You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/11/03 14:38:27 UTC
ranger git commit: RANGER-2273 : Allow service admin and delegated
admin user to view list of users and groups though they have 'USER' role
Repository: ranger
Updated Branches:
refs/heads/master ac1b1bdf3 -> 2b2cb2daf
RANGER-2273 : Allow service admin and delegated admin user to view list of users and groups though they have 'USER' role
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/2b2cb2da
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/2b2cb2da
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/2b2cb2da
Branch: refs/heads/master
Commit: 2b2cb2daf710f1c6ff68f35e6fdef6b01495c7c2
Parents: ac1b1bd
Author: Nikhil P <np...@hortonworks.com>
Authored: Thu Nov 1 19:12:20 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Sat Nov 3 19:28:20 2018 +0530
----------------------------------------------------------------------
.../org/apache/ranger/biz/ServiceDBStore.java | 2 +-
.../java/org/apache/ranger/biz/XUserMgr.java | 95 ++++++++++++++++++++
.../java/org/apache/ranger/rest/XUserREST.java | 62 +++++++++++++
.../ranger/security/context/RangerAPIList.java | 2 +
.../scripts/views/policies/PermissionList.js | 12 +--
.../scripts/views/reports/UserAccessLayout.js | 12 +--
6 files changed, 172 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index b40d4f0..f2d61d3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -4365,7 +4365,7 @@ public class ServiceDBStore extends AbstractServiceStore {
String svcAdminUsers = cfgSvcAdminUsers != null ? cfgSvcAdminUsers.getConfigvalue() : null;
if (svcAdminUsers != null) {
for (String svcAdminUser : svcAdminUsers.split(",")) {
- if (userName.equals(svcAdminUser)) {
+ if (userName.equals(svcAdminUser.trim())) {
ret=true;
break;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index febf221..ced600f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -23,8 +23,10 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Objects;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
@@ -83,6 +85,7 @@ import org.springframework.transaction.annotation.Transactional;
import javax.servlet.http.HttpServletResponse;
import org.apache.ranger.entity.XXPortalUserRole;
+import org.springframework.util.StringUtils;
@Component
public class XUserMgr extends XUserMgrBase {
@@ -1850,6 +1853,98 @@ public class XUserMgr extends XUserMgrBase {
return vXGroupList;
}
+ public VXGroupList lookupXGroups(SearchCriteria searchCriteria) {
+ VXGroupList ret = null;
+
+ try {
+ HashMap<String, Object> searchParams = searchCriteria.getParamList();
+ String nameToLookFor = searchParams != null ? (String) searchParams.get("name") : null;
+ VXGroup exactMatch = null;
+
+ if (StringUtils.isEmpty(searchCriteria.getSortBy())) {
+ searchCriteria.setSortBy(nameToLookFor != null ? "name" : "id");
+ }
+
+ if(nameToLookFor != null) {
+ exactMatch = getGroupByGroupName(nameToLookFor);
+
+ for (Map.Entry<String, Object> entry : searchParams.entrySet()) {
+ if(exactMatch == null) {
+ break;
+ }
+
+ String paramName = entry.getKey();
+ Object paramValue = entry.getValue();
+
+ switch (paramName.toLowerCase()) {
+ case "isvisible":
+ if (!Objects.equals(exactMatch.getIsVisible(), paramValue)) {
+ exactMatch = null;
+ }
+ break;
+
+ case "groupsource":
+ if (!Objects.equals(exactMatch.getGroupSource(), paramValue)) {
+ exactMatch = null;
+ }
+ break;
+
+ default:
+ // ignore
+ break;
+ }
+ }
+ }
+
+ VXGroupList searchResult = xGroupService.searchXGroups(searchCriteria);
+
+ if (exactMatch != null && exactMatch.getId() != null) {
+ List<VXGroup> groups = searchResult.getList();
+
+ if (!groups.isEmpty()) { // remove exactMatch from groups if it is present
+ boolean removed = false;
+
+ for (Iterator<VXGroup> iter = groups.iterator(); iter.hasNext(); ) {
+ VXGroup group = iter.next();
+
