Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improving ACL #3124

Merged
merged 12 commits into from
Mar 13, 2019
Merged

Improving ACL #3124

merged 12 commits into from
Mar 13, 2019

Conversation

gitlw
Copy link

@gitlw gitlw commented Mar 11, 2019

  • Since both the user ids and group ids are stored under the dgraph.xid predicate, after adding a user named "alice", querying for group using the string "alice" gave "alice" as a group, which was wrong. This PR adds a type to distinguish a user id from a group id.
  • After modifying a user's group list, or changing a group's ACLs, we only showed the update was successful. This PR echos the user or group's info back the user by reading from Dgraph after the update.

This change is Reviewable

ee/acl/acl.go Outdated Show resolved Hide resolved
Copy link
Contributor

@manishrjain manishrjain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 4 files at r1, 1 of 1 files at r2.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @gitlw and @srfrog)


ee/acl/acl.go, line 239 at r2 (raw file):

}

func isFlagPassed(f *pflag.FlagSet, name string) bool {

avoid checking for this.


ee/acl/lib/acl_lib.go, line 17 at r2 (raw file):

import "github.com/dgraph-io/dgo/protos/api"

func GetCreateUserNQuads(userId string, password string) []*api.NQuad {

Just move it to some file within the acl package. No need for a new pkg.

CreateUserNQuads(...)

Copy link
Contributor

@srfrog srfrog left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 4 files reviewed, 7 unresolved discussions (waiting on @gitlw, @manishrjain, and @srfrog)


edgraph/access_ee.go, line 372 at r3 (raw file):

		// Insert Groot.
		createUserNQuads := acl.CreateUserNQuads(x.GrootId, "password")

Should we use a random password value instead? it looks like it's setting the default password to "password"


ee/acl/acl.go, line 387 at r3 (raw file):

	}
	fmt.Printf("Successfully modified groups for user %v.\n", userId)
	fmt.Println("The latest info is:")

move this Println into queryAndPrint() ?


ee/acl/acl.go, line 484 at r3 (raw file):

	fmt.Printf("Successfully changed permission for group %v on predicate %v to %v\n",
		groupId, predicate, perm)
	fmt.Println("The latest info is:")

same


ee/acl/utils.go, line 220 at r3 (raw file):

			Subject:     "_:newuser",
			Predicate:   "dgraph.password",
			ObjectValue: &api.Value{Val: &api.Value_StrVal{StrVal: password}},

how about api.Value_PasswordVal{} for password?

Copy link
Author

@gitlw gitlw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 5 files reviewed, 7 unresolved discussions (waiting on @golangcibot, @manishrjain, and @srfrog)


edgraph/access_ee.go, line 372 at r3 (raw file):

Previously, srfrog (Gus) wrote…

Should we use a random password value instead? it looks like it's setting the default password to "password"

Yes we intentionally set the default password to be well known, so that operators can use it for doing the password reset operation for groot.


ee/acl/acl.go, line 413 at r1 (raw file):

Previously, golangcibot (Bot from GolangCI) wrote…

line is 101 characters (from lll)

Done.


ee/acl/acl.go, line 239 at r2 (raw file):

Previously, manishrjain (Manish R Jain) wrote…

avoid checking for this.

Done.


ee/acl/acl.go, line 387 at r3 (raw file):

Previously, srfrog (Gus) wrote…

move this Println into queryAndPrint() ?

The queryAndPrintUser function is also used by the info subcommand, for which I feel it's unnecessary to say "the latest info is".


ee/acl/acl.go, line 484 at r3 (raw file):

Previously, srfrog (Gus) wrote…

same

ditto


ee/acl/utils.go, line 220 at r3 (raw file):

Previously, srfrog (Gus) wrote…

how about api.Value_PasswordVal{} for password?

If I understand correctly, Value_PasswordVal is for the value that has already been hashed. Here I'm providing the plaintext password before hashing.


ee/acl/lib/acl_lib.go, line 17 at r2 (raw file):

Previously, manishrjain (Manish R Jain) wrote…

Just move it to some file within the acl package. No need for a new pkg.

CreateUserNQuads(...)

Done.

Copy link
Contributor

@manishrjain manishrjain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm_strong: Add 10s timeout for all contexts. Also, another comment.

Reviewable status: 0 of 5 files reviewed, 7 unresolved discussions (waiting on @gitlw, @golangcibot, @manishrjain, and @srfrog)


ee/acl/run_ee.go, line 120 at r4 (raw file):

	modFlags := cmdMod.Cmd.Flags()
	modFlags.StringP("user", "u", "", "The user id to be changed")
	modFlags.BoolP("new_password", "", false, "Whether to reset password for the user")

shorthand -n


ee/acl/run_ee.go, line 236 at r4 (raw file):

	}

	ctx := context.Background()

ctx := context.WithTimeout(, 10*time.Second)

Copy link
Contributor

@manishrjain manishrjain left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:lgtm:

Reviewable status: 0 of 5 files reviewed, 7 unresolved discussions (waiting on @gitlw, @golangcibot, @manishrjain, and @srfrog)

@gitlw gitlw merged commit 110ffa3 into master Mar 13, 2019
@gitlw gitlw deleted the gitlw/distinguish_xid branch April 4, 2019 23:44
dna2github pushed a commit to dna2fork/dgraph that referenced this pull request Jul 19, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants