You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/10 16:09:45 UTC
incubator-ranger git commit: RANGER-385 : Enhancements to Permission
model and other bug fixes
Repository: incubator-ranger
Updated Branches:
refs/heads/master e391bdbdd -> 7684e5f49
RANGER-385 : Enhancements to Permission model and other bug fixes
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/7684e5f4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/7684e5f4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/7684e5f4
Branch: refs/heads/master
Commit: 7684e5f492d3d6810dcd1b9b59e59e06d4ee9cf1
Parents: e391bdb
Author: Gautam Borad <gb...@gmail.com>
Authored: Fri Apr 10 19:16:53 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Fri Apr 10 10:09:32 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 74 +++---
.../db/oracle/patches/013-permissionmodel.sql | 70 ++++++
.../db/postgres/xa_core_db_postgres.sql | 63 ++++-
.../db/sqlserver/xa_core_db_sqlserver.sql | 109 +++++++++
.../java/org/apache/ranger/biz/UserMgr.java | 182 +++++++-------
.../java/org/apache/ranger/biz/XUserMgr.java | 245 +++++++++----------
.../patch/PatchPersmissionModel_J10003.java | 43 +++-
.../java/org/apache/ranger/rest/XUserREST.java | 6 -
.../RangerAuthenticationEntryPoint.java | 137 +++++++----
.../ranger/service/XModuleDefService.java | 41 ++--
.../resources/META-INF/jpa_named_queries.xml | 128 +++++-----
.../views/permissions/ModulePermsTableLayout.js | 3 +-
.../apache/ranger/biz/TestServiceDBStore.java | 6 +-
.../org/apache/ranger/biz/TestXUserMgr.java | 23 +-
14 files changed, 706 insertions(+), 424 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
index be21ee8..8f6fd65 100644
--- a/security-admin/db/mysql/patches/013-permissionmodel.sql
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -15,50 +15,48 @@
DROP TABLE IF EXISTS `x_modules_master`;
CREATE TABLE `x_modules_master` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `create_time` datetime NULL DEFAULT NULL,
- `update_time` datetime NULL DEFAULT NULL,
- `added_by_id` bigint(20) NULL DEFAULT NULL,
- `upd_by_id` bigint(20) NULL DEFAULT NULL,
- `module` varchar(1024) NOT NULL,
- `url` varchar(1024) NOT NULL,
- PRIMARY KEY (`id`)
+`id` bigint(20) NOT NULL AUTO_INCREMENT,
+`create_time` datetime NULL DEFAULT NULL,
+`update_time` datetime NULL DEFAULT NULL,
+`added_by_id` bigint(20) NULL DEFAULT NULL,
+`upd_by_id` bigint(20) NULL DEFAULT NULL,
+`module` varchar(1024) NOT NULL,
+`url` varchar(1024) NOT NULL,
+PRIMARY KEY (`id`)
);
-
-INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,13,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData');
-
+INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,1,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData'),(5,'2015-03-04 10:42:53','2015-03-04 10:42:53',1,1,'Permissions','/permission'),(6,'2015-03-04 10:44:00','2015-03-04 10:44:00',1,1,'KMS','/kms');
DROP TABLE IF EXISTS `x_user_module_perm`;
-
CREATE TABLE `x_user_module_perm` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `user_id` bigint(20) NULL DEFAULT NULL,
- `module_id` bigint(20) NULL DEFAULT NULL,
- `create_time` datetime NULL DEFAULT NULL,
- `update_time` datetime NULL DEFAULT NULL,
- `added_by_id` bigint(20) NULL DEFAULT NULL,
- `upd_by_id` bigint(20) NULL DEFAULT NULL,
- `is_allowed` int(11) NOT NULL DEFAULT '1',
- PRIMARY KEY (`id`),
- KEY `x_user_module_perm_IDX_module_id` (`module_id`),
- KEY `x_user_module_perm_FK_user_id` (`user_id`),
- CONSTRAINT `x_user_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
- CONSTRAINT `x_user_module_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+`id` bigint(20) NOT NULL AUTO_INCREMENT,
+`user_id` bigint(20) NULL DEFAULT NULL,
+`module_id` bigint(20) NULL DEFAULT NULL,
+`create_time` datetime NULL DEFAULT NULL,
+`update_time` datetime NULL DEFAULT NULL,
+`added_by_id` bigint(20) NULL DEFAULT NULL,
+`upd_by_id` bigint(20) NULL DEFAULT NULL,
+`is_allowed` int(11) NOT NULL DEFAULT '1',
+PRIMARY KEY (`id`),
+KEY `x_user_module_perm_idx_module_id` (`module_id`),
+KEY `x_user_module_perm_idx_user_id` (`user_id`),
+CONSTRAINT `x_user_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
+CONSTRAINT `x_user_module_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ;
DROP TABLE IF EXISTS `x_group_module_perm`;
-
CREATE TABLE `x_group_module_perm` (
- `id` bigint(20) NOT NULL AUTO_INCREMENT,
- `group_id` bigint(20) NULL DEFAULT NULL,
- `module_id` bigint(20) NULL DEFAULT NULL,
- `create_time` datetime NULL DEFAULT NULL,
- `update_time` datetime NULL DEFAULT NULL,
- `added_by_id` bigint(20) NULL DEFAULT NULL,
- `upd_by_id` bigint(20) NULL DEFAULT NULL,
- `is_allowed` int(11) NOT NULL DEFAULT '1',
- PRIMARY KEY (`id`),
- KEY `x_group_module_perm_FK_group_id` (`group_id`),
- KEY `x_group_module_perm_FK_module_id` (`module_id`)
-) ;
+`id` bigint(20) NOT NULL AUTO_INCREMENT,
+`group_id` bigint(20) NULL DEFAULT NULL,
+`module_id` bigint(20) NULL DEFAULT NULL,
+`create_time` datetime NULL DEFAULT NULL,
+`update_time` datetime NULL DEFAULT NULL,
+`added_by_id` bigint(20) NULL DEFAULT NULL,
+`upd_by_id` bigint(20) NULL DEFAULT NULL,
+`is_allowed` int(11) NOT NULL DEFAULT '1',
+PRIMARY KEY (`id`),
+KEY `x_group_module_perm_idx_group_id` (`group_id`),
+KEY `x_group_module_perm_idx_module_id` (`module_id`),
+CONSTRAINT `x_group_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
+CONSTRAINT `x_group_module_perm_FK_user_id` FOREIGN KEY (`group_id`) REFERENCES `x_group` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ;
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/db/oracle/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/oracle/patches/013-permissionmodel.sql b/security-admin/db/oracle/patches/013-permissionmodel.sql
new file mode 100644
index 0000000..0672694
--- /dev/null
+++ b/security-admin/db/oracle/patches/013-permissionmodel.sql
@@ -0,0 +1,70 @@
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+
+/
+CREATE SEQUENCE X_MODULES_MASTER_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE TABLE x_modules_master(
+id NUMBER(20) NOT NULL,
+create_time DATE DEFAULT NULL NULL,
+update_time DATE DEFAULT NULL NULL,
+added_by_id NUMBER(20) DEFAULT NULL NULL,
+upd_by_id NUMBER(20) DEFAULT NULL NULL,
+module VARCHAR(1024) NOT NULL,
+url VARCHAR(1024) NOT NULL,
+PRIMARY KEY (id)
+);
+COMMIT;
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Policy Manager','/policymanager');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Users/Groups','/users/usertab');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Analytics','/reports/userAccess');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Audit','/reports/audit/bigData');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'Permissions','/permission');
+INSERT INTO x_modules_master VALUES(X_MODULES_MASTER_SEQ.NEXTVAL,SYSDATE,SYSDATE,1,1,'KMS','/kms');
+COMMIT;
+CREATE SEQUENCE X_USER_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE TABLE x_user_module_perm(
+id NUMBER(20) NOT NULL,
+user_id NUMBER(20) DEFAULT NULL NULL,
+module_id NUMBER(20) DEFAULT NULL NULL,
+create_time DATE DEFAULT NULL NULL,
+update_time DATE DEFAULT NULL NULL,
+added_by_id NUMBER(20) DEFAULT NULL NULL,
+upd_by_id NUMBER(20) DEFAULT NULL NULL,
+is_allowed NUMBER(11) DEFAULT '1' NOT NULL ,
+PRIMARY KEY (id),
+CONSTRAINT x_user_module_perm_FK_moduleid FOREIGN KEY (module_id) REFERENCES x_modules_master(id),
+CONSTRAINT x_user_module_perm_FK_userid FOREIGN KEY (user_id) REFERENCES x_portal_user(id)
+);
+COMMIT;
+CREATE SEQUENCE X_GROUP_MODULE_PERM_SEQ START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
+CREATE TABLE x_group_module_perm(
+id NUMBER(20) NOT NULL,
+group_id NUMBER(20) DEFAULT NULL NULL,
+module_id NUMBER(20) DEFAULT NULL NULL,
+create_time DATE DEFAULT NULL NULL,
+update_time DATE DEFAULT NULL NULL,
+added_by_id NUMBER(20) DEFAULT NULL NULL,
+upd_by_id NUMBER(20) DEFAULT NULL NULL,
+is_allowed NUMBER(11) DEFAULT '1' NOT NULL ,
+PRIMARY KEY (id),
+CONSTRAINT x_grp_module_perm_FK_module_id FOREIGN KEY (module_id) REFERENCES x_modules_master(id),
+CONSTRAINT x_grp_module_perm_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group(id)
+);
+COMMIT;
+CREATE INDEX x_usr_module_perm_idx_moduleid ON x_user_module_perm(module_id);
+CREATE INDEX x_usr_module_perm_idx_userid ON x_user_module_perm(user_id);
+CREATE INDEX x_grp_module_perm_idx_groupid ON x_group_module_perm(group_id);
