You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2016/05/25 04:07:26 UTC
[2/2] incubator-ranger git commit: RANGER-993: Row filtering and
column masking audit log fix
RANGER-993: Row filtering and column masking audit log fix
Signed-off-by: Gautam Borad <ga...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/d21e6bb4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/d21e6bb4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/d21e6bb4
Branch: refs/heads/master
Commit: d21e6bb47edd8d7c6bda014a2899099c501c7585
Parents: 72d61a8
Author: pradeep agrawal <pr...@freestoneinfotech.com>
Authored: Tue May 24 09:45:25 2016 +0530
Committer: Gautam Borad <ga...@apache.org>
Committed: Wed May 25 09:37:11 2016 +0530
----------------------------------------------------------------------
.../ranger/service/RangerPolicyService.java | 148 ++++++++++++++
.../views/reports/PlugableServiceDiffDetail.js | 62 +++++-
security-admin/src/main/webapp/styles/xa.css | 7 +
.../reports/PlugableServicePolicyDiff_tmpl.html | 86 +++++++-
.../PlugableServicePolicyUpdateDiff_tmpl.html | 199 +++++++++++++++++--
5 files changed, 484 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d21e6bb4/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
index 7987057..042c239 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java
@@ -34,8 +34,10 @@ import org.apache.ranger.entity.XXPolicyBase;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.plugin.model.RangerPolicy;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
+import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem;
import org.codehaus.jackson.JsonParseException;
import org.codehaus.jackson.map.JsonMappingException;
import org.codehaus.jackson.map.ObjectMapper;
@@ -58,6 +60,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
public static final String DENYPOLICY_ITEM_CLASS_FIELD_NAME = "denyPolicyItems";
public static final String ALLOW_EXCEPTIONS_CLASS_FIELD_NAME="allowExceptions";
public static final String DENY_EXCEPTIONS_CLASS_FIELD_NAME="denyExceptions";
+ public static final String DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME="dataMaskPolicyItems";
+ public static final String ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME="rowFilterPolicyItems";
static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>();
String actionCreate;
@@ -73,6 +77,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
trxLogAttrs.put("denyPolicyItems", new VTrxLogAttr("denyPolicyItems", "DenyPolicy Items", false));
trxLogAttrs.put("allowExceptions", new VTrxLogAttr("allowExceptions", "Allow Exceptions", false));
trxLogAttrs.put("denyExceptions", new VTrxLogAttr("denyExceptions", "Deny Exceptions", false));
+ trxLogAttrs.put("dataMaskPolicyItems", new VTrxLogAttr("dataMaskPolicyItems", "Masked Policy Items", false));
+ trxLogAttrs.put("rowFilterPolicyItems", new VTrxLogAttr("rowFilterPolicyItems", "Row level filter Policy Items", false));
}
public RangerPolicyService() {
@@ -193,6 +199,10 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
value = processPolicyItemsForTrxLog(field.get(vObj));
} else if (fieldName.equalsIgnoreCase(DENY_EXCEPTIONS_CLASS_FIELD_NAME)){
value = processPolicyItemsForTrxLog(field.get(vObj));
+ } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)){
+ value = processDataMaskPolicyItemsForTrxLog(field.get(vObj));
+ } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)){
+ value = processRowFilterPolicyItemForTrxLog(field.get(vObj));
}
else {
value = "" + field.get(vObj);
@@ -252,6 +262,14 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
if (oldPolicy != null) {
oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyExceptions());
}
+ } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)) {
+ if (oldPolicy != null) {
+ oldValue = processDataMaskPolicyItemsForTrxLog(oldPolicy.getDataMaskPolicyItems());
+ }
+ } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)) {
+ if (oldPolicy != null) {
+ oldValue = processRowFilterPolicyItemForTrxLog(oldPolicy.getRowFilterPolicyItems());
+ }
}
if (oldValue == null || value.equalsIgnoreCase(oldValue)) {
return null;
@@ -290,6 +308,16 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
if(org.apache.commons.lang.StringUtils.equals(value, oldValue)) {
return null;
}
+ } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)) {
