use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.
the class EnterpriseSecurityContextDescriptionTest method shouldMakeNiceDescriptionOverridden.
@Test
public void shouldMakeNiceDescriptionOverridden() throws Throwable {
manager.newRole("role1", "mats");
manager.addRoleToUser(PUBLISHER, "mats");
EnterpriseSecurityContext overridden = context.withMode(new OverriddenAccessMode(context.mode(), AccessMode.Static.READ));
assertThat(overridden.description(), equalTo("user 'mats' with roles [publisher,role1] overridden by READ"));
}
use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.
the class SecurityContextDescriptionTest method shouldMakeNiceDescriptionOverridden.
@Test
void shouldMakeNiceDescriptionOverridden() {
SecurityContext overridden = context.withMode(new OverriddenAccessMode(context.mode(), AccessMode.Static.READ));
assertThat(overridden.description()).isEqualTo("user 'johan' with FULL overridden by READ");
}
use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.
the class AllStoreHolder method callProcedure.
private RawIterator<AnyValue[], ProcedureException> callProcedure(int id, AnyValue[] input, final AccessMode.Static procedureMode, ProcedureCallContext procedureCallContext) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!mode.allowsExecuteProcedure(id)) {
String message = format("Executing procedure is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext procedureSecurityContext = mode.shouldBoostProcedure(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, procedureMode)).withMode(AdminAccessMode.FULL) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, procedureMode));
final RawIterator<AnyValue[], ProcedureException> procedureCall;
try (KernelTransaction.Revertable ignore = ktx.overrideWith(procedureSecurityContext);
Statement statement = ktx.acquireStatement()) {
procedureCall = globalProcedures.callProcedure(prepareContext(procedureSecurityContext, procedureCallContext), id, input, statement);
}
return createIterator(procedureSecurityContext, procedureCall);
}
use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.
the class AllStoreHolder method createAggregationFunction.
private UserAggregator createAggregationFunction(int id) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!globalProcedures.isBuiltInAggregatingFunction(id) && !mode.allowsExecuteAggregatingFunction(id)) {
String message = format("Executing a user defined aggregating function is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext securityContext = mode.shouldBoostAggregatingFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
UserAggregator aggregator = globalProcedures.createAggregationFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id);
return new UserAggregator() {
@Override
public void update(AnyValue[] input) throws ProcedureException {
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
aggregator.update(input);
}
}
@Override
public AnyValue result() throws ProcedureException {
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
return aggregator.result();
}
}
};
}
}
use of org.neo4j.kernel.impl.api.security.OverriddenAccessMode in project neo4j by neo4j.
the class AllStoreHolder method callFunction.
private AnyValue callFunction(int id, AnyValue[] input) throws ProcedureException {
ktx.assertOpen();
AccessMode mode = ktx.securityContext().mode();
if (!globalProcedures.isBuiltInFunction(id) && !mode.allowsExecuteFunction(id)) {
String message = format("Executing a user defined function is not allowed for %s.", ktx.securityContext().description());
throw ktx.securityAuthorizationHandler().logAndGetAuthorizationException(ktx.securityContext(), message);
}
final SecurityContext securityContext = mode.shouldBoostFunction(id) ? ktx.securityContext().withMode(new OverriddenAccessMode(mode, AccessMode.Static.READ)) : ktx.securityContext().withMode(new RestrictedAccessMode(mode, AccessMode.Static.READ));
try (KernelTransaction.Revertable ignore = ktx.overrideWith(securityContext)) {
return globalProcedures.callFunction(prepareContext(securityContext, ProcedureCallContext.EMPTY), id, input);
}
}
Aggregations