You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/12/08 00:51:34 UTC
[ranger] branch master updated: RANGER-3502: Make GET zone APIs accessible to authorized users only
This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new b61ed9f RANGER-3502: Make GET zone APIs accessible to authorized users only
b61ed9f is described below
commit b61ed9f7ac3c7a0c07056cba21d8c9440b05d28a
Author: Kishor Gollapalliwar <ki...@gmail.com>
AuthorDate: Mon Dec 6 17:49:53 2021 +0530
RANGER-3502: Make GET zone APIs accessible to authorized users only
Signed-off-by: pradeep <pr...@apache.org>
---
.../plugin/model/RangerSecurityZoneHeaderInfo.java | 55 +++++++++++++
.../plugin/model/RangerServiceHeaderInfo.java | 67 ++++++++++++++++
.../org/apache/ranger/biz/SecurityZoneDBStore.java | 14 ++++
.../org/apache/ranger/db/XXSecurityZoneDao.java | 15 ++++
.../ranger/db/XXSecurityZoneRefServiceDao.java | 21 +++++
.../ranger/db/XXSecurityZoneRefTagServiceDao.java | 21 +++++
.../java/org/apache/ranger/rest/PublicAPIsv2.java | 75 +++++++++++++++++-
.../org/apache/ranger/rest/SecurityZoneREST.java | 56 ++++++++-----
.../main/resources/META-INF/jpa_named_queries.xml | 20 ++++-
.../main/webapp/scripts/controllers/Controller.js | 5 +-
.../webapp/scripts/views/UploadServicePolicy.js | 83 ++++++++++---------
.../scripts/views/policymanager/ServiceLayout.js | 67 +++++++++-------
.../views/policymanager/ServiceLayoutSidebar.js | 92 +++++++++++-----------
.../webapp/scripts/views/reports/AuditLayout.js | 15 ++--
.../scripts/views/reports/UserAccessLayout.js | 9 ++-
.../org/apache/ranger/rest/TestPublicAPIsv2.java | 68 +++++++++++++++-
.../apache/ranger/rest/TestSecurityZoneREST.java | 28 ++++++-
17 files changed, 557 insertions(+), 154 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
new file mode 100644
index 0000000..e9d6b1b
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerSecurityZoneHeaderInfo extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+ private String name;
+
+ public RangerSecurityZoneHeaderInfo() {
+ super();
+ setId(-1L);
+ setName("");
+ }
+
+ public RangerSecurityZoneHeaderInfo(Long id, String name) {
+ super();
+ setId(id);
+ setName(name);
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+}
\ No newline at end of file
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
new file mode 100644
index 0000000..4343f6f
--- /dev/null
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java
@@ -0,0 +1,67 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.ranger.plugin.model;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+public class RangerServiceHeaderInfo extends RangerBaseModelObject implements java.io.Serializable {
+ private static final long serialVersionUID = 1L;
+
+ private String name;
+ private Boolean isTagService;
+
+ public RangerServiceHeaderInfo() {
+ super();
+ setId(-1L);
+ setName("");
+ setIsTagService(false);
+ }
+
+ public RangerServiceHeaderInfo(Long id, String name, boolean isTagService) {
+ super();
+ setId(id);
+ setName(name);
+ setIsTagService(isTagService);
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public Boolean getIsTagService() {
+ return isTagService;
+ }
+
+ public void setIsTagService(Boolean isTagService) {
+ this.isTagService = isTagService;
+ }
+}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
index 12ad7e6..0c2e42c 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
@@ -33,6 +33,8 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXSecurityZone;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
+import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
import org.apache.ranger.plugin.store.AbstractPredicateUtil;
import org.apache.ranger.plugin.store.SecurityZonePredicateUtil;
import org.apache.ranger.plugin.store.SecurityZoneStore;
@@ -216,4 +218,16 @@ public class SecurityZoneDBStore implements SecurityZoneStore {
return ret;
}
+
+ public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() {
+ return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos();
+ }
+
+ public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId) {
+ List<RangerServiceHeaderInfo> services = daoMgr.getXXSecurityZoneRefService().findServiceHeaderInfosByZoneId(zoneId);
+ List<RangerServiceHeaderInfo> tagServices = daoMgr.getXXSecurityZoneRefTagService().findServiceHeaderInfosByZoneId(zoneId);
+ services.addAll(tagServices);
+
+ return services;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
index 46ff16f..5f73b64 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java
@@ -20,8 +20,12 @@ package org.apache.ranger.db;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXSecurityZone;
+import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
import org.springframework.stereotype.Service;
import javax.persistence.NoResultException;
+
+import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -107,4 +111,15 @@ public class XXSecurityZoneDao extends BaseDao<XXSecurityZone> {
}
}
+ public List<RangerSecurityZoneHeaderInfo> findAllZoneHeaderInfos() {
+ @SuppressWarnings("unchecked")
+ List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfos").setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID).getResultList();
+
+ List<RangerSecurityZoneHeaderInfo> securityZoneList = new ArrayList<RangerSecurityZoneHeaderInfo>(results.size());
+ for (Object[] result : results) {
+ securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1]));
+ }
+
+ return securityZoneList;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
index f5c1a88..c6a8011 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java
@@ -19,6 +19,7 @@
