From 0765a9c8cea43aaa0cbdfa68c041d2de295cb8c5 Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Sat, 20 Feb 2021 12:35:27 +0800 Subject: [PATCH 1/6] let NONE allowed by any permission Change-Id: Iabcac3c931a977cca8ef911615152c09c517bee9 --- .../hugegraph/auth/HugeAuthenticator.java | 6 +++++ .../baidu/hugegraph/auth/ResourceType.java | 25 ++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java index 8ff5e791f5..8fe4b281f4 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java @@ -455,6 +455,12 @@ private void parseAction(String action) { } public static String roleFor(String owner, HugePermission perm) { + /* + * construct required permission such as: + * $owner=graph1 $action=read (means require read one any resource) + * maybe also support: + * $owner=graph1 $action=vertex_read + */ return String.format("%s=%s %s=%s", KEY_OWNER, owner, KEY_ACTION, perm.string()); } diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java index 45262bb16d..e8c4e64f7e 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java @@ -63,12 +63,29 @@ public enum ResourceType { ROOT; - public boolean match(ResourceType type) { - if (this == type || this == ROOT || - (this == ALL && type.ordinal() <= ALL.ordinal())) { + public boolean match(ResourceType required) { + if (this == required) { return true; } - return this == type; + + switch (this) { + case ROOT: + case ALL: + return this.ordinal() >= required.ordinal(); + default: + break; + } + + switch (required) { + case NONE: + return this != NONE; + case STATUS: + return this.ordinal() >= required.ordinal(); + default: + break; + } + + return false; } public boolean isGraph() { From 6da4b39e1f900046144bb7e9993fee912c9d583d Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Sat, 20 Feb 2021 13:32:33 +0800 Subject: [PATCH 2/6] add ResourceType.SCHEMA which can represent any schema resource just for role permission, not for required permission Change-Id: Iaaa1a08fbabb8b73a58c5934c742553930251b4a --- .../java/com/baidu/hugegraph/auth/HugeResource.java | 7 +++---- .../java/com/baidu/hugegraph/auth/ResourceObject.java | 2 +- .../java/com/baidu/hugegraph/auth/ResourceType.java | 10 +++++++--- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java index 1cec279bc1..9492a30f24 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java @@ -39,7 +39,6 @@ import org.apache.tinkerpop.shaded.jackson.databind.ser.std.StdSerializer; import com.baidu.hugegraph.HugeException; -import com.baidu.hugegraph.auth.ResourceType; import com.baidu.hugegraph.auth.SchemaDefine.UserElement; import com.baidu.hugegraph.structure.HugeElement; import com.baidu.hugegraph.traversal.optimize.TraversalUtil; @@ -108,7 +107,7 @@ public void checkFormat() { } public boolean filter(ResourceObject resourceObject) { - if (this.type == null || this.type == ResourceType.NONE) { + if (this.type == null) { return false; } @@ -121,7 +120,7 @@ public boolean filter(ResourceObject resourceObject) { if (resType.isGraph()) { return this.filter((HugeElement) resourceObject.operated()); } - if (resType.isUsers()) { + if (resType.isAuth()) { return this.filter((UserElement) resourceObject.operated()); } if (resType.isSchema() || CHECK_NAME_RESS.contains(resType)) { @@ -220,7 +219,7 @@ protected boolean contains(HugeResource other) { if (this.equals(other)) { return true; } - if (this.type == null || this.type == ResourceType.NONE) { + if (this.type == null) { return false; } if (!this.type.match(other.type)) { diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceObject.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceObject.java index 90672ccc56..489cd4b6b3 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceObject.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceObject.java @@ -55,7 +55,7 @@ public V operated() { @Override public String toString() { Object operated = this.operated; - if (this.type.isUsers()) { + if (this.type.isAuth()) { operated = ((UserElement) this.operated).idString(); } return String.format("Resource{graph=%s,type=%s,operated=%s}", diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java index e8c4e64f7e..6e507427d6 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java @@ -49,6 +49,8 @@ public enum ResourceType { INDEX_LABEL, // include create/rebuild/delete index + SCHEMA, + META, ALL, @@ -72,6 +74,8 @@ public boolean match(ResourceType required) { case ROOT: case ALL: return this.ordinal() >= required.ordinal(); + case SCHEMA: + return this.isSchema(); default: break; } @@ -98,7 +102,7 @@ public boolean isSchema() { return PROPERTY_KEY.ordinal() <= ord && ord <= INDEX_LABEL.ordinal(); } - public boolean isUsers() { + public boolean isAuth() { int ord = this.ordinal(); return GRANT.ordinal() <= ord && ord <= TARGET.ordinal(); } @@ -107,8 +111,8 @@ public boolean isGrantOrUser() { return this == GRANT && this == USER_GROUP; } - public boolean isAny() { - return this == ALL || this == ROOT; + public boolean isRepresentative() { + return this == ROOT || this == ALL || this == SCHEMA; } public static ResourceType from(HugeType type) { From 39912ef9b74e89dc3f9ca435db64d70af92dde27 Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Sat, 20 Feb 2021 13:37:53 +0800 Subject: [PATCH 3/6] not set STATUS to be represented by other resource since STATUS-read can be represented, but STATUS-write can't be Change-Id: I4803c1cd94a1e3f4fcebb9db29340e8e08e72f3f --- .../src/main/java/com/baidu/hugegraph/auth/ResourceType.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java index 6e507427d6..a0558226aa 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java @@ -83,8 +83,6 @@ public boolean match(ResourceType required) { switch (required) { case NONE: return this != NONE; - case STATUS: - return this.ordinal() >= required.ordinal(); default: break; } From 61b9e74fd7eb75643b85fc5704fba349bb7bc072 Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Sat, 20 Feb 2021 15:35:27 +0800 Subject: [PATCH 4/6] add some test cases Change-Id: I5ce1405d5c9ad57f3c4e739d39a5c370dc89e39c --- .../baidu/hugegraph/auth/HugeResource.java | 1 + .../baidu/hugegraph/auth/ResourceType.java | 20 +-- .../unit/core/RolePermissionTest.java | 145 +++++++++++++++++- 3 files changed, 149 insertions(+), 17 deletions(-) diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java index 9492a30f24..59110b6dbb 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/HugeResource.java @@ -192,6 +192,7 @@ private boolean matchLabel(String other) { if (this.label == null || other == null) { return false; } + // It's ok if wildcard match or regular match if (!this.label.equals(ANY) && !other.matches(this.label)) { return false; } diff --git a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java index a0558226aa..9440dedc60 100644 --- a/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java +++ b/hugegraph-core/src/main/java/com/baidu/hugegraph/auth/ResourceType.java @@ -70,19 +70,19 @@ public boolean match(ResourceType required) { return true; } + switch (required) { + case NONE: + return this != NONE; + default: + break; + } + switch (this) { case ROOT: case ALL: return this.ordinal() >= required.ordinal(); case SCHEMA: - return this.isSchema(); - default: - break; - } - - switch (required) { - case NONE: - return this != NONE; + return required.isSchema(); default: break; } @@ -97,7 +97,7 @@ public boolean isGraph() { public boolean isSchema() { int ord = this.ordinal(); - return PROPERTY_KEY.ordinal() <= ord && ord <= INDEX_LABEL.ordinal(); + return PROPERTY_KEY.ordinal() <= ord && ord <= SCHEMA.ordinal(); } public boolean isAuth() { @@ -106,7 +106,7 @@ public boolean isAuth() { } public boolean isGrantOrUser() { - return this == GRANT && this == USER_GROUP; + return this == GRANT || this == USER_GROUP; } public boolean isRepresentative() { diff --git a/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java b/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java index 3347a439d3..3990b5e2e6 100644 --- a/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java +++ b/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java @@ -134,6 +134,132 @@ public void testContains() { Assert.assertFalse(roleContains(role, r14)); } + @Test + public void testResourceType() { + // ROOT + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.NONE)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.STATUS)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.VERTEX)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.EDGE)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.VERTEX_LABEL)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.META)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.ALL));; + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.GRANT)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.USER_GROUP)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.TARGET)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.METRICS)); + Assert.assertFalse(ResourceType.ALL.match(ResourceType.ROOT)); + + // ALL + Assert.assertTrue(ResourceType.ALL.match(ResourceType.NONE)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.STATUS)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.VERTEX)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.EDGE)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.VERTEX_LABEL)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.META)); + Assert.assertTrue(ResourceType.ALL.match(ResourceType.ALL)); + + Assert.assertFalse(ResourceType.ALL.match(ResourceType.GRANT)); + Assert.assertFalse(ResourceType.ALL.match(ResourceType.USER_GROUP)); + Assert.assertFalse(ResourceType.ALL.match(ResourceType.TARGET)); + Assert.assertFalse(ResourceType.ALL.match(ResourceType.METRICS)); + Assert.assertFalse(ResourceType.ALL.match(ResourceType.ROOT)); + + // SCHEMA + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.NONE)); + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.PROPERTY_KEY)); + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.VERTEX_LABEL)); + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.EDGE_LABEL)); + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.INDEX_LABEL)); + Assert.assertTrue(ResourceType.SCHEMA.match(ResourceType.SCHEMA)); + + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.STATUS)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.VERTEX)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.EDGE)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.VERTEX_AGGR)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.EDGE_AGGR)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.VAR)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.GREMLIN)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.TASK)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.META)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.ALL)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.GRANT)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.USER_GROUP)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.TARGET)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.METRICS)); + Assert.assertFalse(ResourceType.SCHEMA.match(ResourceType.ROOT)); + + // isRepresentative + Assert.assertTrue(ResourceType.ROOT.isRepresentative()); + Assert.assertTrue(ResourceType.ALL.isRepresentative()); + Assert.assertTrue(ResourceType.SCHEMA.isRepresentative()); + + Assert.assertFalse(ResourceType.NONE.isRepresentative()); + Assert.assertFalse(ResourceType.VERTEX.isRepresentative()); + Assert.assertFalse(ResourceType.META.isRepresentative()); + Assert.assertFalse(ResourceType.METRICS.isRepresentative()); + + // isAuth + Assert.assertTrue(ResourceType.GRANT.isAuth()); + Assert.assertTrue(ResourceType.USER_GROUP.isAuth()); + Assert.assertTrue(ResourceType.TARGET.isAuth()); + + Assert.assertFalse(ResourceType.ROOT.isAuth()); + Assert.assertFalse(ResourceType.ALL.isAuth()); + Assert.assertFalse(ResourceType.SCHEMA.isAuth()); + Assert.assertFalse(ResourceType.NONE.isAuth()); + Assert.assertFalse(ResourceType.VERTEX.isAuth()); + Assert.assertFalse(ResourceType.META.isAuth()); + Assert.assertFalse(ResourceType.METRICS.isAuth()); + + // isGrantOrUser + Assert.assertTrue(ResourceType.GRANT.isGrantOrUser()); + Assert.assertTrue(ResourceType.USER_GROUP.isGrantOrUser()); + Assert.assertFalse(ResourceType.TARGET.isGrantOrUser()); + + Assert.assertFalse(ResourceType.ROOT.isGrantOrUser()); + Assert.assertFalse(ResourceType.ALL.isGrantOrUser()); + Assert.assertFalse(ResourceType.SCHEMA.isGrantOrUser()); + Assert.assertFalse(ResourceType.NONE.isGrantOrUser()); + Assert.assertFalse(ResourceType.VERTEX.isGrantOrUser()); + Assert.assertFalse(ResourceType.META.isGrantOrUser()); + Assert.assertFalse(ResourceType.METRICS.isGrantOrUser()); + + // isSchema + Assert.assertTrue(ResourceType.PROPERTY_KEY.isSchema()); + Assert.assertTrue(ResourceType.VERTEX_LABEL.isSchema()); + Assert.assertTrue(ResourceType.EDGE_LABEL.isSchema()); + Assert.assertTrue(ResourceType.INDEX_LABEL.isSchema()); + Assert.assertTrue(ResourceType.SCHEMA.isSchema()); + + Assert.assertFalse(ResourceType.ROOT.isSchema()); + Assert.assertFalse(ResourceType.ALL.isSchema()); + Assert.assertFalse(ResourceType.NONE.isSchema()); + Assert.assertFalse(ResourceType.STATUS.isSchema()); + Assert.assertFalse(ResourceType.VAR.isSchema()); + Assert.assertFalse(ResourceType.GREMLIN.isSchema()); + Assert.assertFalse(ResourceType.TASK.isSchema()); + Assert.assertFalse(ResourceType.META.isSchema()); + Assert.assertFalse(ResourceType.METRICS.isSchema()); + + // isGraph + Assert.assertTrue(ResourceType.VERTEX.isGraph()); + Assert.assertTrue(ResourceType.EDGE.isGraph()); + + Assert.assertFalse(ResourceType.ROOT.isGraph()); + Assert.assertFalse(ResourceType.ALL.isGraph()); + Assert.assertFalse(ResourceType.SCHEMA.isGraph()); + Assert.assertFalse(ResourceType.NONE.isGraph()); + Assert.assertFalse(ResourceType.STATUS.isGraph()); + Assert.assertFalse(ResourceType.VERTEX_AGGR.isGraph()); + Assert.assertFalse(ResourceType.EDGE_AGGR.isGraph()); + Assert.assertFalse(ResourceType.VAR.isGraph()); + Assert.assertFalse(ResourceType.GREMLIN.isGraph()); + Assert.assertFalse(ResourceType.TASK.isGraph()); + Assert.assertFalse(ResourceType.META.isGraph()); + Assert.assertFalse(ResourceType.METRICS.isGraph()); + } + @Test public void testHugeResource() { HugeResource r = new HugeResource(ResourceType.VERTEX, "person", @@ -201,22 +327,25 @@ public void testHugeResourceFilter() { @Test public void testHugeResourceFilterSchema() { HugeResource all = HugeResource.ALL; + HugeResource schema = new HugeResource(ResourceType.SCHEMA, + HugeResource.ANY, null); - // schema - HugeResource vlp = new HugeResource(ResourceType.VERTEX_LABEL, - "p-.