My permissions graph looks like this:
In this situation,
user1
has permission on folder1
through Group1
. user2
has direct permissions without any group, though the user is part of group2
where group2
doesn't have access over folder1
. user3
has permission through group hierarchy, not the direct group to folder access. I was able to write separate gremlin queries to determine whether a user has permission through one of the groups and user direct permission.
g.V().has('user','userId','user1').emit().repeat(out('member_of'))
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
g.V().has('user','userId','user2')
.outE('has_permission').has('permission','p1').inV()
.has('folder','folderId','folder1').hasNext()
But I couldn't figure out the logic in a single query which can check both direct and group to see whether the user has permission or not.
Can someone help me out here?
Your graph:
g = TinkerGraph.open().traversal()
g.addV('user').property('userId','user1').as('u1').
addV('user').property('userId','user2').as('u2').
addV('user').property('userId','user3').as('u3').
addV('group').property('groupId','group1').as('g1').
addV('group').property('groupId','group2').as('g2').
addV('group').property('groupId','group3').as('g3').
addV('folder').property('folderId','folder1').as('f1').
addE('member_of').from('u1').to('g1').
addE('member_of').from('u2').to('g2').
addE('member_of').from('u3').to('g3').
addE('member_of').from('g3').to('g1').
addE('has_permission').from('g1').to('f1').
addE('has_permission').from('u2').to('f1').iterate()
A general solution to your problem:
g.V().has('user','userId',<userId>).
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId',<folderId>)).hasNext()
Traversal executed on the sample graph:
gremlin> g.V().has('user','userId','user1').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user2').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(out('has_permission').has('folder','folderId','folder1')).hasNext()
==>true
Thanks Daniel. just to complicate the above query to check whether user have given permission or not. below is the answer for any one like me looking for
gremlin> g.V().has('user','userId','user3').
emit().
until(__.not(outE('member_of'))).
repeat(out('member_of')).
filter(outE('has_permission').has('permission','V').inV().has('folder','folderId','folder1')).hasNext()
==>true
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.