Skip to content

explicit permissions#2610

Open
shivamka1 wants to merge 4 commits into
db_v4from
explicit_rbac
Open

explicit permissions#2610
shivamka1 wants to merge 4 commits into
db_v4from
explicit_rbac

Conversation

@shivamka1
Copy link
Copy Markdown
Collaborator

@shivamka1 shivamka1 commented May 15, 2026

Summary

Simplifies the AuthorizationPolicy trait in preparation for an explicit permission model where every path must be granted individually with no implicit propagation.

Changes

  • NamespacePermission simplified — removes Denied, Discover, and Introspect variants down to Read and Write. namespace_permissions now returns Option<NamespacePermission> where None means the namespace is invisible, eliminating the Denied sentinel and making the contract consistent with graph_permissions
  • on_graph_created hook — new default no-op on AuthorizationPolicy, called after every graph-creation mutation. Used by implementations to auto-grant write access to the creator's role
  • enumerate_namespace_descendants — new method on Data returning all descendant (path, is_graph) pairs for a namespace path, needed by raphtory-auth to materialise recursive grants without direct access to pub(crate) types
  • PermissionError::IntrospectOnly — new error variant when a role has graph-level Introspect and calls graph(), pointing callers to graphMetadata instead

Test plan

  • cargo build -p raphtory-graphql
  • python -m pytest python/tests/test_permissions.py -x -q

github-actions[bot]
github-actions Bot reviewed May 15, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rust Benchmark'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: e1783c7 Previous: 9823ef7 Ratio
lotr_graph/num_edges 4 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph/num_nodes 4 ns/iter (± 0) 1 ns/iter (± 0) 4
lotr_graph/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph/iterate_exploded_edges 622147 ns/iter (± 40868) 285473 ns/iter (± 2920) 2.18
lotr_graph/graph_latest 3 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph_materialise/materialize 7912813 ns/iter (± 22824) 1564816 ns/iter (± 35303) 5.06
lotr_graph_window_100/num_nodes 14 ns/iter (± 0) 5 ns/iter (± 0) 2.80
lotr_graph_window_100/iterate_exploded_edges 927448 ns/iter (± 14412) 325242 ns/iter (± 847) 2.85
lotr_graph_window_100_materialise/materialize 8439995 ns/iter (± 35399) 1669150 ns/iter (± 10700) 5.06
lotr_graph_window_10/has_node_existing 155 ns/iter (± 10) 62 ns/iter (± 11) 2.50
lotr_graph_window_10/iterate nodes 35199 ns/iter (± 144) 11339 ns/iter (± 40) 3.10
lotr_graph_window_10/iterate edges 104278 ns/iter (± 702) 48684 ns/iter (± 211) 2.14
lotr_graph_window_10/iterate_exploded_edges 420948 ns/iter (± 15096) 155788 ns/iter (± 1001) 2.70
lotr_graph_window_10_materialise/materialize 3639187 ns/iter (± 7027) 971980 ns/iter (± 4278) 3.74
lotr_graph_subgraph_10pc/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_subgraph_10pc_materialise/materialize 1648281 ns/iter (± 20377) 334634 ns/iter (± 1287) 4.93
lotr_graph_subgraph_10pc_windowed/has_node_existing 159 ns/iter (± 9) 62 ns/iter (± 14) 2.56
lotr_graph_subgraph_10pc_windowed/iterate nodes 5494 ns/iter (± 95) 1365 ns/iter (± 3) 4.02
lotr_graph_subgraph_10pc_windowed_materialise/materialize 1023553 ns/iter (± 7039) 230399 ns/iter (± 2617) 4.44
lotr_graph_window_50_layered/num_edges 77690 ns/iter (± 1725) 38714 ns/iter (± 1017) 2.01
lotr_graph_window_50_layered/num_edges_temporal 163500 ns/iter (± 2723) 70121 ns/iter (± 7586) 2.33
lotr_graph_window_50_layered/has_node_existing 474 ns/iter (± 27) 129 ns/iter (± 12) 3.67
lotr_graph_window_50_layered/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_window_50_layered/iterate nodes 80669 ns/iter (± 973) 19308 ns/iter (± 47) 4.18
lotr_graph_window_50_layered/iterate edges 207943 ns/iter (± 399) 83616 ns/iter (± 1318) 2.49
lotr_graph_window_50_layered/graph_latest 81664 ns/iter (± 2144) 36649 ns/iter (± 916) 2.23
lotr_graph_window_50_layered_materialise/materialize 34086539 ns/iter (± 210297) 3488825 ns/iter (± 24948) 9.77
lotr_graph_persistent_window_50_layered/num_edges_temporal 683255 ns/iter (± 5214) 192686 ns/iter (± 1569) 3.55
lotr_graph_persistent_window_50_layered/has_node_existing 517 ns/iter (± 358) 174 ns/iter (± 83) 2.97
lotr_graph_persistent_window_50_layered/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_persistent_window_50_layered/iterate nodes 111488 ns/iter (± 234) 35886 ns/iter (± 191) 3.11
lotr_graph_persistent_window_50_layered/iterate edges 191078 ns/iter (± 519) 84161 ns/iter (± 596) 2.27
lotr_graph_persistent_window_50_layered/iterate_exploded_edges 4701222 ns/iter (± 9629) 1659940 ns/iter (± 19402) 2.83
lotr_graph_persistent_window_50_layered/graph_latest 119771 ns/iter (± 1720) 57549 ns/iter (± 4809) 2.08
lotr_graph_persistent_window_50_layered_materialise/materialize 60628689 ns/iter (± 85136) 5298035 ns/iter (± 147912) 11.44
lotr_graph/proto_encode 9592572 ns/iter (± 58647) 1157897 ns/iter (± 73709) 8.28

This comment was automatically generated by workflow using github-action-benchmark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shivamka1