Hi all,
In the graph implementation I'm working on, we are interested in knowing
the type of operations like read, write, delete performed during the query
execution so that we can apply authorization logic to allow users to run
only a few types of queries. As of today, there is no straightforward way
to check whether a certain step performs only read or write or delete or
any combinations of these three. Only way to check if a step is capable of
mutation is to see if it implements the Mutating interface or bot. We
cannot distinguish whether the mutating is a write operation or delete
operation or both. To achieve this I propose marker interfaces Writing and
Deleting to identify the respective step capabilities.
Another observation is We are using Bytecode instructions to infer
operation types and they are not very helpful in identifying the operation
type(read, write, delete) as there is no mapping between operation name and
its corresponding Tinkerpop Step. Recent mergeE, mergeV steps slipped past
the checks we added for authorization. By maintaining a map of the
operation name and its corresponding Tinkerpop Step if it exists, helps
maintain a strict relationship between Bytecode operation and its
corresponding Tinkerpop step. Combining these 2 changes will make it easy
to infer the type of operation performed by the query and easy to apply
authorization and authorization works out of the box for newly added steps
as well.
If there are no objections, I'll proceed with these changes and offer a
pull request for review. If time permits, i would like to include this
change in Tinkerpop version 3.6.3
--
Thanks & Regards,
Sai Phanindhra
