You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ma...@apache.org on 2017/06/12 18:53:37 UTC
ranger git commit: RANGER-1492: UI updates to support tag-based
masking policies
Repository: ranger
Updated Branches:
refs/heads/master f2c4f90f0 -> 5e82ed83c
RANGER-1492: UI updates to support tag-based masking policies
Signed-off-by: Madhan Neethiraj <ma...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/5e82ed83
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/5e82ed83
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/5e82ed83
Branch: refs/heads/master
Commit: 5e82ed83c4f6f360aefd2818c1485cb7dce2027c
Parents: f2c4f90
Author: Nitin Galave <ni...@gmail.com>
Authored: Mon Jun 12 17:57:31 2017 +0530
Committer: Madhan Neethiraj <ma...@apache.org>
Committed: Mon Jun 12 11:17:35 2017 -0700
----------------------------------------------------------------------
.../scripts/models/BackboneFormDataType.js | 5 +-
.../main/webapp/scripts/modules/XAOverrides.js | 7 +-
.../scripts/modules/globalize/message/en.js | 2 +
.../src/main/webapp/scripts/utils/XAUtils.js | 7 +-
.../scripts/views/policies/PermissionList.js | 164 +++++++++++++++----
.../views/policies/RangerPolicyCreate.js | 6 +-
.../scripts/views/policies/RangerPolicyForm.js | 35 +++-
.../views/policies/RangerPolicyTableLayout.js | 22 ++-
security-admin/src/main/webapp/styles/xa.css | 11 ++
.../main/webapp/templates/helpers/XAHelpers.js | 16 +-
.../templates/policies/PermissionItem.html | 2 +-
.../policies/RangerPolicyForm_tmpl.html | 74 +++++----
.../policies/RangerPolicyTableLayout_tmpl.html | 10 +-
13 files changed, 273 insertions(+), 88 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js
index 1aace56..fee50f5 100644
--- a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js
+++ b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js
@@ -33,7 +33,10 @@ define(function(require) {
var getResourceConfigs = function(configs){
if(XAUtils.isMaskingPolicy(form.model.get('policyType'))){
if(XAUtils.isRenderMasking(form.rangerServiceDefModel.get('dataMaskDef'))){
- configs = form.rangerServiceDefModel.get('dataMaskDef').resources;
+ var resources = form.rangerServiceDefModel.get('dataMaskDef').resources;
+ if(!_.isEmpty(resources)){
+ configs = form.rangerServiceDefModel.get('dataMaskDef').resources;
+ }
configs = _.map(configs, function(obj){ obj.type = 'string'; return obj; });
return configs;
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
index 311ad0c..7d7a9d1 100644
--- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
+++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js
@@ -697,7 +697,7 @@
**/
var TagChecklist = function (options) {
- this.init('tagchecklist', options, TagChecklist.defaults);
+ this.init('tagchecklist', options, TagChecklist.defaults);
};
$.fn.editableutils.inherit(TagChecklist, $.fn.editabletypes.list);
@@ -730,7 +730,7 @@
$('<div>').append($selectComp).appendTo(this.$tpl);
$table.append($tbody).appendTo(this.$tpl);
- this.$tpl.find('[data-id="selectComp"]').select2({width :'600px'}).on('change',function(e){
+ this.$tpl.find('[data-id="selectComp"]').select2(this.options.select2option).on('change',function(e){
if(!_.isUndefined(e.added)){
that.addTr(e.added.text)
@@ -965,7 +965,8 @@
@type string
@default ','
**/
- separator: ','
+ separator: ',',
+ select2option : {}
});
$.fn.editabletypes.tagchecklist = TagChecklist;
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index f47276c..4397721 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -385,6 +385,7 @@ define(function(require) {
pleaseSelectGroup : 'Please select group.',
addSelectedUserGroup : 'Please add selected user/group to permissions else user/group will not be added.',
maskingPolicyInfoMsg : 'Please ensure that users/groups listed in this policy have access to the column via an <b>Access Policy</b>. This policy does not implicitly grant access to the column.',
+ maskingPolicyInfoMsgForTagBased : 'Please ensure that users/groups listed in this policy have access to the tag via an <b>Access Policy</b>. This policy does not implicitly grant access to the tag.',
rowFilterPolicyInfoMsg : 'Please ensure that users/groups listed in this policy have access to the table via an <b>Access Policy</b>. This policy does not implicitly grant access to the table.',
udfPolicyViolation : '<b> Warning !!</b> : UDF create is a privileged operation. Please make sure you grant them to only trusted users.',
noServiceToExport :'No service found to export policies.',
@@ -396,6 +397,7 @@ define(function(require) {
plsSelectUserToSetVisibility :' Please select user to set visibility or selected user is already visible/hidden.',
plsSelectGroupToSetVisibility:' Please select group to set visibility or selected group is already visible/hidden.',
activationTimeDelayMsg :'Policy activation time delayed by more than 1hr from last update time.',
+ pleaseSelectAccessTypeForTagMasking : 'Please select access type first to enable add masking options.'
