DataManagement

Label: :IA_Function
Property: type: DataManagement
Inherits from: Function

Bundles actions related to managing data (nodes and relations).

Function parameters

Key Description Default value Possible values
action The action to perform. Note: can only be set on the Function node, NOT on incoming Triggers. string; see below. Should be a static string, without evaluation or templating.
params The parameters for the given action. See below for possible values. object; see below
allowCoreEntities If set to true, will allow the management of core entities (handling them as plain nodes/relations). false Boolean.

Actions

Each action requires specific parameters. Below are the possibilities.

action Description params
create Create a node. entity: Node to create
delete Delete a node. entity: Node to delete (only id, properties.uuid or properties.iaName are used).
import Import a set of nodes and relations. * nodes: Array of nodes,
relations: Array of relation
idProperty: (optional) The property by which to match existing entities. If an existing entity is found, it will be updated rather than created.
patch Patch a node. Changes the given properties only. entity: Node to patch
read Find a node. entity: Node to read (only id, properties.uuid or properties.iaName are used).
read-node Find a node entity (e.g. Function/User/etc). Checks the associated permissions for that Entity type; does not check additional REQUIREd permissions). Node to read (only id, properties.uuid or properties.iaName are used).
read-relation Find a relation entity (e.g. Trigger etc). Checks the associated permissions for that Entity type; does not check additional REQUIREd permissions). Relation to read (only id, properties.uuid or properties.iaName are used).
update Update a node. Updates all properties as provided. entity: Node to update

* The ids of nodes in the import action are only used as reference for relations. The final ids depend on the target database. To update existing nodes and relations, they should have a uniquely identifying propery. This property can then be specified as idProperty (by default uuid).

Outgoing triggers

Type: success

Occurrence: When the requested action was performed successfully.

Additional event properties (besides the inherited properties):

Key Description Possible values
response The response from the performed action. See below

For each action, the response can be different. Below are the possibilities:

action response
create Created node
delete (empty)
import nodes: (object) created nodes,
relations: (object) created relations *
read Requested node
read-entity Requested node or relation
update Updated node

* The nodes and relations in the response are both objects, where the keys are the original ids, and the values the corresponding entities in the database (note that the final ids may be different than the ids specified in the input).


Permissions (beta)

Besides the permissions inherited from Function, the following permissions can be required:

for: action:create

Determines: whether or not a node can be created.

Key Description Type
entity The node to be created. Node

for: action:delete

Determines: whether or not a node can be deleted.

Key Description Type
entity The node to be deleted. Node

for: action:import

Determines: whether or not a set of nodes and relations can be imported.

Key Description Type
nodes The nodes to be created. Array of nodes
relations The relations to be created. Array of relations
store The store to import to. string

for: action:read

Determines: whether or not a node can be read.

Key Description Type
entity The node to be read. Node

for: action:update

Determines: whether or not a node can be updated. This is checked for the state of the node both before and after update.

Key Description Type
entity The node to be updated. Node

Permission Examples

Example 1: Create "Document" nodes only with "document:write" permission.

This example will create any node provided as $params, as long as it contains the label Document, and the user is connected to the document:write permission node.

{
    "nodes": [{
        "id": "data-management",
        "labels": "IA_Function",
        "properties": {
            "type": "DataManagement",
            "action": "create"
        }
    }, {
        "id": "permission",
        "labels": "IA_Permission",
        "properties": {
            "name": "document:write",
            "expression": "includes($entity.labels, 'Document')"
        }
    }],
    "relations": [{
        "id": "require-permission",
        "type": "REQUIRE",
        "source": "data-management",
        "target": "permission",
        "properties": {
            "$entity": "(%).entity"
        }
    }]
}

Example 2: Edit only user's own documents

This example will update any node provided as $params, as long as it has a Document label, and is executed by a user that has a connection to the document:update permission AND an OWNS relation to the document in question.

{
    "nodes": [{
        "id": "data-management",
        "labels": ["IA_Function"],
        "properties": {
            "type": "DataManagement",
            "action": "update"
        }
    }, {
        "id": "permission",
        "labels": ["IA_Permission"],
        "properties": {
            "name": "document:update",
            "cypher": "MATCH (u:IA_User)-[r:OWNS]->(d:Document) WHERE id(u)=$user.id AND id(d)=$entity.id RETURN COUNT(r)>0 AS allow"
        }
    }],
    "relations": [{
        "id": "require-permission",
        "type": "REQUIRE",
        "source": "data-management",
        "target": "permission",
        "properties": {
            "$user": "(@).user",
            "$entity": "(%).entity"
        }
    }]
}