+ //compare old and new dataMaskPolicyItems
+ if(compareTwoDataMaskingPolicyItemList(value, oldValue)) {
+ return null;
+ }
+ } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)) {
+ //compare old and new rowFilterPolicyItems
+ if(compareTwoRowFilterPolicyItemList(value, oldValue)) {
+ return null;
+ }
}
xTrxLog.setPreviousValue(oldValue);
xTrxLog.setNewValue(value);
@@ -443,4 +471,124 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range
String name = (String) value;
return name;
}
+
+ @SuppressWarnings("unchecked")
+ private String processDataMaskPolicyItemsForTrxLog(Object value) {
+ if(value == null) {
+ return "";
+ }
+ List<RangerDataMaskPolicyItem> rangerPolicyItems = (List<RangerDataMaskPolicyItem>) value;
+ if(rangerPolicyItems==null || rangerPolicyItems.size()==0){
+ return "";
+ }
+ String ret = jsonUtil.readListToString(rangerPolicyItems);
+ if(ret == null) {
+ return "";
+ }
+ return ret;
+ }
+
+ @SuppressWarnings("unchecked")
+ private String processRowFilterPolicyItemForTrxLog(Object value) {
+ if(value == null) {
+ return "";
+ }
+ List<RangerRowFilterPolicyItem> rangerPolicyItems = (List<RangerRowFilterPolicyItem>) value;
+ if(rangerPolicyItems==null || rangerPolicyItems.size()==0){
+ return "";
+ }
+ String ret = jsonUtil.readListToString(rangerPolicyItems);
+ if(ret == null) {
+ return "";
+ }
+ return ret;
+ }
+
+ private boolean compareTwoDataMaskingPolicyItemList(String value, String oldValue) {
+ if (value == null && oldValue == null) {
+ return true;
+ }
+ if (value == "" && oldValue == "") {
+ return true;
+ }
+ if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) {
+ return false;
+ }
+ ObjectMapper mapper = new ObjectMapper();
+ try {
+ List<RangerDataMaskPolicyItem> obj = mapper.readValue(value,
+ new TypeReference<List<RangerDataMaskPolicyItem>>() {
+ });
+ List<RangerDataMaskPolicyItem> oldObj = mapper.readValue(oldValue,
+ new TypeReference<List<RangerDataMaskPolicyItem>>() {
+ });
+ int oldListSize = oldObj.size();
+ int listSize = obj.size();
+ if(oldListSize != listSize) {
+ return false;
+ }
+ for(RangerDataMaskPolicyItem polItem : obj) {
+ if(!oldObj.contains(polItem)) {
+ return false;
+ }
+ }
+ return true;
+ } catch (JsonParseException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ } catch (JsonMappingException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ } catch (IOException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+ }
+
+ private boolean compareTwoRowFilterPolicyItemList(String value, String oldValue) {
+ if (value == null && oldValue == null) {
+ return true;
+ }
+ if (value == "" && oldValue == "") {
+ return true;
+ }
+ if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) {
+ return false;
+ }
+ ObjectMapper mapper = new ObjectMapper();
+ try {
+ List<RangerRowFilterPolicyItem> obj = mapper.readValue(value,
+ new TypeReference<List<RangerRowFilterPolicyItem>>() {
+ });
+ List<RangerRowFilterPolicyItem> oldObj = mapper.readValue(oldValue,
+ new TypeReference<List<RangerRowFilterPolicyItem>>() {
+ });
+ int oldListSize = oldObj.size();
+ int listSize = obj.size();
+ if(oldListSize != listSize) {
+ return false;
+ }
+ for(RangerRowFilterPolicyItem polItem : obj) {
+ if(!oldObj.contains(polItem)) {
+ return false;
+ }
+ }
+ return true;
+ } catch (JsonParseException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ } catch (JsonMappingException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ } catch (IOException e) {
+ throw restErrorUtil.createRESTException(
+ "Invalid input data: " + e.getMessage(),
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d21e6bb4/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
index 800eed7..7ff1b0e 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
@@ -59,6 +59,11 @@ define(function(require){
oldDenyPolicyItems : this.oldDenyPolicyItems,
newDenyExceptionPolicyItems : this.newDenyExceptionPolicyItems,
oldDenyExceptionPolicyItems : this.oldDenyExceptionPolicyItems,
+ newMaskPolicyItems: this.newMaskPolicyItems,
+ newRowFilterPolicyItems: this.newRowFilterPolicyItems,
+ oldMaskPolicyItems: this.oldMaskPolicyItems,
+ oldRowFilterPolicyItems: this.oldRowFilterPolicyItems,
+
};
},
/** ui selector cache */
@@ -149,6 +154,7 @@ define(function(require){
