Here is my sample graph
g.addV('user').property('userId','user1').as('u1').
addV('user').property('userId','user2').as('u2').
addV('user').property('userId','user3').as('u3').
addV('group').property('groupId','group1').as('g1').
addV('group').property('groupId','group2').as('g2').
addV('group').property('groupId','group3').as('g3').
addV('folder').property('folderId','folder1').property('inheritance',false).as('f1').
addV('folder').property('folderId','folder2').property('inheritance',true).as('f2').
addV('folder').property('folderId','folder3').property('inheritance',true).as('f3').
addV('file').property('fileId','file1').
addE('in_folder').to('f1').
addE('in_folder').from('f2').to('f1').
addE('in_folder').from('f3').to('f2').
addE('member_of').from('u1').to('g1').
addE('member_of').from('u2').to('g2').
addE('member_of').from('u3').to('g3').
addE('member_of').from('g3').to('g1').
addE('has_permission').from('g1').to('f1').
addE('has_permission').from('u2').to('f1').iterate()
How can i write a gremlin query to check permission for 'user1' have permission on f3 ?
Below query can fetch direct access to user or one of its group on the given folder where it doesn't check for parentfolder permissions through inheritance property.
g.V().has('user','userId','user1').emit()
.until(__.not(outE('member_of'))).repeat(out('member_of')).filter(outE('has_permission').has('permission','VS_F').inV().has('folder','folderId','folder1')).hasNext()
Instead of using filter, just continue the traversal:
g.V().has('user', 'userId', 'user1').emit().repeat(out('member_of'))
.out('has_permission').emit().repeat(__.in('in_folder').has('inheritance',true))
.has('folder', 'folderId', 'folder3')
.path().unfold().valueMap()
We first getting all the group membership recursively. Then getting all the resources the user and his groups has access to. Then traversing all the inherited resources recursively. Finally, filtering the required resource. The last line is only needed if you want to see the relations that permitted the access.