@Description( "List all native users." ) @Procedure( name = "dbms.security.listUsers", mode = DBMS ) public Stream<UserResult> listUsers() { securityContext.assertCredentialsNotExpired(); Set<String> usernames = userManager.getAllUsernames(); if ( usernames.isEmpty() ) { return showCurrentUser(); } else { return usernames.stream().map( this::userResultForName ); } }
@Description( "List all procedures in the DBMS." ) @Procedure( name = "dbms.procedures", mode = DBMS ) public Stream<ProcedureResult> listProcedures() { securityContext.assertCredentialsNotExpired(); return graph.getDependencyResolver().resolveDependency( Procedures.class ).getAllProcedures().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( ProcedureResult::new ); }
@Description( "List all user functions in the DBMS." ) @Procedure( name = "dbms.functions", mode = DBMS ) public Stream<FunctionResult> listFunctions() { securityContext.assertCredentialsNotExpired(); return graph.getDependencyResolver().resolveDependency( Procedures.class ).getAllFunctions().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( FunctionResult::new ); }
@Description( "Delete the specified user." ) @Procedure( name = "dbms.security.deleteUser", mode = DBMS ) public void deleteUser( @Name( "username" ) String username ) throws InvalidArgumentsException, IOException { securityContext.assertCredentialsNotExpired(); if ( securityContext.subject().hasUsername( username ) ) { throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." ); } userManager.deleteUser( username ); }
@Description( "Create a new user." ) @Procedure( name = "dbms.security.createUser", mode = DBMS ) public void createUser( @Name( "username" ) String username, @Name( "password" ) String password, @Name( value = "requirePasswordChange", defaultValue = "true" ) boolean requirePasswordChange ) throws InvalidArgumentsException, IOException { // TODO: Deprecate this and create a new procedure that takes password as a byte[] securityContext.assertCredentialsNotExpired(); userManager.newUser( username, password != null ? UTF8.encode( password ) : null, requirePasswordChange ); }
securityContext.assertCredentialsNotExpired(); if ( !securityContext.isAdmin() )
private void checkSecurity() throws AuthorizationViolationException { securityContext.assertCredentialsNotExpired(); if ( !securityContext.isAdmin() ) { throw new AuthorizationViolationException( PERMISSION_DENIED ); } }
@Description( "List all user functions in the DBMS." ) @Procedure( name = "dbms.functions", mode = DBMS ) public Stream<FunctionResult> listFunctions() { securityContext.assertCredentialsNotExpired(); return graph.getDependencyResolver().resolveDependency( Procedures.class ).getAllFunctions().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( FunctionResult::new ); }
@Description( "List all native users." ) @Procedure( name = "dbms.security.listUsers", mode = DBMS ) public Stream<UserResult> listUsers() { securityContext.assertCredentialsNotExpired(); Set<String> usernames = userManager.getAllUsernames(); if ( usernames.isEmpty() ) { return showCurrentUser(); } else { return usernames.stream().map( this::userResultForName ); } }
@Description( "Attaches a map of data to the transaction. The data will be printed when listing queries, and " + "inserted into the query log." ) @Procedure( name = "dbms.setTXMetaData", mode = DBMS ) public void setTXMetaData( @Name( value = "data" ) Map<String,Object> data ) { securityContext.assertCredentialsNotExpired(); int totalCharSize = data.entrySet().stream() .mapToInt( e -> e.getKey().length() + e.getValue().toString().length() ) .sum(); if ( totalCharSize >= HARD_CHAR_LIMIT ) { throw new IllegalArgumentException( format( "Invalid transaction meta-data, expected the total number of chars for " + "keys and values to be less than %d, got %d", HARD_CHAR_LIMIT, totalCharSize ) ); } try ( Statement statement = getCurrentTx().acquireStatement() ) { statement.queryRegistration().setMetaData( data ); } }
@Description( "List all procedures in the DBMS." ) @Procedure( name = "dbms.procedures", mode = DBMS ) public Stream<ProcedureResult> listProcedures() { securityContext.assertCredentialsNotExpired(); Procedures procedures = graph.getDependencyResolver().resolveDependency( Procedures.class ); return procedures.getAllProcedures().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( ProcedureResult::new ); }
@Description( "List all procedures in the DBMS." ) @Procedure( name = "dbms.procedures", mode = DBMS ) public Stream<ProcedureResult> listProcedures() { securityContext.assertCredentialsNotExpired(); return graph.getDependencyResolver().resolveDependency( Procedures.class ).getAllProcedures().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( ProcedureResult::new ); }