+ if (group != null && exactMatch.getId().equals(group.getId())) {
+ iter.remove();
+ removed = true;
+
+ break;
+ }
+ }
+
+ if (!removed) { // remove the last entry, if exactMatch was not removed above - to accomodate for add() below
+ groups.remove(groups.size() - 1);
+ }
+ }
+
+ groups.add(0, exactMatch);
+
+ ret = new VXGroupList(groups);
+
+ ret.setStartIndex(searchCriteria.getStartIndex());
+ ret.setTotalCount(searchResult.getTotalCount());
+ ret.setPageSize(searchCriteria.getMaxRows());
+ ret.setSortBy(searchCriteria.getSortBy());
+ ret.setSortType(searchCriteria.getSortType());
+ } else {
+ ret = searchResult;
+ }
+ } catch (Exception e) {
+ logger.error("Error getting the exact match of group =>"+e);
+ }
+
+ if (ret != null && ret.getListSize() > 0 && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)) {
+ for(VXGroup vXGroup : ret.getList()) {
+ getMaskedVXGroup(vXGroup);
+ }
+ }
+
+ return ret;
+ }
+
public Collection<String> getMaskedCollection(Collection<String> listunMasked){
List<String> listMasked=new ArrayList<String>();
if(listunMasked!=null) {
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index b5c6e9c..1e8a093 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -19,6 +19,7 @@
package org.apache.ranger.rest;
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -386,6 +387,67 @@ public class XUserREST {
}
@GET
+ @Path("/lookup/users")
+ @Produces({ "application/xml", "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_USERS_LOOKUP + "\")")
+ public VXStringList getUsersLookup(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xUserService.sortFields);
+ VXStringList ret = new VXStringList();
+ List<VXString> vXList = new ArrayList<>();
+ searchUtil.extractString(request, searchCriteria, "name", "User name",null);
+ searchUtil.extractInt(request, searchCriteria, "isVisible", "User Visibility");
+ try {
+ VXUserList vXUserList = xUserMgr.searchXUsers(searchCriteria);
+ VXString VXString = null;
+ for (VXUser vxUser : vXUserList.getList()) {
+ VXString = new VXString();
+ VXString.setValue(vxUser.getName());
+ vXList.add(VXString);
+ }
+ ret.setVXStrings(vXList);
+ ret.setPageSize(vXUserList.getPageSize());
+ ret.setTotalCount(vXUserList.getTotalCount());
+ ret.setSortType(vXUserList.getSortType());
+ ret.setSortBy(vXUserList.getSortBy());
+ }
+ catch(Throwable excp){
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
+ return ret;
+ }
+
+ @GET
+ @Path("/lookup/groups")
+ @Produces({ "application/xml", "application/json" })
+ @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_GROUPS_LOOKUP + "\")")
+ public VXStringList getGroupsLookup(@Context HttpServletRequest request) {
+ VXStringList ret = new VXStringList();
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xGroupService.sortFields);
+ List<VXString> vXList = new ArrayList<>();
+ searchUtil.extractString(request, searchCriteria, "name", "group name", null);
+ searchUtil.extractInt(request, searchCriteria, "isVisible", "Group Visibility");
+ try {
+ VXGroupList vXGroupList = xUserMgr.lookupXGroups(searchCriteria);
+ for (VXGroup vxGroup : vXGroupList.getList()) {
+ VXString VXString = new VXString();
+ VXString.setValue(vxGroup.getName());
+ vXList.add(VXString);
+ }
+ ret.setVXStrings(vXList);
+ ret.setPageSize(vXGroupList.getPageSize());
+ ret.setTotalCount(vXGroupList.getTotalCount());
+ ret.setSortType(vXGroupList.getSortType());
+ ret.setSortBy(vXGroupList.getSortBy());
+ }
+ catch(Throwable excp){
+ throw restErrorUtil.createRESTException(excp.getMessage());
+ }
+ return ret;
+ }
+
+ @GET
@Path("/users/count")
@Produces({ "application/xml", "application/json" })
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_X_USERS + "\")")
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
index 4a6a769..1e38ef1 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
