Search code examples
graphaclgremlinjanusgraphgremlin-server

Query ACL graph using gremlin with parent hierarchy check


my ACL graph

In Summary every user or group who have access to Folder1 will have access to File1

usecase #1 - checking access for user1 on Folder1, which works fine with below gremlin

g.V().has('user','userId','user1').
  emit().
    until(__.not(outE('member_of'))).
    repeat(out('member_of')).
  filter(outE('has_permission').has('permission','VS_F').
           inV().has('folder','folderId','Folder1')).hasNext()

usecase #2 - checking access for user1 on File1, how can modify above gremlin to achieve this ? im pretty much new to gremlin and doing a POC on janusgraph for my employer.


Solution

  • First things first: You should always start with a script that people can run to create your sample graph. Also, formatting the code in your question wouldn't hurt.

    With that said, here's the script that creates your graph:

    g = TinkerGraph.open().traversal()
    g.addV('user').property('userId','user1').as('u1').
      addV('user').property('userId','user2').as('u2').
      addV('user').property('userId','user3').as('u3').
      addV('group').property('groupId','group1').as('g1').
      addV('group').property('groupId','group2').as('g2').
      addV('group').property('groupId','group3').as('g3').
      addV('folder').property('folderId','folder1').as('f1').
      addV('file').property('fileId','file1').
      addE('in_folder').to('f1').
      addE('member_of').from('u1').to('g1').
      addE('member_of').from('u2').to('g2').
      addE('member_of').from('u3').to('g3').
      addE('member_of').from('g3').to('g1').
      addE('has_permission').from('g1').to('f1').
      addE('has_permission').from('u2').to('f1').iterate()
    

    ...and the query you're looking for:

    g.V().has('file','fileId','file1').
      until(inE('has_permission')).
        repeat(out('in_folder')).as('folder').
      V().has('user','userId','user1').
      emit().
        until(__.not(outE('member_of'))).
        repeat(out('member_of')).
      filter(out('has_permission').where(eq('folder'))).hasNext()