@Description( "List all user functions in the DBMS." ) @Procedure( name = "dbms.functions", mode = DBMS ) public Stream<FunctionResult> listFunctions() { securityContext.assertCredentialsNotExpired(); return graph.getDependencyResolver().resolveDependency( Procedures.class ).getAllFunctions().stream() .sorted( Comparator.comparing( a -> a.name().toString() ) ) .map( FunctionResult::new ); }
@Description( "Provides attached transaction metadata." ) @Procedure( name = "dbms.getTXMetaData", mode = DBMS ) public Stream<MetadataResult> getTXMetaData() { securityContext.assertCredentialsNotExpired(); try ( Statement statement = getCurrentTx().acquireStatement() ) { return Stream.of( statement.queryRegistration().getMetaData() ).map( MetadataResult::new ); } }
@Description( "Updates a given setting value. Passing an empty value will result in removing the configured value " + "and falling back to the default value. Changes will not persist and will be lost if the server is restarted." ) @Procedure( name = "dbms.setConfigValue", mode = DBMS ) public void setConfigValue( @Name( "setting" ) String setting, @Name( "value" ) String value ) { securityContext.assertCredentialsNotExpired(); assertAdmin(); Config config = resolver.resolveDependency( Config.class ); config.updateDynamicSetting( setting, value, "dbms.setConfigValue" ); // throws if something goes wrong }
@Description( "List all queries currently executing at this instance that are visible to the user." ) @Procedure( name = "dbms.listQueries", mode = DBMS ) public Stream<QueryStatusResult> listQueries() throws InvalidArgumentsException { securityContext.assertCredentialsNotExpired(); EmbeddedProxySPI nodeManager = resolver.resolveDependency( EmbeddedProxySPI.class ); ZoneId zoneId = getConfiguredTimeZone(); try { return getKernelTransactions().activeTransactions().stream() .flatMap( KernelTransactionHandle::executingQueries ) .filter( query -> isAdminOrSelf( query.username() ) ) .map( catchThrown( InvalidArgumentsException.class, query -> new QueryStatusResult( query, nodeManager, zoneId ) ) ); } catch ( UncaughtCheckedException uncaught ) { throwIfPresent( uncaught.getCauseIfOfType( InvalidArgumentsException.class ) ); throw uncaught; } }
@Description( "Delete the specified user." ) @Procedure( name = "dbms.security.deleteUser", mode = DBMS ) public void deleteUser( @Name( "username" ) String username ) throws InvalidArgumentsException, IOException { securityContext.assertCredentialsNotExpired(); if ( securityContext.subject().hasUsername( username ) ) { throw new InvalidArgumentsException( "Deleting yourself (user '" + username + "') is not allowed." ); } userManager.deleteUser( username ); }
@Description( "Create a new user." ) @Procedure( name = "dbms.security.createUser", mode = DBMS ) public void createUser( @Name( "username" ) String username, @Name( "password" ) String password, @Name( value = "requirePasswordChange", defaultValue = "true" ) boolean requirePasswordChange ) throws InvalidArgumentsException, IOException { // TODO: Deprecate this and create a new procedure that takes password as a byte[] securityContext.assertCredentialsNotExpired(); userManager.newUser( username, password != null ? UTF8.encode( password ) : null, requirePasswordChange ); }
@Description( "List the active lock requests granted for the transaction executing the query with the given query id." ) @Procedure( name = "dbms.listActiveLocks", mode = DBMS ) public Stream<ActiveLocksResult> listActiveLocks( @Name( "queryId" ) String queryId ) throws InvalidArgumentsException { securityContext.assertCredentialsNotExpired(); try { long id = fromExternalString( queryId ).kernelQueryId(); return getActiveTransactions( tx -> executingQueriesWithId( id, tx ) ) .flatMap( this::getActiveLocksForQuery ); } catch ( UncaughtCheckedException uncaught ) { throwIfPresent( uncaught.getCauseIfOfType( InvalidArgumentsException.class ) ); throw uncaught; } }
@Description( "Kill all transactions executing the query with the given query id." ) @Procedure( name = "dbms.killQuery", mode = DBMS ) public Stream<QueryTerminationResult> killQuery( @Name( "id" ) String idText ) throws InvalidArgumentsException { securityContext.assertCredentialsNotExpired(); try { long queryId = fromExternalString( idText ).kernelQueryId(); Set<Pair<KernelTransactionHandle,ExecutingQuery>> querys = getActiveTransactions( tx -> executingQueriesWithId( queryId, tx ) ).collect( toSet() ); boolean killQueryVerbose = resolver.resolveDependency( Config.class ).get( GraphDatabaseSettings.kill_query_verbose ); if ( killQueryVerbose && querys.isEmpty() ) { return Stream.<QueryTerminationResult>builder().add( new QueryFailedTerminationResult( fromExternalString( idText ) ) ).build(); } return querys.stream().map( catchThrown( InvalidArgumentsException.class, this::killQueryTransaction ) ); } catch ( UncaughtCheckedException uncaught ) { throwIfPresent( uncaught.getCauseIfOfType( InvalidArgumentsException.class ) ); throw uncaught; } }