From 8bda4519a5f7df3422ab0c870379103b44fdd0fb Mon Sep 17 00:00:00 2001 From: Jermy Li Date: Tue, 9 Mar 2021 15:08:53 +0800 Subject: [PATCH] auth fix: don't ignore permission exception in parseEntry() (#1380) Change-Id: I115127904df3e4d3a18ded6b4638bdbde87bd2a5 --- .../main/java/com/baidu/hugegraph/api/job/GremlinAPI.java | 2 +- .../com/baidu/hugegraph/backend/tx/GraphTransaction.java | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java index ae3cf17898..8c5afe12c9 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/job/GremlinAPI.java @@ -73,7 +73,7 @@ public class GremlinAPI extends API { @Status(Status.CREATED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=gremlin_job_execute"}) + @RolesAllowed({"admin", "$owner=$graph $action=gremlin_execute"}) public Map post(@Context GraphManager manager, @PathParam("graph") String graph, GremlinRequest request) { diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java index 895e5f70b4..6d3f8de109 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/backend/tx/GraphTransaction.java @@ -32,6 +32,8 @@ import java.util.function.Consumer; import java.util.function.Function; +import javax.ws.rs.ForbiddenException; + import org.apache.commons.collections.CollectionUtils; import org.apache.tinkerpop.gremlin.structure.Edge; import org.apache.tinkerpop.gremlin.structure.Element; @@ -1815,6 +1817,12 @@ private HugeVertex parseEntry(BackendEntry entry) { HugeVertex vertex = this.serializer.readVertex(graph(), entry); assert vertex != null; return vertex; + } catch (ForbiddenException | SecurityException e) { + /* + * Can't ignore permission exception here, otherwise users will + * be confused to treat as the record does not exist. + */ + throw e; } catch (Throwable e) { LOG.error("Failed to parse entry: {}", entry, e); if (this.ignoreInvalidEntry) {