},
plcHldr : {
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 03e218d..56ac538 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -1261,8 +1261,8 @@ define(function(require) {
return type == XAEnums.RangerPolicyType.RANGER_MASKING_POLICY_TYPE.value ? true : false;
};
XAUtils.isRenderMasking = function(dataMaskDef){
- return (!_.isUndefined(dataMaskDef) && !_.isUndefined(dataMaskDef.resources)
- && dataMaskDef.resources.length > 0) ? true : false;
+ return (!_.isUndefined(dataMaskDef) && !_.isUndefined(dataMaskDef.maskTypes)
+ && dataMaskDef.maskTypes.length > 0) ? true : false;
};
XAUtils.isAccessPolicy = function(type){
return type == XAEnums.RangerPolicyType.RANGER_ACCESS_POLICY_TYPE.value ? true : false;
@@ -1335,5 +1335,8 @@ define(function(require) {
return '--';
}
};
+ XAUtils.isTagBasedDef = function(def){
+ return def.get('name') == XAEnums.ServiceType.SERVICE_TAG.label ? true : false;
+ }
return XAUtils;
});
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index 2bb4d8a..067bf3b 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -77,9 +77,9 @@ define(function(require) {
},
initialize : function(options) {
- _.extend(this, _.pick(options,'accessTypes','policyConditions','rangerServiceDefModel','rangerPolicyType'));
+ _.extend(this, _.pick(options,'accessTypes','policyConditions','rangerServiceDefModel','rangerPolicyType'));
this.setupPermissionsAndConditions();
-
+ this.accessPermSetForTagMasking = false;
},
onRender : function() {
@@ -93,18 +93,18 @@ define(function(require) {
this.dropDownChange(this.ui.selectGroups);
this.dropDownChange(this.ui.selectUsers);
//render permissions and policy conditions
- if(this.rangerServiceDefModel.get('name') == XAEnums.ServiceType.SERVICE_TAG.label){
- this.renderPermsForTagBasedPolicies()
+ if(XAUtil.isTagBasedDef(this.rangerServiceDefModel)){
+ this.renderPermsForTagBasedPolicies();
+// if(XAUtil.isMaskingPolicy(this.rangerPolicyType)) this.renderMaskingTypesForTagBasedPolicies();
} else {
this.renderPerms();
+ if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){
+ this.renderMaskingType();
+ }
}
this.renderPolicyCondtion();
- if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){
- this.renderMaskingType();
- }
- if(XAUtil.isRowFilterPolicy(this.rangerPolicyType)){
- this.renderRowLevelFilter();
- }
+
+ if(XAUtil.isRowFilterPolicy(this.rangerPolicyType)) this.renderRowLevelFilter();
},
setupFormForEditMode : function() {
@@ -241,8 +241,10 @@ define(function(require) {
this.perms = _.map(this.accessTypes,function(m){return {text:m.label, value:m.name};});
this.perms.push({'value' : -1, 'text' : 'Select/Deselect All'});
//set default access type 'select' for add new masking & row filter policies
- if(!XAUtil.isAccessPolicy(this.rangerPolicyType) && !_.contains(this.permsIds,'select')) {
- this.permsIds.push('select');
+ if(this.perms.length == 2){
+ if(!_.isUndefined(this.perms[0].value) && _.isEmpty(this.permsIds)){
+ this.permsIds.push(this.perms[0].value);
+ }
}
//create x-editable for permissions
this.ui.addPerms.editable({
@@ -308,25 +310,38 @@ define(function(require) {
this.ui.addPerms.attr('title','Components Permissions')
this.ui.delegatedAdmin.parent('td').hide();
this.perms = _.map(this.accessTypes,function(m){return {text:m.label, value:m.name};});
-
+ //select defatult access type if single component exists
+ if(this.perms.length == 1 && this.permsIds.length >= 0){
+ this.permsIds.push(this.perms[0].value)
+ }
