From 38459a109587e61705416f57ea123fd9aff41c1a Mon Sep 17 00:00:00 2001 From: Logan Allen Date: Fri, 18 Sep 2020 16:59:56 -0500 Subject: [PATCH] graph-threads: fixed graph threads and added more fine-grained permissions to graph-push-hook --- pkg/arvo/app/graph-push-hook.hoon | 22 ++++++++++++---------- pkg/arvo/ted/graph/delete.hoon | 12 ++++++------ pkg/arvo/ted/graph/leave.hoon | 4 ++-- 3 files changed, 20 insertions(+), 18 deletions(-) diff --git a/pkg/arvo/app/graph-push-hook.hoon b/pkg/arvo/app/graph-push-hook.hoon index 5440133d2..5b4ea54b3 100644 --- a/pkg/arvo/app/graph-push-hook.hoon +++ b/pkg/arvo/app/graph-push-hook.hoon @@ -21,12 +21,14 @@ +$ agent (push-hook:push-hook config) :: ++ is-allowed - |= [=resource:res =bowl:gall] + |= [=resource:res =bowl:gall requires-admin=?] ^- ? =/ grp ~(. group bowl) =/ met ~(. metadata bowl) =/ group-paths (groups-from-resource:met [%graph (en-path:res resource)]) ?~ group-paths %.n + ?: requires-admin + (is-admin:grp src.bowl i.group-paths) ?| (is-member:grp src.bowl i.group-paths) (is-admin:grp src.bowl i.group-paths) == @@ -58,20 +60,20 @@ ^- ? =/ =update:store !<(update:store vase) ?- -.q.update - %add-graph (is-allowed resource.q.update bowl) - %remove-graph (is-allowed resource.q.update bowl) - %add-nodes (is-allowed resource.q.update bowl) - %remove-nodes (is-allowed resource.q.update bowl) - %add-signatures (is-allowed resource.uid.q.update bowl) - %remove-signatures (is-allowed resource.uid.q.update bowl) - %archive-graph (is-allowed resource.q.update bowl) + %add-graph (is-allowed resource.q.update bowl %.y) + %remove-graph (is-allowed resource.q.update bowl %.y) + %add-nodes (is-allowed resource.q.update bowl %.n) + %remove-nodes (is-allowed resource.q.update bowl %.y) + %add-signatures (is-allowed resource.uid.q.update bowl %.n) + %remove-signatures (is-allowed resource.uid.q.update bowl %.y) + %archive-graph (is-allowed resource.q.update bowl %.y) %unarchive-graph %.n %add-tag %.n %remove-tag %.n %keys %.n %tags %.n %tag-queries %.n - %run-updates (is-allowed resource.q.update bowl) + %run-updates (is-allowed resource.q.update bowl %.y) == :: ++ resource-for-update @@ -98,7 +100,7 @@ ++ initial-watch |= [=path =resource:res] ^- vase - ?> (is-allowed resource bowl) + ?> (is-allowed resource bowl %.n) !> ^- update:store ?~ path :: new subscribe diff --git a/pkg/arvo/ted/graph/delete.hoon b/pkg/arvo/ted/graph/delete.hoon index 70c791194..96e8524a7 100644 --- a/pkg/arvo/ted/graph/delete.hoon +++ b/pkg/arvo/ted/graph/delete.hoon @@ -12,7 +12,7 @@ ;< paxs=(unit (set path)) bind:m %+ scry:strandio ,(unit (set path)) ;: weld - /gx/metadata-store/resource/publish + /gx/metadata-store/resource/graph (en-path:resource rid) /noun == @@ -36,11 +36,11 @@ |= rid=resource =/ m (strand ,~) ^- form:m - ;< ~ bind:m - (poke-our %graph-push-hook %push-hook-action !>([%remove rid])) ;< =bowl:spider bind:m get-bowl:strandio ;< ~ bind:m - (poke-our %graph-store %graph-update !>([%0 now.bowl %archive-graph rid])) + (poke-our %graph-store %graph-update !>([%0 now.bowl %remove-graph rid])) + ;< ~ bind:m + (poke-our %graph-push-hook %push-hook-action !>([%remove rid])) (pure:m ~) -- :: @@ -63,8 +63,8 @@ (delete-graph rid.action) (pure:m !>(~)) ;< ~ bind:m - (poke-our %group-push-hook %push-hook-action !>([%remove rid.action])) + (poke-our %group-store %group-action !>([%remove-group rid.action ~])) ;< ~ bind:m - (poke-our %group-store %group-action !>([%remove-group rid.action])) + (poke-our %group-push-hook %push-hook-action !>([%remove rid.action])) ;< ~ bind:m (delete-graph rid.action) (pure:m !>(~)) diff --git a/pkg/arvo/ted/graph/leave.hoon b/pkg/arvo/ted/graph/leave.hoon index edc9af663..e85359d84 100644 --- a/pkg/arvo/ted/graph/leave.hoon +++ b/pkg/arvo/ted/graph/leave.hoon @@ -41,7 +41,7 @@ ;< ~ bind:m (poke-our %graph-pull-hook %pull-hook-action !>([%remove rid])) ;< ~ bind:m - (poke-our %graph-store %graph-update !>([%archive-graph rid])) + (poke-our %graph-store %graph-update !>([%remove-graph rid])) (pure:m ~) -- :: @@ -62,6 +62,6 @@ ;< ~ bind:m (poke-our %group-push-hook %pull-hook-action !>([%remove rid.action])) ;< ~ bind:m - (poke-our %group-store %group-action !>([%remove-group rid.action])) + (poke-our %group-store %group-action !>([%remove-group rid.action ~])) ;< ~ bind:m (delete-graph rid.action) (pure:m !>(~))