[英]Querying ACL/permissions graph using gremlin?
My permissions graph looks like this:我的权限图如下所示:
In this situation,在这种情况下,
user1
has permission on folder1
through Group1
. user1
通过Group1
拥有对folder1
权限。user2
has direct permissions without any group, though the user is part of group2
where group2
doesn't have access over folder1
. user2
具有没有任何组的直接权限,但用户是group2
一部分,其中group2
无权访问folder1
。user3
has permission through group hierarchy, not the direct group to folder access. user3
具有通过组层次结构的权限,而不是直接组到文件夹的访问权限。 I was able to write separate gremlin queries to determine whether a user has permission through one of the groups and user direct permission.我能够编写单独的 gremlin 查询,以确定用户是否通过组和用户直接权限之一获得权限。
g.V().has('user','userId','user1').emit().repeat(out('member_of'))
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
g.V().has('user','userId','user2')
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
But I couldn't figure out the logic in a single query which can check both direct and group to see whether the user has permission or not.但是我无法弄清楚可以检查直接和组以查看用户是否具有权限的单个查询中的逻辑。
Can someone help me out here?有人可以帮我吗?
Your graph:你的图表:
g = TinkerGraph.open().traversal()
g.addV('user').property('userId','user1').as('u1').
addV('user').property('userId','user2').as('u2').
addV('user').property('userId','user3').as('u3').
addV('group').property('groupId','group1').as('g1').
addV('group').property('groupId','group2').as('g2').
addV('group').property('groupId','group3').as('g3').
addV('folder').property('folderId','folder1').as('f1').
addE('member_of').from('u1').to('g1').
addE('member_of').from('u2').to('g2').
addE('member_of').from('u3').to('g3').
addE('member_of').from('g3').to('g1').
addE('has_permission').from('g1').to('f1').
addE('has_permission').from('u2').to('f1').iterate()
A general solution to your problem:您的问题的一般解决方案:
g.V().has('user','userId',<userId>).
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId',<folderId>)).hasNext()
Traversal executed on the sample graph:在示例图上执行的遍历:
gremlin> g.V().has('user','userId','user1').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user2').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
Thanks Daniel.谢谢丹尼尔。 just to complicate the above query to check whether user have given permission or not.
只是为了使上述查询复杂化,以检查用户是否已授予权限。 below is the answer for any one like me looking for
以下是像我这样寻找的任何人的答案
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(outE('has_permission').has('permission','V').inV().has('folder','folderId','folder1')).hasNext()
==>true
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.