+ var select2optn = { width :'600px' };
+ if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){
+ select2optn = {width :'600px' , maximumSelectionSize : 1 };
+ }
//create x-editable for permissions
this.ui.addPerms.editable({
emptytext : 'Add Permissions',
source: this.perms,
value : this.permsIds,
+ select2option : select2optn,
placement : 'top',
showbuttons : 'bottom',
display: function(values,srcData) {
+ if(_.contains(values,"on")) values = _.without(values,"on");
if(_.isNull(values) || _.isEmpty(values)){
$(this).empty();
that.model.unset('accesses');
that.ui.addPermissionsSpan.find('i').attr('class', 'icon-plus');
that.ui.addPermissionsSpan.attr('title','add');
+ //disable Masking option for tag based
+ if(XAUtil.isMaskingPolicy(that.rangerPolicyType)){
+ that.accessPermSetForTagMasking = false;
+ that.model.unset('dataMaskInfo');
+ that.renderMaskingTypesForTagBasedPolicies();
+ that.$el.find('input[data-id="maskTypeCustom"]').val("");
+ }
return;
}
- if(_.contains(values,"on")){
- values = _.without(values,"on")
- }
//To remove selectall options
values = _.uniq(values);
if(values.indexOf("selectall") >= 0){
@@ -359,6 +374,14 @@ define(function(require) {
$(this).html(_.uniq(valArr).join(" "));
that.ui.addPermissionsSpan.find('i').attr('class', 'icon-pencil');
that.ui.addPermissionsSpan.attr('title','edit');
+
+ //enabling add masking option for Tag-based
+ if(XAUtil.isMaskingPolicy(that.rangerPolicyType)){
+ that.accessPermSetForTagMasking = true;
+ var selectedComponent = _.map(items, function(m){ return m.type.substr(0,m.type.indexOf(":")); });
+ selectedComponent = _.uniq(selectedComponent);
+ that.renderMaskingTypesForTagBasedPolicies(selectedComponent)
+ }
},
}).on('hide',function(e){
$(e.currentTarget).parent().find('.tag-fixed-popover-wrapper').remove()
@@ -384,6 +407,91 @@ define(function(require) {
});
},
+ renderMaskingTypesForTagBasedPolicies :function(accessTypeSelectedComp){
+ var that = this, perms = [];
+ this.ui.addPerms.attr('data-type','radiolist')
+ this.ui.addPerms.attr('title','Components Permissions')
+ this.ui.delegatedAdmin.parent('td').hide();
+
+ var maskingTypes = this.rangerServiceDefModel.get('dataMaskDef').maskTypes;
+ //get selected components masking types
+ _.each(maskingTypes,function(m){
+ var compName = m.name.substr(0,m.name.indexOf(":"));
+ if($.inArray(compName, accessTypeSelectedComp) >= 0){
+ perms.push({text:m.label, value:m.name});
+ }
+ }, this);
+ var maskTypeVal = [];
+ if(!_.isUndefined(this.model.get('dataMaskInfo')) && !_.isUndefined(this.model.get('dataMaskInfo').dataMaskType)){
+ maskTypeVal = this.model.get('dataMaskInfo').dataMaskType;
+ if(!_.isUndefined(accessTypeSelectedComp) && !_.isUndefined(maskTypeVal)){
+ maskTypeVal = $.inArray(maskTypeVal.substr(0,maskTypeVal.indexOf(":")), accessTypeSelectedComp) >= 0 ? maskTypeVal : [];
+ }
+ }
+ //Reset Add Masking Options
+ this.ui.maskingType.editable("setValue",null);
+ this.ui.maskingType.editable("destroy");
+ that.ui.addMaskingTypeSpan.unbind( "click" );
+ this.$el.find('input[data-id="maskTypeCustom"]').unbind( "change" );
+ that.ui.addMaskingTypeSpan.find('i').attr('class', 'icon-plus');
+ that.ui.addMaskingTypeSpan.attr('title','add');
+ this.$el.find('input[data-id="maskTypeCustom"]').css("display","none");
+ //create x-editable for permissions
+ this.ui.maskingType.editable({
+ emptytext : 'Add Mask Type',
+ source: perms,
+ value : maskTypeVal,
+ placement : 'top',
+ showbuttons : 'bottom',
