You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by al...@apache.org on 2016/03/03 01:07:07 UTC
[43/50] [abbrv] incubator-ranger git commit: RANGER-653 : Delegated
Admin check has been moved to Mgr level
RANGER-653 : Delegated Admin check has been moved to Mgr level
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/97078c72
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/97078c72
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/97078c72
Branch: refs/heads/HDP-2.3.2-groupid
Commit: 97078c722961cb302ea44a5564686262c65a832b
Parents: aaf6c4b
Author: Gautam Borad <gb...@gmail.com>
Authored: Fri Sep 18 11:54:26 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Sep 18 15:33:45 2015 -0400
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/XUserMgr.java | 106 +++++++++++++++++++
.../apache/ranger/service/XAuditMapService.java | 43 +-------
.../apache/ranger/service/XPermMapService.java | 47 +-------
3 files changed, 108 insertions(+), 88 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 2413afb..41bc6f8 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -42,6 +42,7 @@ import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXModuleDef;
import org.apache.ranger.view.VXUserPermission;
import org.apache.log4j.Logger;
+import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RangerConstants;
@@ -53,10 +54,12 @@ import org.apache.ranger.entity.XXAuditMap;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPermMap;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXResource;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XUserService;
+import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupGroup;
@@ -64,6 +67,7 @@ import org.apache.ranger.view.VXGroupList;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXUser;
@@ -1036,4 +1040,106 @@ public class XUserMgr extends XUserMgrBase {
}
}
+ public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) {
+ VXPermMapList vXPermMapList = super.searchXPermMaps(searchCriteria);
+ return applyDelegatedAdminAccess(vXPermMapList, searchCriteria);
+ }
+
+ private VXPermMapList applyDelegatedAdminAccess(VXPermMapList vXPermMapList, SearchCriteria searchCriteria) {
+
+ VXPermMapList returnList;
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ // If user is system admin
+ if (currentUserSession != null && currentUserSession.isUserAdmin()) {
+ returnList = super.searchXPermMaps(searchCriteria);
+ } else {
+ returnList = new VXPermMapList();
+ int startIndex = searchCriteria.getStartIndex();
+ int pageSize = searchCriteria.getMaxRows();
+ searchCriteria.setStartIndex(0);
+ searchCriteria.setMaxRows(Integer.MAX_VALUE);
+ List<VXPermMap> resultList = xPermMapService.searchXPermMaps(searchCriteria).getVXPermMaps();
+
+ List<VXPermMap> adminPermResourceList = new ArrayList<VXPermMap>();
+ for (VXPermMap xXPermMap : resultList) {
+ XXResource xRes = daoManager.getXXResource().getById(xXPermMap.getResourceId());
+ VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes),
+ AppConstants.XA_PERM_TYPE_ADMIN);
+ if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
+ adminPermResourceList.add(xXPermMap);
+ }
+ }
+
+ if (adminPermResourceList.size() > 0) {
+ populatePageList(adminPermResourceList, startIndex, pageSize, returnList);
+ }
+ }
+ return returnList;
+ }
+
+ private void populatePageList(List<VXPermMap> permMapList, int startIndex, int pageSize, VXPermMapList vxPermMapList) {
+ List<VXPermMap> onePageList = new ArrayList<VXPermMap>();
+ for (int i = startIndex; i < pageSize + startIndex && i < permMapList.size(); i++) {
+ VXPermMap vXPermMap = permMapList.get(i);
+ onePageList.add(vXPermMap);
+ }
+ vxPermMapList.setVXPermMaps(onePageList);
+ vxPermMapList.setStartIndex(startIndex);
+ vxPermMapList.setPageSize(pageSize);
+ vxPermMapList.setResultSize(onePageList.size());
+ vxPermMapList.setTotalCount(permMapList.size());
+ }
+
+ public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
+ VXAuditMapList vXAuditMapList = xAuditMapService.searchXAuditMaps(searchCriteria);
+ return applyDelegatedAdminAccess(vXAuditMapList, searchCriteria);
+ }
+
+ private VXAuditMapList applyDelegatedAdminAccess(VXAuditMapList vXAuditMapList, SearchCriteria searchCriteria) {
+
+ VXAuditMapList returnList;
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ // If user is system admin
+ if (currentUserSession != null && currentUserSession.isUserAdmin()) {
+ returnList = super.searchXAuditMaps(searchCriteria);
+ } else {
+ returnList = new VXAuditMapList();
+ int startIndex = searchCriteria.getStartIndex();
+ int pageSize = searchCriteria.getMaxRows();
+ searchCriteria.setStartIndex(0);
+ searchCriteria.setMaxRows(Integer.MAX_VALUE);
+ List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps();
+
+ List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>();
+ for (VXAuditMap xXAuditMap : resultList) {
+ XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
+ VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes),
+ AppConstants.XA_PERM_TYPE_ADMIN);
+ if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
+ adminAuditResourceList.add(xXAuditMap);
+ }
+ }
+
+ if (adminAuditResourceList.size() > 0) {
+ populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
+ }
+ }
+
+ return returnList;
+ }
+
+ private void populatePageList(List<VXAuditMap> auditMapList, int startIndex, int pageSize,
+ VXAuditMapList vxAuditMapList) {
+ List<VXAuditMap> onePageList = new ArrayList<VXAuditMap>();
+ for (int i = startIndex; i < pageSize + startIndex && i < auditMapList.size(); i++) {
+ VXAuditMap vXAuditMap = auditMapList.get(i);
+ onePageList.add(vXAuditMap);
+ }
+ vxAuditMapList.setVXAuditMaps(onePageList);
+ vxAuditMapList.setStartIndex(startIndex);
+ vxAuditMapList.setPageSize(pageSize);
+ vxAuditMapList.setResultSize(onePageList.size());
+ vxAuditMapList.setTotalCount(auditMapList.size());
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
index 349ddbd..462b81a 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java
@@ -202,48 +202,7 @@ public class XAuditMapService extends
@Override
public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
-
- VXAuditMapList returnList;
- UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
- // If user is system admin
- if (currentUserSession.isUserAdmin()) {
- returnList = super.searchXAuditMaps(searchCriteria);
- } else {
- returnList = new VXAuditMapList();
- int startIndex = searchCriteria.getStartIndex();
- int pageSize = searchCriteria.getMaxRows();
- searchCriteria.setStartIndex(0);
- searchCriteria.setMaxRows(Integer.MAX_VALUE);
- List<XXAuditMap> resultList = (List<XXAuditMap>) searchResources(searchCriteria, searchFields, sortFields, returnList);
-
- List<XXAuditMap> adminAuditResourceList = new ArrayList<XXAuditMap>();
- for (XXAuditMap xXAuditMap : resultList) {
- XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
- VXResponse vXResponse = rangerBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
- if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
- adminAuditResourceList.add(xXAuditMap);
- }
- }
-
- if (adminAuditResourceList.size() > 0) {
- populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
- }
- }
-
- return returnList;
- }
-
- private void populatePageList(List<XXAuditMap> auditMapList, int startIndex, int pageSize, VXAuditMapList vxAuditMapList) {
- List<VXAuditMap> onePageList = new ArrayList<VXAuditMap>();
- for (int i = startIndex; i < pageSize + startIndex && i < auditMapList.size(); i++) {
- VXAuditMap vXAuditMap = populateViewBean(auditMapList.get(i));
- onePageList.add(vXAuditMap);
- }
- vxAuditMapList.setVXAuditMaps(onePageList);
- vxAuditMapList.setStartIndex(startIndex);
- vxAuditMapList.setPageSize(pageSize);
- vxAuditMapList.setResultSize(onePageList.size());
- vxAuditMapList.setTotalCount(auditMapList.size());
+ return super.searchXAuditMaps(searchCriteria);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
index 6d96107..c20373d 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java
@@ -26,23 +26,19 @@ import java.util.List;
import org.apache.ranger.biz.RangerBizUtil;
import org.apache.ranger.common.AppConstants;
-import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchField;
-import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.common.view.VTrxLogAttr;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPermMap;
import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXResource;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.util.RangerEnumUtil;
import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
-import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
@@ -123,48 +119,7 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> {
@Override
public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) {
-
-
- VXPermMapList returnList;
- UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
- // If user is system admin
- if (currentUserSession.isUserAdmin()) {
- returnList = super.searchXPermMaps(searchCriteria);
- } else {
- returnList = new VXPermMapList();
- int startIndex = searchCriteria.getStartIndex();
- int pageSize = searchCriteria.getMaxRows();
- searchCriteria.setStartIndex(0);
- searchCriteria.setMaxRows(Integer.MAX_VALUE);
- List<XXPermMap> resultList = (List<XXPermMap>) searchResources(searchCriteria, searchFields, sortFields, returnList);
-
- List<XXPermMap> adminPermResourceList = new ArrayList<XXPermMap>();
- for (XXPermMap xXPermMap : resultList) {
- XXResource xRes = daoManager.getXXResource().getById(xXPermMap.getResourceId());
- VXResponse vXResponse = rangerBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
- if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
- adminPermResourceList.add(xXPermMap);
- }
- }
-
- if (adminPermResourceList.size() > 0) {
- populatePageList(adminPermResourceList, startIndex, pageSize, returnList);
- }
- }
- return returnList;
- }
-
- private void populatePageList(List<XXPermMap> permMapList, int startIndex, int pageSize, VXPermMapList vxPermMapList) {
- List<VXPermMap> onePageList = new ArrayList<VXPermMap>();
- for (int i = startIndex; i < pageSize + startIndex && i < permMapList.size(); i++) {
- VXPermMap vXPermMap = populateViewBean(permMapList.get(i));
- onePageList.add(vXPermMap);
- }
- vxPermMapList.setVXPermMaps(onePageList);
- vxPermMapList.setStartIndex(startIndex);
- vxPermMapList.setPageSize(pageSize);
- vxPermMapList.setResultSize(onePageList.size());
- vxPermMapList.setTotalCount(permMapList.size());
+ return super.searchXPermMaps(searchCriteria);
}
public String getGroupName(Long groupId){