Ratel does not set ACL permissions

Issues Ratel
, , ,
1

Moved from GitHub ratel/218

Posted by danielmai:

When I try to set predicate permissions for ACL groups in Ratel, they aren’t set as expected.

Steps to reproduce on Ratel ?latest:

Built at 2020-06-17T15:16:21.698Z
Commit: 2cdc64b
Commit Info: 2cdc64b Wed Jun 17 18:15:46 2020 +0300 (HEAD -> master)
  1. Run Dgraph cluster on v20.03.3 with ACLs enabled.
  2. Login as groot and run the following mutation to create a predicate name in the schema:
    {
  "set": [
    {"name": "Dgraph"}
  ]
}
  3. Go to ACL tab and create a read-only group “rogroup”
  4. Modify the group permission to give the Read permission to the name predicate
    ratel
  5. Create a “rouser” user and make them part of the rogroup.
  6. Login as that user and this query does not return data for the name predicate (it should):
{
  q(func: has(name)) {
    name
  }
}

Response:

{
  "data": {}
}

Additional notes

I see in the mutation requests that Ratel is not calling the GraphQL /admin API.

Getting group permissions after step 4 shows no rules via the /admin API:

query {
   getGroup(name: "rogroup") {
    name
    rules {
      predicate
      permission
    }
  }
}

{
  "data": {
    "getGroup": {
      "name": "rogroup",
      "rules": []
    }
  }
}

When I run in Dgraph master (v2.0.0-rc1-421-gdd6683a7f), it works as expected.

2

paulftw commented :

@danielmai tried exact same steps on a 20.03.3 cluster and it worked as expected - readonly predicate was returned in query.

Are new permissions still visible in Ratel after a page refresh?
Could it be Ratel isn’t whitelisted for admin rights?