+ disabled : !this.accessPermSetForTagMasking,
+ display: function(value,srcData) {
+ if(_.isNull(value) || _.isUndefined(value) || _.isEmpty(value)){
+ $(this).empty();
+// that.model.unset('accesses');
+ that.ui.addPermissionsSpan.find('i').attr('class', 'icon-plus');
+ that.ui.addPermissionsSpan.attr('title','add');
+ return;
+ }
+
+ var obj = _.findWhere(srcData, {'value' : value } );
+ // Save form data to model
+ that.model.set('dataMaskInfo', {'dataMaskType': value });
+ //Custom dataMaskType
+ if(value.indexOf("CUSTOM") >= 0){
+ $(this).siblings('[data-id="maskTypeCustom"]').css("display","");
+ }else{
+ $(this).siblings('[data-id="maskTypeCustom"]').css("display","none");
+ $(this).siblings('[data-id="maskTypeCustom"]').val(" ");
+ }
+
+ $(this).html("<span class='label label-info'>"+ value.substr(0,value.indexOf(":")).toUpperCase() +" : "
+ + obj.text +"</span>");
+ that.ui.addMaskingTypeSpan.find('i').attr('class', 'icon-pencil');
+ that.ui.addMaskingTypeSpan.attr('title','edit');
+ },
+ }).on('hide',function(e){
+ $(e.currentTarget).parent().find('.tag-fixed-popover-wrapper').remove()
+ }).on('click', function(e) {
+ e.stopPropagation();
+ e.preventDefault();
+ });
+ that.ui.addMaskingTypeSpan.click(function(e) {
+ e.stopPropagation();
+ if(!that.accessPermSetForTagMasking){
+ XAUtil.alertPopup({ msg :localization.tt('msg.pleaseSelectAccessTypeForTagMasking') });
+ return;
+ }
+ that.$('a[data-js="maskingType"]').editable('toggle');
+ });
+ this.$el.find('input[data-id="maskTypeCustom"]').on('change', function(e){
+ if(!_.isUndefined(that.model.get('dataMaskInfo'))){
+ that.model.get('dataMaskInfo').valueExpr = e.currentTarget.value;
+ }
+ }).trigger('change');
+ if(!this.accessPermSetForTagMasking){
+ that.ui.maskingType.html('Add Mask Type');
+ }
+ },
clickOnPermissions : function(that) {
var selectAll = true;
var checklist = that.$('.editable-checklist').find('input[type="checkbox"]')
@@ -699,21 +807,20 @@ define(function(require) {
},
getPermHeaders : function(){
var permList = [];
- if(this.rangerServiceDefModel.get('name') != XAEnums.ServiceType.SERVICE_TAG.label){
- if(XAUtil.isAccessPolicy(this.rangerPolicyType)){
+ if(XAUtil.isAccessPolicy(this.rangerPolicyType) ){
+ if(this.rangerServiceDefModel.get('name') != XAEnums.ServiceType.SERVICE_TAG.label){
permList.unshift(localization.tt('lbl.delegatedAdmin'));
- }
- if(XAUtil.isRowFilterPolicy(this.rangerPolicyType)){
- permList.unshift(localization.tt('lbl.rowLevelFilter'));
- permList.unshift(localization.tt('lbl.accessTypes'));
- }else if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){
- permList.unshift(localization.tt('lbl.selectMaskingOption'));
- permList.unshift(localization.tt('lbl.accessTypes'));
- }else{
permList.unshift(localization.tt('lbl.permissions'));
+ }else{
+ permList.unshift(localization.tt('lbl.componentPermissions'));
}
- } else {
- permList.unshift(localization.tt('lbl.componentPermissions'));
+ }
+ if(XAUtil.isRowFilterPolicy(this.rangerPolicyType)){
+ permList.unshift(localization.tt('lbl.rowLevelFilter'));
+ permList.unshift(localization.tt('lbl.accessTypes'));
+ }else if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){
+ permList.unshift(localization.tt('lbl.selectMaskingOption'));
+ permList.unshift(localization.tt('lbl.accessTypes'));
}
if(!_.isEmpty(this.rangerServiceDefModel.get('policyConditions'))){
@@ -736,6 +843,7 @@ define(function(require) {
