Actually this happens because the *member* role is not visible to the user
(user cannot read *member* role due to ORestricted inheritance).
So the real question is: How to have a class that inherits both *V* and
*ORole* having *V* extending *ORestricted*.
On Tuesday, 27 January 2015 13:20:05 UTC+1, Red-0ne wrote:
>
> Hello,
> We are trying to have a *Member* class that extends *OUser*. This *Member
> *class should also extends *V*. Additionally, *V* have to extend
> *ORestricted*. A *member* ORole is needed to.
>
> For that we've done the following (using console.sh):
>
> DROP DATABASE remote:localhost/sometestdb root root
> CREATE DATABASE remote:localhost/sometestdb root root plocal;
>
> ALTER CLASS V SUPERCLASS ORestricted;
> ALTER CLASS OIdentity SUPERCLASS V;
>
> CREATE CLASS Member EXTENDS OUser;
>
> #We create *member* role as a vertex (ORole extends OIdentity which
> extends V)
> #This is the problematic query...
> CREATE VERTEX ORole SET name = 'member', mode = 0;
>
> #Have minimum resource permissions
> UPDATE ORole PUT rules = "database.class.Member", 14 WHERE name = 'member'
> ;
> UPDATE ORole PUT rules = "database.cluster.Member", 14 WHERE name =
> 'member';
>
> UPDATE ORole PUT rules = "database.class.OFunction", 2 WHERE name =
> 'member';
> UPDATE ORole PUT rules = "database.cluster.OFunction", 2 WHERE name =
> 'member';
>
> UPDATE ORole PUT rules = "database.class.OSchedule", 2 WHERE name =
> 'member';
> UPDATE ORole PUT rules = "database.cluster.OSchedule", 2 WHERE name =
> 'member';
>
> UPDATE ORole PUT rules = "database.cluster.OUser", 2 WHERE name = 'member'
> ;
> UPDATE ORole PUT rules = "database.cluster.ORole", 2 WHERE name = 'member'
> ;
>
> UPDATE ORole PUT rules = "database.cluster", 15 WHERE name = 'member';
> UPDATE ORole PUT rules = "database.cluster.internal", 2 WHERE name =
> 'member';
> UPDATE ORole PUT rules = "database.hook.record", 15 WHERE name = 'member';
>
> #Create member with a member role
> CREATE VERTEX Member SET name = 'test', password = 'test', status =
> 'ACTIVE', roles = (SELECT FROM ORole WHERE name = 'member');
>
> #Actually classes that extend OUser do not get their password hashed, so
> we hash it manually
> UPDATE Member SET password = format("{SHA-256}%s", password.hash('SHA-256'
> )) WHERE name = 'test';
>
> #Allow a member to manipulate himself
> UPDATE Member ADD _allow = $rid LET $rid = @rid WHERE name = 'test';
>
> #Reconnect using current member (test user)
> DISCONNECT;
> CONNECT remote:localhost/sometestdb test test;
>
> #Trying to update member
> UPDATE Member SET name = 'changed' WHERE name = 'test';
>
> Every thing is working fine until we try to update *Member*, so we get
> this error:
> Error: com.orientechnologies.orient.core.exception.
> OCommandExecutionException: Error on execution of command: sql.select from
> Member WHERE name = 'test'
>
> Error: com.orientechnologies.orient.core.exception.OValidationException:
> The field 'OUser.roles' has been declared as LINKSET but contains a null
> record (probably a deleted record?)
>
> But when creating the *member* ORole before extending OIdentity with V
> ...
> ALTER CLASS V SUPERCLASS ORestricted;
> #Create *member* role before extending OIdentity
> #We use INSERT instead of CREATE VERTEX as ORole is not a vertex yet
> INSERT INTO ORole SET name = 'member', mode = 0;
>
> ALTER CLASS OIdentity SUPERCLASS V;
> ...
>
> Everything is working fine.
>
> Are we doing thomething wrong?
> Is this some kind of bug?
> What is the best way to achieve our previously cited constraints?
>
> Thank you
>
--
---
You received this message because you are subscribed to the Google Groups
"OrientDB" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
