Hi,
I am trying to set up a basic RBAC authentication system as follows :
Tenant test with two users Alpha and Zulu
User Alpha is member of group admins
User Zulu is member of group users
Group Admins has permissions everything
Group Users has permissions nothing
Permissions everything is assigned to objects BIG and small
Permissions nothing is assigned to object small
The problem I am having is that I cannot figure out the correct syntax to
verify multiple parameters, i.e. give Object X, I want to ask the question
"can user 'Zulu' access it and does user Zulu have 'everything' permissions
on the object".
You should also note that users can be members of multiple groups and
groups can have multiple permissions, so position of anything in the tree
is not guaranteed ! This is another problem for me because the arrangoDB
docs all give examples like p.vertices[2].x or p.vertices[0].x , but no
examples are given when you don't know the vertex position, and
p.vertices.x doesn't seem to work as syntax !
So far, I've got a basic query that looks like
db._query("FOR v,e,p IN 1..4 ANY 'object/157484581' graph 'rbac' filter
v.name=='alpha' return p")
But adding extra filters just returns no results, even if I know the
permissions are in the tree. What syntax should I be using ?
My the commands used to setup my tree:
ea = graph_module._relation("tenant_member","user","tenant")
eb= graph_module._relation("user_group","user","group")
ec= graph_module._relation("group_perm","group","permission")
ed=graph_module._relation("perm_obj","permission","object")
var edgeDefinitions = graph_module._edgeDefinitions();
graph_module._extendEdgeDefinitions(edgeDefinitions, ea)
graph_module._extendEdgeDefinitions(edgeDefinitions, eb)
graph_module._extendEdgeDefinitions(edgeDefinitions, ec)
graph_module._extendEdgeDefinitions(edgeDefinitions, ed)
var graph = graph_module._graph("rbac")
graph.tenant.save({id:"a",name:"test"})
graph.user.save({id:"au",name:"alpha"})
graph.user.save({id:"zu",name:"zulu"})
graph.group.save({id:"ga",name:"admins"})
graph.group.save({id:"gu",name:"users"})
graph.permission.save({id:"all",name:"everything"})
graph.permission.save({id:"zip",name:"nothing"})
graph.object.save({id:"big",name:"BIG"})
graph.object.save({id:"small",name:"small"})
graph.tenant_member.save("user/147392037","tenant/143066661",{type:"x"})
graph.tenant_member.save("user/148047397","tenant/143066661",{type:"x"})
graph.user_group.save("user/147392037","group/150734373",{type:"x"})
graph.user_group.save("user/148047397","group/150930981",{type:"x"})
graph.group_perm.save("group/150734373","permission/153617957",{type:"x"})
graph.group_perm.save("group/150930981","permission/154273317",{type:"x"})
graph.perm_obj.save("permission/153617957","object/156829221",{type:"x"})
graph.perm_obj.save("permission/153617957","object/157484581",{type:"x"})
graph.perm_obj.save("permission/154273317","object/157484581",{type:"x"})
--
You received this message because you are subscribed to the Google Groups
"ArangoDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