package org.apache.ranger.db;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -26,6 +27,8 @@ import javax.persistence.NoResultException;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXSecurityZoneRefService;
+import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
public class XXSecurityZoneRefServiceDao extends BaseDao<XXSecurityZoneRefService>{
@@ -83,4 +86,22 @@ public class XXSecurityZoneRefServiceDao extends BaseDao<XXSecurityZoneRefServic
return Collections.emptyList();
}
}
+
+ public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) {
+ List<RangerServiceHeaderInfo> serviceHeaderInfos = null;
+
+ if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) {
+ @SuppressWarnings("unchecked")
+ List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList();
+
+ serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size());
+ for (Object[] result : results) {
+ serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], false));
+ }
+ } else {
+ serviceHeaderInfos = Collections.emptyList();
+ }
+
+ return serviceHeaderInfos;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java
index c30dba1..1eaf0de 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java
@@ -18,6 +18,7 @@
*/
package org.apache.ranger.db;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -25,6 +26,8 @@ import javax.persistence.NoResultException;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXSecurityZoneRefTagService;
+import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
public class XXSecurityZoneRefTagServiceDao extends BaseDao<XXSecurityZoneRefTagService>{
@@ -58,4 +61,22 @@ public class XXSecurityZoneRefTagServiceDao extends BaseDao<XXSecurityZoneRefTag
return Collections.emptyList();
}
}
+
+ public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) {
+ List<RangerServiceHeaderInfo> serviceHeaderInfos = null;
+
+ if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) {
+ @SuppressWarnings("unchecked")
+ List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList();
+ serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size());
+
+ for (Object[] result : results) {
+ serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], true));
+ }
+ } else {
+ serviceHeaderInfos = Collections.emptyList();
+ }
+
+ return serviceHeaderInfos;
+ }
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
index 204cadb..bb343c0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java
@@ -22,14 +22,17 @@ package org.apache.ranger.rest;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.ranger.admin.client.datatype.RESTResponse;
+import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.plugin.model.RangerPluginInfo;
import org.apache.ranger.plugin.model.RangerPolicy;
import org.apache.ranger.plugin.model.RangerRole;
import org.apache.ranger.plugin.model.RangerSecurityZone;
+import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
import org.apache.ranger.plugin.util.GrantRevokeRoleRequest;
import org.apache.ranger.plugin.util.SearchFilter;
import org.springframework.beans.factory.annotation.Autowired;
@@ -41,7 +44,17 @@ import org.springframework.transaction.annotation.Transactional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.*;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import java.util.ArrayList;
@@ -70,6 +83,9 @@ public class PublicAPIsv2 {
@Autowired
RESTErrorUtil restErrorUtil;
+ @Autowired
+ SecurityZoneDBStore securityZoneStore;
+
/*
* SecurityZone Creation API
*/
@@ -121,6 +137,63 @@ public class PublicAPIsv2 {
return securityZoneRest.getAllZones(request).getSecurityZones();
}
+ /**
+ * Get {@link List} of security zone header info.
+ * This API is authorized to every authenticated user.
+ * @return {@link List} of {@link RangerSecurityZoneHeaderInfo} if present.
+ */
+ @GET
+ @Path("/api/zone-headers")
+ public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() {
+ if (logger.isDebugEnabled()) {
+ logger.debug("==> PublicAPIsv2.getSecurityZoneHeaderInfoList()");
+ }
+
+ List<RangerSecurityZoneHeaderInfo> ret;
+ try {
+ ret = securityZoneStore.getSecurityZoneHeaderInfoList();
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ logger.error("PublicAPIsv2.getSecurityZoneHeaderInfoList() failed", excp);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== PublicAPIsv2.getSecurityZoneHeaderInfoList():" + ret);
+ }
+ return ret;
+ }
+
+ /**
+ * Get service header info {@link List} for given zone.
+ * This API is authorized to every authenticated user.
+ * @param zoneId
+ * @return {@link List} of {@link RangerServiceHeaderInfo} for given zone if present.
+ */
+ @GET
+ @Path("/api/zones/{zoneId}/service-headers")
+ public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(@PathParam("zoneId") Long zoneId) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("==> PublicAPIsv2.getServiceHeaderInfoListByZoneId({})" + zoneId);
+ }
+
+ List<RangerServiceHeaderInfo> ret;
+ try {
+ ret = securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId);
+ } catch (WebApplicationException excp) {
+ throw excp;
+ } catch (Throwable excp) {
+ logger.error("PublicAPIsv2.getServiceHeaderInfoListByZoneId() failed", excp);
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
+
+ if (logger.isDebugEnabled()) {
+ logger.debug("<== PublicAPIsv2.getServiceHeaderInfoListByZoneId():" + ret);
+ }
+ return ret;
+ }
+
/*
* ServiceDef Manipulation APIs
*/
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
index fcf8433..1a9f554 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
@@ -46,6 +46,7 @@ import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.biz.ServiceMgr;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.RangerValidatorFactory;
