You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by rm...@apache.org on 2019/05/29 19:42:36 UTC
[ranger] branch master updated: RANGER-2437:Update grant/revoke error message to provide more information about the principal type

This is an automated email from the ASF dual-hosted git repository.

rmani pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new a69820b  RANGER-2437:Update grant/revoke error message to provide more information about the principal type
a69820b is described below

commit a69820be287d9ae1a6ed390a8a2d17dbe44eb88f
Author: rmani <rm...@hortonworks.com>
AuthorDate: Tue May 21 10:52:58 2019 -0700

    RANGER-2437:Update grant/revoke error message to provide more information about the principal type
    
    Signed-off-by: rmani <rm...@hortonworks.com>
---
 .../java/org/apache/ranger/rest/ServiceREST.java   | 60 +++++++++++++++++-----
 1 file changed, 48 insertions(+), 12 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 01f1a12..e1f6eec 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -129,6 +129,7 @@ import org.apache.ranger.view.RangerPluginInfoList;
 import org.apache.ranger.view.RangerPolicyList;
 import org.apache.ranger.view.RangerServiceDefList;
 import org.apache.ranger.view.RangerServiceList;
+import org.apache.ranger.view.VXGroup;
 import org.apache.ranger.view.VXResponse;
 import org.apache.ranger.view.VXString;
 import org.apache.ranger.view.VXUser;
@@ -3710,22 +3711,57 @@ public class ServiceREST {
 
 	private void validateGrantRevokeRequest(GrantRevokeRequest request){
 		if( request!=null){
-			if(CollectionUtils.isEmpty(request.getUsers()) && CollectionUtils.isEmpty(request.getGroups())){
-				throw restErrorUtil.createGrantRevokeRESTException( "Grantee users/groups list is empty");
-			}
-			String grantor=request.getGrantor();
-			if(grantor==null || userMgr.getXUserByUserName(grantor) == null) {
-				throw restErrorUtil.createGrantRevokeRESTException( "Grantor user "+grantor+" doesn't exist");
+			validateUsersAndGroups(request.getUsers(),request.getGroups());
+			validateGrantor(request.getGrantor());
+			validateGrantees(request.getUsers());
+			validateGroups(request.getGroups());
+		}
+	}
+
+	private void validateUsersAndGroups(Set<String> users, Set<String> groups){
+		if(CollectionUtils.isEmpty(users) && CollectionUtils.isEmpty(groups)){
+			throw restErrorUtil.createGrantRevokeRESTException( "Grantee users/groups list is empty");
+		}
+	}
+
+	private void validateGrantor(String grantor)  {
+		VXUser   vxUser = null;
+		if (grantor != null) {
+			try {
+				vxUser = userMgr.getXUserByUserName(grantor);
+				if (vxUser == null) {
+					throw restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + " doesn't exist");
+				}
+			} catch (Exception e) {
+				throw restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + " doesn't exist");
 			}
-			for(String userName:request.getUsers()){
-				if(userMgr.getXUserByUserName(userName) == null) {
-					throw restErrorUtil.createGrantRevokeRESTException( "Grantee user "+userName+" doesn't exist");
+		}
+	}
+
+	private void validateGrantees(Set<String> grantees) {
+		VXUser   vxUser = null;
+		for (String userName : grantees) {
+			try {
+				vxUser = userMgr.getXUserByUserName(userName);
+				if (vxUser == null) {
+					throw restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + " doesn't exist");
 				}
+			} catch (Exception e) {
+				throw restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + " doesn't exist");
 			}
-			for(String groupName:request.getGroups()){
-				if(userMgr.getGroupByGroupName(groupName)== null) {
-					throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+groupName+" doesn't exist");
+		}
+	}
+
+	private void validateGroups(Set<String> groups) {
+		VXGroup   vxGroup = null;
+		for (String groupName : groups) {
+			try {
+				vxGroup = userMgr.getGroupByGroupName(groupName);
+				if (vxGroup == null) {
+					throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+ groupName +" doesn't exist");
 				}
+			} catch (Exception e) {
+				throw restErrorUtil.createGrantRevokeRESTException( "Grantee group "+ groupName +" doesn't exist");
 			}
 		}
 	}