MCPcopy
hub / github.com/dgraph-io/dgraph / authorizePreds

Function authorizePreds

edgraph/access.go:620–658  ·  view source on GitHub ↗
(ctx context.Context, userData *userData, preds []string,
	aclOp *acl.Operation)

Source from the content-addressed store, hash-verified

618}
619
620func authorizePreds(ctx context.Context, userData *userData, preds []string,
621 aclOp *acl.Operation) *authPredResult {
622
623 if !worker.AclCachePtr.Loaded() {
624 RefreshACLs(ctx)
625 }
626
627 userId := userData.userId
628 groupIds := userData.groupIds
629 ns := userData.namespace
630 blockedPreds := make(map[string]struct{})
631 for _, pred := range preds {
632 nsPred := x.NamespaceAttr(ns, pred)
633 if err := worker.AclCachePtr.AuthorizePredicate(groupIds, nsPred, aclOp); err != nil {
634 logAccess(&accessEntry{
635 userId: userId,
636 groups: groupIds,
637 preds: preds,
638 operation: aclOp,
639 allowed: false,
640 })
641 blockedPreds[pred] = struct{}{}
642 }
643 }
644 if worker.HasAccessToAllPreds(ns, groupIds, aclOp) {
645 // Setting allowed to nil allows access to all predicates. Note that the access to ACL
646 // predicates will still be blocked.
647 return &authPredResult{allowed: nil, blocked: blockedPreds}
648 }
649 // User can have multiple permission for same predicate, add predicate
650 allowedPreds := make([]string, 0, len(worker.AclCachePtr.GetUserPredPerms(userId)))
651 // only if the acl.Op is covered in the set of permissions for the user
652 for predicate, perm := range worker.AclCachePtr.GetUserPredPerms(userId) {
653 if (perm & aclOp.Code) > 0 {
654 allowedPreds = append(allowedPreds, predicate)
655 }
656 }
657 return &authPredResult{allowed: allowedPreds, blocked: blockedPreds}
658}
659
660// authorizeAlter parses the Schema in the operation and authorizes the operation
661// using the worker.AclCachePtr. It will return error if any one of the predicates

Callers 4

authorizeAlterFunction · 0.85
authorizeMutationFunction · 0.85
authorizeQueryFunction · 0.85
authorizeSchemaQueryFunction · 0.85

Calls 7

NamespaceAttrFunction · 0.92
HasAccessToAllPredsFunction · 0.92
RefreshACLsFunction · 0.85
logAccessFunction · 0.85
LoadedMethod · 0.80
AuthorizePredicateMethod · 0.80
GetUserPredPermsMethod · 0.80

Tested by

no test coverage detected