+CREATE INDEX x_grp_module_perm_idx_moduleid ON x_group_module_perm(module_id);
+COMMIT;
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/db/postgres/xa_core_db_postgres.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql
index fa65052..009987e 100644
--- a/security-admin/db/postgres/xa_core_db_postgres.sql
+++ b/security-admin/db/postgres/xa_core_db_postgres.sql
@@ -516,7 +516,7 @@ upd_by_id BIGINT DEFAULT NULL NULL,
version BIGINT DEFAULT NULL NULL,
service BIGINT DEFAULT NULL NULL,
name VARCHAR(512) DEFAULT NULL NULL,
-policy_type int(11) DEFAULT 0 NULL,
+policy_type int DEFAULT 0 NULL,
description VARCHAR(1024) DEFAULT NULL NULL,
resource_signature VARCHAR(128) DEFAULT NULL NULL,
is_enabled BOOLEAN DEFAULT '0' NOT NULL,
@@ -907,4 +907,65 @@ INSERT INTO x_portal_user(CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_N
INSERT INTO x_portal_user_role(CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS)VALUES(current_timestamp,current_timestamp,1,'ROLE_SYS_ADMIN',1);
INSERT INTO x_user(CREATE_TIME,UPDATE_TIME,user_name,status,descr)VALUES(current_timestamp,current_timestamp,'admin',0,'Administrator');
INSERT INTO x_group(CREATE_TIME,DESCR,GROUP_SRC,GROUP_TYPE,GROUP_NAME,STATUS,UPDATE_TIME,UPD_BY_ID)VALUES(CURRENT_TIMESTAMP,'public group',0,0,'public',0,CURRENT_TIMESTAMP,1);
+COMMIT;
+
+DROP TABLE IF EXISTS x_modules_master CASCADE;
+DROP SEQUENCE IF EXISTS x_modules_master_seq;
+CREATE SEQUENCE x_modules_master_seq;
+CREATE TABLE x_modules_master(
+id BIGINT DEFAULT nextval('x_modules_master_seq'::regclass),
+create_time TIMESTAMP DEFAULT NULL NULL,
+update_time TIMESTAMP DEFAULT NULL NULL,
+added_by_id BIGINT DEFAULT NULL NULL,
+upd_by_id BIGINT DEFAULT NULL NULL,
+module VARCHAR(1024) NOT NULL,
+url VARCHAR(1024) NOT NULL,
+PRIMARY KEY(id)
+);
+
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Policy Manager','/policymanager');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Users/Groups','/users/usertab');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Analytics','/reports/userAccess');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Audit','/reports/audit/bigData');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'Permissions','/permission');
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(current_timestamp,current_timestamp,1,1,'KMS','/kms');
+
+DROP TABLE IF EXISTS x_user_module_perm CASCADE;
+DROP SEQUENCE IF EXISTS x_user_module_perm_seq;
+CREATE SEQUENCE x_user_module_perm_seq;
+CREATE TABLE x_user_module_perm(
+id BIGINT DEFAULT nextval('x_user_module_perm_seq'::regclass),
+user_id BIGINT DEFAULT NULL NULL,
+module_id BIGINT DEFAULT NULL NULL,
+create_time TIMESTAMP DEFAULT NULL NULL,
+update_time TIMESTAMP DEFAULT NULL NULL,
+added_by_id BIGINT DEFAULT NULL NULL,
+upd_by_id BIGINT DEFAULT NULL NULL,
+is_allowed INT DEFAULT '1' NOT NULL,
+PRIMARY KEY(id),
+CONSTRAINT x_user_module_perm_FK_moduleid FOREIGN KEY (module_id) REFERENCES x_modules_master(id),
+CONSTRAINT x_user_module_perm_FK_userid FOREIGN KEY (user_id) REFERENCES x_portal_user(id)
+);
+
+DROP TABLE IF EXISTS x_group_module_perm CASCADE;
+DROP SEQUENCE IF EXISTS x_group_module_perm_seq;
+CREATE SEQUENCE x_group_module_perm_seq;
+CREATE TABLE x_group_module_perm(
+id BIGINT DEFAULT nextval('x_group_module_perm_seq'::regclass),
+group_id BIGINT DEFAULT NULL NULL,
+module_id BIGINT DEFAULT NULL NULL,
+create_time TIMESTAMP DEFAULT NULL NULL,
+update_time TIMESTAMP DEFAULT NULL NULL,
+added_by_id BIGINT DEFAULT NULL NULL,
+upd_by_id BIGINT DEFAULT NULL NULL,
+is_allowed INT DEFAULT '1' NOT NULL,
+PRIMARY KEY(id),
+CONSTRAINT x_grp_module_perm_FK_module_id FOREIGN KEY (module_id) REFERENCES x_modules_master(id),
+CONSTRAINT x_grp_module_perm_FK_group_id FOREIGN KEY (group_id) REFERENCES x_group(id)
+);
+
+CREATE INDEX x_usr_module_perm_idx_moduleid ON x_user_module_perm(module_id);
+CREATE INDEX x_usr_module_perm_idx_userid ON x_user_module_perm(user_id);
+CREATE INDEX x_grp_module_perm_idx_groupid ON x_group_module_perm(group_id);
+CREATE INDEX x_grp_module_perm_idx_moduleid ON x_group_module_perm(module_id);
COMMIT;
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
index 665e022..69ad60c 100644
--- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
+++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql
@@ -2641,4 +2641,113 @@ insert into x_user (CREATE_TIME,UPDATE_TIME,user_name,status,descr) values (CURR
GO
insert into x_group (ADDED_BY_ID,CREATE_TIME,DESCR,GROUP_TYPE,GROUP_NAME,STATUS,UPDATE_TIME,UPD_BY_ID) values (1,CURRENT_TIMESTAMP,'public group',0,'public',0,CURRENT_TIMESTAMP,1);
GO
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+SET ANSI_PADDING ON
+GO
+CREATE TABLE [dbo].[x_modules_master] (
+ [id] [bigint] IDENTITY(1,1) NOT NULL,
+ [create_time] [datetime2] DEFAULT NULL NULL,
+ [update_time] [datetime2] DEFAULT NULL NULL,
+ [added_by_id] [bigint] DEFAULT NULL NULL,
+ [upd_by_id] [bigint] DEFAULT NULL NULL,
+ [module] [varchar](1024)NOT NULL,
+ [url] [varchar](1024)NOT NULL,
+ PRIMARY KEY CLUSTERED
+(
+ [id] ASC
+)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
+) ON [PRIMARY]
+GO
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+SET ANSI_PADDING ON
+GO
+CREATE TABLE [dbo].[x_user_module_perm] (
+ [id] [bigint] IDENTITY(1,1) NOT NULL,
+ [user_id] [bigint] DEFAULT NULL NULL,
+ [module_id] [bigint] DEFAULT NULL NULL,
+ [create_time] [datetime2] DEFAULT NULL NULL,
+ [update_time] [datetime2] DEFAULT NULL NULL,
+ [added_by_id] [bigint] DEFAULT NULL NULL,
+ [upd_by_id] [bigint] DEFAULT NULL NULL,
+ [is_allowed] [int] DEFAULT 1 NOT NULL,
+ PRIMARY KEY CLUSTERED
+(
+ [id] ASC
+)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
+) ON [PRIMARY]
+GO
+SET ANSI_NULLS ON
+GO
+SET QUOTED_IDENTIFIER ON
+GO
+SET ANSI_PADDING ON
+GO
+CREATE TABLE [dbo].[x_group_module_perm] (
+ [id] [bigint] IDENTITY(1,1) NOT NULL,
+ [group_id] [bigint] DEFAULT NULL NULL,
+ [module_id] [bigint] DEFAULT NULL NULL,
+ [create_time] [datetime2] DEFAULT NULL NULL,
+ [update_time] [datetime2] DEFAULT NULL NULL,
+ [added_by_id] [bigint] DEFAULT NULL NULL,
+ [upd_by_id] [bigint] DEFAULT NULL NULL,
+ [is_allowed] [int] DEFAULT 1 NOT NULL,
+ PRIMARY KEY CLUSTERED
+(
+ [id] ASC
+)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
+) ON [PRIMARY]
+GO
+ALTER TABLE [dbo].[x_user_module_perm] WITH CHECK ADD CONSTRAINT [x_user_module_perm_FK_moduleid] FOREIGN KEY([module_id])
+REFERENCES [dbo].[x_modules_master] ([id])
+GO
+ALTER TABLE [dbo].[x_user_module_perm] WITH CHECK ADD CONSTRAINT [x_user_module_perm_FK_userid] FOREIGN KEY([user_id])
+REFERENCES [dbo].[x_portal_user] ([id])
+GO
+ALTER TABLE [dbo].[x_group_module_perm] WITH CHECK ADD CONSTRAINT [x_grp_module_perm_FK_module_id] FOREIGN KEY([module_id])
+REFERENCES [dbo].[x_modules_master] ([id])
+GO
+ALTER TABLE [dbo].[x_group_module_perm] WITH CHECK ADD CONSTRAINT [x_grp_module_perm_FK_group_id] FOREIGN KEY([group_id])
+REFERENCES [dbo].[x_group] ([id])
+GO
+CREATE NONCLUSTERED INDEX [x_usr_module_perm_idx_moduleid] ON [x_user_module_perm]
+(
+ [module_id] ASC
+)
+WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
+GO
+CREATE NONCLUSTERED INDEX [x_usr_module_perm_idx_userid] ON [x_user_module_perm]
+(
+ [user_id] ASC
+)
+WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
+GO
+CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_groupid] ON [x_group_module_perm]
+(
+ [group_id] ASC
+)
+WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
+GO
+CREATE NONCLUSTERED INDEX [x_grp_module_perm_idx_moduleid] ON [x_group_module_perm]
+(
+ [module_id] ASC
+)
+WITH (SORT_IN_TEMPDB = OFF, DROP_EXISTING = OFF, IGNORE_DUP_KEY = OFF, ONLINE = OFF) ON [PRIMARY]
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Policy Manager','/policymanager');
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Users/Groups','/users/usertab');
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Analytics','/reports/userAccess');
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Audit','/reports/audit/bigData');
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'Permissions','/permission');
+GO
+INSERT INTO x_modules_master(create_time,update_time,added_by_id,upd_by_id,module,url) VALUES(CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,1,1,'KMS','/kms');
exit
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index f2c7e5a..62d48e7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -17,7 +17,7 @@
* under the License.
