SecurityContext) AdminAccessMode(org.neo4j.internal.kernel.api.security.AdminAccessMode) AccessMode(org.neo4j.internal.kernel.api.security.AccessMode) RestrictedAccessMode(org.neo4j.kernel.impl.api.security.RestrictedAccessMode) OverriddenAccessMode(org.neo4j.kernel.impl.api.security.OverriddenAccessMode)

Aggregations

OverriddenAccessMode (org.neo4j.kernel.impl.api.security.OverriddenAccessMode)5 SecurityContext (org.neo4j.internal.kernel.api.security.SecurityContext)4 AccessMode (org.neo4j.internal.kernel.api.security.AccessMode)3 AdminAccessMode (org.neo4j.internal.kernel.api.security.AdminAccessMode)3 KernelTransaction (org.neo4j.kernel.api.KernelTransaction)3 RestrictedAccessMode (org.neo4j.kernel.impl.api.security.RestrictedAccessMode)3 Test (org.junit.Test)1 Test (org.junit.jupiter.api.Test)1 ProcedureException (org.neo4j.internal.kernel.api.exceptions.ProcedureException)1 UserAggregator (org.neo4j.internal.kernel.api.procs.UserAggregator)1 Statement (org.neo4j.kernel.api.Statement)1 EnterpriseSecurityContext (org.neo4j.kernel.enterprise.api.security.EnterpriseSecurityContext)1