this.highLightElement($(ol).find('.groupname'), $(newOl[i]).find('.groupname'));
this.highLightElement($(ol).find('.perm'), $(newOl[i]).find('.perm'));
this.highLightElement($(ol).find('.condition'), $(newOl[i]).find('.condition'));
+ this.highLightElement($(ol).find('.maskingAndRow'), $(newOl[i]).find('.maskingAndRow'));
},this);
},
@@ -192,6 +198,8 @@ define(function(require){
this.newAllowExceptionPolicyItems = null, this.oldAllowExceptionPolicyItems = null,
this.newDenyPolicyItems = null, this.oldDenyPolicyItems = null,
this.newDenyExceptionPolicyItems = null, this.oldDenyExceptionPolicyItems = null;
+ this.newMaskPolicyItems = null, this.newRowFilterPolicyItems = null,
+ this.oldMaskPolicyItems = null, this.oldRowFilterPolicyItems = null;
var policyStatus = this.collection.findWhere({'attributeName':'Policy Status'})
if(!_.isUndefined(policyStatus)){
if(!_.isEmpty(policyStatus.get('previousValue'))){
@@ -239,6 +247,22 @@ define(function(require){
this.oldDenyExceptionPolicyItems = perms.oldPerms;
}
}
+ var policyItems = this.collection.findWhere({'attributeName':'Masked Policy Items'});
+ if(!_.isUndefined(policyItems)){
+ var perms = this.getPolicyItems('Masked Policy Items');
+ if(!_.isEmpty(perms)){
+ this.newMaskPolicyItems = perms.newPerms;
+ this.oldMaskPolicyItems = perms.oldPerms;
+ }
+ }
+ var policyItems = this.collection.findWhere({'attributeName':'Row level filter Policy Items'});
+ if(!_.isUndefined(policyItems)){
+ var perms = this.getPolicyItems('Row level filter Policy Items');
+ if(!_.isEmpty(perms)){
+ this.newRowFilterPolicyItems = perms.newPerms;
+ this.oldRowFilterPolicyItems = perms.oldPerms;
+ }
+ }
},
getPolicyResources : function() {
var policyResources = this.collection.findWhere({'attributeName':'Policy Resources'});
@@ -294,7 +318,7 @@ define(function(require){
}
},
getPolicyItems : function(itemType) {
- var items = {};
+ var items = {},that = this;
var newPolicyItems=[], oldPolicyItems =[];
var policyItems = this.collection.findWhere({'attributeName': itemType });
this.collection.remove(policyItems);
@@ -318,9 +342,32 @@ define(function(require){
}
});
}
+ if(itemType === 'Masked Policy Items') {
+ for(var i = 0; i < newPolicyItems.length ; i++){
+ var maskingType = newPolicyItems[i].dataMaskInfo.dataMaskType;
+ var dataMaskDefs = that.rangerServiceDefModel.get('dataMaskDef');
+ _.each(dataMaskDefs.maskTypes,function(maskType){
+ if(maskType.name === maskingType) {
+ newPolicyItems[i].dataMaskInfo.dataMaskType = maskType.label;
+ }
+ });
+ };
+
+ for(var i = 0; i < oldPolicyItems.length ; i++){
+ var maskingType = oldPolicyItems[i].dataMaskInfo.dataMaskType;
+ var dataMaskDefs = that.rangerServiceDefModel.get('dataMaskDef');
+ _.each(dataMaskDefs.maskTypes,function(maskType){
+ if(maskType.name === maskingType) {
+ oldPolicyItems[i].dataMaskInfo.dataMaskType = maskType.label;
+ }
+ });
+ };
+ }
+
// this.oldPermList =[], this.newPermList =[]
if(this.action == "update"){
- return this.setOldeNewPermList(newPolicyItems, oldPolicyItems);
+ //return this.setOldeNewPermList(newPolicyItems, oldPolicyItems);
+ return this.setOldNewPermDiff(newPolicyItems, oldPolicyItems);
} else {
return {'oldPerms' : oldPolicyItems, 'newPerms' : newPolicyItems};
@@ -328,6 +375,17 @@ define(function(require){
// this.newPermList = this.newPolicyItems;
}
},
+ setOldNewPermDiff: function(newPolicyItems, oldPolicyItems){
+ var oldPerms = [], newPerms = [];
+ var len = oldPolicyItems.length > newPolicyItems.length ? oldPolicyItems.length : newPolicyItems.length;
+ for(var i = 0; i < len ; i++) {
+ if (JSON.stringify(newPolicyItems[i]) != JSON.stringify(oldPolicyItems[i])) {
+ oldPerms.push(oldPolicyItems[i]);
+ newPerms.push(newPolicyItems[i]);
+ }
+ }
+ return {'newPerms': newPerms, 'oldPerms': oldPerms};
+ },
setOldeNewPermList : function(newPolicyItems, oldPolicyItems) {
var found = false, oldPerms = [], newPerms = [];
for(var i=0; i< newPolicyItems.length ;i++){
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d21e6bb4/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index f8e7273..b586e11 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -1468,6 +1468,13 @@ ul.tabs > li > a {
.diff-right .data li {
min-width: 16.5em;
}
+.diff-list > ol {
+ display: initial;
+ min-width: 250px;
+}
+.diff .diff-left{
+ min-width: 16.5em;
+}
.change {