import org.apache.ranger.db.RangerDaoManager;
@@ -72,7 +73,8 @@ import com.google.common.collect.Sets;
@Scope("request")
@Transactional(propagation = Propagation.REQUIRES_NEW)
public class SecurityZoneREST {
- private static final Log LOG = LogFactory.getLog(SecurityZoneREST.class);
+ private static final Log LOG = LogFactory.getLog(SecurityZoneREST.class);
+ private static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s).";
@Autowired
RESTErrorUtil restErrorUtil;
@@ -224,6 +226,11 @@ public class SecurityZoneREST {
if (LOG.isDebugEnabled()) {
LOG.debug("==> getSecurityZone(name=" + zoneName + ")");
}
+
+ if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+ throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
+ }
+
RangerSecurityZone ret;
try {
ret = securityZoneStore.getSecurityZoneByName(zoneName);
@@ -234,6 +241,7 @@ public class SecurityZoneREST {
throw restErrorUtil.createRESTException(excp.getMessage());
}
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== getSecurityZone(name=" + zoneName + "):" + ret);
}
@@ -246,9 +254,15 @@ public class SecurityZoneREST {
if (LOG.isDebugEnabled()) {
LOG.debug("==> getSecurityZone(id=" + id + ")");
}
+
+ if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+ throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
+ }
+
if (id != null && id.equals(RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)) {
- throw restErrorUtil.createRESTException("Cannot delete unzoned zone");
+ throw restErrorUtil.createRESTException("Cannot access unzoned zone");
}
+
RangerSecurityZone ret;
try {
ret = securityZoneStore.getSecurityZone(id);
@@ -259,6 +273,7 @@ public class SecurityZoneREST {
throw restErrorUtil.createRESTException(excp.getMessage());
}
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== getSecurityZone(id=" + id + "):" + ret);
}
@@ -268,34 +283,39 @@ public class SecurityZoneREST {
@GET
@Path("/zones")
public RangerSecurityZoneList getAllZones(@Context HttpServletRequest request) {
- RangerSecurityZoneList ret = new RangerSecurityZoneList();
- if (LOG.isDebugEnabled()) {
+ if (LOG.isDebugEnabled()) {
LOG.debug("==> getAllZones()");
}
- SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields);
- List<RangerSecurityZone> securityZones;
- try {
- securityZones = securityZoneStore.getSecurityZones(filter);
- ret.setSecurityZoneList(securityZones);
- if (securityZones != null) {
- ret.setTotalCount(securityZones.size());
- ret.setSortBy(filter.getSortBy());
- ret.setSortType(filter.getSortType());
- ret.setResultSize(securityZones.size());
- }
- } catch(WebApplicationException excp) {
+
+ if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+ throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
+ }
+
+ RangerSecurityZoneList ret = new RangerSecurityZoneList();
+ SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields);
+ try {
+ List<RangerSecurityZone> securityZones = securityZoneStore.getSecurityZones(filter);
+ ret.setSecurityZoneList(securityZones);
+ if (securityZones != null) {
+ ret.setTotalCount(securityZones.size());
+ ret.setSortBy(filter.getSortBy());
+ ret.setSortType(filter.getSortType());
+ ret.setResultSize(securityZones.size());
+ }
+ } catch (WebApplicationException excp) {
throw excp;
- } catch(Throwable excp) {
+ } catch (Throwable excp) {
LOG.error("getSecurityZones() failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== getAllZones():" + ret);
}
return ret;
}
-
+
private void ensureAdminAccess(){
if(!bizUtil.isAdmin()){
String userName = bizUtil.getCurrentUserLoginId();
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 539d600..c19ec49 100755
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -1571,6 +1571,12 @@
</query>
</named-query>
+ <named-query name="XXSecurityZoneRefService.findServiceHeaderInfosByZoneId">
+ <query>
+ SELECT obj.serviceId, obj.serviceName FROM XXSecurityZoneRefService obj WHERE obj.zoneId = :zoneId
+ </query>
+ </named-query>
+
<named-query name="XXSecurityZoneRefTagService.findByZoneId">
<query>
select obj from XXSecurityZoneRefTagService obj where obj.zoneId = :zoneId
@@ -1583,6 +1589,12 @@
</query>
</named-query>
+ <named-query name="XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId">
+ <query>
+ SELECT obj.tagServiceId, obj.tagServiceName FROM XXSecurityZoneRefTagService obj WHERE obj.zoneId = :zoneId
+ </query>
+ </named-query>
+
<named-query name="XXSecurityZoneRefUser.findByZoneId">
<query>
select obj from XXSecurityZoneRefUser obj where obj.zoneId = :zoneId
@@ -1607,12 +1619,18 @@
</query>
</named-query>
- <named-query name="XXSecurityZone.findZoneNamesByGroupId">
+ <named-query name="XXSecurityZone.findZoneNamesByGroupId">
<query>
select distinct obj.name from XXSecurityZone obj, XXSecurityZoneRefGroup refObj where obj.id = refObj.zoneId and refObj.groupId = :groupId
</query>
</named-query>
+ <named-query name="XXSecurityZone.findAllZoneHeaderInfos">
+ <query>
+ SELECT obj.id, obj.name FROM XXSecurityZone obj WHERE obj.id != :unzoneId
+ </query>
+ </named-query>
+
<named-query name="XXGlobalState.findByStateId">
<query>
select obj from XXGlobalState obj where obj.id = :stateId
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 74f2af5..7bfce42 100755
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -304,12 +304,11 @@ define(function(require) {
var view = require('views/policymanager/ServiceLayout');
var RangerServiceDefList = require('collections/RangerServiceDefList');
var RangerServiceDef = require('models/RangerServiceDef');
