You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by co...@apache.org on 2017/03/29 16:32:57 UTC
ranger git commit: Remove a lot of not used code - found because
Boolean.getBoolean must be wrong
Repository: ranger
Updated Branches:
refs/heads/master 25435ffa1 -> 5cab3e2be
Remove a lot of not used code - found because Boolean.getBoolean must be wrong
Change-Id: Ic648227d7b9ed72fa5c5cbe6d0415f300ca317cd
Signed-off-by: Colm O hEigeartaigh <co...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/5cab3e2b
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/5cab3e2b
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/5cab3e2b
Branch: refs/heads/master
Commit: 5cab3e2be54a2660148c31432ea0a86764020d67
Parents: 25435ff
Author: Zsombor Gegesy <gz...@gmail.com>
Authored: Sun Feb 12 20:24:12 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Mar 29 17:25:36 2017 +0100
----------------------------------------------------------------------
.../apache/ranger/service/XResourceService.java | 483 -------------------
1 file changed, 483 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/5cab3e2b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
index b7cbc59..fee7101 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
@@ -21,10 +21,8 @@
import java.lang.reflect.Field;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.HashMap;
import java.util.List;
-import java.util.Map.Entry;
import org.apache.commons.lang.ArrayUtils;
import org.apache.ranger.biz.RangerBizUtil;
@@ -32,7 +30,6 @@ import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
-import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.common.SearchField.DATA_TYPE;
@@ -44,12 +41,10 @@ import org.apache.ranger.common.view.VTrxLogAttr;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXAsset;
import org.apache.ranger.entity.XXAuditMap;
-import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPermMap;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXResource;
import org.apache.ranger.entity.XXTrxLog;
-import org.apache.ranger.entity.XXUser;
import org.apache.ranger.util.RangerEnumUtil;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXPermMap;
@@ -464,484 +459,6 @@ public class XResourceService extends
return vObj;
}
- /**
- * check resource parent path permission for user and group
- * @param vXResource
- */
- public void checkAccess(VXResource vXResource) {
-
- XXAsset xxAsset = rangerDaoManager.getXXAsset().getById(
- vXResource.getAssetId());
- if (xxAsset == null) {
- throw restErrorUtil
- .createRESTException("Asset not found",
- MessageEnums.DATA_NOT_FOUND, vXResource.getId(),
- null, null);
- }
- int assetType = xxAsset.getAssetType();
-
- if(assetType==AppConstants.ASSET_HDFS){
-
-// int resourceType = vXResource.getResourceType();
- int resourceType = xPolicyService.getResourceType(vXResource);
- List<Integer> resourceTypeList = xaBizUtil
- .getResorceTypeParentHirearchy(resourceType, assetType);
-
- List<String> pathList = new ArrayList<String>();
- String resourceNames = vXResource.getName();
- String[] resourceList = stringUtil.split(resourceNames, ",");
- List<String> resourceArrayList=new ArrayList<String>();
- if(resourceList!=null && resourceList.length>0)
- {
- Collections.addAll(resourceArrayList, resourceList);
- }
-
- for (String resourceName : resourceList) {
- String policyPath = resourceName;
- String[] policyPathParts = policyPath.split(fileSeparator);
-
- if(policyPathParts.length>1){
- pathList.add(fileSeparator);
- }
-
- StringBuilder path = new StringBuilder();
- for (int i = 1; i < policyPathParts.length - 1; i++) {
- path.append(fileSeparator + policyPathParts[i]);
- pathList.add(path.toString());
- }
- if(path!=null){
- if(resourceArrayList.contains(path.toString())){
- continue;
- }
- if(resourceArrayList.contains(path.toString()+"/")){
- continue;
- }
- }
-
- if (pathList != null && pathList.size() != 0) {
- List<VXPermMap> vxPermMaps = vXResource.getPermMapList();
- //update perm list and read and execute
- vxPermMaps=updatePermMaps(vxPermMaps);
- for (VXPermMap vxPermMap : vxPermMaps) {
- //check only read and execution permission
- if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER
- &&(vxPermMap.getPermType()==AppConstants.XA_PERM_TYPE_READ ||
- vxPermMap.getPermType()==AppConstants.XA_PERM_TYPE_EXECUTE)) {
- boolean access = checkUserAccess(vxPermMap, pathList,
- vXResource.getAssetId(),
- vXResource.getIsRecursive(), assetType,
- resourceTypeList);
-
- if (!access) {
- XXUser xxUser = rangerDaoManager.getXXUser().getById(
- vxPermMap.getUserId());
- throw restErrorUtil.createRESTException(
- xxUser.getName() + " may not have "
- + AppConstants.getLabelFor_XAPermType(
- vxPermMap.getPermType()).toLowerCase()
- + " permission on parent folder. Do you want to save this policy?"
