From 355385563636779655a70132eb9662fddd584d27 Mon Sep 17 00:00:00 2001 From: Naman Jain Date: Thu, 12 Aug 2021 11:41:47 +0530 Subject: [PATCH] fix(acl): filter out the results based on type (#7978) We store the groupId and userId in a predicate named dgraph.xid.There was a subtle bug where if a we create the group with same name as that of a user, then the user is not able to log in. This happens because we were not applying a filter by type. This PR fixes that. --- edgraph/access_ee.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/edgraph/access_ee.go b/edgraph/access_ee.go index 3c916227428..335496fa96d 100644 --- a/edgraph/access_ee.go +++ b/edgraph/access_ee.go @@ -277,7 +277,7 @@ func getRefreshJwt(userId string, namespace uint64) (string, error) { const queryUser = ` query search($userid: string, $password: string){ - user(func: eq(dgraph.xid, $userid)) { + user(func: eq(dgraph.xid, $userid)) @filter(type(dgraph.type.User)) { uid dgraph.xid password_match: checkpwd(dgraph.password, $password) @@ -465,7 +465,7 @@ func upsertGuardianAndGroot(closer *z.Closer, ns uint64) { func upsertGuardian(ctx context.Context) error { query := fmt.Sprintf(` { - guid as guardians(func: eq(dgraph.xid, "%s")){ + guid as guardians(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group)) { uid } } @@ -535,10 +535,10 @@ func upsertGroot(ctx context.Context, passwd string) error { // groot is the default user of guardians group. query := fmt.Sprintf(` { - grootid as grootUser(func: eq(dgraph.xid, "%s")){ + grootid as grootUser(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.User)) { uid } - guid as var(func: eq(dgraph.xid, "%s")) + guid as var(func: eq(dgraph.xid, "%s")) @filter(type(dgraph.type.Group)) } `, x.GrootId, x.GuardiansId) userNQuads := acl.CreateUserNQuads(x.GrootId, passwd)