2
我正在尝试使用OrientDB的文档数据库(Java)API工作来使用Record Level Security。我喜欢将数据库中某些记录的访问限制为特定角色的想法;但是,我无法找到如何在文档中做到这一点。我是OrientDB的新手,所以我确信我只是错过了一些东西。OrientDB - 如何 - 使用ODocument记录级别安全性
这是我到目前为止。
// Create database.
ODatabaseDocumentTx db = new ODatabaseDocumentTx(path);
db.create();
// Create role with no permissions.
db.command(new OCommandSQL("INSERT INTO orole SET name = 'foobar', mode = 0;")).execute();
// Create a user with the new role.
OSecurity sm = db.getMetadata().getSecurity();
OUser user = sm.createUser("user", "user", "foobar");
ORole foobarRole = sm.getRole("foobar");
// Insert 2 records, one restricted, one is not.
OClass restricted = db.getMetadata().getSchema().getClass("ORestricted");
OClass docClass = db.getMetadata().getSchema().getOrCreateClass(TABLE_NAME, restricted);
ODocument doc1 = new ODocument(docClass);
ODocument doc2 = new ODocument(docClass);
// The restricted record...
doc1.field("name", TABLE_NAME);
doc1.field("Id", 1, OType.INTEGER);
doc1.field("Message", "Hello 1", OType.STRING);
doc1.save();
// The unrestricted record...
doc2.field("name", TABLE_NAME);
doc2.field("Id", 2, OType.INTEGER);
doc2.field("Message", "Hello 2", OType.STRING);
doc2.save();
// Allow "user" with "foobar" role to read record doc2.
String sql = String.format(
"UPDATE %s ADD _allowRead = %s",
doc2.getIdentity().toString(),
foobarRole.getDocument().getIdentity().toString());
db.command(new OCommandSQL(sql)).execute();
// Give foobar role permission to read from table.
db.command(new OCommandSQL(String.format("GRANT READ ON database.class.%s TO foobar", TABLE_NAME))).execute();
db.close();
// Open connection for "user".
ODatabaseDocumentTx userDb = new ODatabaseDocumentTx(path);
userDb.open("user", "user");
// Here I would expect to see the message from doc2 but not doc1.
// Nothing gets printed...
for (ODocument odoc : userDb.browseClass(TABLE_NAME))
{
System.out.println(odoc.field("Message"));
}
该文档指出,在读取期间跳过角色不可访问的记录。在我的情况下,用户不能读取任何内容。
任何想法,我怎样才能得到这种行为工作?