You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2020/04/14 11:59:01 UTC
[ranger] branch master updated (03fab86 -> 7dac4e1)
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 03fab86 RANGER-2791: Ignore .iml files from RAT check for schema-registry plugin
new 5b23eff RANGER-2772 : added functionality to marge role while using mergeIfExists parameter
new 99c1514 RANGER-2775 : Pagination not working for role in Ranger admin UI page
new 7dac4e1 RANGER-2765 : Correct permissions are not getting loaded for entity-label in Atlas service
The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../java/org/apache/ranger/biz/RoleDBStore.java | 15 ++++++++
.../main/java/org/apache/ranger/rest/RoleREST.java | 10 +-----
.../java/org/apache/ranger/rest/ServiceREST.java | 4 +--
.../org/apache/ranger/rest/ServiceRESTUtil.java | 22 +++++++++---
.../scripts/views/policies/PermissionList.js | 41 ++++++++++++++--------
.../scripts/views/policies/RangerPolicyForm.js | 6 ++--
6 files changed, 66 insertions(+), 32 deletions(-)
[ranger] 03/03: RANGER-2765 : Correct permissions are not getting
loaded for entity-label in Atlas service
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 7dac4e178b94c949da7c727fb2e749b50d933bb5
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Thu Apr 2 14:34:09 2020 +0530
RANGER-2765 : Correct permissions are not getting loaded for entity-label in Atlas service
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../scripts/views/policies/PermissionList.js | 41 ++++++++++++++--------
.../scripts/views/policies/RangerPolicyForm.js | 6 ++--
2 files changed, 30 insertions(+), 17 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index 4d9cd7d..cf5aff9 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -413,23 +413,36 @@ define(function(require) {
return accessTypeByResource;
},
//if parent isValidLeaf is false than check child isvalidLeaf
- childRscDef:function(resChild , rscName){
- var childResourcs = _.filter(resChild, function(m){
+ childRscDef:function(resChild , rscName, rscDef){
+ var childResourcs = _.filter(resChild, function(m){
return m.parent == rscName
});
- var rscDef , someVal;
- someVal = _.some(childResourcs,function(obj){
-// help of this we separate specified(selected) child resource from all childResourcs
- var $html = $('[data-name="field-'+obj.name+'"]');
- if($html.length > 0){
- rscName = obj.name;
- rscDef = obj;
- return true;
+ if(!_.isEmpty(childResourcs)){
+ var someVal;
+ someVal = _.some(childResourcs,function(obj){
+ //help of this we separate specified(selected) child resource from all childResourcs
+ var $html = $('[data-name="field-'+obj.name+'"]');
+ if($html.length > 0){
+ rscName = obj.name;
+ rscDef = obj;
+ return true;
+ }
+ });
+ if(!someVal){
+ rscDef = childResourcs[0];
+ rscName = childResourcs[0].name;
+ }
+ }
+ // resource-node have isValidLeaf is true and resource have child node then render that child node permission
+ if(rscDef && rscDef.isValidLeaf && !this.model.has('editMode')) {
+ var hasChiled = _.filter(resChild, function(m){
+ return m.parent == rscName
+ });
+ if(!_.isEmpty(hasChiled)) {
+ rscDef = hasChiled[0];
+ rscName = hasChiled[0].name;
+ this.childRscDef(resChild , rscName, rscDef);
}
- });
- if(!someVal){
- rscDef = childResourcs[0];
- rscName = childResourcs[0].name;
}
return ((rscDef.isValidLeaf) ? _.findWhere(resChild, {'name':rscName }) : this.childRscDef(resChild , rscName))
},
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index e2bd6ed..f0b687f 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -487,9 +487,9 @@ define(function(require){
var resorceFieldName = _.pick(this.schema ,this.selectedFields[key]);
if(resorceFieldName[this.selectedFields[key]].sameLevelOpts && _.contains(resorceFieldName[this.selectedFields[key]].sameLevelOpts , 'none')
&& formDiv.find(selector).find('select').val() != 'none' && onChangeOfSameLevelType){
-// change trigger and set value to none
- $(rsrc).find('select').val("none").trigger('change',"onChangeResources");
- }
+ //change trigger and set value to selected node
+ $(rsrc).find('select').val($(rsrc).find('select option:nth-child(1)').text()).trigger('change',"onChangeResources");
+ }
}else{
if($(rsrc).find('select').val() == 'none'){
$(rsrc).find('input[data-js="resource"]').select2('disable');
[ranger] 01/03: RANGER-2772 : added functionality to marge role
while using mergeIfExists parameter
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5b23eff7d1ce5b4cbd0fa1b7ad4709f7e48cd10f
Author: Dineshkumar Yadav <di...@outlook.com>
AuthorDate: Wed Apr 8 12:12:35 2020 +0530
RANGER-2772 : added functionality to marge role while using mergeIfExists parameter
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../java/org/apache/ranger/rest/ServiceREST.java | 4 ++--
.../org/apache/ranger/rest/ServiceRESTUtil.java | 22 ++++++++++++++++++----
2 files changed, 20 insertions(+), 6 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 38b4982..82e67e6 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -1687,12 +1687,12 @@ public class ServiceREST {
}
if (StringUtils.isNotBlank(zoneName)) {
existingPolicy = getPolicyByNameAndZone(policy.getService(), policy.getName(), policy.getZoneName());
