Last active
February 15, 2023 07:48
-
-
Save gregzuro/44e7b2a28b0a829397ca to your computer and use it in GitHub Desktop.
OrientDB: CakePHP ACL example from http://book.cakephp.org/2.0/en/core-libraries/components/access-control-lists.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* */ | |
create class User extends V | |
create property User.name string | |
insert into User set name='Gandalf' | |
insert into User set name='Aragorn' | |
insert into User set name='Bilbo' | |
insert into User set name='Frodo' | |
insert into User set name='Gollum' | |
insert into User set name='Legolas' | |
insert into User set name='Gimli' | |
insert into User set name='Pippin' | |
insert into User set name='Merry' | |
create class Resource extends V | |
create property Resource.name string | |
insert into Resource set name='Weapons' | |
insert into Resource set name='TheOneRing' | |
insert into Resource set name='SaltedPork' | |
insert into Resource set name='ElvenRations' | |
insert into Resource set name='Diplomary' | |
insert into Resource set name='Ale' | |
create class Group extends V | |
create property Group.name string | |
insert into Group set name='Fellowship' | |
insert into Group set name='Warriors' | |
insert into Group set name='Wizards' | |
insert into Group set name='Hobbits' | |
insert into Group set name='Visitors' | |
create class ChildOf extends E | |
create class Permission extends E | |
create property Permission.name string | |
create property Permission.priority short | |
/**/ | |
create edge ChildOf from (select from Group where name='Warriors') to (select from Group where name='Fellowship') | |
create edge ChildOf from (select from User where name='Aragorn') to (select from Group where name='Warriors') | |
create edge ChildOf from (select from User where name='Legolas') to (select from Group where name='Warriors') | |
create edge ChildOf from (select from User where name='Gimli') to (select from Group where name='Warriors') | |
create edge ChildOf from (select from Group where name='Wizards') to (select from Group where name='Fellowship') | |
create edge ChildOf from (select from User where name='Gandalf') to (select from Group where name='Wizards') | |
create edge ChildOf from (select from Group where name='Hobbits') to (select from Group where name='Fellowship') | |
create edge ChildOf from (select from User where name='Frodo') to (select from Group where name='Hobbits') | |
create edge ChildOf from (select from User where name='Bilbo') to (select from Group where name='Hobbits') | |
create edge ChildOf from (select from User where name='Merry') to (select from Group where name='Hobbits') | |
create edge ChildOf from (select from User where name='Pippin') to (select from Group where name='Hobbits') | |
create edge ChildOf from (select from Group where name='Visitors') to (select from Group where name='Fellowship') | |
create edge ChildOf from (select from User where name='Gollum') to (select from Group where name='Visitors') | |
create edge Permission from (select from Group where name='Warriors') to (select from Resource where name='Weapons') set name = 'Allow' | |
create edge Permission from (select from Group where name='Warriors') to (select from Resource where name='Ale') set name = 'Allow' | |
create edge Permission from (select from Group where name='Warriors') to (select from Resource where name='ElvenRations') set name = 'Allow' | |
create edge Permission from (select from Group where name='Warriors') to (select from Resource where name='SaltedPork') set name = 'Allow' | |
create edge Permission from (select from Group where name='Wizards') to (select from Resource where name='SaltedPork') set name = 'Allow' | |
create edge Permission from (select from Group where name='Wizards') to (select from Resource where name='Diplomacy') set name = 'Allow' | |
create edge Permission from (select from Group where name='Wizards') to (select from Resource where name='Ale') set name = 'Allow' | |
create edge Permission from (select from Group where name='Hobbits') to (select from Resource where name='Ale') set name = 'Allow' | |
create edge Permission from (select from Group where name='Visitors') to (select from Resource where name='SaltedPork') set name = 'Allow' | |
create edge Permission from (select from User where name='Merry') to (select from Resource where name='Ale') set name = 'Deny' | |
create edge Permission from (select from User where name='Frodo') to (select from Resource where name='TheOneRing') set name = 'Deny', priority = 0 | |
create edge Permission from (select from User where name='Frodo') to (select from Resource where name='TheOneRing') set name = 'Allow', priority = 1 | |
create edge Permission from (select from Group where name='Fellowship') to (select from Resource where name='TheOneRing') set name = 'Deny' | |
/* | |
=== resources for which Bilbo has :ALLOW | |
NB: This does not handle :DENY. | |
*/ | |
select name from (traverse out('Allow') from (traverse out('ChildOf') from (select from User where name='Bilbo'))) where @class='Resource' | |
/* | |
=== resources for which Legolas has :ALLOW | |
NB: This does not handle :DENY. | |
*/ | |
select name from (traverse out('Allow') from (traverse out('ChildOf') from (select from User where name='Legolas'))) where @class='Resource' | |
/* | |
=== does Legolas have :ALLOW for Weapons ? | |
NB: This does not handle :DENY. | |
Returns one record with element having value 1 for true and 0 for false. | |
*/ | |
select count(name) from (traverse out('Allow') from (traverse out('ChildOf') from (select from User where name='Legolas'))) where @class='Resource' and name = 'Weapons' | |
/* | |
=== does Bilbo have :ALLOW for Weapons ? | |
NB: This does not handle :DENY. | |
Returns one record with element having value 1 for true and 0 for false. | |
*/ | |
select count(name) from (traverse out('Allow') from (traverse out('ChildOf') from (select from User where name='Bilbo'))) where @class='Resource' and name = 'Weapons' | |
/* | |
=== does Merry have :ALLOW for Ale ? | |
*/ | |
select expand($c) let $a = ( select $depth, "Allow" as permission, name from (traverse out('ChildOf','Allow') from (select from User where name='Merry') ) where @class='Resource'), $b = ( select $depth, "Deny" as permission, name from (traverse out('ChildOf','Deny') from (select from User where name='Merry') ) where @class='Resource'), $c = unionall($a,$b) | |
select "Deny" as permission, name, $depth from (traverse out('ChildOf','Deny') from (select from User where name='Merry') ) where @class='Resource' | |
select "Allow" as permission, name, $depth from (traverse out('ChildOf','Allow') from (select from User where name='Merry') ) where @class='Resource' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment