From b072fb4fc34e926beb952439434623694d843a91 Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Wed, 10 Mar 2021 18:50:02 +0800 Subject: [PATCH] auth fix: schema operations should rely on specific required-permission Change-Id: Iaa138ec23e779b4d2ca87a3bf46732bbfaa3bc1b --- .../com/baidu/hugegraph/api/schema/EdgeLabelAPI.java | 10 +++++----- .../com/baidu/hugegraph/api/schema/IndexLabelAPI.java | 8 ++++---- .../com/baidu/hugegraph/api/schema/PropertyKeyAPI.java | 10 +++++----- .../com/baidu/hugegraph/api/schema/VertexLabelAPI.java | 10 +++++----- 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java index 7b6b24e937..e7e8880725 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/EdgeLabelAPI.java @@ -67,7 +67,7 @@ public class EdgeLabelAPI extends API { @Status(Status.CREATED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=edge_label_write"}) public String create(@Context GraphManager manager, @PathParam("graph") String graph, JsonEdgeLabel jsonEdgeLabel) { @@ -85,7 +85,7 @@ public String create(@Context GraphManager manager, @Path("{name}") @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=edge_label_write"}) public String update(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name, @@ -110,7 +110,7 @@ public String update(@Context GraphManager manager, @GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=edge_label_read"}) public String list(@Context GraphManager manager, @PathParam("graph") String graph, @QueryParam("names") List names) { @@ -138,7 +138,7 @@ public String list(@Context GraphManager manager, @Timed @Path("{name}") @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=edge_label_read"}) public String get(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { @@ -155,7 +155,7 @@ public String get(@Context GraphManager manager, @Status(Status.ACCEPTED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"}) + @RolesAllowed({"admin", "$owner=$graph $action=edge_label_delete"}) public Map delete(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java index defd3d1014..356eded30d 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/IndexLabelAPI.java @@ -68,7 +68,7 @@ public class IndexLabelAPI extends API { @Status(Status.ACCEPTED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=index_label_write"}) public String create(@Context GraphManager manager, @PathParam("graph") String graph, JsonIndexLabel jsonIndexLabel) { @@ -110,7 +110,7 @@ public String update(@Context GraphManager manager, @GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=index_label_read"}) public String list(@Context GraphManager manager, @PathParam("graph") String graph, @QueryParam("names") List names) { @@ -138,7 +138,7 @@ public String list(@Context GraphManager manager, @Timed @Path("{name}") @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=index_label_read"}) public String get(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { @@ -155,7 +155,7 @@ public String get(@Context GraphManager manager, @Status(Status.ACCEPTED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"}) + @RolesAllowed({"admin", "$owner=$graph $action=index_label_delete"}) public Map delete(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java index a4a91524d9..339de6696d 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/PropertyKeyAPI.java @@ -67,7 +67,7 @@ public class PropertyKeyAPI extends API { @Status(Status.CREATED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=property_key_write"}) public String create(@Context GraphManager manager, @PathParam("graph") String graph, JsonPropertyKey jsonPropertyKey) { @@ -86,7 +86,7 @@ public String create(@Context GraphManager manager, @Path("{name}") @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=property_key_write"}) public String update(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name, @@ -112,7 +112,7 @@ public String update(@Context GraphManager manager, @GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=property_key_read"}) public String list(@Context GraphManager manager, @PathParam("graph") String graph, @QueryParam("names") List names) { @@ -140,7 +140,7 @@ public String list(@Context GraphManager manager, @Timed @Path("{name}") @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=property_key_read"}) public String get(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { @@ -155,7 +155,7 @@ public String get(@Context GraphManager manager, @Timed @Path("{name}") @Consumes(APPLICATION_JSON) - @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"}) + @RolesAllowed({"admin", "$owner=$graph $action=property_key_delete"}) public void delete(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java index b2233ac0ce..38e3ecf099 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/api/schema/VertexLabelAPI.java @@ -67,7 +67,7 @@ public class VertexLabelAPI extends API { @Status(Status.CREATED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_write"}) public String create(@Context GraphManager manager, @PathParam("graph") String graph, JsonVertexLabel jsonVertexLabel) { @@ -86,7 +86,7 @@ public String create(@Context GraphManager manager, @Path("{name}") @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_write"}) + @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_write"}) public String update(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name, @@ -113,7 +113,7 @@ public String update(@Context GraphManager manager, @GET @Timed @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_read"}) public String list(@Context GraphManager manager, @PathParam("graph") String graph, @QueryParam("names") List names) { @@ -141,7 +141,7 @@ public String list(@Context GraphManager manager, @Timed @Path("{name}") @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_read"}) + @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_read"}) public String get(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) { @@ -158,7 +158,7 @@ public String get(@Context GraphManager manager, @Status(Status.ACCEPTED) @Consumes(APPLICATION_JSON) @Produces(APPLICATION_JSON_WITH_CHARSET) - @RolesAllowed({"admin", "$owner=$graph $action=schema_delete"}) + @RolesAllowed({"admin", "$owner=$graph $action=vertex_label_delete"}) public Map delete(@Context GraphManager manager, @PathParam("graph") String graph, @PathParam("name") String name) {