*", null); + HugeResource vlPrefix = new HugeResource(ResourceType.VERTEX_LABEL, + "p-.*", null); ResourceObject r3 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("test")); Assert.assertTrue(all.filter(r3)); - Assert.assertFalse(vlp.filter(r3)); + Assert.assertTrue(schema.filter(r3)); + Assert.assertFalse(vlPrefix.filter(r3)); ResourceObject r4 = ResourceObject.of("g1", ResourceType.VERTEX_LABEL, NameObject.of("p-test")); Assert.assertTrue(all.filter(r4)); - Assert.assertTrue(vlp.filter(r4)); + Assert.assertTrue(schema.filter(r4)); + Assert.assertTrue(vlPrefix.filter(r4)); FakeObjects fo = new FakeObjects(); @@ -225,14 +354,16 @@ public void testHugeResourceFilterSchema() { IdGenerator.of("1")); ResourceObject r5 = ResourceObject.of("g1", vl1); Assert.assertTrue(all.filter(r5)); - Assert.assertFalse(vlp.filter(r5)); + Assert.assertTrue(schema.filter(r5)); + Assert.assertFalse(vlPrefix.filter(r5)); VertexLabel vl2 = fo.newVertexLabel(IdGenerator.of("id1"), "p-person", IdStrategy.PRIMARY_KEY, IdGenerator.of("1")); ResourceObject r6 = ResourceObject.of("g1", vl2); Assert.assertTrue(all.filter(r6)); - Assert.assertTrue(vlp.filter(r6)); + Assert.assertTrue(schema.filter(r6)); + Assert.assertTrue(vlPrefix.filter(r6)); } @Test From aa43d996415142d9abacab98b367e8fcd25a1588 Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Sat, 20 Feb 2021 20:36:33 +0800 Subject: [PATCH 5/6] improve comments Change-Id: I0433719bfc9885ee12e264c59212cca214e6e624 --- .../java/com/baidu/hugegraph/auth/HugeAuthenticator.java | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java index 8fe4b281f4..2ed3d8b131 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java @@ -456,8 +456,9 @@ private void parseAction(String action) { public static String roleFor(String owner, HugePermission perm) { /* - * construct required permission such as: - * $owner=graph1 $action=read (means require read one any resource) + * Construct required permission such as: + * $owner=graph1 $action=read + * (means required read permission of any one resource) * maybe also support: * $owner=graph1 $action=vertex_read */ From 227e8999bb5cafd33b256797d236eff02abd504a Mon Sep 17 00:00:00 2001 From: Zhangmei Li Date: Tue, 23 Feb 2021 19:55:00 +0800 Subject: [PATCH 6/6] tiny fix Change-Id: Ib6281cb3dfdc917ecac0c9450f7919e3898f73db --- .../main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java | 3 ++- .../com/baidu/hugegraph/unit/core/RolePermissionTest.java | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java index 2ed3d8b131..3812c192ea 100644 --- a/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java +++ b/hugegraph-api/src/main/java/com/baidu/hugegraph/auth/HugeAuthenticator.java @@ -459,7 +459,8 @@ public static String roleFor(String owner, HugePermission perm) { * Construct required permission such as: * $owner=graph1 $action=read * (means required read permission of any one resource) - * maybe also support: + * + * In the future maybe also support: * $owner=graph1 $action=vertex_read */ return String.format("%s=%s %s=%s", KEY_OWNER, owner, diff --git a/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java b/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java index 3990b5e2e6..7463228ca3 100644 --- a/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java +++ b/hugegraph-test/src/main/java/com/baidu/hugegraph/unit/core/RolePermissionTest.java @@ -143,12 +143,12 @@ public void testResourceType() { Assert.assertTrue(ResourceType.ROOT.match(ResourceType.EDGE)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.VERTEX_LABEL)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.META)); - Assert.assertTrue(ResourceType.ALL.match(ResourceType.ALL));; + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.ALL)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.GRANT)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.USER_GROUP)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.TARGET)); Assert.assertTrue(ResourceType.ROOT.match(ResourceType.METRICS)); - Assert.assertFalse(ResourceType.ALL.match(ResourceType.ROOT)); + Assert.assertTrue(ResourceType.ROOT.match(ResourceType.ROOT)); // ALL Assert.assertTrue(ResourceType.ALL.match(ResourceType.NONE));