*/
- package org.apache.ranger.biz;
+package org.apache.ranger.biz;
import java.util.ArrayList;
import java.util.Collection;
@@ -97,7 +97,7 @@ public class UserMgr {
@Autowired
RangerConfigUtil configUtil;
-
+
@Autowired
XPortalUserService xPortalUserService;
@@ -147,7 +147,8 @@ public class UserMgr {
List<XXPortalUserRole> gjUserRoleList = new ArrayList<XXPortalUserRole>();
if (userRoleList != null) {
for (String userRole : userRoleList) {
- XXPortalUserRole gjUserRole = addUserRole(user.getId(), userRole);
+ XXPortalUserRole gjUserRole = addUserRole(user.getId(),
+ userRole);
if (gjUserRole != null) {
gjUserRoleList.add(gjUserRole);
}
@@ -158,13 +159,13 @@ public class UserMgr {
}
public XXPortalUser createUser(VXPortalUser userProfile, int userStatus) {
- ArrayList<String> roleList = new ArrayList<String>();
+ ArrayList<String> roleList = new ArrayList<String>();
Collection<String> reqRoleList = userProfile.getUserRoleList();
- if (reqRoleList != null && reqRoleList.size()>0) {
+ if (reqRoleList != null && reqRoleList.size() > 0) {
for (String role : reqRoleList) {
roleList.add(role);
}
- }else{
+ } else {
roleList.add(RangerConstants.ROLE_USER);
}
@@ -267,10 +268,11 @@ public class UserMgr {
}
// notes
- /*if (!stringUtil.isEmpty(userProfile.getNotes())
- && !userProfile.getNotes().equalsIgnoreCase(gjUser.getNotes())) {
- updateUser = true;
- }*/
+ /*
+ * if (!stringUtil.isEmpty(userProfile.getNotes()) &&
+ * !userProfile.getNotes().equalsIgnoreCase(gjUser.getNotes())) {
+ * updateUser = true; }
+ */
// userRoleList
updateRoles(userProfile.getId(), userProfile.getUserRoleList());
@@ -298,8 +300,8 @@ public class UserMgr {
}
// Let's first delete old roles
- List<XXPortalUserRole> gjUserRoles = daoManager.getXXPortalUserRole().findByUserId(
- userId);
+ List<XXPortalUserRole> gjUserRoles = daoManager.getXXPortalUserRole()
+ .findByUserId(userId);
for (XXPortalUserRole gjUserRole : gjUserRoles) {
boolean found = false;
@@ -363,8 +365,8 @@ public class UserMgr {
+ currentUserLoginId);
throw restErrorUtil.createRESTException(
"serverMsg.userMgrInvalidUser",
- MessageEnums.DATA_NOT_FOUND, null, null,
- "" + currentUserLoginId);
+ MessageEnums.DATA_NOT_FOUND, null, null, ""
+ + currentUserLoginId);
}
String encryptedOldPwd = encrypt(gjUserCurrent.getLoginId(),
@@ -551,7 +553,7 @@ public class UserMgr {
gjUser.setLoginId(userProfile.getLoginId());
gjUser.setPassword(userProfile.getPassword());
gjUser.setUserSource(userProfile.getUserSource());
- gjUser.setPublicScreenName(userProfile.getPublicScreenName());
+ gjUser.setPublicScreenName(userProfile.getPublicScreenName());
return gjUser;
}
@@ -571,11 +573,12 @@ public class UserMgr {
VXPortalUser userProfile = new VXPortalUser();
gjUserToUserProfile(user, userProfile);
- if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
+ if (sess.isUserAdmin()
+ || sess.getXXPortalUser().getId().equals(user.getId())) {
if (userRoleList == null) {
userRoleList = new ArrayList<String>();
- List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
- .findByParentId(user.getId());
+ List<XXPortalUserRole> gjUserRoleList = daoManager
+ .getXXPortalUserRole().findByParentId(user.getId());
for (XXPortalUserRole userRole : gjUserRoleList) {
userRoleList.add(userRole.getUserRole());
@@ -595,7 +598,8 @@ public class UserMgr {
}
// Admin
- if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
+ if (sess.isUserAdmin()
+ || sess.getXXPortalUser().getId().equals(user.getId())) {
userProfile.setLoginId(user.getLoginId());
userProfile.setStatus(user.getStatus());
userProfile.setUserRoleList(new ArrayList<String>());
@@ -610,35 +614,44 @@ public class UserMgr {
userProfile.setUserSource(sess.getAuthProvider());
}
- List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
- .findByParentId(user.getId());
+ List<XXPortalUserRole> gjUserRoleList = daoManager
+ .getXXPortalUserRole().findByParentId(user.getId());
for (XXPortalUserRole gjUserRole : gjUserRoleList) {
userProfile.getUserRoleList().add(gjUserRole.getUserRole());
}
}
- if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
+ if (sess.isUserAdmin()
+ || sess.getXXPortalUser().getId().equals(user.getId())) {
userProfile.setId(user.getId());
- List<XXUserPermission> xUserPermissions=daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId());
- List<XXGroupPermission> xxGroupPermissions=daoManager.getXXGroupPermission().findbyVXPoratUserId(userProfile.getId());
-
- List<VXGroupPermission> groupPermissions=new ArrayList<VXGroupPermission>();
- List<VXUserPermission> vxUserPermissions=new ArrayList<VXUserPermission>();
- for(XXGroupPermission xxGroupPermission:xxGroupPermissions)
- {
- VXGroupPermission groupPermission=xGroupPermissionService.populateViewBean(xxGroupPermission);
- groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule());
- groupPermissions.add(groupPermission);
- }
- for(XXUserPermission xUserPermission: xUserPermissions)
- {
- VXUserPermission vXUserPermission=xUserPermissionService.populateViewBean(xUserPermission);
- vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule());
- vxUserPermissions.add(vXUserPermission);
- }
- userProfile.setGroupPermissions(groupPermissions);
- userProfile.setUserPermList(vxUserPermissions);
+ List<XXUserPermission> xUserPermissions = daoManager
+ .getXXUserPermission().findByUserPermissionIdAndIsAllowed(
+ userProfile.getId());
+ List<XXGroupPermission> xxGroupPermissions = daoManager
+ .getXXGroupPermission().findbyVXPoratUserId(
+ userProfile.getId());
+
+ List<VXGroupPermission> groupPermissions = new ArrayList<VXGroupPermission>();
+ List<VXUserPermission> vxUserPermissions = new ArrayList<VXUserPermission>();
+ for (XXGroupPermission xxGroupPermission : xxGroupPermissions) {
+ VXGroupPermission groupPermission = xGroupPermissionService
+ .populateViewBean(xxGroupPermission);
+ groupPermission.setModuleName(daoManager.getXXModuleDef()
+ .findByModuleId(groupPermission.getModuleId())
+ .getModule());
+ groupPermissions.add(groupPermission);
+ }
+ for (XXUserPermission xUserPermission : xUserPermissions) {
+ VXUserPermission vXUserPermission = xUserPermissionService
+ .populateViewBean(xUserPermission);
+ vXUserPermission.setModuleName(daoManager.getXXModuleDef()
+ .findByModuleId(vXUserPermission.getModuleId())
+ .getModule());
+ vxUserPermissions.add(vXUserPermission);
+ }
+ userProfile.setGroupPermissions(groupPermissions);
+ userProfile.setUserPermList(vxUserPermissions);
userProfile.setFirstName(user.getFirstName());
userProfile.setLastName(user.getLastName());
userProfile.setPublicScreenName(user.getPublicScreenName());
@@ -647,8 +660,9 @@ public class UserMgr {
}
/**
- * Translates XXPortalUser to VUserProfile. This method should be called in the
