0

Is there way to set a transient property on nodes returned by a cypher query such that it is only visible to the user running the query.

This would allow us offload some controller logic directly into Neo4j and reduce business logic queries.

Currently I have a list that is returned by 

List<Post> newsFeed (Long uid) {}

Post is a relationship between a User and News node.

I have two sub-classes of the Post object:

  1. BroadcastedPost
  2. MentionedPost

I have two cypher queries that return the posts that a user should see.

List broadcasts obtained from

MATCH (user:PlatformUser)-[:BROADCASTED]->post RETURN post;

List mentionedPost obtained from

MATCH (user:PlatformUser)-[:MENTIONED]->post RETURN post;

I then use Java instanceof to determine what kind of post this is. Depending on the type I am able to do some further application logic.

This however is inefficient because I should be able to combine both queries into one super query using the UNION operator

i.e List newsFeed is obtained directly by querying 

MATCH (user:PlatformUser)-[:BROADCASTED]->post RETURN post UNION MATCH (user:PlatformUser)-[:MENTIONED]->post RETURN post;

However, how can I tell what kind of post this. I was hoping I could use the SET operator transiently to know which kind of post this is but I believe this is used to persist a property.

F.O.O
  • 4,730
  • 4
  • 24
  • 34

1 Answers1

1

Neo4j 2.2 recently added authentication, which it had lacked in previous releases, but it's still only really one user; you set a login/password to secure access to the database, but adding additional users takes extra work and isn't something obvious to do out of the box.

Now what you're asking for has to do with securing per-user access to particular types of data. Since neo4j doesn't have much of a user management feature right now, what you're asking for can't be done inside of neo4j because in order to secure this data away from Joe or Bob, the DBMS would have to know that it's dealing with Joe or Bob.

What you're trying to do is usually enforced by the application layer by people writing neo4j applications right now. So it can be done, but it's done within your custom code and not by the database directly.

FrobberOfBits
  • 17,634
  • 4
  • 52
  • 86
  • My question is not about security at database level. I have updated the question to provide more clarity. – F.O.O May 04 '15 at 13:49
  • Your question has to do with enforcing visibility in the database. The answer is that neo4j can't do that. There's no way to create a property that's visible to one user but invisible to another without application-layer code doing the user management and visibility. So in this way, no you can't offload logic to neo4j away from your controller. – FrobberOfBits May 04 '15 at 13:51
  • Please check my updated question, you responded before my update – F.O.O May 04 '15 at 15:21