this.accessTypes = _.map(rowFilterDef.accessTypes, function(m){return _.findWhere(this.accessTypes, {'name' : m.name });}, this);
}
}
+
},
makePolicyItemSortable : function(){
var that = this, draggedModel;
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js
index 728e5bf..df13b7c 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js
@@ -45,7 +45,11 @@ define(function(require){
templateHelpers : function(){
var infoMsg = '', displayClass = 'hide';
if(XAUtil.isMaskingPolicy(this.model.get('policyType'))){
- infoMsg = localization.tt('msg.maskingPolicyInfoMsg'), displayClass = 'show';
+ if(XAUtil.isTagBasedDef(this.rangerServiceDefModel)){
+ infoMsg = localization.tt('msg.maskingPolicyInfoMsgForTagBased'), displayClass = 'show';
+ }else{
+ infoMsg = localization.tt('msg.maskingPolicyInfoMsg'), displayClass = 'show';
+ }
}else if(XAUtil.isRowFilterPolicy(this.model.get('policyType'))){
infoMsg = localization.tt('msg.rowFilterPolicyInfoMsg'), displayClass = 'show';
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index ff62bb2..403e23c 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -216,7 +216,11 @@ define(function(require){
this.selectedResourceTypes = {};
var resourceDefList = this.rangerServiceDefModel.get('resources');
if(XAUtil.isMaskingPolicy(this.model.get('policyType')) && XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef'))){
- resourceDefList = this.rangerServiceDefModel.get('dataMaskDef').resources;
+ if(!_.isEmpty(this.rangerServiceDefModel.get('dataMaskDef').resources)){
+ resourceDefList = this.rangerServiceDefModel.get('dataMaskDef').resources;
+ }else{
+ resourceDefList = this.rangerServiceDefModel.get('resources');
+ }
}
_.each(this.model.get('resources'),function(obj,key){
var resourceDef = _.findWhere(resourceDefList,{'name':key}),
@@ -270,7 +274,7 @@ define(function(require){
rangerPolicyType : that.model.get('policyType')
}).render().el);
- if( enableDenyAndExceptionsInPolicies ){
+ if( enableDenyAndExceptionsInPolicies && !XAUtil.isMaskingPolicy(that.model.get('policyType')) ){
that.$('[data-customfields="groupPermsAllowExclude"]').html(new PermissionList({
collection : that.formInputAllowExceptionList,
model : that.model,
@@ -366,7 +370,11 @@ define(function(require){
//Check for masking policies
var resourceDef = this.rangerServiceDefModel.get('resources');
if(XAUtil.isMaskingPolicy(this.model.get('policyType')) && XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef'))){
- resourceDef = this.rangerServiceDefModel.get('dataMaskDef').resources;
+ if(!_.isEmpty(this.rangerServiceDefModel.get('dataMaskDef').resources)){
+ resourceDef = this.rangerServiceDefModel.get('dataMaskDef').resources;
+ }else{
+ resourceDef = this.rangerServiceDefModel.get('resources');
+ }
}
if(XAUtil.isRowFilterPolicy(this.model.get('policyType')) && XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef'))){
resourceDef = this.rangerServiceDefModel.get('rowFilterDef').resources;
@@ -638,7 +646,7 @@ define(function(require){
var resources = {},resourceName = options.type;
var isParent = true, name = options.type, val = null,isCurrentSameLevelField = true;
while(isParent){
- var currentResource = _.findWhere(this.rangerServiceDefModel.get('resources'), {'name': name });
+ var currentResource = _.findWhere(this.getResources(), {'name': name });
//same level type
if(_.isUndefined(this.fields[currentResource.name])){
var sameLevelName = 'sameLevel'+currentResource.level;
@@ -691,8 +699,9 @@ define(function(require){