@@ -150,6 +150,8 @@ public class RangerAPIList {
public static final String MODIFY_USER_VISIBILITY = "XUserREST.modifyUserVisibility";
public static final String DELETE_X_USER = "XUserREST.deleteXUser";
public static final String SEARCH_X_USERS = "XUserREST.searchXUsers";
+ public static final String GET_USERS_LOOKUP = "XUserREST.getUsersLookup";
+ public static final String GET_GROUPS_LOOKUP = "XUserREST.getGroupsLookup";
public static final String COUNT_X_USERS = "XUserREST.countXUsers";
public static final String GET_X_GROUP_USER = "XUserREST.getXGroupUser";
public static final String CREATE_X_GROUP_USER = "XUserREST.createXGroupUser";
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index 2b996b0..0c3824b 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -192,10 +192,10 @@ define(function(require) {
}
});
},
- createDropDown :function($select, typeGroup){
- var that = this, tags = [],
+ createDropDown :function($select, typeGroup){
+ var that = this, tags = [],
placeholder = (typeGroup) ? 'Select Group' : 'Select User',
- searchUrl = (typeGroup) ? "service/xusers/groups" : "service/xusers/users";
+ searchUrl = (typeGroup) ? "service/xusers/lookup/groups" : "service/xusers/lookup/users";
if(this.model.has('editMode') && !_.isEmpty($select.val())){
var temp = this.model.attributes[ (typeGroup) ? 'groupName': 'userName'];
_.each(temp , function(name){
@@ -221,11 +221,11 @@ define(function(require) {
var results = [] , selectedVals = [];
//Get selected values of groups/users dropdown
selectedVals = that.getSelectedValues($select, typeGroup);
- if(data.resultSize != "0"){
+ if(data.totalCount != "0"){
if(typeGroup){
- results = data.vXGroups.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; });
+ results = data.vXStrings.map(function(m){ return {id : _.escape(m.value), text: _.escape(m.value) }; });
} else {
- results = data.vXUsers.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; });
+ results = data.vXStrings.map(function(m){ return {id : _.escape(m.value), text: _.escape(m.value) }; });
}
if(!_.isEmpty(selectedVals)){
results = XAUtil.filterResultByText(results, selectedVals);
http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index d5bad70..f0e5c1d 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -662,7 +662,7 @@ define(function(require) {'use strict';
callback(data);
},
ajax: {
- url: "service/xusers/groups",
+ url: "service/xusers/lookup/groups",
dataType: 'json',
data: function (term, page) {
return {name : term};
@@ -671,8 +671,8 @@ define(function(require) {'use strict';
var results = [],selectedVals = [];
if(!_.isEmpty(that.ui.userGroup.val()))
selectedVals = that.ui.userGroup.val().split(',');
- if(data.resultSize != "0"){
- results = data.vXGroups.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; });
+ if(data.totalCount != "0"){
+ results = data.vXStrings.map(function(m){ return {id : m.value, text: _.escape(m.value) }; });
if(!_.isEmpty(selectedVals))
results = XAUtil.filterResultByIds(results, selectedVals);
return {results : results};
@@ -716,7 +716,7 @@ define(function(require) {'use strict';
callback(data);
},
ajax: {
- url: "service/xusers/users",
+ url: "service/xusers/lookup/users",
dataType: 'json',
data: function (term, page) {
return {name : term};
@@ -725,8 +725,8 @@ define(function(require) {'use strict';
var results = [],selectedVals=[];
if(!_.isEmpty(that.ui.userName.select2('val')))
selectedVals = that.ui.userName.select2('val');
- if(data.resultSize != "0"){
- results = data.vXUsers.map(function(m, i){ return {id : m.name, text: _.escape(m.name) }; });
+ if(data.totalCount != "0"){
+ results = data.vXStrings.map(function(m){ return {id : m.value, text: _.escape(m.value) }; });
if(!_.isEmpty(selectedVals))
results = XAUtil.filterResultByIds(results, selectedVals);
return {results : results};