(nquads []*api.NQuad)
| 757 | } |
| 758 | |
| 759 | func isAclPredMutation(nquads []*api.NQuad) bool { |
| 760 | for _, nquad := range nquads { |
| 761 | if nquad.Predicate == "dgraph.group.acl" && nquad.ObjectValue != nil { |
| 762 | // this mutation is trying to change the permission of some predicate |
| 763 | // check if the predicate list contains an ACL predicate |
| 764 | if _, ok := nquad.ObjectValue.Val.(*api.Value_BytesVal); ok { |
| 765 | aclBytes := nquad.ObjectValue.Val.(*api.Value_BytesVal) |
| 766 | var aclsToChange []acl.Acl |
| 767 | err := json.Unmarshal(aclBytes.BytesVal, &aclsToChange) |
| 768 | if err != nil { |
| 769 | glog.Errorf(fmt.Sprintf("Unable to unmarshal bytes under the dgraph.group.acl "+ |
| 770 | "predicate: %v", err)) |
| 771 | continue |
| 772 | } |
| 773 | for _, aclToChange := range aclsToChange { |
| 774 | if x.IsAclPredicate(aclToChange.Predicate) { |
| 775 | return true |
| 776 | } |
| 777 | } |
| 778 | } |
| 779 | } |
| 780 | } |
| 781 | return false |
| 782 | } |
| 783 | |
| 784 | // authorizeMutation authorizes the mutation using the worker.AclCachePtr. It will return permission |
| 785 | // denied error if any one of the predicates in mutation(set or delete) is unauthorized. |
no test coverage detected