Hi, a cypher question. How can you check if 2 (or more) different nodes in a graph have relationships to multiple other (shared) nodes in the graph.
Attached is a graph (the result of below cypher query) that i created based on the sample provided in the NIST / INCITS NGAC 499 / 525 (Next Generation Access Control) specification (graph.png). I also included the diagram of the complete sample graph.
BLUE --- : u1 is a :User node
GREEN --- a11, a21, l11, l12 are :Object nodes
YELLOW --- branch-constrants, position-constraints are :PolicyClass nodes
GREY --- all other nodes are attribute nodes
In the sample provided "u1" has a relationship with the 2 policy classes (branch and position constraints) and it has an ASSOCIATED_TO relation ship to both "products1" and "accounts" Attribute Nodes
Looking from the :Object side only "a11" has a relationship to both the 2 PolicyClasses and to the "products1" and "accounts" attribute nodes -- simular to what u1 has "u1"
All other Objects (a21, l12 and l11) do not have these 4 relation ships but only some of these (meaning u1 has no acces to these objects)
How can i further filter this out in cypher ? So i would like to further refine the result so that
only "u1" and "a11" (meaning user u1 has access to object a11) are part
of the end result set.
it seems straightforward but it looks like i am running on some constraints where some nodes are visited only once and no results are returned (for example going from "a11" you have to visit "accounts1" node multiple times)
This is the cypher code used to create the graph as speficied in attached diagram.
MATCH p1 = (u:User)-[:ASSIGNED_TO*]->(pc:PolicyClass)
WHERE
u.name = "u1"
WITH *
MATCH p2 = (u)-[:ASSIGNED_TO*]->(a:Attribute)-[:ASSOCIATED_TO]->(a1:Attribute)
WITH *
MATCH p3 = (o:Object)-[:ASSIGNED_TO*]->(pc:PolicyClass)
WITH *
MATCH p4 = (o)-[:ASSIGNED_TO*]->(a1:Attribute)
WITH *
RETURN p1,p2,p3,p4
Any help is welcome !
Thanks regards Koen