- * same transaction in which the XXPortalUser was retrieved from the database
+ * Translates XXPortalUser to VUserProfile. This method should be called in
+ * the same transaction in which the XXPortalUser was retrieved from the
+ * database
*
* @param user
* @return
@@ -673,8 +687,8 @@ public class UserMgr {
public Collection<String> getRolesForUser(XXPortalUser user) {
Collection<String> roleList = new ArrayList<String>();
- Collection<XXPortalUserRole> roleCollection = daoManager.getXXPortalUserRole()
- .findByUserId(user.getId());
+ Collection<XXPortalUserRole> roleCollection = daoManager
+ .getXXPortalUserRole().findByUserId(user.getId());
for (XXPortalUserRole role : roleCollection) {
roleList.add(role.getUserRole());
}
@@ -695,7 +709,7 @@ public class UserMgr {
// Get total count first
Query query = createUserSearchQuery(countQueryStr, null, searchCriteria);
Long count = (Long) query.getSingleResult();
- int resultSize=Integer.parseInt(count.toString());
+ int resultSize = Integer.parseInt(count.toString());
if (count == null || count.longValue() == 0) {
return returnList;
}
@@ -907,8 +921,8 @@ public class UserMgr {
}
public boolean deleteUserRole(Long userId, String userRole) {
- List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(
- userId);
+ List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole()
+ .findByUserId(userId);
for (XXPortalUserRole gjUserRole : roleList) {
if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) {
return deleteUserRole(userId, gjUserRole);
@@ -918,9 +932,10 @@ public class UserMgr {
}
public boolean deleteUserRole(Long userId, XXPortalUserRole gjUserRole) {
- /*if (RangerConstants.ROLE_USER.equals(gjUserRole.getUserRole())) {
- return false;
- }*/
+ /*
+ * if (RangerConstants.ROLE_USER.equals(gjUserRole.getUserRole())) {
+ * return false; }
+ */
boolean publicRole = false;
for (int i = 0; i < publicRoles.length; i++) {
if (publicRoles[i].equalsIgnoreCase(gjUserRole.getUserRole())) {
@@ -940,8 +955,8 @@ public class UserMgr {
}
public XXPortalUserRole addUserRole(Long userId, String userRole) {
- List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId(
- userId);
+ List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole()
+ .findByUserId(userId);
boolean publicRole = false;
for (int i = 0; i < publicRoles.length; i++) {
if (publicRoles[i].equalsIgnoreCase(userRole)) {
@@ -1021,8 +1036,9 @@ public class UserMgr {
}
throw restErrorUtil.create403RESTException("User "
+ " access denied. loggedInUser="
- + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In")
- + ", accessing user=" + gjUser.getId());
+ + (sess != null ? sess.getXXPortalUser().getId()
+ : "Not Logged In") + ", accessing user="
+ + gjUser.getId());
}
@@ -1047,8 +1063,9 @@ public class UserMgr {
}
throw restErrorUtil.create403RESTException("User "
+ " access denied. loggedInUser="
- + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In")
- + ", accessing user=" + gjUser.getId());
+ + (sess != null ? sess.getXXPortalUser().getId()
+ : "Not Logged In") + ", accessing user="
+ + gjUser.getId());
}
@@ -1058,13 +1075,14 @@ public class UserMgr {
}
public VXPortalUser createUser(VXPortalUser userProfile) {
- XXPortalUser xXPortalUser = this
- .createUser(userProfile, RangerCommonEnums.STATUS_ENABLED);
+ XXPortalUser xXPortalUser = this.createUser(userProfile,
+ RangerCommonEnums.STATUS_ENABLED);
return mapXXPortalUserVXPortalUser(xXPortalUser);
}
public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile) {
- if(userProfile.getPassword()==null||userProfile.getPassword().trim().isEmpty()){
+ if (userProfile.getPassword() == null
+ || userProfile.getPassword().trim().isEmpty()) {
userProfile.setUserSource(RangerCommonEnums.USER_EXTERNAL);
}
// access control
@@ -1107,23 +1125,23 @@ public class UserMgr {
RangerCommonEnums.STATUS_ENABLED);
}
} else {
- /*throw restErrorUtil
- .createRESTException(
- "The login id "
- + loginId
- + " you've provided already exists. Please try again with different "
- + "login id.",
- MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);*/
+ /*
+ * throw restErrorUtil .createRESTException( "The login id " +
+ * loginId +
+ * " you've provided already exists. Please try again with different "
+ * + "login id.", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+ */
}
}
- if (xXPortalUser != null) {
- return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser);
- }else {
- return null;
- }
+ if (xXPortalUser != null) {
+ return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser);
+ } else {
+ return null;
+ }
}
- private VXPortalUser mapXXPortalUserToVXPortalUserForDefaultAccount(XXPortalUser user) {
+ private VXPortalUser mapXXPortalUserToVXPortalUserForDefaultAccount(
+ XXPortalUser user) {
VXPortalUser userProfile = new VXPortalUser();
@@ -1137,8 +1155,8 @@ public class UserMgr {
userProfile.setPublicScreenName(user.getPublicScreenName());
userProfile.setEmailAddress(user.getEmailAddress());
- List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole()
- .findByParentId(user.getId());
+ List<XXPortalUserRole> gjUserRoleList = daoManager
+ .getXXPortalUserRole().findByParentId(user.getId());
for (XXPortalUserRole gjUserRole : gjUserRoleList) {
userProfile.getUserRoleList().add(gjUserRole.getUserRole());
@@ -1148,8 +1166,8 @@ public class UserMgr {
}
public boolean isUserInRole(Long userId, String role) {
- XXPortalUserRole xXPortalUserRole = daoManager.getXXPortalUserRole().findByRoleUserId(
- userId, role);
+ XXPortalUserRole xXPortalUserRole = daoManager.getXXPortalUserRole()
+ .findByRoleUserId(userId, role);
if (xXPortalUserRole != null) {
String userRole = xXPortalUserRole.getUserRole();
if (userRole.equalsIgnoreCase(role)) {
@@ -1168,16 +1186,16 @@ public class UserMgr {
}
if (updatedPassword != null && !updatedPassword.isEmpty()) {
- if (!stringUtil.validatePassword(updatedPassword,
- new String[] { xXPortalUser.getFirstName(), xXPortalUser.getLastName(),
- xXPortalUser.getLoginId() })) {
+ if (!stringUtil.validatePassword(updatedPassword, new String[] {
+ xXPortalUser.getFirstName(), xXPortalUser.getLastName(),
+ xXPortalUser.getLoginId() })) {
logger.warn("SECURITY:changePassword(). Invalid new password. userId="
+ xXPortalUser.getId());
throw restErrorUtil.createRESTException(
"serverMsg.userMgrNewPassword",
- MessageEnums.INVALID_PASSWORD, null, null,
- "" + xXPortalUser.getId());
+ MessageEnums.INVALID_PASSWORD, null, null, ""
+ + xXPortalUser.getId());
}
String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(),
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 4804dc7..c0bf7bf 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -17,7 +17,7 @@
* under the License.
