MCPcopy
hub / github.com/dgraph-io/dgraph / chMod

Function chMod

acl/acl.go:403–510  ·  view source on GitHub ↗

* chMod adds/updates/deletes rule attached to group. 1. It will return error if there is no group named . 2. It will add new rule if group doesn't already have a rule for the predicate. 3. It will update the permission if group already have a rule for the predicate and permission is

(conf *viper.Viper)

Source from the content-addressed store, hash-verified

401*/
402
403func chMod(conf *viper.Viper) error {
404 groupName := conf.GetString("group")
405 predicate := conf.GetString("pred")
406 perm := conf.GetInt("perm")
407 switch {
408 case len(groupName) == 0:
409 return errors.New("the group must not be empty")
410 case len(predicate) == 0:
411 return errors.New("no predicates specified")
412 case perm > 7:
413 return fmt.Errorf("the perm value must be less than or equal to 7, "+
414 "the provided value is %d", perm)
415 }
416
417 dc, cancel, err := getClientWithAdminCtx(conf)
418 if err != nil {
419 return fmt.Errorf("unable to get admin context: %w", err)
420 }
421 defer cancel()
422
423 ctx, ctxCancel := context.WithTimeout(context.Background(), 10*time.Second)
424 defer ctxCancel()
425 txn := dc.NewTxn()
426 defer func() {
427 if err := txn.Discard(ctx); err != nil {
428 fmt.Printf("Unable to discard transaction: %v\n", err)
429 }
430 }()
431
432 ruleQuery := fmt.Sprintf(`
433 {
434 var(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group)) {
435 gUID as uid
436 rUID as dgraph.acl.rule @filter(eq(dgraph.rule.predicate, "%s"))
437 }
438 groupUIDCount(func: uid(gUID)) {count(uid)}
439 }`, groupName, predicate)
440
441 updateRule := &api.Mutation{
442 Set: []*api.NQuad{
443 {
444 Subject: "uid(rUID)",
445 Predicate: "dgraph.rule.permission",
446 ObjectValue: &api.Value{Val: &api.Value_IntVal{IntVal: int64(perm)}},
447 },
448 },
449 Cond: "@if(eq(len(rUID), 1) AND eq(len(gUID), 1))",
450 }
451
452 createRule := &api.Mutation{
453 Set: []*api.NQuad{
454 {
455 Subject: "_:newrule",
456 Predicate: "dgraph.rule.permission",
457 ObjectValue: &api.Value{Val: &api.Value_IntVal{IntVal: int64(perm)}},
458 },
459 {
460 Subject: "_:newrule",

Callers 1

modFunction · 0.85

Calls 2

getClientWithAdminCtxFunction · 0.85
ErrorfMethod · 0.45

Tested by

no test coverage detected