condSet = m.has('conditions') ? true : false;
}
if(m.has('dataMaskInfo') && !_.isUndefined(m.get('dataMaskInfo').dataMaskType)){
- if(m.get('dataMaskInfo').dataMaskType === "CUSTOM"){
- customMaskSet = _.isUndefined(m.get('dataMaskInfo').valueExpr) || _.isEmpty(m.get('dataMaskInfo')).valueExpr ? false : true;
+ if( m.get('dataMaskInfo').dataMaskType.indexOf("CUSTOM") >= 0 ){
+ var valueExpr = m.get('dataMaskInfo').valueExpr;
+ customMaskSet = _.isUndefined(valueExpr) || _.isEmpty(valueExpr.trim()) ? false : true;
}
}
});
@@ -716,6 +725,20 @@ define(function(require){
getPolicyBaseFieldNames : function(){
var fields = ['isAuditEnabled','description'];
return fields;
+ },
+ getResources : function(){
+ if(XAUtil.isMaskingPolicy(this.model.get('policyType'))){
+ if(XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef'))){
+ if(!_.isEmpty(this.rangerServiceDefModel.get('dataMaskDef').resources)){
+ return this.rangerServiceDefModel.get('dataMaskDef').resources;
+ }
+ }
+ }else if(XAUtil.isRowFilterPolicy(this.model.get('policyType'))){
+ if(XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef'))){
+ return this.rangerServiceDefModel.get('rowFilterDef').resources;
+ }
+ }
+ return this.rangerServiceDefModel.get('resources');
}
});
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index 1eaf3da..eb88686 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@ -50,8 +50,11 @@ define(function(require){
templateHelpers : function(){
return {
- rangerService:this.rangerService,
- rangerPolicyType : this.collection.queryParams['policyType']
+ rangerService : this.rangerService,
+ rangerServiceDef : this.rangerServiceDefModel,
+ rangerPolicyType : this.collection.queryParams['policyType'],
+ isRenderAccessTab : XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef')) ? true
+ : XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef')) ? true : false
};
},
@@ -60,7 +63,6 @@ define(function(require){
return [XALinks.get('TagBasedServiceManager'),XALinks.get('ManagePolicies',{model : this.rangerService})];
}
return [XALinks.get('ServiceManager'),XALinks.get('ManagePolicies',{model : this.rangerService})];
-// return [];
},
/** Layout sub regions */
@@ -113,7 +115,7 @@ define(function(require){
this.rangerServiceDefModel.fetch({
cache : false,
async : false
- });
+ });
},
initializePolicies : function(policyType){
@@ -131,7 +133,7 @@ define(function(require){
this.addVisualSearch();
this.renderTable();
this.initializePolicies();
- XAUtil.searchInfoPopover(this.searchInfoArray , this.ui.iconSearchInfo , 'bottom');
+ XAUtil.searchInfoPopover(this.searchInfoArray , this.ui.iconSearchInfo , 'bottom');
},
/** all post render plugin initialization */
@@ -149,8 +151,8 @@ define(function(require){
this.showRequiredTabs()
},
showRequiredTabs : function(){
- if(XAUtil.isEmptyObjectResourceVal(this.rangerServiceDefModel.get('dataMaskDef'))){
- this.$el.find('li[data-tab="masking"]').hide();
+ if(XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef'))){
+ this.$el.find('li[data-tab="masking"]').show();
}
if(XAUtil.isEmptyObjectResourceVal(this.rangerServiceDefModel.get('rowFilterDef'))){
this.$el.find('li[data-tab="rowLevelFilter"]').hide();
@@ -322,7 +324,11 @@ define(function(require){
var that = this, resources = this.rangerServiceDefModel.get('resources');
var policyType = this.collection.queryParams['policyType'];
if(XAUtil.isMaskingPolicy(policyType) ){
- resources = this.rangerServiceDefModel.get('dataMaskDef')['resources'];
