public void testParentRole() {
database.open("admin", "admin");
final OSecurity security = database.getMetadata().getSecurity();
ORole writer = security.getRole("writer");
ORole writerChild =
security.createRole("writerChild", writer, OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
writerChild.save();
ORole writerGrandChild =
security.createRole(
"writerGrandChild", writerChild, OSecurityRole.ALLOW_MODES.ALLOW_ALL_BUT);
writerGrandChild.save();
OUser child = security.createUser("writerChild", "writerChild", writerGrandChild);
child.save();
Assert.assertTrue(child.hasRole("writer", true));
Assert.assertFalse(child.hasRole("wrter", true));
database.close();
if (!(database.getStorage() instanceof OStorageProxy)) {
database.open("writerChild", "writerChild");
OSecurityUser user = database.getUser();
Assert.assertTrue(user.hasRole("writer", true));
Assert.assertFalse(user.hasRole("wrter", true));
database.close();
}
}
public void createRole(String roleName) {
OSecurity security = graph.getRawGraph().getMetadata().getSecurity();
if (security.getRole(roleName) == null) {
ORole role = security.createRole(roleName, ALLOW_MODES.ALLOW_ALL_BUT);
// role.addRule(ORule.ResourceGeneric.DATABASE, null, ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.SCHEMA, null, ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.CLUSTER, OMetadataDefault.CLUSTER_INTERNAL_NAME,
// ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.CLUSTER, "orole", ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.CLUSTER, "ouser", ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.CLUSTER, null, ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.COMMAND, null, ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.RECORD_HOOK, null, ORole.PERMISSION_ALL);
// role.addRule(ORule.ResourceGeneric.FUNCTION, null, ORole.PERMISSION_ALL);
role.getDocument().field("type", "template");
role.save();
}
}