- ,
- MessageEnums.OPER_NO_PERMISSION,
- null, "parentPermission", null);
-
- }
- }
- //check only read and execution permission
- if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP
- &&(vxPermMap.getPermType()==AppConstants.XA_PERM_TYPE_READ ||
- vxPermMap.getPermType()==AppConstants.XA_PERM_TYPE_EXECUTE)) {
- boolean access = checkGroupAccess(vxPermMap, pathList,
- vXResource.getAssetId(),
- vXResource.getIsRecursive(), assetType,
- resourceTypeList);
- if (!access) {
- XXGroup xxGroup = rangerDaoManager.getXXGroup()
- .getById(vxPermMap.getGroupId());
- throw restErrorUtil.createRESTException(xxGroup
- .getName() + " may not have " + AppConstants
- .getLabelFor_XAPermType(vxPermMap.getPermType()).toLowerCase()
- + " permission on parent folder. Do you want to save this policy?"
- ,
- MessageEnums.OPER_NO_PERMISSION, null,
- "parentPermission", null);
- }
- }
- }
- }
- }
- }
- }
-
- /**
- * check user permission
- *
- * @param vxPermMap
- * @param pathList
- * @return
- */
- public boolean checkUserAccess(VXPermMap vxPermMap, List<String> pathList,
- Long assetId, int isRecursive, int assetType,
- List<Integer> resourceTypeList) {
- boolean isAccess = false;
- boolean isRecursivlyAllowed;
- // all possible path and check access on all path
- for (int i = 0; i < pathList.size(); i++) {
- isAccess = false;
- isRecursivlyAllowed = false;
- HashMap<String, Object> accessMap = fetchUserAccessMap(
- vxPermMap.getUserId(), vxPermMap.getPermType(),
- pathList.get(i), assetType, assetId, isRecursive,
- resourceTypeList);
- //isAccess = Boolean.getBoolean(""+accessMap.get("isAccess"));
- //isRecursivlyAllowed = Boolean.getBoolean(""+accessMap.get("isRecursive"));
- isAccess=(Boolean)accessMap.get("isAccess");
- isRecursivlyAllowed=(Boolean)accessMap.get("isRecursive");
- // if user have recursively access then return true
- if (isAccess && isRecursivlyAllowed) {
- return true;
- }
- // access fail for root folder return false
- if (!isAccess) {
- break;
- }
-
- }
- return isAccess;
- }
-
- /**
- * check group permission on path
- *
- * @param vxPermMap
- * @param pathList
- * @return
- */
- public boolean checkGroupAccess(VXPermMap vxPermMap, List<String> pathList,
- Long assetId, int isRecursive, int assetType,
- List<Integer> resourceTypeList) {
- boolean isAccess = false;
- boolean isRecursivlyAllowed;
- for (int i = 0; i < pathList.size(); i++) {
- isAccess = false;
- isRecursivlyAllowed = false;
- HashMap<String, Object> accessMap = fetchGroupAccessMap(
- vxPermMap.getGroupId(), vxPermMap.getPermType(),
- pathList.get(i), assetType, assetId, isRecursive,
- resourceTypeList);
- isAccess = Boolean.getBoolean(""+accessMap.get("isAccess"));
- isRecursivlyAllowed = Boolean.getBoolean(""+accessMap.get("isRecursive"));
- if (isAccess && isRecursivlyAllowed) {
- return true;
- }
- if (!isAccess) {
- break;
- }
-
- }
- return isAccess;
- }
-
- public HashMap<String, Object> fetchUserAccessMap(Long userId,
- int permType, String path, int assetType, Long assetId,
- int isRecursive, List<Integer> resourceTypeList) {