- var RangerZoneList = require('collections/RangerZoneList');
+ var RangerZoneList = require('model_bases/RangerZoneBase');
var rangerZoneList = new RangerZoneList();
var collection = new RangerServiceDefList();
collection.queryParams.sortBy = 'serviceTypeId';
-
if (type == 'tag') {
var tagServiceDef = new RangerServiceDef();
tagServiceDef.url = XAUtil.getRangerServiceDef(XAEnums.ServiceType.SERVICE_TAG.label)
@@ -331,8 +330,8 @@ define(function(require) {
rangerZoneList.fetch({
cache: false,
async: false,
+ url: "service/public/v2/api/zone-headers",
})
- // if(App.rContent.currentView) App.rContent.currentView.close();
App.rContent.show(new view({
collection: collection,
type: type,
diff --git a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
index f7d3b73..6ef5637 100644
--- a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
+++ b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js
@@ -26,6 +26,7 @@ define(function(require){
var XAEnums = require('utils/XAEnums');
var XALinks = require('modules/XALinks');
var localization = require('utils/XALangSupport');
+ var RangerServiceList = require('models/RangerService');
var UploadservicepolicyTmpl = require('hbs!tmpl/common/uploadservicepolicy_tmpl');
var ServiceMappingItem = Backbone.Marionette.ItemView.extend({
@@ -218,27 +219,25 @@ define(function(require){
}else{
var selectedZoneServices = [], selectedZone;
if(!_.isUndefined( that.ui.zoneDestination.val()) && !_.isEmpty( that.ui.zoneDestination.val())){
- selectedZone = this.rangerZoneList.find(function(m) {
- return that.ui.zoneDestination.val() === m.get('name');
- });
- _.each(selectedZone.get('services'), function(value, key) {
- var model = that.services.find(function(m) {
- return m.get('name') == key
- })
- if (model) {
- selectedZoneServices.push(model);
- }
- })
- if(selectedZone.has('tagServices') && !_.isEmpty(selectedZone.get('tagServices'))){
- _.filter(selectedZone.get('tagServices'), function(tag){
- var zoneServiceModelTags = that.serviceNames.find(function(serviceModel){
- return serviceModel.get('name') === tag
- })
- if(zoneServiceModelTags){
- selectedZoneServices.push(zoneServiceModelTags);
- }
- })
- }
+ selectedZone = _.find(that.rangerZoneList.attributes, function (m){
+ return m.name == that.ui.zoneDestination.val();
+ })
+ var zoneServiceListModel = new RangerServiceList();
+ zoneServiceListModel.fetch({
+ cache : false,
+ async : false,
+ url : "service/public/v2/api/zones/"+selectedZone.id+"/service-headers",
+ });
+ if(!_.isEmpty(zoneServiceListModel.attributes)) {
+ _.filter(zoneServiceListModel.attributes, function(obj) {
+ var zoneServiceModel = that.services.find(function(m) {
+ return m.get('name') == obj.name;
+ });
+ if (zoneServiceModel) {
+ selectedZoneServices.push(zoneServiceModel);
+ }
+ })
+ }
}else{
selectedZoneServices = this.serviceNames;
}
@@ -366,8 +365,8 @@ define(function(require){
},
setServiceDestination : function(){
var that =this,
- zoneNameOption = _.map(this.rangerZoneList.models, function(m){
- return { 'id':m.get('name'), 'text':m.get('name')}
+ zoneNameOption = _.map(that.rangerZoneList.attributes, function(m){
+ return { 'id':m.name, 'text':m.name}
});
this.ui.zoneDestination.attr('disabled',false);
this.ui.zoneDestination.select2({
@@ -382,25 +381,25 @@ define(function(require){
var zoneServiceList = [];
that.ui.selectServicesMapping.show();
that.serviceNames = that.services.models;
- var selectedZone = that.rangerZoneList.find(function(m) {return e.val === m.get('name')});
- _.filter(selectedZone.get('services'), function(m, key){
- var zoneServiceModel = that.serviceNames.find(function(serviceModel){
- return serviceModel.get('name') === key
- })
- if(zoneServiceModel){
- zoneServiceList.push(zoneServiceModel);
- }
- });
- if(selectedZone.has('tagServices') && !_.isEmpty(selectedZone.get('tagServices'))){
- _.filter(selectedZone.get('tagServices'), function(tag){
- var zoneServiceModelTags = that.serviceNames.find(function(serviceModel){
- return serviceModel.get('name') === tag
- })
- if(zoneServiceModelTags){
- zoneServiceList.push(zoneServiceModelTags);
- }
- })
- }
+ var selectedZone = _.find( that.rangerZoneList.attributes, function (m){
+ return m.name == e.val
+ })
+ var zoneServiceListModel = new RangerServiceList();
+ zoneServiceListModel.fetch({
+ cache : false,
+ async : false,
+ url : "service/public/v2/api/zones/"+selectedZone.id+"/service-headers",
+ });
+ if(!_.isEmpty(zoneServiceListModel.attributes)) {
+ _.filter(zoneServiceListModel.attributes, function(obj) {
+ var zoneServiceModel = that.serviceNames.find(function(m) {
+ return m.get('name') == obj.name;
+ });
+ if (zoneServiceModel) {
+ zoneServiceList.push(zoneServiceModel);
+ }
+ })
+ }
that.serviceNames = zoneServiceList;
that.setServiceSourceData();
}else{
diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
index 11d4711..e3593e8 100644
--- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js
@@ -45,8 +45,8 @@ define(function(require){
templateHelpers: function(){
return {
operation : SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(),
- serviceDefs : this.componentCollectionModels(App.vZone.vZoneName),
- services : this.componentServicesModels(App.vZone.vZoneName),
+ serviceDefs : this.componentCollectionModels(App.vZone.vZoneName, App.vZone.vZoneId),
+ services : this.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId),
showImportExportBtn : (SessionMgr.isUser() || XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true,
isZoneAdministration : (SessionMgr.isSystemAdmin()|| SessionMgr.isUser() || SessionMgr.isAuditor()) ? true : false,
