Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[qwJFy8pp] Add @Admin to trigger procedures #3357

Merged
merged 3 commits into from
Dec 12, 2022
Merged

[qwJFy8pp] Add @Admin to trigger procedures #3357

merged 3 commits into from
Dec 12, 2022

Conversation

vga91
Copy link
Collaborator

@vga91 vga91 commented Dec 7, 2022
edited
Loading

  • Added @Admin annotation to trigger procedures
  • Added testTriggersAllowedOnlyWithAdmin

Please note that this is a breaking change
that we've introduced in order to improve procedures security.

Better to use @Admin check instead of Util.checkAdmin, like here :

  • it will most likely be compatible with future versions
  • it doesn't require additional contexts:
  • we don't have to specify the procedure name, e.g. Util.checkAdmin(securityContext, callContext,"apoc.trigger.install");
    @Context
    public SecurityContext securityContext;
    @Context
    public ProcedureCallContext callContext;
  • similar error, but with more details
// with Admin annotation
Executing admin procedure 'apoc.trigger.remove' permission has not been granted for user 'name' with roles [PUBLIC, editor, publisher] restricted to TOKEN_WRITE.

// with Util.checkAdmin
Failed to invoke procedure `apoc.trigger.add`: Caused by: java.lang.RuntimeException: This procedure apoc.trigger.install is only available to admin users

@vga91 vga91 added 4.4 core-functionality Adding new procedure, function or signature to APOC core labels Dec 7, 2022
nadja-muller
nadja-muller reviewed Dec 8, 2022
View reviewed changes
Copy link
Contributor

@nadja-muller nadja-muller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I'm not sure whether we should also add a @Admin annotation to the list procedure.
Also, we should make sure that it is clear:

  • This is a breaking change
  • We do it for improving security.
    Could you write this in the description of the PR?

core/src/main/java/apoc/trigger/Trigger.java Show resolved Hide resolved
@vga91 vga91 merged commit b0d4f69 into neo4j-contrib:4.4 Dec 12, 2022
vga91 added a commit to neo4j/apoc that referenced this pull request Dec 21, 2022
@vga91
[qwJFy8pp] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
ef994f1 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Dec 22, 2022
@vga91
[qwJFy8pp] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
69f500e 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Dec 22, 2022
@vga91
[qwJFy8pp] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
26cb203 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Dec 22, 2022
@vga91
[qwJFy8pp] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
f1e0e98 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Jan 3, 2023
@vga91
[qwJFy8pp] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
4a6946f 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Jan 3, 2023
@vga91
[gRNAet7B] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
f1ea1cd 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Jan 5, 2023
@vga91
[gRNAet7B] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc…
c05b408 
…-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc
vga91 added a commit to neo4j/apoc that referenced this pull request Jan 9, 2023
@vga91 @ncordon @AzuObs
[gRNAet7B] Fixes trigger procedures in clusters for neo4j 5.x (#250)
c575792 
* [gRNAet7B] Fixes trigger procedures in clusters (#3183)

* [gRNAet7B] Leaves it working for add trigger

* [gRNAet7B] Fixes trigger procedures with split LifeCycle and System utils

* Deprecated old triggers and included warning - Added check to fail if they are executed against a system = FOLLOWER

* Added cluster tests

* removed unused import

* changed msg wording

* split deprecated and new triggers

* Fixed TriggerExtendedTest

* update apoc.systemdb.export.metadata

* remove lastUpdate, rename classes

* added eventual consistency

* commonize trigger new and deprec. cache

* ignored tests

* added eventually separated tests - restored util.validateQuery - small changes

* renamed Trigger classes

* var names - test changes and additions

* nitpick and lightened test

* test flaky cluster

Co-authored-by: Giuseppe Villani <[email protected]>

* [gRNAet7B] Trigger procedures neo4j 5.x changes

* [gRNAet7B] code clean - removed unused import

* [gRNAet7B] Try fix flaky TriggerClusterRoutingTest (neo4j-contrib/neo4j-apoc-procedures#3323)

* [gRNAet7B] fix some tests

* [gRNAet7B] fix TriggerClusterRoutingTest

* [gRNAet7B] fix TriggerRouting error message

* [gRNAet7B] Added trigger show procedure (neo4j-contrib/neo4j-apoc-procedures#3335)

* Fix flaky trigger dbms availability tests
* added apoc.trigger.show proc
* retry to fix flaky test by separating setLastUpdate()
* removed updated output - some code refactoring
* split pr - changes review
* removed inner transaction
* updated documentation
* reset wrong generated docs
* Added admin in trigger.show
* small adoc changes

* [gRNAet7B] Try de-flaky some tests with new procedure triggers (neo4j-contrib/neo4j-apoc-procedures#3355)

* Try de-flaky some tests with new procedure triggers
* moved TriggerTestUtil and increased trigger.refresh value
* added waitDbsAvailable util

* [gRNAet7B] removed unused import

* [gRNAet7B] fix cluster test

* [gRNAet7B] added documentation about new trigger procedures and deprecated ones (neo4j-contrib/neo4j-apoc-procedures#3325)

* [gRNAet7B] added trigger new procs documentation
* changes review - procedure description
* changed listener wording
* added system db note
* var. small changes

* [gRNAet7B] Fixes triggers (neo4j-contrib/neo4j-apoc-procedures#3369)

* [coZSswV2] Fix typo in triggers error message

* [coZSswV2] Assert new triggers can't add TransactionEventListeners to "system"

* [coZSswV2] Assert old triggers can't add TransactionEventListeners to "system"

* [gRNAet7B] removed unused import

* [gRNAet7B] moved TriggerInfo class, removed wrong extended file

* [gRNAet7B] Add @Admin to trigger procedures (neo4j-contrib/neo4j-apoc-procedures#3357)

* [qwJFy8pp] Add @Admin to trigger procedures
* added admin in trigger.list and docs note
* changed admin doc

* [gRNAet7B] moved classes - changed TriggerInfo - err. handling changes

* [gRNAet7B] Cleanup trigger docs (neo4j-contrib/neo4j-apoc-procedures#3378)

* [gRNAet7B] added TriggerEnterpriseFeaturesTest, removed log and session db check

* [gRNAet7B] changed descriptions consistently with to Trigger.java 5.x ones

Co-authored-by: Nacho Cordón <[email protected]>
Co-authored-by: Daniel Leaver <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nadja-muller nadja-muller nadja-muller approved these changes

Assignees

@nadja-muller nadja-muller

Labels
4.4 core-functionality Adding new procedure, function or signature to APOC core
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@vga91 @nadja-muller