- HashMap<String, Object> accessMap = new HashMap<String, Object>();
- boolean isAccess = false;
- List<XXGroup> xGroupList = rangerDaoManager.getXXGroup().findByUserId(
- userId);
- boolean isRecursivlyAllowed = false;
- List<XXResource> xXResourceList = null;
- if (assetType == AppConstants.ASSET_HDFS) {
- xXResourceList = rangerDaoManager.getXXResource().findByAssetId(
- assetId);
- //this code block is to add record of 'public' group in group_user mapping list.
- XXGroup xXGroupPublic = rangerDaoManager.getXXGroup().
- findByGroupName(RangerConstants.GROUP_PUBLIC);
- if (xXGroupPublic != null
- && xXGroupPublic.getName().trim()
- .equalsIgnoreCase(RangerConstants.GROUP_PUBLIC)) {
- if(xGroupList!=null){
- xGroupList.add(xXGroupPublic);
- }else{
- xGroupList=new ArrayList<XXGroup>();
- xGroupList.add(xXGroupPublic);
- }
- }
- } else {
- xXResourceList = rangerDaoManager.getXXResource()
- .findByAssetIdAndResourceTypes(assetId, resourceTypeList);
- }
- String expandedName = xaBizUtil.replaceMetaChars(path);
- if (xXResourceList != null) {
- // If resource name is comma separated, then we need to check each
- // of the resources
- for (XXResource xResource : xXResourceList) {
- String resource = xResource.getName();
-
- if (resource == null || resource.isEmpty()) {
- logger.debug("Resource name not found for resourceId : "
- + xResource.getId());
- throw restErrorUtil.createRESTException(
- "Resource name not found.",
- MessageEnums.DATA_NOT_FOUND);
- }
-
- String[] dbResourceNameList = resource.split(",");
- boolean matchFound = false;
- for (String dbResourceName : dbResourceNameList) {
- String[] requestResNameList = expandedName.split(",");
- for (String resourceName : requestResNameList) {
- if (xaBizUtil.comparePathsForExactMatch(resourceName,
- dbResourceName)) {
- matchFound = true;
- } else {
- // resource name has a file extension then don't
- // append "/*"
- // "/*" is required for directory matching
- if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) {
- matchFound = xaBizUtil
- .isRecursiveWildCardMatch(resourceName,
- dbResourceName);
- } else {
- matchFound = xaBizUtil
- .nonRecursiveWildCardMatch(
- resourceName, dbResourceName);
- }
- }
- if (matchFound) {
- break;
- }
- }
- if (matchFound) {
- break;
- }
- }
- if (matchFound) {
- // get the perms for this resource
- List<XXPermMap> permMapList = rangerDaoManager.getXXPermMap()
- .findByResourceId(xResource.getId());
- for (XXPermMap permMap : permMapList) {
- if (permMap.getPermType() == permType) {
- if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP
- && xaBizUtil.isGroupInList(
- permMap.getGroupId(), xGroupList)) {
- isAccess = true;
- isRecursivlyAllowed = xResource.getIsRecursive() == AppConstants.BOOL_TRUE ? true
- : false;
- } else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER
- && permMap.getUserId().equals(userId)) {
- isAccess = true;
- isRecursivlyAllowed = xResource.getIsRecursive() == AppConstants.BOOL_TRUE ? true
- : false;
- }
- }
- }
- }
- }
- }
- accessMap.put("isAccess", isAccess);
- accessMap.put("isRecursive", isRecursivlyAllowed);