isServiceManager : (App.vZone && _.isEmpty(App.vZone.vZoneName)) ? true : false,
@@ -109,7 +109,8 @@ define(function(require){
this.initializeServices();
if (!App.vZone) {
App.vZone = {
- vZoneName: ""
+ vZoneName: "",
+ vZoneId: "",
}
}
if (!_.isUndefined(XAUtil.urlQueryParams())) {
@@ -118,6 +119,7 @@ define(function(require){
App.vZone.vZoneName = searchFregment['securityZone'];
}
}
+ this.zoneServiceList = new RangerService();
},
/** all events binding here */
@@ -133,7 +135,7 @@ define(function(require){
onRender: function() {
this.$('[data-id="r_tableSpinner"]').removeClass('loading').addClass('display-none');
this.initializePlugins();
- if (this.rangerZoneList.length > 0) {
+ if (!_.isUndefined(this.rangerZoneList.attributes) && !_.isEmpty(this.rangerZoneList.attributes)) {
this.ui.selectZoneName.removeAttr('disabled');
this.$el.find('.zoneEmptyMsg').removeAttr('title');
}
@@ -305,13 +307,12 @@ define(function(require){
},
selectZoneName : function(){
var that = this;
- var zoneName = _.map(this.rangerZoneList.models, function(m){
- return { 'id':m.get('name'), 'text':m.get('name'), 'zoneId' : m.get('id')}
+ var zoneName = _.map(this.rangerZoneList.attributes, function(m){
+ return { 'id': m.name, 'text':m.name, 'zoneId' : m.id }
});
if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)){
this.ui.selectZoneName.val(App.vZone.vZoneName);
}
- var servicesModel = _.clone(that.services);
this.ui.selectZoneName.select2({
theme: 'bootstrap4',
closeOnSelect: false,
@@ -324,7 +325,13 @@ define(function(require){
App.vZone.vZoneName = e.val;
if(e.added){
App.vZone.vZoneId = e.added.zoneId;
- XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName);
+ XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName);
+ that.zoneServiceList.fetch({
+ cache : false,
+ async : false,
+ url : "service/public/v2/api/zones/"+e.added.zoneId+"/service-headers",
+ })
+
} else {
App.vZone.vZoneId = null;
//for url change on UI
@@ -338,10 +345,10 @@ define(function(require){
});
},
- componentCollectionModels: function(zoneName) {
+ componentCollectionModels: function(zoneName, zoneID) {
var that = this;
if (!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && this.type !== XAEnums.ServiceType.SERVICE_TAG.label) {
- var serviceType = _.keys(that.componentServicesModels(zoneName));
+ var serviceType = _.keys(that.componentServicesModels(zoneName, zoneID));
return that.collection.filter(function(model) {
return serviceType.indexOf(model.get("name")) !== -1;
})
@@ -350,28 +357,28 @@ define(function(require){
}
},
- componentServicesModels: function(zoneName) {
+ componentServicesModels: function(zoneName, zoneID) {
var that = this;
- if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && that.rangerZoneList.length > 0){
- var selectedZone = that.rangerZoneList.find(function(m) {
- return zoneName === m.get('name');
- });
- }
- if (selectedZone && !_.isEmpty(selectedZone)) {
+ if (zoneName && !_.isEmpty(zoneName)) {
var selectedZoneServices = [], model;
- if(this.type !== XAEnums.ServiceType.SERVICE_TAG.label){
- _.each(selectedZone.get('services'), function(value, key) {
- model = that.services.find(function(m) {
- return m.get('name') == key
- });
- if (model) {
- selectedZoneServices.push(model);
- }
- });
- }else{
- _.each(selectedZone.get('tagServices'), function(value){
+ if (_.isEmpty(zoneID)) {
+ var zoneModal = _.find(that.rangerZoneList.attributes, function (m){
+ return m.name == zoneName;
+ })
+ zoneID = zoneModal.id;
+ App.vZone.vZoneId = zoneID;
+ }
+ if (_.isEmpty(this.zoneServiceList.attributes)) {
+ this.zoneServiceList.fetch({
+ cache : false,
+ async : false,
+ url : "service/public/v2/api/zones/"+zoneID+"/service-headers",
+ })
+ }
+ if(!_.isEmpty(this.zoneServiceList.attributes)) {
+ _.filter(this.zoneServiceList.attributes, function(obj) {
model = that.services.find(function(m) {
- return m.get('name') == value
+ return m.get('name') == obj.name;
});
if (model) {
selectedZoneServices.push(model);
@@ -382,7 +389,7 @@ define(function(require){
return m.get('type')
});
} else {
- return that.services.groupBy("type")
+ return that.services.groupBy("type");
}
},
diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js
index 67a577c..e6a47ab 100644
--- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js
+++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js
@@ -36,7 +36,7 @@ define(function(require){
var RangerServiceViewDetail = require('views/service/RangerServiceViewDetail');
var RangerServiceDefList = require('collections/RangerServiceDefList');
var RangerServiceDef = require('models/RangerServiceDef');
- var RangerZoneList = require('collections/RangerZoneList');
+ var RangerZoneList = require('model_bases/RangerZoneBase');
require('Backbone.BootstrapModal');
return Backbone.Marionette.Layout.extend(
@@ -49,8 +49,8 @@ define(function(require){
templateHelpers: function(){
return {
operation : SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(),
- serviceDefs : _.sortBy(this.componentCollectionModels(App.vZone.vZoneName), function(m) {return m.get('name')}),
- services : this.componentServicesModels(App.vZone.vZoneName),
+ serviceDefs : _.sortBy(this.componentCollectionModels(App.vZone.vZoneName, App.vZone.vZoneId), function(m) {return m.get('name')}),
+ services : this.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId),
showImportExportBtn : (SessionMgr.isUser() || XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true,
isZoneAdministration : (SessionMgr.isSystemAdmin()|| SessionMgr.isUser() || SessionMgr.isAuditor()) ? true : false,
