You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ranger.apache.org by ru jia <82...@163.com> on 2021/01/21 09:21:00 UTC

Review Request 73152: RANGER-3154: Admin user cann't get role info throught rest API

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73152/
-----------------------------------------------------------

Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.


Bugs: RANGER-3154
    https://issues.apache.org/jira/browse/RANGER-3154


Repository: ranger


Description
-------

Admin user always get msg :"Role with name: xxx does not exist" when query role through rest API


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 20db16da6 


Diff: https://reviews.apache.org/r/73152/diff/1/


Testing
-------

1. create new role kkk from ranger web, and it cantains two user: test and hdfs, user 'test' is role adimin. And kkk111 is a none-exist role.
2. use admin user 'rangeradmin' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk" -X GET -H "Content-Type:application/json", return role 'kkk' info.
3. use user 'test' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk" -X GET -H "Content-Type:application/json", return "User doesn't have permission to get details for kkk".
4. use user 'test' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk?execUser=test" -X GET -H "Content-Type:application/json", return role 'kkk' info.
5. use user 'hdfs' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk" -X GET -H "Content-Type:application/json", return "User doesn't have permission to get details for kkk".
6. use admin user 'rangeradmin' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk111" -X GET -H "Content-Type:application/json", return "Role with name: kkk111 does not exist".
7. use admin user 'rangeradmin' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk111?execUser=test" -X GET -H "Content-Type:application/json", return "User doesn't have permission to get details for kkk111".
8. use user 'test' execute: curl -s -k "https://x.x.x.x:6080/service/roles/roles/name/kkk111" -X GET -H "Content-Type:application/json", return "User doesn't have permission to get details for kkk111".


Thanks,

ru jia