background-color: #ffd;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d21e6bb4/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
index 5ed8d00..3018c84 100644
--- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
@@ -46,7 +46,7 @@
{{#if newPolicyItems}}
<h5>Allow PolicyItems :</h5>
<div class="diff diff-perms" >
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newPolicyItems}}
<ol class="unstyled data">
@@ -89,7 +89,7 @@
{{#if newAllowExceptionPolicyItems}}
<h5>Allow Exceptions :</h5>
<div class="diff diff-perms" >
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newAllowExceptionPolicyItems}}
<ol class="unstyled data">
@@ -132,7 +132,7 @@
{{#if newDenyPolicyItems}}
<h5>Deny PolicyItems :</h5>
<div class="diff diff-perms" >
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newDenyPolicyItems}}
<ol class="unstyled data">
@@ -173,7 +173,7 @@
{{#if oldDenyExceptionPolicyItems}}
<h5>Deny Exception PolicyItems:</h5>
<div class="diff diff-perms" >
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each oldDenyExceptionPolicyItems}}
<ol class="unstyled data">
@@ -211,4 +211,82 @@
</div>
{{/if}}
+<!-- Masking Policy Items -->
+{{#if newMaskPolicyItems}}
+ <h5>Masking Policy Items :</h5>
+ <div class="diff diff-perms" >
+ <div class="diff-right diff-list" data-id="diff">
+ <h3>New Value</h3>
+ {{#each newMaskPolicyItems}}
+ <ol class="unstyled data">
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Users:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{this.users}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Accesses:
+ {{#each this.accesses}}
+ {{this.type}} <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.dataMaskInfo}}
+ <li class="change-row">
+ Data Mask Types:
+ {{this.dataMaskInfo.dataMaskType}}
+ </li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ </div>
+{{/if}}
+
+<!-- Row Filter Policy Items-->
+{{#if newRowFilterPolicyItems}}
+ <h5>Row Level Filter Policy Items :</h5>
+ <div class="diff diff-perms" >
+ <div class="diff-right diff-list" data-id="diff">
+ <h3>New Value</h3>
+ {{#each newRowFilterPolicyItems}}
+ <ol class="unstyled data">
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Users:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{this.users}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Accesses:
+ {{#each this.accesses}}
+ {{this.type}} <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.rowFilterInfo}}
+ <li class="change-row">
+ Row Level Filter:
+ {{this.rowFilterInfo.filterExpr}}
+ </li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ </div>
+{{/if}}
+
</div>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/d21e6bb4/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
index d2a4f80..c2d6c2d 100644
--- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
@@ -70,8 +70,8 @@
{{#if oldPolicyItems}}
<h5>Allow PolicyItems :</h5>
<div class="diff diff-perms">
- <div class="diff-left" data-id="diff">
- <h3>old Value</h3>
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
{{#each oldPolicyItems}}
<ol class="unstyled data">
{{#if this.permissions}}
@@ -113,7 +113,7 @@
</ol><br/>
{{/each}}
</div>
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newPolicyItems}}
<ol class="unstyled data">
@@ -162,8 +162,8 @@
{{#if oldAllowExceptionPolicyItems}}
<h5>Allow Exception PolicyItems :</h5>
<div class="diff diff-perms">
- <div class="diff-left" data-id="diff">
- <h3>old Value</h3>
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
{{#each oldAllowExceptionPolicyItems}}
<ol class="unstyled data">
{{#if this.permissions}}
@@ -205,7 +205,7 @@
</ol><br/>
{{/each}}
</div>
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newAllowExceptionPolicyItems}}
<ol class="unstyled data">
@@ -255,8 +255,8 @@
{{#if oldDenyPolicyItems}}
<h5>Deny PolicyItems :</h5>
<div class="diff diff-perms">
- <div class="diff-left" data-id="diff">
- <h3>old Value</h3>
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
{{#each oldDenyPolicyItems}}
<ol class="unstyled data">
{{#if this.permissions}}
@@ -298,7 +298,7 @@
</ol><br/>
{{/each}}
</div>
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newDenyPolicyItems}}
<ol class="unstyled data">
@@ -349,8 +349,8 @@
{{#if oldDenyExceptionPolicyItems}}
<h5>Deny Exception PolicyItems :</h5>
<div class="diff diff-perms">