isServiceManager : (App.vZone && _.isEmpty(App.vZone.vZoneName)) ? true : false,
@@ -150,7 +150,8 @@ define(function(require){
// this.initializeServices();
if (!App.vZone) {
App.vZone = {
- vZoneName: ""
+ vZoneName: "",
+ vZoneId: "",
}
}
if (!_.isUndefined(XAUtil.urlQueryParams())) {
@@ -160,6 +161,7 @@ define(function(require){
}
}
this.initialCall = true;
+ this.zoneServiceList = new RangerService();
},
/** all events binding here */
@@ -206,7 +208,7 @@ define(function(require){
onRender: function() {
var that = this;
this.$('[data-id="r_tableSpinner"]').removeClass('loading').addClass('display-none');
- if (this.rangerZoneList.length > 0) {
+ if (!_.isUndefined(this.rangerZoneList.attributes) && !_.isEmpty(this.rangerZoneList.attributes)) {
this.ui.selectZoneName.removeAttr('disabled');
this.$el.find('.zoneEmptyMsg').removeAttr('title');
}
@@ -219,7 +221,7 @@ define(function(require){
this.ui.resource.removeClass("btn-primary");
this.ui.tag.addClass("btn-primary");
}
- this.setupZoneList(this.rangerZoneList.models);
+ this.setupZoneList(this.rangerZoneList.attributes);
// if(this.selectedService) {
// this.ui.serviceActive.each(function() {
// if($(this).data('id') == that.selectedService) {
@@ -270,6 +272,7 @@ define(function(require){
this.rangerZoneList.fetch({
cache : false,
async : false,
+ url: "service/public/v2/api/zone-headers",
})
},
@@ -382,8 +385,8 @@ define(function(require){
selectZoneName : function(){
var that = this;
- var zoneName = _.map(this.rangerZoneList.models, function(m){
- return { 'id':m.get('name'), 'text':m.get('name'), 'zoneId' : m.get('id')}
+ var zoneName = _.map(this.rangerZoneList.attributes, function(m){
+ return { 'id':m.name, 'text':m.name, 'zoneId' : m.id}
});
if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)){
this.ui.selectZoneName.val(App.vZone.vZoneName);
@@ -400,6 +403,11 @@ define(function(require){
App.vZone.vZoneName = e.val;
if(e.added){
App.vZone.vZoneId = e.added.zoneId;
+ that.zoneServiceList.fetch({
+ cache : false,
+ async : false,
+ url : "service/public/v2/api/zones/"+e.added.zoneId+"/service-headers",
+ })
XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName);
} else {
App.vZone.vZoneId = null;
@@ -424,7 +432,7 @@ define(function(require){
selectComponet : function(){
var that = this, options;
if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)) {
- var serviceType = _.keys(that.componentServicesModels(App.vZone.vZoneName));
+ var serviceType = _.keys(that.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId));
options = serviceType.map(function(m){ return { 'id' : m, 'text' : m.toUpperCase()}})
} else {
options = this.collection.map(function(m){ return { 'id' : (m.get('name')), 'text' : (m.get('name')).toUpperCase()}});
@@ -448,10 +456,10 @@ define(function(require){
});
},
- componentCollectionModels: function(zoneName) {
+ componentCollectionModels: function(zoneName, zoneID) {
var that = this;
if (!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && this.type !== XAEnums.ServiceType.SERVICE_TAG.label) {
- var serviceType = _.keys(that.componentServicesModels(zoneName));
+ var serviceType = _.keys(that.componentServicesModels(zoneName, zoneID));
if(!_.isEmpty(that.selectedComponets)) {
serviceType = _.intersection(serviceType,that.selectedComponets);
}
@@ -469,30 +477,31 @@ define(function(require){
}
},
- componentServicesModels: function(zoneName) {
+ componentServicesModels: function(zoneName, zoneID) {
var that = this;
this.initializeServices();
this.zoneCollection();
- if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && that.rangerZoneList.length > 0){
- var selectedZone = that.rangerZoneList.find(function(m) {
- return zoneName === m.get('name');
- });
- }
- if (selectedZone && !_.isEmpty(selectedZone)) {
+ if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && !_.isEmpty(that.rangerZoneList.attributes)){
var selectedZoneServices = [], model;
- if(this.type !== XAEnums.ServiceType.SERVICE_TAG.label){
- _.each(selectedZone.get('services'), function(value, key) {
- model = that.services.find(function(m) {
- return m.get('name') == key
- });
- if (model) {
- selectedZoneServices.push(model);
- }
- });
- }else{
- _.each(selectedZone.get('tagServices'), function(value){
+ if (_.isEmpty(zoneID)) {
+ var zoneModal = _.find(that.rangerZoneList.attributes, function (m){
+ return m.name == zoneName;
+ })
+ zoneID = zoneModal.id;
+ App.vZone.vZoneId = zoneID;
+ }
+ if (_.isEmpty(this.zoneServiceList.attributes)) {
+ this.zoneServiceList.fetch({
+ cache : false,
+ async : false,
+ url : "/service/zones/service/list",
+ data : {"zoneId" : zoneID},
+ })
+ }
+ if(!_.isEmpty(this.zoneServiceList.attributes)) {
+ _.filter(this.zoneServiceList.attributes, function(obj) {
model = that.services.find(function(m) {
- return m.get('name') == value
+ return m.get('name') == obj.name;
});
if (model) {
selectedZoneServices.push(model);
@@ -518,13 +527,6 @@ define(function(require){
this.render();
},
- // serviceActive: function (e) {
- // this.ui.serviceActive.parent().removeClass('selectedList')
- // e.stopPropagation();
- // $(e.currentTarget).parent().addClass('selectedList');
- // this.selectedService = e.currentTarget.dataset.id
- // },
-
selectedList: function(target) {
console.log(target);
this.ui.viewManager.find('.selected').removeClass('selected')
@@ -538,29 +540,29 @@ define(function(require){
that.zoneSearchList = [];
if (!_.isEmpty(input)) {
- that.zoneSearchList = this.rangerZoneList.filter(
+ that.zoneSearchList = _.filter(this.rangerZoneList.attributes,
function(zone) {
