auth fix: schema operations should rely on specific required-permissi…

…on (#1387) Change-Id: Iaa138ec23e779b4d2ca87a3bf46732bbfaa3bc1b
apache · Mar 11, 2021 · 5d48a93 · 5d48a93
1 parent 17ac195
commit 5d48a93
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 19 deletions.
diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java
@@ -67,7 +67,7 @@ public class EdgeLabelAPI extends API {
     @Status(Status.CREATED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=edge_label_write"})
     public String create(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          JsonEdgeLabel jsonEdgeLabel) {
@@ -85,7 +85,7 @@ public String create(@Context GraphManager manager,
     @Path("{name}")
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=edge_label_write"})
     public String update(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          @PathParam("name") String name,
@@ -110,7 +110,7 @@ public String update(@Context GraphManager manager,
     @GET
     @Timed
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=edge_label_read"})
     public String list(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @QueryParam("names") List<String> names) {
@@ -138,7 +138,7 @@ public String list(@Context GraphManager manager,
     @Timed
     @Path("{name}")
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=edge_label_read"})
     public String get(@Context GraphManager manager,
                       @PathParam("graph") String graph,
                       @PathParam("name") String name) {
@@ -155,7 +155,7 @@ public String get(@Context GraphManager manager,
     @Status(Status.ACCEPTED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"})
+    @RolesAllowed({"admin", "$owner=$graph $action=edge_label_delete"})
     public Map<String, Id> delete(@Context GraphManager manager,
                                   @PathParam("graph") String graph,
                                   @PathParam("name") String name) {

diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java
@@ -68,7 +68,7 @@ public class IndexLabelAPI extends API {
     @Status(Status.ACCEPTED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=index_label_write"})
     public String create(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          JsonIndexLabel jsonIndexLabel) {
@@ -110,7 +110,7 @@ public String update(@Context GraphManager manager,
     @GET
     @Timed
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=index_label_read"})
     public String list(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @QueryParam("names") List<String> names) {
@@ -138,7 +138,7 @@ public String list(@Context GraphManager manager,
     @Timed
     @Path("{name}")
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=index_label_read"})
     public String get(@Context GraphManager manager,
                       @PathParam("graph") String graph,
                       @PathParam("name") String name) {
@@ -155,7 +155,7 @@ public String get(@Context GraphManager manager,
     @Status(Status.ACCEPTED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"})
+    @RolesAllowed({"admin", "$owner=$graph $action=index_label_delete"})
     public Map<String, Id> delete(@Context GraphManager manager,
                                   @PathParam("graph") String graph,
                                   @PathParam("name") String name) {

diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java
@@ -67,7 +67,7 @@ public class PropertyKeyAPI extends API {
     @Status(Status.CREATED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=property_key_write"})
     public String create(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          JsonPropertyKey jsonPropertyKey) {
@@ -86,7 +86,7 @@ public String create(@Context GraphManager manager,
     @Path("{name}")
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=property_key_write"})
     public String update(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          @PathParam("name") String name,
@@ -112,7 +112,7 @@ public String update(@Context GraphManager manager,
     @GET
     @Timed
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=property_key_read"})
     public String list(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @QueryParam("names") List<String> names) {
@@ -140,7 +140,7 @@ public String list(@Context GraphManager manager,
     @Timed
     @Path("{name}")
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=property_key_read"})
     public String get(@Context GraphManager manager,
                       @PathParam("graph") String graph,
                       @PathParam("name") String name) {
@@ -155,7 +155,7 @@ public String get(@Context GraphManager manager,
     @Timed
     @Path("{name}")
     @Consumes(APPLICATION_JSON)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"})
+    @RolesAllowed({"admin", "$owner=$graph $action=property_key_delete"})
     public void delete(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @PathParam("name") String name) {

diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java
@@ -67,7 +67,7 @@ public class VertexLabelAPI extends API {
     @Status(Status.CREATED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_write"})
     public String create(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          JsonVertexLabel jsonVertexLabel) {
@@ -86,7 +86,7 @@ public String create(@Context GraphManager manager,
     @Path("{name}")
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_write"})
+    @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_write"})
     public String update(@Context GraphManager manager,
                          @PathParam("graph") String graph,
                          @PathParam("name") String name,
@@ -113,7 +113,7 @@ public String update(@Context GraphManager manager,
     @GET
     @Timed
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_read"})
     public String list(@Context GraphManager manager,
                        @PathParam("graph") String graph,
                        @QueryParam("names") List<String> names) {
@@ -141,7 +141,7 @@ public String list(@Context GraphManager manager,
     @Timed
     @Path("{name}")
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_read"})
+    @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_read"})
     public String get(@Context GraphManager manager,
                       @PathParam("graph") String graph,
                       @PathParam("name") String name) {
@@ -158,7 +158,7 @@ public String get(@Context GraphManager manager,
     @Status(Status.ACCEPTED)
     @Consumes(APPLICATION_JSON)
     @Produces(APPLICATION_JSON_WITH_CHARSET)
-    @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"})
+    @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_delete"})
     public Map<String, Id> delete(@Context GraphManager manager,
                                   @PathParam("graph") String graph,
                                   @PathParam("name") String name) {