neo4j-contrib/neomodel

Add impersonation

mariusconjeaud opened this issue · 1 comments

The goal is to add impersonation, which allows a user to impersonate another user, thus running queries using that second user's permissions.

In the context of an API, it allows to go away from using a single API user for everyone.

Basically, neomodel creates a driver instance with the authentication config when it is initialized. Then, when creating sessions, the driver accepts a user to impersonate for that session.

Suggestion is to add a @db.impersonate(user="xxx") decorator.

It allows things like :

@db.impersonate(user="tempuser")
# All queries/transactions happening in that scope will be executed by tempuser
# instead of the user the driver was first created with
def func0():
    @db.transaction()
    def func1():
        ...
    @db.transaction()
    def func2():
        ...

Implemented in 5.1.1