MCPcopy
hub / github.com/dgraph-io/dgraph / addUserFilterToFilter

Function addUserFilterToFilter

edgraph/access.go:1279–1310  ·  view source on GitHub ↗

* addUserFilterToFilter makes sure that user can't misue filters to access other user's info. If the *filter* have type(dgraph.type.Group) or type(dgraph.type.User) functions, it generate a *newFilter* with function like eq(dgraph.xid, userId) or eq(dgraph.xid,groupId...) and return a filter

(filter *dql.FilterTree, userId string,
	groupIds []string)

Source from the content-addressed store, hash-verified

1277 }
1278*/
1279func addUserFilterToFilter(filter *dql.FilterTree, userId string,
1280 groupIds []string) *dql.FilterTree {
1281
1282 if filter == nil {
1283 return nil
1284 }
1285
1286 if filter.Func != nil && filter.Func.Name == "type" {
1287
1288 // type function supports only one argument
1289 if len(filter.Func.Args) != 1 {
1290 return nil
1291 }
1292 arg := filter.Func.Args[0]
1293 var newFilter *dql.FilterTree
1294 switch arg.Value {
1295 case "dgraph.type.User":
1296 newFilter = userFilter(userId)
1297 case "dgraph.type.Group":
1298 newFilter = groupFilter(groupIds)
1299 }
1300
1301 // If filter have function, it can't have children.
1302 return parentFilter(newFilter, filter)
1303 }
1304
1305 for idx, child := range filter.Child {
1306 filter.Child[idx] = addUserFilterToFilter(child, userId, groupIds)
1307 }
1308
1309 return filter
1310}
1311
1312// removePredsFromQuery removes all the predicates in blockedPreds
1313// from all the queries in gqs.

Callers 1

addUserFilterToQueryFunction · 0.85

Calls 3

userFilterFunction · 0.85
groupFilterFunction · 0.85
parentFilterFunction · 0.85

Tested by

no test coverage detected