+ if(!_.isEmpty(this.rangerServiceDefModel.get('dataMaskDef').resources)){
+ resources = this.rangerServiceDefModel.get('dataMaskDef')['resources'];
+ }else{
+ resources = this.rangerServiceDefModel.get('resources');
+ }
}else if(XAUtil.isRowFilterPolicy(policyType) ){
resources = this.rangerServiceDefModel.get('rowFilterDef')['resources'];
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index c70c0bc..fbfc9a0 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -2181,4 +2181,15 @@ td.subgrid-custom-cell{
}
.tag-attr-popover .table td:first-child{
border-left-color:transparent;
+}
+.divider-popup{
+ padding: 4px;
+ background-color: #eeeeee;
+ text-align: center;
+ font-size: 12px;
+}
+.empty-text{
+ text-align: center;
+ font-weight: bold;
+ font-style: italic;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
index 4491d70..1766880 100644
--- a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
+++ b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
@@ -540,7 +540,21 @@
var XAEnums = require('utils/XAEnums');
return XAUtil.isRenderRowFilter(XAEnums.RangerPolicyType.RANGER_ROW_FILTER_POLICY_TYPE.value);
});
-
+ Handlebars.registerHelper('showMaskingTab', function(context, options) {
+ var dataMaskDef = context.rangerServiceDef.get('dataMaskDef');
+
+ return ( !_.isUndefined(dataMaskDef)
+ && ( !_.isUndefined(dataMaskDef.accessTypes) ) && dataMaskDef.accessTypes.length > 0
+ && ( !_.isUndefined(dataMaskDef.maskTypes) ) && dataMaskDef.maskTypes.length > 0 )
+ ? options.fn(this) : options.inverse(this);
+ });
+ Handlebars.registerHelper('showRowLevelTab', function(context, options) {
+ var rowFilterDef = context.rangerServiceDef.get('rowFilterDef');
+ return ( !_.isUndefined(rowFilterDef)
+ && ( !_.isUndefined(rowFilterDef.accessTypes) ) && rowFilterDef.accessTypes.length > 0
+ && ( !_.isUndefined(rowFilterDef.resources) ) && rowFilterDef.resources.length > 0 )
+ ? options.fn(this) : options.inverse(this);
+ });
return HHelpers;
});
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/templates/policies/PermissionItem.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/policies/PermissionItem.html b/security-admin/src/main/webapp/templates/policies/PermissionItem.html
index 745c881..f6ff167 100644
--- a/security-admin/src/main/webapp/templates/policies/PermissionItem.html
+++ b/security-admin/src/main/webapp/templates/policies/PermissionItem.html
@@ -34,7 +34,7 @@
</td>
{{#if isMaskingPolicy}}
<td>
- <a href="#" data-js="maskingType" data-type="radiolist" data-title="Select Masking Option" title="Select Masking Option" ></a>
+ <a href="#" data-js="maskingType" data-type="radiolist" data-title="Select Masking Option" title="Select Masking Option" >Add Mask Type</a>
<button type="button" class="btn btn-mini add-masking-type" title="Add" style="display: inline-block;"><i class="icon-plus"></i>
</button>
<input type="text" data-id="maskTypeCustom" value="{{dataMaskInfo.valueExpr}}" placeholder="enter masked value or expression" style="display:none;" width="40%"/>
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
index 865ea72..859aced 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
@@ -47,55 +47,59 @@ language governing permissions and limitations under the License. --}}
</div>
</div>
</div>
- <div class="form-indent-right" data-js="allowExcludePerm">
- <p class="wrap-header reportSearchHeader ">Exclude from Allow
- Conditions :</p>
+ {{#compare "Allow" "eq" conditionType}}
