You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by zs...@apache.org on 2018/03/28 07:04:57 UTC
ranger git commit: RANGER-2035 : fix handling of null implClass in
servicedefs (Oracle returns null for stored empty strings)
Repository: ranger
Updated Branches:
refs/heads/master e6c7afaa8 -> 6da244d6f
RANGER-2035 : fix handling of null implClass in servicedefs (Oracle returns null for stored empty strings)
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/6da244d6
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/6da244d6
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/6da244d6
Branch: refs/heads/master
Commit: 6da244d6f7f6f43e98e702d83fc3c768b1713f0e
Parents: e6c7afa
Author: Zsombor Gegesy <zs...@apache.org>
Authored: Fri Mar 23 10:09:40 2018 +0100
Committer: Zsombor Gegesy <zs...@apache.org>
Committed: Wed Mar 28 09:04:26 2018 +0200
----------------------------------------------------------------------
.../org/apache/ranger/biz/RangerBizUtil.java | 45 ++++++++------------
1 file changed, 17 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/6da244d6/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index d7e9e33..a0477fb 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1464,28 +1464,24 @@ public class RangerBizUtil {
boolean isKeyAdmin = session.isKeyAdmin();
boolean isSysAdmin = session.isUserAdmin();
- boolean isAuditor = session.isAuditUserAdmin();
- boolean isAduitorKeyAdmin = session.isAuditKeyAdmin();
+ boolean isAuditor = session.isAuditUserAdmin();
+ boolean isAuditorKeyAdmin = session.isAuditKeyAdmin();
boolean isUser = false;
List<String> roleList = session.getUserRoleList();
- if (roleList.contains(RangerConstants.ROLE_USER) ) {
+ if (roleList.contains(RangerConstants.ROLE_USER) ) {
isUser = true;
}
if (xxDbBase != null && xxDbBase instanceof XXServiceDef) {
XXServiceDef xServiceDef = (XXServiceDef) xxDbBase;
- String implClass = xServiceDef.getImplclassname();
- if (implClass == null) {
- return false;
- }
-
- if (isKeyAdmin && EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
- } else if (isAduitorKeyAdmin && EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
- } else if ((isSysAdmin || isUser || isAuditor) && !EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
+ final String implClass = xServiceDef.getImplclassname();
+ if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
+ // KMS case
+ return isKeyAdmin || isAuditorKeyAdmin;
+ } else {
+ // Other cases - implClass can be null!
+ return isSysAdmin || isUser || isAuditor;
}
}
@@ -1493,27 +1489,20 @@ public class RangerBizUtil {
// TODO: As of now we are allowing SYS_ADMIN to create/update/read/delete all the
// services including KMS
- if (isSysAdmin || isAuditor) {
+ if (isSysAdmin || isAuditor) {
return true;
}
XXService xService = (XXService) xxDbBase;
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
String implClass = xServiceDef.getImplclassname();
- if (implClass == null) {
- return false;
- }
-
- if (isKeyAdmin && EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
- } else if (isAduitorKeyAdmin && EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
- } else if (isUser && !EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
- return true;
+ if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
+ // KMS case
+ return isKeyAdmin || isAuditorKeyAdmin;
+ } else {
+ // Other cases - implClass can be null!
+ return isUser;
}
- // else if ((isSysAdmin || isUser) && !implClass.equals(EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME)) {
- // return true;
- // }
}
return false;
}