- return accessMap;
- }
-
- public HashMap<String, Object> fetchGroupAccessMap(Long groupId,
- int permType, String path, int assetType, Long assetId,
- int isRecursive, List<Integer> resourceTypeList) {
-
- boolean isAccess = false;
- boolean isRecursivlyAllowed = false;
- HashMap<String, Object> accessMap = new HashMap<String, Object>();
- List<XXResource> xXResourceList = new ArrayList<XXResource>();
-
- if (assetType == AppConstants.ASSET_HDFS) {
- xXResourceList = rangerDaoManager.getXXResource().findByAssetId(
- assetId);
- } else {
- xXResourceList = rangerDaoManager.getXXResource()
- .findByAssetIdAndResourceTypes(assetId, resourceTypeList);
- }
-
- String expandedName = xaBizUtil.replaceMetaChars(path);
-
- for (XXResource xResource : xXResourceList) {
- String resource = xResource.getName();
-
- if (resource == null || resource.isEmpty()) {
- logger.debug("Resource name not found for resourceId : "
- + xResource.getId());
- throw restErrorUtil.createRESTException(
- "Resource name not found.",
- MessageEnums.DATA_NOT_FOUND);
- }
-
- String[] dbResourceNameList = resource.split(",");
- boolean matchFound = false;
-
- for (String dbResourceName : dbResourceNameList) {
-
- String[] requestResNameList = expandedName.split(",");
- for (String resourceName : requestResNameList) {
- if (xaBizUtil.comparePathsForExactMatch(resourceName,
- dbResourceName)) {
- matchFound = true;
- } else {
- // resource name has a file extension then don't
- // append "/*"
- // "/*" is required for directory matching
- if (xResource.getIsRecursive() == AppConstants.BOOL_TRUE) {
- matchFound = xaBizUtil
- .isRecursiveWildCardMatch(resourceName,
- dbResourceName);
- } else {
- matchFound = xaBizUtil
- .nonRecursiveWildCardMatch(
- resourceName, dbResourceName);
- }
- }
- if (matchFound) {
- break;
- }
- }
- if (matchFound) {
- break;
- }
- }
- if (matchFound) {
- // get the perms for this resource
- List<XXPermMap> permMapList = rangerDaoManager.getXXPermMap()
- .findByResourceId(xResource.getId());
- for (XXPermMap permMap : permMapList) {
- if (permMap.getPermType() == permType) {
- if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP
- && permMap.getGroupId().doubleValue() == groupId.doubleValue()) {
- isAccess = true;
- isRecursivlyAllowed = (xResource.getIsRecursive() == AppConstants.BOOL_TRUE);
- }
- }
- }
- }
- }
-
- accessMap.put("isAccess", isAccess);
- accessMap.put("isRecursive", isRecursivlyAllowed);
- return accessMap;
- }
-
- public List<VXPermMap> updatePermMaps(List<VXPermMap> vxPermMaps) {
- List<VXPermMap> updatedPermList = new ArrayList<VXPermMap>();
-
- List<Long> listOfUser = new ArrayList<Long>();
- List<Long> listOfGroup = new ArrayList<Long>();
-
- //[1] : Populate perm maps for user and groups
- for (VXPermMap vxPermMap : vxPermMaps) {
- if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
- if (!listOfUser.contains(vxPermMap.getUserId())) {
- listOfUser.add(vxPermMap.getUserId());
- }
- } else if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
- if (!listOfGroup.contains(vxPermMap.getGroupId())) {
