Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failing due to unrequired security check in transacted DB (in non-transacted - OK) #8067

Closed
PhantomYdn opened this issue Feb 5, 2018 · 5 comments
Closed

Failing due to unrequired security check in transacted DB (in non-transacted - OK) #8067

PhantomYdn opened this issue Feb 5, 2018 · 5 comments
Assignees
@tglman
Labels
bug

Comments

@PhantomYdn
Copy link
Contributor

PhantomYdn commented Feb 5, 2018
edited
Loading

OrientDB Version: 2.2.30

Java Version: 8

OS: ubuntu

OrientDB require rights where security check is not needed.
There is a class with link to OUser. Suppose you are trying to create a new document of this class and point to some user under 'writer'. For unknown reason: transacted db DO require write rights for OUser disregard that fact that it's just referencing to OUser.

Here is the test. It's using Orienteer tester class for accessing DB, but it's should not be a big problem to rewrite.

@Test
	public void testLinkToOUser() {
		ODatabaseDocument db = wicket.getTester().getDatabase();
		OSchema schema = db.getMetadata().getSchema();
		final OClass classA = schema.createClass("TestLinkToOUser");
		classA.createProperty("name", OType.STRING);
		classA.createProperty("user", OType.LINK).setLinkedClass(schema.getClass("OUser"));

		ORID userRid = new ORecordId("#5:0");
		ODocument doc = new ODocument(classA);

		wicket.getTester().signIn("writer", "writer");
		db = wicket.getTester().getDatabase();
		db.begin(); // If comment this line - everything is fine
		ODocument userDoc = userRid.getRecord();
		userDoc.field("roles"); // It's required to get DirtyManager instantiated with OUser doc in it, but operation them-self is read-only, as you see
		doc.field("Admin");
		doc.field("user", userDoc); //I do know that it's possible to set OIdentity instead of ODocument, but it's not the goal of this issue
		doc.save();
		db.commit();
	}

Expected behavior

OrientDB should allow to save documents with just links to OUser (or other RO instances)

Actual behavior

OrientDB is failing to set this link in transacted DB. In non-transacted, everything is fine.

P.S. writer should have ReadOnly rights to OUser
@jcwright77
Copy link

jcwright77 commented Feb 5, 2018 via email

@PhantomYdn
Copy link
Contributor Author

@jcwright77 , your case is also weird.

  1. If you have read-only rights to classA and read-write to classB: you should be able to do everything with instance of classB.
  2. If you dont't have any rights for classA and read-only for classB: you should be able at least read instances of classB, but links to classA should remain unresolved if you do document.field("link")

@jcwright77
Copy link

jcwright77 commented Feb 6, 2018 via email

@PhantomYdn
Copy link
Contributor Author

Let me make clear for the supporters: that it's different. And in my case: I think that expected behaviour should be as I stated in my previous post.

@PhantomYdn
Copy link
Contributor Author

@tglman , what's your oppinion about the issue?

PhantomYdn added a commit to OrienteerBAP/wicket-orientdb that referenced this issue Feb 10, 2018
@PhantomYdn
Add testcase for OrientDB Issue orientechnologies/orientdb#8067
a58713c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tglman tglman

Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@andrii0lomakin @tglman @PhantomYdn @jcwright77