*/
- package org.apache.ranger.biz;
+package org.apache.ranger.biz;
import java.util.ArrayList;
import java.util.Arrays;
@@ -86,7 +86,7 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
RangerBizUtil xaBizUtil;
-
+
@Autowired
XModuleDefService xModuleDefService;
@@ -99,7 +99,6 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
XPortalUserService xPortalUserService;
-
static final Logger logger = Logger.getLogger(XUserMgr.class);
public void deleteXGroup(Long id, boolean force) {
@@ -178,11 +177,8 @@ public class XUserMgr extends XUserMgrBase {
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
vXPortalUser = userMgr.createDefaultAccountUser(vXPortalUser);
-
VXUser createdXUser = xUserService.createResource(vXUser);
-
-
createdXUser.setPassword(actualPassword);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
createdXUser, "create");
@@ -209,91 +205,95 @@ public class XUserMgr extends XUserMgrBase {
//
xaBizUtil.createTrxLog(trxLogList);
- assignPermissionToUser(vXPortalUser,true);
+ assignPermissionToUser(vXPortalUser, true);
return createdXUser;
}
- //Assigning Permission
- @SuppressWarnings("unused")
- private void assignPermissionToUser(VXPortalUser vXPortalUser,boolean isCreate)
- {
- HashMap<String, Long> moduleNameId=getModelNames();
-
-
-
- for(String role:vXPortalUser.getUserRoleList())
- {
-
- if(role.equals(RangerConstants.ROLE_USER))
- {
-
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
- }
- else if(role.equals(RangerConstants.ROLE_SYS_ADMIN))
- {
-
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_KMS),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_PERMISSION),isCreate);
- insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ // Assigning Permission
+ @SuppressWarnings("unused")
+ public void assignPermissionToUser(VXPortalUser vXPortalUser,
+ boolean isCreate) {
+ HashMap<String, Long> moduleNameId = getModelNames();
+
+ for (String role : vXPortalUser.getUserRoleList()) {
+
+ if (role.equals(RangerConstants.ROLE_USER)) {
+
+ insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ isCreate);
+ insertMappingUserPermisson(
+ vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ isCreate);
+ } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
+
+ insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_ANALYTICS),
+ isCreate);
+ insertMappingUserPermisson(
+ vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),
+ isCreate);
+ insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_AUDIT),
+ isCreate);
+ /* insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_KMS), isCreate);
+ insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_PERMISSION),
+ isCreate);*/
+ insertMappingUserPermisson(vXPortalUser.getId(),
+ moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),
+ isCreate);
}
}
}
- //Insert or Updating Mapping permissons depending upon roles
- private void insertMappingXUserPermisson(Long userId,Long moduleId,boolean isCreate)
- {
+
+ // Insert or Updating Mapping permissons depending upon roles
+ private void insertMappingUserPermisson(Long userId, Long moduleId,
+ boolean isCreate) {
VXUserPermission vXuserPermission;
List<XXUserPermission> xuserPermissionList = daoManager
- .getXXUserPermission().findByModuleIdAndUserId(userId, moduleId);
- if(xuserPermissionList==null || xuserPermissionList.isEmpty())
- {
- vXuserPermission=new VXUserPermission();
+ .getXXUserPermission()
+ .findByModuleIdAndUserId(userId, moduleId);
+ if (xuserPermissionList == null || xuserPermissionList.isEmpty()) {
+ vXuserPermission = new VXUserPermission();
vXuserPermission.setUserId(userId);
vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
vXuserPermission.setModuleId(moduleId);
- try
- {
+ try {
xUserPermissionService.createResource(vXuserPermission);
+ } catch (Exception e) {
+ logger.error(e);
}
- catch(Exception e)
- {
- System.out.println(e);
- }
- }
- else if(isCreate)
- {
- for(XXUserPermission xUserPermission:xuserPermissionList)
- {
- vXuserPermission=xUserPermissionService.populateViewBean(xUserPermission);
+ } else if (isCreate) {
+ for (XXUserPermission xUserPermission : xuserPermissionList) {
+ vXuserPermission = xUserPermissionService
+ .populateViewBean(xUserPermission);
vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
xUserPermissionService.updateResource(vXuserPermission);
}
}
}
+
@SuppressWarnings("unused")
- public HashMap<String, Long> getModelNames()
- {
- List<XXModuleDef> xxModuleDefs=daoManager.getXXModuleDef().findModuleNamesWithIds();
- if(xxModuleDefs.isEmpty() || xxModuleDefs!=null)
- {
- HashMap<String, Long> moduleNameId=new HashMap<String, Long>();
- try
- {
-
- for(XXModuleDef xxModuleDef:xxModuleDefs)
- {
- moduleNameId.put(xxModuleDef.getModule(), xxModuleDef.getId());
- }
- return moduleNameId;
- }
- catch(Exception e)
- {
+ public HashMap<String, Long> getModelNames() {
+ List<XXModuleDef> xxModuleDefs = daoManager.getXXModuleDef()
+ .findModuleNamesWithIds();
+ if (xxModuleDefs.isEmpty() || xxModuleDefs != null) {
+ HashMap<String, Long> moduleNameId = new HashMap<String, Long>();
+ try {
+
+ for (XXModuleDef xxModuleDef : xxModuleDefs) {
+ moduleNameId.put(xxModuleDef.getModule(),
+ xxModuleDef.getId());
+ }
+ return moduleNameId;
+ } catch (Exception e) {
logger.error(e);
}
}
@@ -333,7 +333,8 @@ public class XUserMgr extends XUserMgrBase {
String hiddenPasswordString = PropertiesUtil.getProperty(
"xa.password.hidden", "*****");
String password = vXUser.getPassword();
- if (oldUserProfile != null && password != null && password.equals(hiddenPasswordString)) {
+ if (oldUserProfile != null && password != null
+ && password.equals(hiddenPasswordString)) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
}
vXPortalUser.setPassword(password);
@@ -567,24 +568,27 @@ public class XUserMgr extends XUserMgrBase {
try {
VXUser user = getXUserByUserName(userName);
- if(user != null) {
+ if (user != null) {
VXGroupList groups = getXUserGroups(user.getId());
- if(groups != null && !CollectionUtils.isEmpty(groups.getList())) {
- for(VXGroup group : groups.getList()) {
+ if (groups != null
+ && !CollectionUtils.isEmpty(groups.getList())) {
+ for (VXGroup group : groups.getList()) {
ret.add(group.getName());
}
} else {
- if(logger.isDebugEnabled()) {
- logger.debug("getGroupsForUser('" + userName + "'): no groups found for user");
+ if (logger.isDebugEnabled()) {
+ logger.debug("getGroupsForUser('" + userName
+ + "'): no groups found for user");
}
}
} else {
- if(logger.isDebugEnabled()) {
- logger.debug("getGroupsForUser('" + userName + "'): user not found");
+ if (logger.isDebugEnabled()) {
+ logger.debug("getGroupsForUser('" + userName
+ + "'): user not found");
}
}
- } catch(Exception excp) {
+ } catch (Exception excp) {
logger.error("getGroupsForUser('" + userName + "') failed", excp);
}
@@ -632,7 +636,7 @@ public class XUserMgr extends XUserMgrBase {
return vXGroup;
}
- public void modifyUserVisibility(HashMap<Long, Integer> visibilityMap) {
+ public void modifyUserVisibility(HashMap<Long, Integer> visibilityMap) {
Set<Map.Entry<Long, Integer>> entries = visibilityMap.entrySet();
for (Map.Entry<Long, Integer> entry : entries) {
XXUser xUser = daoManager.getXXUser().getById(entry.getKey());
@@ -641,8 +645,8 @@ public class XUserMgr extends XUserMgrBase {
vObj = xUserService.updateResource(vObj);
}
}
-
- public void modifyGroupsVisibility(HashMap<Long, Integer> groupVisibilityMap) {
+
+ public void modifyGroupsVisibility(HashMap<Long, Integer> groupVisibilityMap) {
Set<Map.Entry<Long, Integer>> entries = groupVisibilityMap.entrySet();
for (Map.Entry<Long, Integer> entry : entries) {
XXGroup xGroup = daoManager.getXXGroup().getById(entry.getKey());
@@ -651,48 +655,32 @@ public class XUserMgr extends XUserMgrBase {
vObj = xGroupService.updateResource(vObj);
}
}
- public void checkPermissionRoleByGivenUrls(String enteredURL,String method)
- {
- Long currentUserId=ContextUtil.getCurrentUserId();
- List<String> notPermittedUrls=daoManager.getXXModuleDef().findModuleURLOfPemittedModules(currentUserId);
- if(notPermittedUrls!=null )
- {
-
- boolean flag=false;
- for(String notPermittedUrl:notPermittedUrls)
- {
- if(enteredURL.toLowerCase().contains(notPermittedUrl.toLowerCase()))
- flag=true;
- }
- List<XXPortalUserRole> xPortalUserRoles=daoManager.getXXPortalUserRole().findByUserId(currentUserId);
- for(XXPortalUserRole xPortalUserRole:xPortalUserRoles)
- {
- if(xPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_USER)&& !method.equalsIgnoreCase("GET"))
- {
- flag=true;
+
+ public void checkPermissionRoleByGivenUrls(String enteredURL, String method) {
+ Long currentUserId = ContextUtil.getCurrentUserId();
+ List<String> notPermittedUrls = daoManager.getXXModuleDef()
+ .findModuleURLOfPemittedModules(currentUserId);
+ if (notPermittedUrls != null) {
+ List<XXPortalUserRole> xPortalUserRoles = daoManager
+ .getXXPortalUserRole().findByUserId(currentUserId);
+ for (XXPortalUserRole xPortalUserRole : xPortalUserRoles) {
+ if (xPortalUserRole.getUserRole().equalsIgnoreCase(
+ RangerConstants.ROLE_USER)) {
+ notPermittedUrls.add("/permission");
+ notPermittedUrls.add("/kms");
}
}
- if(flag)
- {
+ boolean flag = false;
+ for (String notPermittedUrl : notPermittedUrls) {
+ if (enteredURL.toLowerCase().contains(
+ notPermittedUrl.toLowerCase()))
+ flag = true;
+ }
+ if (flag) {
throw restErrorUtil.create403RESTException("Access Denied");
}
}
}
- public List<VXPortalUser> updateExistingUserExisting()
- {
- List<XXPortalUser> allPortalUser=daoManager.getXXPortalUser().findAllXPortalUser();
- List<VXPortalUser> vPortalUsers= new ArrayList<VXPortalUser>();
- for(XXPortalUser xPortalUser:allPortalUser)
- {
- VXPortalUser vPortalUser =xPortalUserService.populateViewBean(xPortalUser);
- vPortalUsers.add(vPortalUser);
- vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
- assignPermissionToUser(vPortalUser,false);
- }
-
- return vPortalUsers;
-
- }
// Module permissions
public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) {
@@ -716,7 +704,8 @@ public class XUserMgr extends XUserMgrBase {
.populateViewBean(xModuleDef);
List<XXGroupPermission> xgroupPermissionList = daoManager
- .getXXGroupPermission().findByModuleId(vXModuleDef.getId(),true);
+ .getXXGroupPermission().findByModuleId(vXModuleDef.getId(),
+ true);
for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
VXGroupPermission vXGrpPerm = xGroupPermissionService
@@ -726,7 +715,8 @@ public class XUserMgr extends XUserMgrBase {
vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
List<XXUserPermission> xuserPermissionList = daoManager
- .getXXUserPermission().findByModuleId(vXModuleDef.getId(),true);
+ .getXXUserPermission()
+ .findByModuleId(vXModuleDef.getId(), true);
for (XXUserPermission xUserPerm : xuserPermissionList) {
VXUserPermission vUserPerm = xUserPermissionService
@@ -790,8 +780,9 @@ public class XUserMgr extends XUserMgrBase {
}
// User permission
- public VXUserPermission createXUserPermission(VXUserPermission vXUserPermission) {
- return xUserPermissionService.createResource(vXUserPermission);
+ public VXUserPermission createXUserPermission(
+ VXUserPermission vXUserPermission) {
+ return xUserPermissionService.createResource(vXUserPermission);
}
public VXUserPermission getXUserPermission(Long id) {
@@ -805,24 +796,26 @@ public class XUserMgr extends XUserMgrBase {
}
public void deleteXUserPermission(Long id, boolean force) {
- xUserPermissionService.deleteResource(id);
+ xUserPermissionService.deleteResource(id);
}
// Group permission
- public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
- return xGroupPermissionService.createResource(vXGroupPermission);
+ public VXGroupPermission createXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
+ return xGroupPermissionService.createResource(vXGroupPermission);
}
public VXGroupPermission getXGroupPermission(Long id) {
return xGroupPermissionService.readResource(id);
}
- public VXGroupPermission updateXGroupPermission(VXGroupPermission vXGroupPermission) {
+ public VXGroupPermission updateXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
return xGroupPermissionService.updateResource(vXGroupPermission);
}
public void deleteXGroupPermission(Long id, boolean force) {
- xGroupPermissionService.deleteResource(id);
+ xGroupPermissionService.deleteResource(id);
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
index 0cf74d4..841e386 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
@@ -17,22 +17,39 @@
package org.apache.ranger.patch;
+import java.util.ArrayList;
+import java.util.List;
import org.apache.log4j.Logger;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.service.XPortalUserService;
+
import org.apache.ranger.biz.XUserMgr;
import org.apache.ranger.util.CLIUtil;
+import org.apache.ranger.view.VXPortalUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+
@Component
public class PatchPersmissionModel_J10003 extends BaseLoader {
- private static Logger logger = Logger.getLogger(PatchPersmissionModel_J10003.class);
+ private static Logger logger = Logger
+ .getLogger(PatchPersmissionModel_J10003.class);
@Autowired
XUserMgr xUserMgr;
+ @Autowired
+ XPortalUserService xPortalUserService;
+
+ @Autowired
+ RangerDaoManager daoManager;
+
public static void main(String[] args) {
logger.info("main()");
try {
- PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil.getBean(PatchPersmissionModel_J10003.class);
+ PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil
+ .getBean(PatchPersmissionModel_J10003.class);
+
loader.init();
while (loader.isMoreToProcess()) {
loader.load();
@@ -53,15 +70,27 @@ public class PatchPersmissionModel_J10003 extends BaseLoader {
@Override
public void execLoad() {
logger.info("==> PermissionPatch.execLoad()");
- try {
- xUserMgr.updateExistingUserExisting();
- } catch (Exception e) {
- logger.error("Error whille migrating data.", e);
- }
+ printStats();
logger.info("<== PermissionPatch.execLoad()");
}
@Override
public void printStats() {
+ int countUserPermissionUpdated = 1;
+ List<XXPortalUser> allPortalUser = daoManager.getXXPortalUser()
+ .findAllXPortalUser();
+ List<VXPortalUser> vPortalUsers = new ArrayList<VXPortalUser>();
+ for (XXPortalUser xPortalUser : allPortalUser) {
+ VXPortalUser vPortalUser = xPortalUserService
+ .populateViewBean(xPortalUser);
+ vPortalUsers.add(vPortalUser);
+ vPortalUser.setUserRoleList(daoManager.getXXPortalUser()
+ .findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
+ xUserMgr.assignPermissionToUser(vPortalUser, false);
+ countUserPermissionUpdated += 1;
+ logger.info(" Permission was assigned to UserId - "
+ + xPortalUser.getId());
+ }
+ logger.info(countUserPermissionUpdated + " permissions where assigned");
}
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index 8f417bc..45fea99 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -827,10 +827,4 @@ public class XUserREST {
request, xGroupPermissionService.sortFields);
return xUserMgr.getXGroupPermissionSearchCount(searchCriteria);
}
- @GET
- @Path("/permission/existingusers/update")
- @Produces({ "application/xml", "application/json" })
- public List<VXPortalUser> existingusersupdate(@Context HttpServletRequest request) {
- return xUserMgr.updateExistingUserExisting();
- }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
index 4ac24e8..360c740 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/authentication/RangerAuthenticationEntryPoint.java
@@ -17,16 +17,18 @@
* under the License.
*/
- /**
+/**
*
*/
package org.apache.ranger.security.web.authentication;
import java.io.IOException;
+import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
import org.apache.log4j.Logger;
import org.apache.ranger.common.JSONUtil;
@@ -37,70 +39,97 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-
/**
*
*
*/
public class RangerAuthenticationEntryPoint extends
-LoginUrlAuthenticationEntryPoint {
- static Logger logger = Logger.getLogger(RangerAuthenticationEntryPoint.class);
- static int ajaxReturnCode = -1;
-
- @Autowired
- RangerConfigUtil configUtil;
-
- @Autowired
- JSONUtil jsonUtil;
-
- public RangerAuthenticationEntryPoint() {
- super();
- if (logger.isDebugEnabled()) {
- logger.debug("AjaxAwareAuthenticationEntryPoint(): constructor");
- }
+ LoginUrlAuthenticationEntryPoint {
+ static Logger logger = Logger
+ .getLogger(RangerAuthenticationEntryPoint.class);
+ static int ajaxReturnCode = -1;
- if (ajaxReturnCode < 0) {
- ajaxReturnCode = PropertiesUtil.getIntProperty(
- "xa.ajax.auth.required.code", 401);
- }
- }
-
- @Override
- public void commence(HttpServletRequest request,
- HttpServletResponse response, AuthenticationException authException)
- throws IOException, ServletException {
- String ajaxRequestHeader = request.getHeader("X-Requested-With");
- if (logger.isDebugEnabled()) {
- logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
+ @Autowired
+ RangerConfigUtil configUtil;
+
+ @Autowired
+ JSONUtil jsonUtil;
+
+ public RangerAuthenticationEntryPoint() {
+ super();
+ if (logger.isDebugEnabled()) {
+ logger.debug("AjaxAwareAuthenticationEntryPoint(): constructor");
+ }
+
+ if (ajaxReturnCode < 0) {
+ ajaxReturnCode = PropertiesUtil.getIntProperty(
+ "xa.ajax.auth.required.code", 401);
+ }
}
- String requestURL = (request.getRequestURL() != null) ? request.getRequestURL().toString() : "";
- String servletPath = PropertiesUtil.getProperty("xa.servlet.mapping.url.pattern", "service");
- String reqServletPath = configUtil.getWebAppRootURL() + "/" + servletPath;
+ @Override
+ public void commence(HttpServletRequest request,
+ HttpServletResponse response, AuthenticationException authException)
+ throws IOException, ServletException {
+ HttpSession httpSession = request.getSession();
+ String ajaxRequestHeader = request.getHeader("X-Requested-With");
+ if (logger.isDebugEnabled()) {
+ logger.debug("commence() X-Requested-With=" + ajaxRequestHeader);
+ }
- response.setContentType("application/json;charset=UTF-8");
- response.setHeader("Cache-Control", "no-cache");
- try {
+ String requestURL = (request.getRequestURL() != null) ? request
+ .getRequestURL().toString() : "";
+ String servletPath = PropertiesUtil.getProperty(
+ "xa.servlet.mapping.url.pattern", "service");
+ String reqServletPath = configUtil.getWebAppRootURL() + "/"
+ + servletPath;
- VXResponse vXResponse = new VXResponse();
+ response.setContentType("application/json;charset=UTF-8");
+ response.setHeader("Cache-Control", "no-cache");
+ // getting the current date in milliseconds
+ Date curentDate = new Date();
+ Long currentDateInMillis = (long) (((((curentDate.getHours() * 60) + curentDate
