Hi Tim,
took a bit to make your sample working. You need to provide the _key
attributes so the graph is consistent:
graph_module=require("@arangodb/general-graph")
ea = graph_module._relation("tenant_member","user","tenant")
eb= graph_module._relation("user_group","user","group")
ec= graph_module._relation("group_perm","group","permission")
ed=graph_module._relation("perm_obj","permission","object")
var edgeDefinitions = graph_module._edgeDefinitions();
graph_module._extendEdgeDefinitions(edgeDefinitions, ea)
graph_module._extendEdgeDefinitions(edgeDefinitions, eb)
graph_module._extendEdgeDefinitions(edgeDefinitions, ec)
graph_module._extendEdgeDefinitions(edgeDefinitions, ed)
var graph = graph_module._create("rbac", edgeDefinitions);
graph.tenant.save({_key: "143066661", id:"a",name:"test"})
graph.user.save({_key: "147392037", id:"au",name:"alpha"})
graph.user.save({_key: "148047397", id:"zu",name:"zulu"})
graph.group.save({_key: "147392037", id:"ga",name:"admins"})
graph.group.save({_key: "150930981", id:"gu",name:"users"})
graph.permission.save({_key: "153617957", id:"all",name:"everything"})
graph.permission.save({_key: "154273317", id:"zip",name:"nothing"})
graph.object.save({_key: "156829221", id:"big",name:"BIG"})
graph.object.save({_key: "157484581", id:"small",name:"small"})
graph.tenant_member.save("user/147392037","tenant/143066661",{type:"x"})
graph.tenant_member.save("user/148047397","tenant/143066661",{type:"x"})
graph.user_group.save("user/147392037","group/150734373",{type:"x"})
graph.user_group.save("user/148047397","group/150930981",{type:"x"})
graph.group_perm.save("group/150734373","permission/153617957",{type:"x"})
graph.group_perm.save("group/150930981","permission/154273317",{type:"x"})
graph.perm_obj.save("permission/153617957","object/156829221",{type:"x"})
graph.perm_obj.save("permission/153617957","object/157484581",{type:"x"})
graph.perm_obj.save("permission/154273317","object/157484581",{type:"x"})
What about filtering for all paths that contain a name attribute 'alpha'
in one their vertices?
db._query("FOR v,e,p IN 1..4 ANY 'object/157484581' graph 'rbac' FILTER
'alpha' IN p.vertices[*].name return p ").toArray()
This gives me two paths matching that criteria.
Is that what you were hoping for?
Cheers,
Willi
On Thursday, June 9, 2016 at 8:56:02 AM UTC+2, Tim Smith wrote:
>
> Hi,
>
> I am trying to set up a basic RBAC authentication system as follows :
>
> Tenant test with two users Alpha and Zulu
> User Alpha is member of group admins
> User Zulu is member of group users
> Group Admins has permissions everything
> Group Users has permissions nothing
> Permissions everything is assigned to objects BIG and small
> Permissions nothing is assigned to object small
>
> The problem I am having is that I cannot figure out the correct syntax to
> verify multiple parameters, i.e. give Object X, I want to ask the question
> "can user 'Zulu' access it and does user Zulu have 'everything' permissions
> on the object".
>
> You should also note that users can be members of multiple groups and
> groups can have multiple permissions, so position of anything in the tree
> is not guaranteed ! This is another problem for me because the arrangoDB
> docs all give examples like p.vertices[2].x or p.vertices[0].x , but no
> examples are given when you don't know the vertex position, and
> p.vertices.x doesn't seem to work as syntax !
>
> So far, I've got a basic query that looks like
>
> db._query("FOR v,e,p IN 1..4 ANY 'object/157484581' graph 'rbac' filter
> v.name=='alpha' return p")
>
> But adding extra filters just returns no results, even if I know the
> permissions are in the tree. What syntax should I be using ?
>
> My the commands used to setup my tree:
>
> ea = graph_module._relation("tenant_member","user","tenant")
> eb= graph_module._relation("user_group","user","group")
> ec= graph_module._relation("group_perm","group","permission")
> ed=graph_module._relation("perm_obj","permission","object")
> var edgeDefinitions = graph_module._edgeDefinitions();
> graph_module._extendEdgeDefinitions(edgeDefinitions, ea)
> graph_module._extendEdgeDefinitions(edgeDefinitions, eb)
> graph_module._extendEdgeDefinitions(edgeDefinitions, ec)
> graph_module._extendEdgeDefinitions(edgeDefinitions, ed)
> var graph = graph_module._graph("rbac")
> graph.tenant.save({id:"a",name:"test"})
> graph.user.save({id:"au",name:"alpha"})
> graph.user.save({id:"zu",name:"zulu"})
> graph.group.save({id:"ga",name:"admins"})
> graph.group.save({id:"gu",name:"users"})
> graph.permission.save({id:"all",name:"everything"})
> graph.permission.save({id:"zip",name:"nothing"})
> graph.object.save({id:"big",name:"BIG"})
> graph.object.save({id:"small",name:"small"})
> graph.tenant_member.save("user/147392037","tenant/143066661",{type:"x"})
> graph.tenant_member.save("user/148047397","tenant/143066661",{type:"x"})
> graph.user_group.save("user/147392037","group/150734373",{type:"x"})
> graph.user_group.save("user/148047397","group/150930981",{type:"x"})
> graph.group_perm.save("group/150734373","permission/153617957",{type:"x"})
> graph.group_perm.save("group/150930981","permission/154273317",{type:"x"})
> graph.perm_obj.save("permission/153617957","object/156829221",{type:"x"})
> graph.perm_obj.save("permission/153617957","object/157484581",{type:"x"})
> graph.perm_obj.save("permission/154273317","object/157484581",{type:"x"})
>
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"ArangoDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
