MCPcopy
hub / github.com/dgraph-io/dgraph / newReservedPredicateGuard

Function newReservedPredicateGuard

edgraph/server.go:2291–2309  ·  view source on GitHub ↗

newReservedPredicateGuard builds the per-request reserved-value guard. The GraphQL admin path (IsGraphql) owns the dgraph.graphql.* predicates. A registered ReservedNamespace may additionally value-lock predicates to its own trusted writer (see x.RegisterReservedNamespace): such a predicate may be w

(ctx context.Context)

Source from the content-addressed store, hash-verified

2289// written only when the request context carries the namespace's TrustMarker.
2290// Every other caller is blocked.
2291func newReservedPredicateGuard(ctx context.Context) reservedPredicateGuard {
2292 isGraphql, _ := ctx.Value(IsGraphql).(bool)
2293 return func(nq *api.NQuad) error {
2294 if !isGraphql && x.IsOtherReservedPredicate(nq.Predicate) {
2295 return errors.Errorf("Cannot mutate graphql reserved predicate %s", nq.Predicate)
2296 }
2297 if marker, locked := x.ReservedPredicateValueLock(nq.Predicate); locked {
2298 trusted := false
2299 if marker != nil {
2300 trusted, _ = ctx.Value(marker).(bool)
2301 }
2302 if !trusted {
2303 return errors.Errorf("Cannot mutate reserved predicate %s outside its "+
2304 "owning service", nq.Predicate)
2305 }
2306 }
2307 return nil
2308 }
2309}
2310
2311func validateNQuads(set, del []*api.NQuad, guardReserved reservedPredicateGuard) error {
2312 for _, nq := range set {

Callers 1

ParseMutationObjectFunction · 0.85

Calls 4

IsOtherReservedPredicateFunction · 0.92
ValueMethod · 0.45
ErrorfMethod · 0.45

Tested by

no test coverage detected