You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2023/06/16 17:44:31 UTC
[ranger] branch master updated: RANGER-4288: user with ROLE_ADMIN_AUDITOR not able to view zone policy
This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new b97073eba RANGER-4288: user with ROLE_ADMIN_AUDITOR not able to view zone policy
b97073eba is described below
commit b97073eba4951012313218efb9c4e92e9abf14c8
Author: Madhan Neethiraj <ma...@apache.org>
AuthorDate: Thu Jun 15 08:29:18 2023 -0700
RANGER-4288: user with ROLE_ADMIN_AUDITOR not able to view zone policy
---
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index be360a66e..7e071ba0e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -550,12 +550,15 @@ public class ServiceMgr {
if (rangerRoles != null) {
RangerRolesUtil rolesUtil = new RangerRolesUtil(rangerRoles);
+ Set<String> userRoles = rolesUtil.getUserRoleMapping().get(userId);
- ret = CollectionUtils.containsAny(roles, rolesUtil.getUserRoleMapping().get(userId));
+ ret = userRoles != null && CollectionUtils.containsAny(roles, userRoles);
if (!ret && userGroups != null) {
for (String userGroup : userGroups) {
- ret = CollectionUtils.containsAny(roles, rolesUtil.getGroupRoleMapping().get(userGroup));
+ Set<String> groupRoles = rolesUtil.getGroupRoleMapping().get(userGroup);
+
+ ret = groupRoles != null && CollectionUtils.containsAny(roles, groupRoles);
if (ret) {
break;