Fix insert tagless vertex with BASIC role (vesoft-inc#2120)

yixinglu · Jan 5, 2023 · cdc2ca5 · cdc2ca5
1 parent 86dc300
commit cdc2ca5
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/src/graph/validator/MutateValidator.cpp b/src/graph/validator/MutateValidator.cpp
@@ -50,6 +50,9 @@ Status InsertVerticesValidator::check() {
   if (!FLAGS_graph_use_vertex_key && tagItems.empty()) {
     return Status::SemanticError("Insert vertex is forbidden, please specify the tag");
   }
+  if (SchemaUtil::isBasicRole(qctx_) && tagItems.empty()) {
+    return Status::PermissionError("The BASIC role is not allowed to insert tagless vertex.");
+  }
 
   schemas_.reserve(tagItems.size());
   for (auto &item : tagItems) {

diff --git a/tests/admin/test_user_privilege.py b/tests/admin/test_user_privilege.py
@@ -765,6 +765,12 @@ def test_user_privilege(self):
         resp = self.testDmlPriClient.execute(query)
         self.check_error_msg(resp, "PermissionError: The BASIC role is not allowed to use delete vertex statement.")
 
+        query = 'INSERT vertex VALUES "vid":()'
+        resp = self.testDmlPriClient.execute(query)
+        # Behavior when FLAGS_graph_use_vertex_key enabled
+        # self.check_error_msg(resp, "PermissionError: The BASIC role is not allowed to insert tagless vertex.")
+        self.check_error_msg(resp, "SemanticError: Insert vertex is forbidden, please specify the tag")
+
         query = 'DELETE tag A,B FROM "vid"'
         resp = self.testDmlPriClient.execute(query)
         self.check_error_msg(resp, "PermissionError: Tag `A' is not writable.")