+ <div class="form-indent-right" data-js="allowExcludePerm">
+ <p class="wrap-header reportSearchHeader ">Exclude from Allow
+ Conditions :</p>
+
+ <div class="wrap position-relative">
+
+ <div class="" data-customfields="groupPermsAllowExclude">
+ <div class="control-group" style="margin-left: -100px;">
+ <label class="control-label">Exclude :</label>
+ <div class="controls">
+ <img src="images/loading.gif"
+ style="margin-left: 4%; margin-top: 1%;" />
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ {{/compare}}
+ </div>
+ {{#compare "Allow" "eq" conditionType}}
+ <div data-js="denyConditionItems">
+ <p class="wrap-header bold formHeader">Deny Conditions :</p>
<div class="wrap position-relative">
-
- <div class="" data-customfields="groupPermsAllowExclude">
- <div class="control-group" style="margin-left: -100px;">
- <label class="control-label">Exclude :</label>
+ <div class="" data-customfields="groupPermsDeny">
+ <div class="control-group">
+ <label class="control-label">{{tt 'lbl.permissions'}}</label>
<div class="controls">
<img src="images/loading.gif"
style="margin-left: 4%; margin-top: 1%;" />
</div>
</div>
</div>
- </div>
- </div>
- </div>
- <div data-js="denyConditionItems">
- <p class="wrap-header bold formHeader">Deny Conditions :</p>
-
- <div class="wrap position-relative">
- <div class="" data-customfields="groupPermsDeny">
- <div class="control-group">
- <label class="control-label">{{tt 'lbl.permissions'}}</label>
- <div class="controls">
- <img src="images/loading.gif"
- style="margin-left: 4%; margin-top: 1%;" />
- </div>
- </div>
- </div>
- <div class="form-indent-right">
- <p class="wrap-header reportSearchHeader">Exclude from Deny
- Conditions :</p>
-
- <div class="wrap position-relative">
- <div class="" data-customfields="groupPermsDenyExclude">
- <div class="control-group">
- <label class="control-label">Exclude :</label>
- <div class="controls">
- <img src="images/loading.gif"
- style="margin-left: 4%; margin-top: 1%;" />
+ <div class="form-indent-right">
+ <p class="wrap-header reportSearchHeader">Exclude from Deny
+ Conditions :</p>
+
+ <div class="wrap position-relative">
+ <div class="" data-customfields="groupPermsDenyExclude">
+ <div class="control-group">
+ <label class="control-label">Exclude :</label>
+ <div class="controls">
+ <img src="images/loading.gif"
+ style="margin-left: 4%; margin-top: 1%;" />
+ </div>
</div>
</div>
</div>
</div>
</div>
</div>
- </div>
+ {{/compare}}
</fieldset>
</form>
http://git-wip-us.apache.org/repos/asf/ranger/blob/5e82ed83/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
index 5031c7f..c49dc32 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyTableLayout_tmpl.html
@@ -15,18 +15,24 @@
limitations under the License.
--}}
-{{#compare "hive" "eq" this.rangerService.attributes.type}}
+
<div data-id="policyTypeTab">
<ul class="nav nav-tabs tabs clearfix">
+ {{#showRowLevelTab .}}
<li data-tab="rowLevelFilter" class=""><a data-toggle="tab"
href="#rowLevelFilter">Row Level Filter</a></li>
+ {{/showRowLevelTab}}
+
+ {{#showMaskingTab .}}
<li data-tab="masking" class=""><a data-toggle="tab"
href="#masking">Masking</a></li>
+ {{/showMaskingTab}}
+ {{#if isRenderAccessTab}}
<li data-tab="access" class="active"><a data-toggle="tab"
href="#access">Access</a></li>
+ {{/if}}
</ul>
</div>
-{{/compare}}
<h3 class="wrap-header bold"> {{tt 'lbl.listOfPolicies'}} : {{rangerService.attributes.name}} </h3>
<div class="wrap non-collapsible m-height ">
<div>