You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/12/13 06:49:51 UTC

[2/2] ranger git commit: RANGER-2308: User role user should not able to access usersync audit report if it does not have permissions on the audit module.

RANGER-2308: User role user should not able to access usersync audit report if it does not have permissions on the audit module.


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/638a3bc3
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/638a3bc3
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/638a3bc3

Branch: refs/heads/ranger-1.2
Commit: 638a3bc323d6b66a453d5c0438315d2351a8f1a5
Parents: 58a7772
Author: Pradeep <pr...@apache.org>
Authored: Fri Dec 7 17:23:09 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Thu Dec 13 12:18:55 2018 +0530

----------------------------------------------------------------------
 .../src/main/java/org/apache/ranger/biz/AssetMgr.java          | 5 ++++-
 .../src/main/java/org/apache/ranger/biz/XUserMgr.java          | 6 ++++--
 .../src/main/java/org/apache/ranger/rest/ServiceREST.java      | 4 ++++
 .../src/test/java/org/apache/ranger/biz/TestXUserMgr.java      | 1 +
 .../src/test/java/org/apache/ranger/rest/TestServiceREST.java  | 1 +
 5 files changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/638a3bc3/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 941691a..41b42ca 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -44,6 +44,7 @@ import org.apache.ranger.common.JSONUtil;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
@@ -1087,7 +1088,9 @@ public class AssetMgr extends AssetMgrBase {
     }
 
 	public VXUgsyncAuditInfoList getUgsyncAudits(SearchCriteria searchCriteria) {
-
+		if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_AUDIT)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_AUDIT+" module.", true);
+		}
 		if (searchCriteria == null) {
 			searchCriteria = new SearchCriteria();
 		}

http://git-wip-us.apache.org/repos/asf/ranger/blob/638a3bc3/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 6eaa448..a875db6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -873,8 +873,10 @@ public class XUserMgr extends XUserMgrBase {
 		return ret;
 	}
 
-        public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
-
+	public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
+		if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_USER_GROUPS+" module.", true);
+		}
                 VXUserList vXUserList = new VXUserList();
 
 		VXGroupUserList vXGroupUserList = xGroupUserService

http://git-wip-us.apache.org/repos/asf/ranger/blob/638a3bc3/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 865e115..0b854d0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -464,6 +464,10 @@ public class ServiceREST {
 			LOG.debug("==> ServiceREST.getServiceDefs()");
 		}
 
+		if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_RESOURCE_BASED_POLICIES+" module.", true);
+		}
+
 		RangerServiceDefList ret  = null;
 		RangerPerfTracer     perf = null;
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/638a3bc3/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index bc69329..0e4a957 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -926,6 +926,7 @@ public class TestXUserMgr {
 		testSearchCriteria.addParam("xGroupId", userId);
 		VXGroupUserList vxGroupUserList = vxGroupUserList();
 		Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
+		Mockito.when(msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)).thenReturn(true);
 		VXUserList dbVXUserList = xUserMgr.getXGroupUsers(testSearchCriteria);
 		Assert.assertNotNull(dbVXUserList);
 	}

http://git-wip-us.apache.org/repos/asf/ranger/blob/638a3bc3/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index a8e6e61..0196e24 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -573,6 +573,7 @@ public class TestServiceREST {
 		serviceDefList.setStartIndex(0);
 		serviceDefList.setTotalCount(10);
 		serviceDefList.setList(serviceDefsList);
+		Mockito.when(bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)).thenReturn(true);
 		Mockito.when(svcStore.getPaginatedServiceDefs(filter)).thenReturn(
 				serviceDefList);
 		RangerServiceDefList dbRangerServiceDef = serviceREST