- return (zone.get('name').toLowerCase().indexOf(input.toLowerCase()) > -1)
+ return (zone.name.toLowerCase().indexOf(input.toLowerCase()) > -1)
}
);
this.setupZoneList(that.zoneSearchList);
} else {
- this.setupZoneList(this.rangerZoneList.models);
+ this.setupZoneList(this.rangerZoneList.attributes);
}
},
setupZoneList: function(zoneArray) {
var that = this;
this.ui.zoneUlList.empty();
- if(zoneArray.length > 0) {
+ if(!_.isEmpty(zoneArray)) {
_.each(zoneArray,
function(zone) {
- if(that.rangerZoneList.models[0].get('name') == zone.get('name')) {
- that.ui.zoneUlList.append('<li class="trim-containt" title="'+_.escape(zone.get('name'))+
- '" data-action="zoneListing" data-id="' + _.escape(zone.get('name')) + '"><a href="#!/zones/zone/'+zone.get('id')+'">' + _.escape(zone.get('name')) + '</a></li>');
+ if(that.rangerZoneList.attributes[0].name == zone.name) {
+ that.ui.zoneUlList.append('<li class="trim-containt" title="'+_.escape(zone.name)+
+ '" data-action="zoneListing" data-id="' + _.escape(zone.name) + '"><a href="#!/zones/zone/'+zone.id+'">' + _.escape(zone.name) + '</a></li>');
} else {
that.ui.zoneUlList.append('<li class="trim-containt" data-action="zoneListing" title="'
- +_.escape(zone.get('name'))+'" data-id="' + _.escape(zone.get('name')) + '"><a href="#!/zones/zone/'+zone.get('id')+'">' + _.escape(zone.get('name')) + '</a></li>');
+ +_.escape(zone.name)+'" data-id="' + _.escape(zone.name) + '"><a href="#!/zones/zone/'+zone.id+'">' + _.escape(zone.name) + '</a></li>');
}
}
);
diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
index 2acf35f..972e785 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js
@@ -47,7 +47,7 @@ define(function(require) {
var RangerPolicyRO = require('views/policies/RangerPolicyRO');
var vPlugableServiceDiffDetail = require('views/reports/PlugableServiceDiffDetail');
var vLoginSessionDetail = require('views/reports/LoginSessionDetail');
- var RangerZoneList = require('collections/RangerZoneList');
+ var RangerZoneBase = require('model_bases/RangerZoneBase');
var AuditAccessLogDetail = require('views/reports/AuditAccessLogDetailView');
var moment = require('moment');
@@ -524,14 +524,17 @@ define(function(require) {
XAUtils.displayDatepicker(that.ui.visualSearch, facet, startDate, callback);
break;
case 'Zone Name' :
- var rangerZoneList = new RangerZoneList(), zoneList = [];
+ var rangerZoneList = new RangerZoneBase(), zoneList = [];
rangerZoneList.fetch({
cache : false,
- async : false
+ async : false,
+ url: "service/public/v2/api/zone-headers",
})
- rangerZoneList.each(function(m){
- zoneList.push({'label' : m.get('name'), 'value' : m.get('name')});
- });
+ if (rangerZoneList && rangerZoneList.attributes) {
+ _.map(rangerZoneList.attributes,function(m){
+ zoneList.push({'label' : m.name, 'value' : m.name});
+ });
+ }
callback(zoneList);
break;
}
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index e6ec81f..08ef88b 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -35,7 +35,7 @@ define(function(require) {'use strict';
var RangerPolicyList = require('collections/RangerPolicyList');
var UseraccesslayoutTmpl= require('hbs!tmpl/reports/UserAccessLayout_tmpl');
var SessionMgr = require('mgrs/SessionMgr');
- var RangerZoneList = require('collections/RangerZoneList');
+ var RangerZoneBase = require('model_bases/RangerZoneBase');
var UserAccessLayout = Backbone.Marionette.Layout.extend(
/** @lends UserAccessLayout */
{
@@ -143,10 +143,11 @@ define(function(require) {'use strict';
cache : false,
async:false
});
- this.rangerZoneList = new RangerZoneList();
+ this.rangerZoneList = new RangerZoneBase();
this.rangerZoneList.fetch({
cache : false,
async:false,
+ url: "service/public/v2/api/zone-headers",
})
},
@@ -668,8 +669,8 @@ define(function(require) {'use strict';
var policyTypes = _.map(XAEnums.RangerPolicyType,function(m){
return {'id': m.value,'text': m.label};
});
- var zoneListOptions = _.map(this.rangerZoneList.models, function(m){
- return { 'id':m.get('name'), 'text':m.get('name')}
+ var zoneListOptions = _.map(this.rangerZoneList.attributes, function(m){
+ return { 'id':m.name, 'text':m.name}
});
var tags = [];
if (this.urlParam && this.urlParam['policyLabelsPartial'] && !_.isEmpty(this.urlParam['policyLabelsPartial'])) {
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
index f9ea26a..1069f01 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java
@@ -18,6 +18,7 @@
package org.apache.ranger.rest;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
@@ -25,13 +26,16 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
+import org.apache.ranger.biz.SecurityZoneDBStore;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo;
import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.model.RangerServiceDef;
+import org.apache.ranger.plugin.model.RangerServiceHeaderInfo;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
@@ -84,7 +88,10 @@ public class TestPublicAPIsv2 {
@Mock
RESTErrorUtil restErrorUtil;
-
+
+ @Mock
+ SecurityZoneDBStore securityZoneStore;
+
@Rule
public ExpectedException thrown = ExpectedException.none();
@@ -606,4 +613,63 @@ public class TestPublicAPIsv2 {
Assert.assertEquals(dbRangerPolicies.size(), rangerPolicies.size());
Mockito.verify(serviceREST).getPolicies(request);
}
+
+ @Test
+ public void testGetAllZoneNames() throws Exception {
+ List<RangerSecurityZoneHeaderInfo> zoneHeaderInfoList = new ArrayList<>();
+ zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(2L, "zone-1"));
+ zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(3L, "zone-2"));
+
+ Mockito.when(securityZoneStore.getSecurityZoneHeaderInfoList()).thenReturn(zoneHeaderInfoList);
