Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(acl): allow access to all the predicates using wildcard (#7991) #7993

Merged
merged 2 commits into from
Aug 19, 2021
Merged

feat(acl): allow access to all the predicates using wildcard (#7991) #7993

merged 2 commits into from
Aug 19, 2021

Conversation

NamanJain8
Copy link
Contributor

@NamanJain8 NamanJain8 commented Aug 19, 2021
edited by manishrjain
Loading

Contains 2 cherry picks:

This change is Reviewable

@NamanJain8
feat(acl): allow access to all the predicates using wildcard (#7991)
4f51307 
There are usecases that need read/write/modify permissions over all the predicates of the namespace. It is quite tedious to manage the permissions every time a new predicate is created.
This PR adds a feature to allow a group, access to all the predicates in the namespace using wildcard dgraph.all.

This example provides to dev group, read+write access to all the predicates

mutation {
  updateGroup(
    input: {
      filter: { name: { eq: "dev" } }
      set: { rules: [{ predicate: "dgraph.all", permission: 6 }] }
    }
  ) {
    group {
      name
      rules {
        permission
        predicate
      }
    }
  }
}

NOTE: The permission to a predicate for a group (say dev) is a union of permissions from dgraph.all and the permissions to specific predicate (say name). So suppose dgraph.all is given READ permission, while predicate name is given WRITE permission. Then the group will have both READ and WRITE permission.
(cherry picked from commit 3504044)
@NamanJain8
fix(acl): subscribe for the correct predicates (#7992)
fdbc95e 
We were subscribing to the wrong predicates. Hence the ACL cache was not getting updated.

(cherry picked from commit 1b75c01)
@github-actions github-actions bot added the area/enterprise Related to proprietary features label Aug 19, 2021
@NamanJain8 NamanJain8 merged commit e87694d into release/v21.03 Aug 19, 2021
@NamanJain8 NamanJain8 deleted the naman/cp/acl_all_preds branch August 19, 2021 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahsanbarkati ahsanbarkati ahsanbarkati approved these changes

@manishrjain manishrjain Awaiting requested review from manishrjain

Assignees
No one assigned
Labels
area/enterprise Related to proprietary features
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@NamanJain8 @ahsanbarkati