使用 gremlin 查询 ACL/权限图?
[英]Querying ACL/permissions graph using gremlin?
问题描述
My permissions graph looks like this:
我的权限图如下所示:
In this situation,在这种情况下,
-
user1has permission onfolder1throughGroup1.user1通过Group1拥有对folder1权限。 -
user2has direct permissions without any group, though the user is part ofgroup2wheregroup2doesn't have access overfolder1.user2具有没有任何组的直接权限,但用户是group2一部分,其中group2无权访问folder1。 -
user3has permission through group hierarchy, not the direct group to folder access.user3具有通过组层次结构的权限,而不是直接组到文件夹的访问权限。
I was able to write separate gremlin queries to determine whether a user has permission through one of the groups and user direct permission.我能够编写单独的 gremlin 查询,以确定用户是否通过组和用户直接权限之一获得权限。
Checking permission through group通过组检查权限
g.V().has('user','userId','user1').emit().repeat(out('member_of'))
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
User-direct permission用户直接权限
g.V().has('user','userId','user2')
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
But I couldn't figure out the logic in a single query which can check both direct and group to see whether the user has permission or not.但是我无法弄清楚可以检查直接和组以查看用户是否具有权限的单个查询中的逻辑。
Can someone help me out here?有人可以帮我吗?
2 个解决方案
解决方案1
0 已采纳 2019-08-20 23:17:40
Your graph:你的图表:
g = TinkerGraph.open().traversal()
g.addV('user').property('userId','user1').as('u1').
addV('user').property('userId','user2').as('u2').
addV('user').property('userId','user3').as('u3').
addV('group').property('groupId','group1').as('g1').
addV('group').property('groupId','group2').as('g2').
addV('group').property('groupId','group3').as('g3').
addV('folder').property('folderId','folder1').as('f1').
addE('member_of').from('u1').to('g1').
addE('member_of').from('u2').to('g2').
addE('member_of').from('u3').to('g3').
addE('member_of').from('g3').to('g1').
addE('has_permission').from('g1').to('f1').
addE('has_permission').from('u2').to('f1').iterate()
A general solution to your problem:您的问题的一般解决方案:
g.V().has('user','userId',<userId>).
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId',<folderId>)).hasNext()
Traversal executed on the sample graph:在示例图上执行的遍历:
gremlin> g.V().has('user','userId','user1').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user2').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
解决方案2
0 2019-08-21 20:54:45
Thanks Daniel.谢谢丹尼尔。 just to complicate the above query to check whether user have given permission or not.只是为了使上述查询复杂化,以检查用户是否已授予权限。 below is the answer for any one like me looking for以下是像我这样寻找的任何人的答案
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(outE('has_permission').has('permission','V').inV().has('folder','folderId','folder1')).hasNext()
==>true
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.