- listOfGroup.add(vxPermMap.getGroupId());
- }
- }
- }
-
- HashMap<Long, HashMap<Integer, VXPermMap>> userPermMap =
- new HashMap<Long, HashMap<Integer, VXPermMap>>();
-
- for (Long userId : listOfUser) {
- HashMap<Integer, VXPermMap> userPerm = new HashMap<Integer, VXPermMap>();
- for (VXPermMap vxPermMap : vxPermMaps) {
- if (vxPermMap.getPermFor() == AppConstants.XA_PERM_FOR_USER
- && vxPermMap.getUserId() == userId) {
- userPerm.put(vxPermMap.getPermType(), vxPermMap);
- }
- }
- userPermMap.put(userId, userPerm);
- }
-
- //[2] :
- HashMap<Long, HashMap<Integer, VXPermMap>> groupPermMap =
- new HashMap<Long, HashMap<Integer, VXPermMap>>();
-
- for (Long groupId : listOfGroup) {
- HashMap<Integer, VXPermMap> groupPerm = new HashMap<Integer, VXPermMap>();
- for (VXPermMap vxPermMap : vxPermMaps) {
- Long permGroupId = vxPermMap.getGroupId();
- int permFor = vxPermMap.getPermFor();
- if (permFor == AppConstants.XA_PERM_FOR_GROUP
- && permGroupId.equals(groupId)) {
- groupPerm.put(vxPermMap.getPermType(), vxPermMap);
- }
- }
- groupPermMap.put(groupId, groupPerm);
- }
-
- for (Long userId : listOfUser) {
- HashMap<Integer, VXPermMap> map = userPermMap.get(userId);
- VXPermMap vxPermMap = null;
- if (!map.isEmpty()) {
- vxPermMap = map.values().iterator().next();
- }
-
- if (vxPermMap == null) {
- continue;
- }
-
- if (map.get(AppConstants.XA_PERM_TYPE_READ) == null) {
- vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ);
- map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap);
- }
-
- if (map.size() > 1 && map.get(AppConstants.XA_PERM_TYPE_EXECUTE) == null) {
- vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_EXECUTE);
- map.put(AppConstants.XA_PERM_TYPE_EXECUTE, vxPermMap);
- }
- userPermMap.put(userId, map);
- }
-
- for (Long groupId : listOfGroup) {
- HashMap<Integer, VXPermMap> map = groupPermMap.get(groupId);
- VXPermMap vxPermMap = null;
- if (!map.isEmpty()) {
- vxPermMap = map.values().iterator().next();
- }
-
- if (vxPermMap == null) {
- continue;
- }
-
- if (map.get(AppConstants.XA_PERM_TYPE_READ) == null) {
- vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_READ);
- map.put(AppConstants.XA_PERM_TYPE_READ, vxPermMap);
- }
-
- if (map.size() > 1 && map.get(AppConstants.XA_PERM_TYPE_EXECUTE) == null) {
- vxPermMap.setPermType(AppConstants.XA_PERM_TYPE_EXECUTE);
- map.put(AppConstants.XA_PERM_TYPE_EXECUTE, vxPermMap);
- }
- groupPermMap.put(groupId, map);
- }
-
- // [3] :
- for (Entry<Long, HashMap<Integer, VXPermMap>> entry : userPermMap
- .entrySet()) {
- for (Entry<Integer, VXPermMap> innerEntry : entry.getValue()
- .entrySet()) {
- updatedPermList.add(innerEntry.getValue());
- }
- }
-
- for (Entry<Long, HashMap<Integer, VXPermMap>> entry : groupPermMap
- .entrySet()) {
- for (Entry<Integer, VXPermMap> innerEntry : entry.getValue()
- .entrySet()) {
- updatedPermList.add(innerEntry.getValue());
- }
- }
-
- return updatedPermList;
- }
-
public List<XXTrxLog> getTransactionLog(VXResource vResource, String action){
return getTransactionLog(vResource, null, action);
}