From 485e0a45def61701d3766b25b488a7adb5f1b12f Mon Sep 17 00:00:00 2001
From: Zhangmei Li <lizhangmei@baidu.com>
Date: Tue, 9 Mar 2021 00:34:51 +0800
Subject: [PATCH] auth fix: don't ignore permission exception in parseEntry()

Change-Id: I115127904df3e4d3a18ded6b4638bdbde87bd2a5
---
 .../main/java/com/baidu/hugegraph/api/job/GremlinAPI.java | 2 +-
 .../com/baidu/hugegraph/backend/tx/GraphTransaction.java  | 8 ++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java
index ae3cf17898..8c5afe12c9 100644
--- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java
+++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java
@@ -73,7 +73,7 @@ public class GremlinAPI extends API {
     @Status(Status.CREATED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=gremlin_job_execute"})
+    @RolesAllowed({"admin", "$owner=$graph $action=gremlin_execute"})
     public Map<String, Id> post(@Context GraphManager manager,
                                 @PathParam("graph") String graph,
                                 GremlinRequest request) {
diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java
index 895e5f70b4..6d3f8de109 100644
--- a/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java
+++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java
@@ -32,6 +32,8 @@
 import java.util.function.Consumer;
 import java.util.function.Function;
 
+import javax.ws.rs.ForbiddenException;
+
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.tinkerpop.gremlin.structure.Edge;
 import org.apache.tinkerpop.gremlin.structure.Element;
@@ -1815,6 +1817,12 @@ private HugeVertex parseEntry(BackendEntry entry) {
             HugeVertex vertex = this.serializer.readVertex(graph(), entry);
             assert vertex != null;
             return vertex;
+        } catch (ForbiddenException | SecurityException e) {
+            /*
+             * Can't ignore permission exception here, otherwise users will
+             * be confused to treat as the record does not exist.
+             */
+            throw e;
         } catch (Throwable e) {
             LOG.error("Failed to parse entry: {}", entry, e);
             if (this.ignoreInvalidEntry) {