- <div class="diff-left" data-id="diff">
- <h3>old Value</h3>
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
{{#each oldDenyExceptionPolicyItems}}
<ol class="unstyled data">
{{#if this.permissions}}
@@ -392,7 +392,7 @@
</ol><br/>
{{/each}}
</div>
- <div class="diff-right" data-id="diff">
+ <div class="diff-right diff-list" data-id="diff">
<h3>New Value</h3>
{{#each newDenyExceptionPolicyItems}}
<ol class="unstyled data">
@@ -438,5 +438,180 @@
</div>
{{/if}}
+<!-- Masking Policy Items -->
+{{#if oldMaskPolicyItems}}
+ <h5>Masking Policy Items :</h5>
+ <div class="diff diff-perms">
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
+ {{#each oldMaskPolicyItems}}
+ <ol class="unstyled data">
+ {{#if this.accesses}}
+ <li class="change-row"><i>Groups</i>:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.groups}}
+ <span class="groupname">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Users</i>:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.users}}
+ <span class="username">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Accesses</i>:
+ {{#each this.accesses}}
+ <span class="perm">{{this.type}}</span> <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.dataMaskInfo}}
+ <li class="change-row">
+ <i>Data Mask Types</i>:
+ <span class="maskingAndRow">{{this.dataMaskInfo.dataMaskType}}</span> <span>,</span>
+ </li>
+ {{/if}}
+ {{else}}
+ <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ <div class="diff-right diff-list" data-id="diff">
+ <h3>New Value</h3>
+ {{#each newMaskPolicyItems}}
+ <ol class="unstyled data">
+ {{#if this.accesses}}
+ <li class="change-row"><i>Groups</i>:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.groups}}
+ <span class="groupname">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Users</i>:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.users}}
+ <span class="username">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Accesses</i>:
+ {{#each this.accesses}}
+ <span class="perm">{{this.type}}</span> <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.dataMaskInfo}}
+ <li class="change-row">
+ <i>Data Mask Types</i>:
+ <span class="maskingAndRow">{{this.dataMaskInfo.dataMaskType}}</span> <span>,</span>
+ </li>
+ {{/if}}
+
+ {{else}}
+ <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ </div>
+ {{/if}}
+
+<!-- Row filter Policy Items-->
+{{#if oldRowFilterPolicyItems}}
+ <h5>Row Level Filter Policy Items :</h5>
+ <div class="diff diff-perms">
+ <div class="diff-left diff-list" data-id="diff">
+ <h3>Old Value</h3>
+ {{#each oldRowFilterPolicyItems}}
+ <ol class="unstyled data">
+ {{#if this.accesses}}
+ <li class="change-row"><i>Groups</i>:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.groups}}
+ <span class="groupname">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Users</i>:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.users}}
+ <span class="username">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Accesses</i>:
+ {{#each this.accesses}}
+ <span class="perm">{{this.type}}</span> <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.rowFilterInfo}}
+ <li class="change-row">
+ <i>Row Level Filter</i>:
+ <span class="maskingAndRow">{{this.rowFilterInfo.filterExpr}}</span> <span>,</span>
+ </li>
+ {{/if}}
+ {{else}}
+ <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ <div class="diff-right diff-list" data-id="diff">
+ <h3>New Value</h3>
+ {{#each newRowFilterPolicyItems}}
+ <ol class="unstyled data">
+ {{#if this.accesses}}
+ <li class="change-row"><i>Groups</i>:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.groups}}
+ <span class="groupname">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Users</i>:
+ {{#if_eq this.users compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.users}}
+ <span class="username">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row"><i>Accesses</i>:
+ {{#each this.accesses}}
+ <span class="perm">{{this.type}}</span> <span>,</span>
+ {{/each}}
+ </li>
+ {{#if this.rowFilterInfo}}
+ <li class="change-row">
+ <i>Row Level Filter</i>:
+ <span class="maskingAndRow">{{this.rowFilterInfo.filterExpr}}</span> <span>,</span>
+ </li>
+ {{/if}}
+
+ {{else}}
+ <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li>
+ {{/if}}
+ </ol><br/>
+ {{/each}}
+ </div>
+ </div>
+ {{/if}}
</div>