+
+ List<RangerSecurityZoneHeaderInfo> returnedZoneHeaderInfoList = publicAPIsv2.getSecurityZoneHeaderInfoList();
+ Assert.assertEquals(returnedZoneHeaderInfoList.size(), zoneHeaderInfoList.size());
+ Mockito.verify(securityZoneStore, Mockito.times(1)).getSecurityZoneHeaderInfoList();
+ }
+
+ @Test
+ public void testGetServiceNamesForZone() throws Exception {
+ Long zoneId1 = 2L;
+ Long zoneId2 = 3L;
+ Long nonExistingZondId = 101L;
+
+ List<RangerServiceHeaderInfo> rangerServiceList1 = new ArrayList<RangerServiceHeaderInfo>();
+ List<RangerServiceHeaderInfo> rangerServiceList2 = new ArrayList<RangerServiceHeaderInfo>();
+
+ rangerServiceList1.add(new RangerServiceHeaderInfo(1L, "hdfs_1", false));
+ rangerServiceList1.add(new RangerServiceHeaderInfo(2L, "hive_1", false));
+ rangerServiceList1.add(new RangerServiceHeaderInfo(3L, "hbase_1", false));
+ rangerServiceList1.add(new RangerServiceHeaderInfo(4L, "tag_1", true));
+
+ rangerServiceList2.add(new RangerServiceHeaderInfo(5L, "yarn_1", false));
+
+ Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(null)).thenReturn(Collections.emptyList());
+ Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId1)).thenReturn(rangerServiceList1);
+ Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId2)).thenReturn(rangerServiceList2);
+ Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(nonExistingZondId)).thenReturn(Collections.emptyList());
+
+ // Null
+ List<RangerServiceHeaderInfo> returnedServicesNull = publicAPIsv2.getServiceHeaderInfoListByZoneId(null);
+
+ Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null);
+ Assert.assertEquals(returnedServicesNull.size(), 0);
+
+ // Non existing zoneId
+ List<RangerServiceHeaderInfo> returnedServicesNonExisting = publicAPIsv2.getServiceHeaderInfoListByZoneId(nonExistingZondId);
+
+ Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null);
+ Assert.assertEquals(returnedServicesNonExisting.size(), 0);
+
+ // zoneId1
+ List<RangerServiceHeaderInfo> returnedServicesZone1 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId1);
+
+ Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId1);
+ Assert.assertEquals(returnedServicesZone1.size(), rangerServiceList1.size());
+
+ // zoneId2
+ List<RangerServiceHeaderInfo> returnedServicesZone2 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId2);
+
+ Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId2);
+ Assert.assertEquals(returnedServicesZone2.size(), rangerServiceList2.size());
+ }
}
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
index d6384a6..cc530c6 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java
@@ -188,30 +188,44 @@ public class TestSecurityZoneREST {
verify(validator, times(1)).validate(rangerSecurityZoneToUpdate, RangerValidator.Action.UPDATE);
}
- @Test
+ @Test(expected = WebApplicationException.class)
public void testGetSecurityZoneById() throws Exception {
RangerSecurityZone securityZone = createRangerSecurityZone();
Long securityZoneId = 2L;
securityZone.setId(securityZoneId);
when(securityZoneStore.getSecurityZone(securityZoneId)).thenReturn(securityZone);
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true);
RangerSecurityZone rangerSecurityZone = securityZoneREST.getSecurityZone(securityZoneId);
assertEquals(securityZoneId, rangerSecurityZone.getId());
verify(securityZoneStore, times(1)).getSecurityZone(securityZoneId);
+
+ //No access
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false);
+ when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException());
+ securityZoneREST.getSecurityZone(securityZoneId);
+ verify(securityZoneStore, times(0)).getSecurityZone(securityZoneId);
}
- @Test
+ @Test(expected = WebApplicationException.class)
public void testGetSecurityZoneByName() throws Exception {
RangerSecurityZone securityZone = createRangerSecurityZone();
Long securityZoneId = 2L;
String securityZoneName = securityZone.getName();
securityZone.setId(securityZoneId);
when(securityZoneStore.getSecurityZoneByName(securityZoneName)).thenReturn(securityZone);
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true);
RangerSecurityZone rangerSecurityZone = securityZoneREST.getSecurityZone(securityZoneName);
assertEquals(securityZoneName, rangerSecurityZone.getName());
verify(securityZoneStore, times(1)).getSecurityZoneByName(securityZoneName);
+
+ //No access
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false);
+ when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException());
+ securityZoneREST.getSecurityZone(securityZoneName);
+ verify(securityZoneStore, times(0)).getSecurityZoneByName(securityZoneName);
}
- @Test
+ @Test(expected = WebApplicationException.class)
public void testGetAllSecurityZone() throws Exception {
RangerSecurityZone securityZone = createRangerSecurityZone();
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
@@ -227,9 +241,17 @@ public class TestSecurityZoneREST {
rangerZoneList.setSecurityZoneList(zonesList);
when(securityZoneStore.getSecurityZones(filter)).thenReturn(zonesList);
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true);
+
RangerSecurityZoneList returnedZonesList = securityZoneREST.getAllZones(request);
assertEquals(returnedZonesList.getResultSize(), rangerZoneList.getList().size());
verify(securityZoneStore, times(1)).getSecurityZones(filter);
+
+ //No access
+ when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false);
+ when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException());
+ securityZoneREST.getAllZones(request);
+ verify(securityZoneStore, times(0)).getSecurityZones(filter);
}
@Test