- if(existingPolicy==null) {
+ if (existingPolicy == null && policy.getGuid() != null) {
existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), policy.getZoneName());
}
} else {
existingPolicy = getPolicyByName(policy.getService(), policy.getName());
- if(existingPolicy==null) {
+ if (existingPolicy == null && policy.getGuid() != null) {
existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), null);
}
}
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
index d85028c..640d3c3 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java
@@ -329,8 +329,8 @@ public class ServiceRESTUtil {
// Split existing policyItems for users and groups extracted from appliedPolicyItem into userPolicyItems and groupPolicyItems
splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems);
- // Apply policyItems of given type in appliedPolicy to policyItems extracted from existingPolicy
- mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems);
+ // Apply policyItems of given type in appliedPlicy to policyItems extracted from existingPolicy
+ mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems);
// Add modified/new policyItems back to existing policy
mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems);
compactPolicy(existingPolicy);
@@ -422,7 +422,6 @@ public class ServiceRESTUtil {
policyItem = splitAndGetConsolidatedPolicyItemForGroup(denyExceptionItems, group);
value[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = policyItem;
}
-
for (String role : roles) {
RangerPolicy.RangerPolicyItem value[] = rolePolicyItems.get(role);
if (value == null) {
@@ -666,7 +665,8 @@ public class ServiceRESTUtil {
static private void mergePolicyItems(List<RangerPolicy.RangerPolicyItem> appliedPolicyItems,
POLICYITEM_TYPE policyItemType, Map<String, RangerPolicy.RangerPolicyItem[]> existingUserPolicyItems,
- Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems) {
+ Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems,
+ Map<String, RangerPolicy.RangerPolicyItem[]> existingRolePolicyItems ) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceRESTUtil.mergePolicyItems()");
}
@@ -696,6 +696,20 @@ public class ServiceRESTUtil {
addPolicyItemForGroup(items, policyItemType.ordinal(), group, policyItem);
}
}
+
+ for (RangerPolicy.RangerPolicyItem policyItem : appliedPolicyItems) {
+ List<String> roles = policyItem.getRoles();
+ for (String role : roles) {
+ RangerPolicy.RangerPolicyItem[] items = existingRolePolicyItems.get(role);
+ if (items == null) {
+ // Should not get here
+ items = new RangerPolicy.RangerPolicyItem[4];
+ existingRolePolicyItems.put(role, items);
+ }
+ addPolicyItemForRole(items, policyItemType.ordinal(), role, policyItem);
+ }
+ }
+
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceRESTUtil.mergePolicyItems()");
}
[ranger] 02/03: RANGER-2775 : Pagination not working for role in
Ranger admin UI page
Posted by me...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 99c15149dc250d56e5145996bc944f0b32e6ac56
Author: maheshbandal <ma...@gmail.com>
AuthorDate: Tue Apr 7 19:22:32 2020 +0530
RANGER-2775 : Pagination not working for role in Ranger admin UI page
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../src/main/java/org/apache/ranger/biz/RoleDBStore.java | 15 +++++++++++++++
.../src/main/java/org/apache/ranger/rest/RoleREST.java | 10 +---------
2 files changed, 16 insertions(+), 9 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index 9d2f0ba..6ef5fe5 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -43,6 +43,7 @@ import org.apache.ranger.plugin.store.RoleStore;
import org.apache.ranger.plugin.util.RangerRoles;
import org.apache.ranger.plugin.util.SearchFilter;
import org.apache.ranger.service.RangerRoleService;
+import org.apache.ranger.view.RangerRoleList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -268,6 +269,20 @@ public class RoleDBStore implements RoleStore {
return ret;
}
+ public RangerRoleList getRoles(SearchFilter filter, RangerRoleList rangerRoleList) throws Exception {
+ List<RangerRole> roles = new ArrayList<RangerRole>();
+ List<XXRole> xxRoles = (List<XXRole>)roleService.searchResources(filter, roleService.searchFields, roleService.sortFields, rangerRoleList);
+
+ if (CollectionUtils.isNotEmpty(xxRoles)) {
+ for (XXRole xxRole : xxRoles) {
+ roles.add(roleService.read(xxRole.getId()));
+ }
+ }
+
+ rangerRoleList.setRoleList(roles);
+ return rangerRoleList;
+ }
+
@Override
public List<String> getRoleNames(SearchFilter filter) throws Exception {
return daoMgr.getXXRole().getAllNames();
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index aa031ae..be3bf2f 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -330,17 +330,9 @@ public class RoleREST {
LOG.debug("==> getAllRoles()");
}
SearchFilter filter = searchUtil.getSearchFilter(request, roleService.sortFields);
- List<RangerRole> roles;
try {
ensureAdminAccess(null, null);
- roles = roleStore.getRoles(filter);
- ret.setRoleList(roles);
- if (roles != null) {
- ret.setTotalCount(roles.size());
- ret.setSortBy(filter.getSortBy());
- ret.setSortType(filter.getSortType());
- ret.setResultSize(roles.size());
- }
+ roleStore.getRoles(filter,ret);
} catch(WebApplicationException excp) {
throw excp;
} catch(Throwable excp) {