* chMod adds/updates/deletes rule attached to group. 1. It will return error if there is no group named . 2. It will add new rule if group doesn't already have a rule for the predicate. 3. It will update the permission if group already have a rule for the predicate and permission is
(conf *viper.Viper)
| 401 | */ |
| 402 | |
| 403 | func chMod(conf *viper.Viper) error { |
| 404 | groupName := conf.GetString("group") |
| 405 | predicate := conf.GetString("pred") |
| 406 | perm := conf.GetInt("perm") |
| 407 | switch { |
| 408 | case len(groupName) == 0: |
| 409 | return errors.New("the group must not be empty") |
| 410 | case len(predicate) == 0: |
| 411 | return errors.New("no predicates specified") |
| 412 | case perm > 7: |
| 413 | return fmt.Errorf("the perm value must be less than or equal to 7, "+ |
| 414 | "the provided value is %d", perm) |
| 415 | } |
| 416 | |
| 417 | dc, cancel, err := getClientWithAdminCtx(conf) |
| 418 | if err != nil { |
| 419 | return fmt.Errorf("unable to get admin context: %w", err) |
| 420 | } |
| 421 | defer cancel() |
| 422 | |
| 423 | ctx, ctxCancel := context.WithTimeout(context.Background(), 10*time.Second) |
| 424 | defer ctxCancel() |
| 425 | txn := dc.NewTxn() |
| 426 | defer func() { |
| 427 | if err := txn.Discard(ctx); err != nil { |
| 428 | fmt.Printf("Unable to discard transaction: %v\n", err) |
| 429 | } |
| 430 | }() |
| 431 | |
| 432 | ruleQuery := fmt.Sprintf(` |
| 433 | { |
| 434 | var(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group)) { |
| 435 | gUID as uid |
| 436 | rUID as dgraph.acl.rule @filter(eq(dgraph.rule.predicate, "%s")) |
| 437 | } |
| 438 | groupUIDCount(func: uid(gUID)) {count(uid)} |
| 439 | }`, groupName, predicate) |
| 440 | |
| 441 | updateRule := &api.Mutation{ |
| 442 | Set: []*api.NQuad{ |
| 443 | { |
| 444 | Subject: "uid(rUID)", |
| 445 | Predicate: "dgraph.rule.permission", |
| 446 | ObjectValue: &api.Value{Val: &api.Value_IntVal{IntVal: int64(perm)}}, |
| 447 | }, |
| 448 | }, |
| 449 | Cond: "@if(eq(len(rUID), 1) AND eq(len(gUID), 1))", |
| 450 | } |
| 451 | |
| 452 | createRule := &api.Mutation{ |
| 453 | Set: []*api.NQuad{ |
| 454 | { |
| 455 | Subject: "_:newrule", |
| 456 | Predicate: "dgraph.rule.permission", |
| 457 | ObjectValue: &api.Value{Val: &api.Value_IntVal{IntVal: int64(perm)}}, |
| 458 | }, |
| 459 | { |
| 460 | Subject: "_:newrule", |
no test coverage detected