+ .getMinutes()) * 60) + curentDate.getSeconds()) * 1000);
+ // checking session timeout occurence
+ if (httpSession.getMaxInactiveInterval() * 60000 >= (currentDateInMillis - httpSession
+ .getLastAccessedTime())) {
+ ajaxRequestHeader = null;
+ VXResponse vXResponse = new VXResponse();
- vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
- vXResponse.setMsgDesc("Authentication Failed");
+ vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
+ vXResponse.setMsgDesc("Session Timeout");
+
+ response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+ response.getWriter()
+ .write(jsonUtil.writeObjectAsString(vXResponse));
+
+ } else {
+ try {
+
+ VXResponse vXResponse = new VXResponse();
+
+ vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
+ vXResponse.setMsgDesc("Authentication Failed");
+
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.getWriter().write(
+ jsonUtil.writeObjectAsString(vXResponse));
+ } catch (IOException e) {
+ logger.info("Error while writing JSON in HttpServletResponse");
+ }
+ }
+
+ if (ajaxRequestHeader != null
+ && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) {
+ if (logger.isDebugEnabled()) {
+ logger.debug("commence() AJAX request. Authentication required. Returning "
+ + ajaxReturnCode + ". URL=" + request.getRequestURI());
+ }
+ response.sendError(ajaxReturnCode, "");
+ } else if (!(requestURL.startsWith(reqServletPath))) {
+ super.commence(request, response, authException);
+ }
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- response.getWriter().write(jsonUtil.writeObjectAsString(vXResponse));
- } catch (IOException e) {
- logger.info("Error while writing JSON in HttpServletResponse");
- }
-
- if (ajaxRequestHeader != null && ajaxRequestHeader.equalsIgnoreCase("XMLHttpRequest")) {
- if (logger.isDebugEnabled()) {
- logger.debug("commence() AJAX request. Authentication required. Returning "
- + ajaxReturnCode + ". URL=" + request.getRequestURI());
- }
- response.sendError(ajaxReturnCode, "");
- } else if(!(requestURL.startsWith(reqServletPath))) {
- super.commence(request, response, authException);
}
- }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
index 94c0ab2..2e00643 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
@@ -49,27 +49,28 @@ public class XModuleDefService extends
@Autowired
XGroupPermissionService xGrpPermService;
- public XModuleDefService(){
+ public XModuleDefService() {
searchFields.add(new SearchField("module", "obj.module",
- SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
-searchFields
- .add(new SearchField(
- "userName",
- "portalUser.loginId",
- SearchField.DATA_TYPE.STRING,
- SearchField.SEARCH_TYPE.PARTIAL,
- " XXPortalUser portalUser, XXUserPermission userPermission",
- "obj.id=userPermission.moduleId and portalUser.id=userPermission.userId and userPermission.isAllowed="
- + RangerConstants.IS_ALLOWED));
-searchFields
- .add(new SearchField(
- "groupName",
- "group.name",
- SearchField.DATA_TYPE.STRING,
- SearchField.SEARCH_TYPE.PARTIAL,
- "XXGroup group,XXGroupPermission groupModulePermission",
- "obj.id=groupModulePermission.moduleId and groupModulePermission.groupId=group.id and groupModulePermission.isAllowed="));
-}
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+ searchFields
+ .add(new SearchField(
+ "userName",
+ "portalUser.loginId",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ " XXPortalUser portalUser, XXUserPermission userPermission",
+ "obj.id=userPermission.moduleId and portalUser.id=userPermission.userId and userPermission.isAllowed="
+ + RangerConstants.IS_ALLOWED));
+ searchFields
+ .add(new SearchField(
+ "groupName",
+ "group.name",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ "XXGroup group,XXGroupPermission groupModulePermission",
+ "obj.id=groupModulePermission.moduleId and groupModulePermission.groupId=group.id and groupModulePermission.isAllowed="
+ + RangerConstants.IS_ALLOWED));
+ }
@Override
protected void validateForCreate(VXModuleDef vObj) {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index e5d74f0..dc46fa2 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -1,20 +1,14 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
+<!-- Licensed to the Apache Software Foundation (ASF) under one or more contributor
+ license agreements. See the NOTICE file distributed with this work for additional
+ information regarding copyright ownership. The ASF licenses this file to
+ You under the Apache License, Version 2.0 (the "License"); you may not use
+ this file except in compliance with the License. You may obtain a copy of
+ the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required
+ by applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
+ OF ANY KIND, either express or implied. See the License for the specific
+ language governing permissions and limitations under the License. -->
<entity-mappings version="1.0"
xmlns="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd ">
@@ -80,7 +74,7 @@
<query>SELECT obj FROM XXAuditMap obj WHERE obj.resourceId = :resourceId
</query>
</named-query>
-
+
<!-- XXGroup -->
<named-query name="XXGroup.findByUserId">
<query>SELECT obj FROM XXGroup obj, XXGroupUser groupUser
@@ -113,7 +107,7 @@
<query>SELECT obj FROM XXResource obj WHERE obj.assetId = :assetId
</query>
</named-query>
-
+
<named-query name="XXResource.findByAssetType">
<query>SELECT obj FROM XXResource obj, XXAsset xxAsset
WHERE xxAsset.id = obj.assetId
@@ -125,7 +119,7 @@
<query>SELECT obj FROM XXResource obj WHERE obj.name = :name
</query>
</named-query>
-
+
<named-query name="XXResource.findByResourceNameAndAssetIdAndRecursiveFlag">
<query>SELECT obj FROM XXResource obj WHERE obj.name like :name and obj.assetId=:assetId
and obj.isRecursive=:isRecursive
@@ -145,8 +139,8 @@
AND xAsset.name = :assetName
</query>
</named-query>
-
-
+
+
<named-query name="XXResource.findByAssetIdAndResourceStatus">
<query>SELECT obj FROM XXResource obj WHERE obj.assetId = :assetId and
obj.resourceStatus = :resourceStatus
@@ -158,13 +152,13 @@
WHERE obj.name=:name
</query>
</named-query>
-
+
<named-query name="XXGroup.findByGroupName">
<query>SELECT Obj FROM XXGroup obj
WHERE obj.name=:name
</query>
</named-query>
-
+
<named-query name="XXGroupUser.deleteByGroupIdAndUserId">
<query>DELETE FROM XXGroupUser obj
WHERE obj.parentGroupId=:parentGroupId
@@ -182,7 +176,7 @@
<query>SELECT obj FROM XXTrxLog obj WHERE obj.transactionId = :transactionId
</query>
</named-query>
-
+
<named-query name="XXUser.findByPolicyItemId">
<query>select obj.name from XXUser obj, XXPolicyItemUserPerm polItemUser
where polItemUser.policyItemId = :polItemId and polItemUser.userId = obj.id </query>
@@ -192,7 +186,7 @@
<query>select obj.name from XXGroup obj, XXPolicyItemGroupPerm polItemGrp
where polItemGrp.policyItemId = :polItemId and polItemGrp.groupId = obj.id </query>
</named-query>
-
+
<!-- XXPolicyItem -->
<named-query name="XXPolicyItem.findByPolicyId">
@@ -203,11 +197,11 @@
<named-query name="XXPolicy.findByNameAndServiceId">
<query>select obj from XXPolicy obj where obj.name = :polName and obj.service = :serviceId</query>
</named-query>
-
+
<named-query name="XXPolicy.findByServiceId">
<query>select obj from XXPolicy obj where obj.service = :serviceId</query>
</named-query>
-
+
<named-query name="XXPolicy.getMaxIdOfXXPolicy">
<query>select MAX(obj.id) from XXPolicy obj</query>
</named-query>
@@ -225,17 +219,17 @@
<named-query name="XXResourceDef.findByNameAndDefId">
<query>select obj from XXResourceDef obj where obj.name = :name and obj.defId = :defId</query>
</named-query>
-
+
<named-query name="XXResourceDef.findByServiceDefId">
<query>select obj from XXResourceDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<named-query name="XXResourceDef.findByPolicyId">
<query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef,
XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type
and xSvc.id = xPol.service and xPol.id = :policyId</query>
</named-query>
-
+
<named-query name="XXResourceDef.findByNameAndPolicyId">
<query>select obj from XXResourceDef obj, XXPolicy xPol, XXServiceDef xSvcDef,
XXService xSvc where obj.defId = xSvcDef.id and xSvcDef.id = xSvc.type
@@ -256,18 +250,18 @@
<named-query name="XXServiceConfigDef.findByServiceDefId">
<query>select obj from XXServiceConfigDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<named-query name="XXServiceConfigDef.findByServiceDefName">
<query>select obj from XXServiceConfigDef obj, XXServiceDef svcDef
where obj.defId = svcDef.id and svcDef.name = :serviceDef</query>
</named-query>
-
+
<!-- XXAccessTypeDef -->
<named-query name="XXAccessTypeDef.findByServiceDefId">
<query>select obj from XXAccessTypeDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<named-query name="XXAccessTypeDef.findByNameAndServiceId">
<query>select obj from XXAccessTypeDef obj, XXService xSvc where
obj.name = :name and xSvc.id = :serviceId and obj.defId = xSvc.type</query>
@@ -277,16 +271,16 @@
<named-query name="XXPolicyConditionDef.findByServiceDefId">
<query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<named-query name="XXPolicyConditionDef.findByServiceDefIdAndName">
<query>select obj from XXPolicyConditionDef obj where obj.defId = :serviceDefId and obj.name = :name</query>
</named-query>
-
+
<named-query name="XXPolicyConditionDef.findByPolicyItemId">
