You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/05/29 19:42:36 UTC
[ranger] branch master updated: RANGER-2437:Update grant/revoke
error message to provide more information about the principal type
This is an automated email from the ASF dual-hosted git repository.
rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new a69820b RANGER-2437:Update grant/revoke error message to provide more information about the principal type
a69820b is described below
commit a69820be287d9ae1a6ed390a8a2d17dbe44eb88f
Author: rmani <rm...@hortonworks.com>
AuthorDate: Tue May 21 10:52:58 2019 -0700
RANGER-2437:Update grant/revoke error message to provide more information about the principal type
Signed-off-by: rmani <rm...@hortonworks.com>
---
.../java/org/apache/ranger/rest/ServiceREST.java | 60 +++++++++++++++++-----
1 file changed, 48 insertions(+), 12 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 01f1a12..e1f6eec 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -129,6 +129,7 @@ import org.apache.ranger.view.RangerPluginInfoList;
import org.apache.ranger.view.RangerPolicyList;
import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
+import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
import org.apache.ranger.view.VXUser;
@@ -3710,22 +3711,57 @@ public class ServiceREST {
private void validateGrantRevokeRequest(GrantRevokeRequest request){
if( request!=null){
- if(CollectionUtils.isEmpty(request.getUsers()) && CollectionUtils.isEmpty(request.getGroups())){
- throw restErrorUtil.createGrantRevokeRESTException( "Grantee users/groups list is empty");
- }
- String grantor=request.getGrantor();
- if(grantor==null || userMgr.getXUserByUserName(grantor) == null) {
- throw restErrorUtil.createGrantRevokeRESTException( "Grantor user "+grantor+" doesn't exist");
+ validateUsersAndGroups(request.getUsers(),request.getGroups());
+ validateGrantor(request.getGrantor());
+ validateGrantees(request.getUsers());
+ validateGroups(request.getGroups());
+ }
+ }
+
+ private void validateUsersAndGroups(Set<String> users, Set<String> groups){
+ if(CollectionUtils.isEmpty(users) && CollectionUtils.isEmpty(groups)){
+ throw restErrorUtil.createGrantRevokeRESTException( "Grantee users/groups list is empty");
+ }
+ }
+
+ private void validateGrantor(String grantor) {
+ VXUser vxUser = null;
+ if (grantor != null) {
+ try {
+ vxUser = userMgr.getXUserByUserName(grantor);
+ if (vxUser == null) {
+ throw restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + " doesn't exist");
+ }
+ } catch (Exception e) {
+ throw restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + " doesn't exist");
}
- for(String userName:request.getUsers()){
- if(userMgr.getXUserByUserName(userName) == null) {
- throw restErrorUtil.createGrantRevokeRESTException( "Grantee user "+userName+" doesn't exist");
+ }
+ }
+
+ private void validateGrantees(Set<String> grantees) {
+ VXUser vxUser = null;
+ for (String userName : grantees) {
+ try {
+ vxUser = userMgr.getXUserByUserName(userName);
+ if (vxUser == null) {
+ throw restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + " doesn't exist");
}
+ } catch (Exception e) {
+ throw restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + " doesn't exist");
}
- for(String groupName:request.getGroups()){
- if(userMgr.getGroupByGroupName(groupName)== null) {
- throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+groupName+" doesn't exist");
+ }
+ }
+
+ private void validateGroups(Set<String> groups) {
+ VXGroup vxGroup = null;
+ for (String groupName : groups) {
+ try {
+ vxGroup = userMgr.getGroupByGroupName(groupName);
+ if (vxGroup == null) {
+ throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+ groupName +" doesn't exist");
}
+ } catch (Exception e) {
+ throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+ groupName +" doesn't exist");
}
}
}