<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond
where xPolItemCond.policyItemId = :polItemId and obj.id = xPolItemCond.type</query>
</named-query>
-
+
<named-query name="XXPolicyConditionDef.findByPolicyItemIdAndName">
<query>select obj from XXPolicyConditionDef obj, XXPolicyItemCondition xPolItemCond
where xPolItemCond.policyItemId = :polItemId and obj.name = :name
@@ -298,32 +292,32 @@
<named-query name="XXContextEnricherDef.findByServiceDefId">
<query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<named-query name="XXContextEnricherDef.findByServiceDefIdAndName">
<query>select obj from XXContextEnricherDef obj where obj.defId = :serviceDefId and obj.name = :name</query>
</named-query>
-
+
<!-- XXEnumDef -->
<named-query name="XXEnumDef.findByServiceDefId">
<query>select obj from XXEnumDef obj where obj.defId = :serviceDefId</query>
</named-query>
-
+
<!-- XXServiceConfigMap -->
<named-query name="XXServiceConfigMap.findByServiceId">
<query>select obj from XXServiceConfigMap obj where obj.serviceId = :serviceId</query>
</named-query>
-
+
<named-query name="XXServiceConfigMap.findByServiceAndConfigKey">
<query>select obj from XXServiceConfigMap obj where
obj.serviceId = :serviceId and obj.configKey = :configKey</query>
</named-query>
-
+
<!-- XXService -->
<named-query name="XXService.findByName">
<query>select obj from XXService obj where obj.name = :name</query>
</named-query>
-
+
<named-query name="XXService.getMaxIdOfXXService">
<query>select MAX(obj.id) from XXService obj</query>
</named-query>
@@ -333,36 +327,36 @@
<query>select obj from XXPolicyResource obj where
obj.policyId = :polId and obj.resDefId = :resDefId</query>
</named-query>
-
+
<named-query name="XXPolicyResource.findByPolicyId">
<query>select obj from XXPolicyResource obj where obj.policyId = :policyId</query>
</named-query>
-
+
<!-- XXPolicyResourceMap -->
<named-query name="XXPolicyResourceMap.findByPolicyResId">
<query>select obj from XXPolicyResourceMap obj where obj.resourceId = :polResId</query>
</named-query>
-
+
<!-- XXPolicyItemAccess -->
<named-query name="XXPolicyItemAccess.findByPolicyItemId">
<query>select obj from XXPolicyItemAccess obj where obj.policyItemId = :polItemId</query>
</named-query>
-
+
<!-- XXPolicyItemCondition -->
<named-query name="XXPolicyItemCondition.findByPolicyItemId">
<query>select obj from XXPolicyItemCondition obj where obj.policyItemId = :polItemId </query>
</named-query>
-
+
<named-query name="XXPolicyItemCondition.findByPolicyItemAndDefId">
<query>select obj from XXPolicyItemCondition obj where
obj.policyItemId = :polItemId and obj.type = :polCondDefId</query>
</named-query>
-
+
<!-- XXPolicyItemGroupPerm -->
<named-query name="XXPolicyItemGroupPerm.findByPolicyItemId">
<query>select obj from XXPolicyItemGroupPerm obj where obj.policyItemId = :polItemId</query>
</named-query>
-
+
<!-- XXPolicyItemUserPerm -->
<named-query name="XXPolicyItemUserPerm.findByPolicyItemId">
<query>select obj from XXPolicyItemUserPerm obj where obj.policyItemId = :polItemId</query>
@@ -373,28 +367,29 @@
<query>select obj from XXDataHist obj where obj.objectId = :objectId
and obj.objectClassType = :classType ORDER BY obj.id</query>
</named-query>
-
+
<named-query name="XXDataHist.getVersionListOfObject">
<query>select obj.version from XXDataHist obj where obj.objectId = :objId
and obj.objectClassType = :classType GROUP BY obj.version </query>
</named-query>
-
+
<named-query name="XXDataHist.findObjectByVersionNumber">
<query>select obj from XXDataHist obj where obj.objectClassType = :classType and
obj.objectId = :objId and obj.version = :version</query>
</named-query>
-
+
<!-- XXTrxLog -->
<named-query name="XXTrxLog.findLogForMaxIdOfClassType">
<query>select MAX(obj.objectId) from XXTrxLog obj where obj.objectClassType = :classType</query>
</named-query>
-
+
<!-- XXUserPermission -->
<named-query name="XXUserPermission.findByUserPermissionId">
<query>SELECT obj FROM XXUserPermission obj
WHERE obj.userId=:userId
</query>
</named-query>
+
<named-query name="XXUserPermission.findByUserPermissionIdAndIsAllowed">
<query>SELECT obj FROM XXUserPermission obj
WHERE obj.userId=:userId AND Obj.isAllowed=:isAllowed
@@ -406,6 +401,7 @@
WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
</query>
</named-query>
+
<named-query name="XXUserPermissionUpdates.findByModuleId">
<query>SELECT obj FROM XXUserPermission obj
WHERE obj.moduleId=:moduleId
@@ -424,11 +420,13 @@
WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
</query>
</named-query>
+
<named-query name="XXGroupPermissionUpdates.findByModuleId">
<query>SELECT obj FROM XXGroupPermission obj
WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
</query>
</named-query>
+
<named-query name="XXGroupPermissionUpdate.findByModuleId">
<query>SELECT obj FROM XXGroupPermission obj
WHERE obj.moduleId=:moduleId
@@ -441,12 +439,14 @@
WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId
</query>
</named-query>
+
<named-query name="XXModuleDef.findModuleNamesWithIds">
- <query>SELECT XXMObj
+ <query>SELECT XXMObj
FROM XXModuleDef XXMObj
</query>
-</named-query>
-<named-query name="XXPortalUser.findByUserName">
+ </named-query>
+
+ <named-query name="XXPortalUser.findByUserName">
<query>SELECT Obj FROM XXPortalUser obj
WHERE obj.loginId=:loginId
</query>
@@ -459,9 +459,10 @@
</named-query>
<named-query name="XXPortalUser.findAllXPortalUser">
- <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser
+ <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser
</query>
-</named-query>
+ </named-query>
+
<!-- VXModuleDef -->
<named-query name="XXModuleDef.findByModuleId">
<query>SELECT obj FROM XXModuleDef obj
@@ -476,12 +477,9 @@
</named-query>
<named-query name="XXGroupPermission.findByVXPoratUserId">
- <query>SELECT distinct gmp FROM XXGroupUser xgu,XXUser xu,XXGroupPermission gmp, XXPortalUser xpu
- WHERE xu.name=xpu.loginId and xu.id=xgu.userId and xgu.parentGroupId=gmp.groupId and xpu.id=:userId and gmp.isAllowed=:isAllowed
+ <query>SELECT distinct gmp FROM XXGroupUser xgu,XXUser xu,XXGroupPermission gmp, XXPortalUser xpu
+ WHERE xu.name=xpu.loginId and xu.id=xgu.userId and xgu.parentGroupId=gmp.groupId and
+ xpu.id=:userId and gmp.isAllowed=:isAllowed
</query>
-</named-query>
-
-
-
-
+ </named-query>
</entity-mappings>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
index 8f39a98..3e78904 100644
--- a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
@@ -106,8 +106,7 @@ define(function(require){
collection: this.collection,
includeFilter : false,
gridOpts : {
- //row: TableRow,
- header : XABackgrid,
+ row: Backgrid.Row.extend({}),
emptyText : 'No permissions found!'
},
}));
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index 3ba1e17..ca168f6 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -548,7 +548,7 @@ public class TestServiceDBStore {
Mockito.verify(serviceDefService).searchRangerServiceDefs(filter);
}
- /*@Test
+ @Test
public void test19createService() throws Exception {
XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
XXServiceConfigMapDao xServiceConfigMapDao = Mockito
@@ -573,7 +573,7 @@ public class TestServiceDBStore {
Mockito.when(xServiceConfigDefDao.findByServiceDefName(userName))
.thenReturn(svcConfDefList);
- Mockito.when(svcService.create(rangerService))
+ Mockito.when(svcServiceWithAssignedId.create(rangerService))
.thenReturn(rangerService);
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
@@ -610,7 +610,7 @@ public class TestServiceDBStore {
Assert.assertNotNull(dbRangerService);
Mockito.verify(daoManager).getXXService();
Mockito.verify(daoManager).getXXServiceConfigMap();
- }*/
+ }
@Test
public void test20updateService() throws Exception {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/7684e5f4/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 4fba6df..0c0f64e 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -1065,26 +1065,9 @@ public class TestXUserMgr {
xUserMgr.deleteXGroupPermission(1L, true);
Mockito.verify(xGroupPermissionService).deleteResource(1L);
}
-
- @Test
- public void test43updateExistingUserExisting() {
- XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class);
- VXPortalUser vXPortalUser = Mockito.mock(VXPortalUser.class);
- XXPortalUser xXPortalUser = Mockito.mock(XXPortalUser.class);
- List<XXPortalUser> portalUserList = new ArrayList<XXPortalUser>();
- Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao);
- Mockito.when(xPortalUserDao.findAllXPortalUser()).thenReturn(
- portalUserList);
- Mockito.when(xPortalUserService.populateViewBean(xXPortalUser))
- .thenReturn(vXPortalUser);
- List<VXPortalUser> vObj = xUserMgr.updateExistingUserExisting();
- Assert.assertNotNull(vObj);
- Mockito.verify(daoManager).getXXPortalUser();
- Mockito.verify(xPortalUserDao).findAllXPortalUser();
- }
-
+
@Test
- public void test44checkPermissionRoleByGivenUrls() {
+ public void test43checkPermissionRoleByGivenUrls() {
XXModuleDefDao value = Mockito.mock(XXModuleDefDao.class);
XXPortalUserRoleDao xPortalUserRoleDao = Mockito
.mock(XXPortalUserRoleDao.class);
@@ -1117,7 +1100,7 @@ public class TestXUserMgr {
}
@Test
- public void test45getGroupsForUser() {
+ public void test44getGroupsForUser() {
VXUser vxUser = vxUser();
String userName = "test";
Mockito.when(xUserService.getXUserByUserName(userName)).thenReturn(