You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/11/14 18:46:33 UTC
ranger git commit: RANGER-2283 : User is getting total count of
groups even if he is assigned to one group due to which pagination is
breaking
Repository: ranger
Updated Branches:
refs/heads/master 4b735de08 -> a7d29df1f
RANGER-2283 : User is getting total count of groups even if he is assigned to one group due to which pagination is breaking
Signed-off-by: Mehul Parikh <me...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a7d29df1
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a7d29df1
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a7d29df1
Branch: refs/heads/master
Commit: a7d29df1f735a102c59079b4dbe7dde0129554f9
Parents: 4b735de
Author: Bhavik Patel <bh...@gmail.com>
Authored: Wed Nov 14 14:23:35 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Nov 15 00:16:19 2018 +0530
----------------------------------------------------------------------
.../java/org/apache/ranger/biz/XUserMgr.java | 56 +++++++++---------
.../apache/ranger/service/XGroupService.java | 5 ++
.../org/apache/ranger/biz/TestXUserMgr.java | 60 ++++++++++++++++++++
3 files changed, 94 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index ced600f..6eaa448 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -1750,7 +1750,23 @@ public class XUserMgr extends XUserMgrBase {
public VXGroupList searchXGroups(SearchCriteria searchCriteria) {
VXGroupList vXGroupList= new VXGroupList();
VXGroup vXGroupExactMatch = null;
+ VXUser loggedInVXUser = null;
try{
+ //In case of user we need to fetch only its associated groups.
+ UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+ if (userSession != null
+ && userSession.getUserRoleList().size() == 1
+ && userSession.getUserRoleList().contains(
+ RangerConstants.ROLE_USER)
+ && userSession.getLoginId() != null) {
+ loggedInVXUser = xUserService.getXUserByUserName(userSession
+ .getLoginId());
+ if (loggedInVXUser != null) {
+ searchCriteria.addParam("userId", loggedInVXUser.getId());
+ }
+
+ }
+
VXGroupList vXGroupListSort= new VXGroupList();
if(searchCriteria.getParamList() != null && searchCriteria.getParamList().get("name") != null){
searchCriteria.setSortBy("name");
@@ -1776,6 +1792,18 @@ public class XUserMgr extends XUserMgrBase {
vXGroupExactMatchwithSearchCriteria = -1;
}
break;
+ //Its required because we need to filter groups for user role
+ case "userid":
+ if (loggedInVXUser != null) {
+ List<Long> listGroupId = daoManager
+ .getXXGroupUser()
+ .findGroupIdListByUserId(loggedInVXUser.getId());
+ if (!listGroupId.contains(vXGroupExactMatch.getId())) {
+ vXGroupExactMatchwithSearchCriteria = -1;
+ }
+ }
+
+ break;
default:
logger.warn("XUserMgr.searchXGroups: unexpected searchCriteriaParam:" + caseKey);
break;
@@ -1785,6 +1813,7 @@ public class XUserMgr extends XUserMgrBase {
}
}
}
+
if(vXGroupExactMatchwithSearchCriteria == 1){
List<VXGroup> vXGroups = new ArrayList<VXGroup>();
if(searchCriteria.getStartIndex() == 0){
@@ -1813,33 +1842,6 @@ public class XUserMgr extends XUserMgrBase {
vXGroupList=xGroupService.searchXGroups(searchCriteria);
}
- UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- if (userSession != null && userSession.getLoginId() != null) {
- VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
- .getLoginId());
- if (loggedInVXUser != null) {
- if (loggedInVXUser.getUserRoleList().size() == 1
- && loggedInVXUser.getUserRoleList().contains(
- RangerConstants.ROLE_USER)) {
-
- List<VXGroup> updatedList = new ArrayList<VXGroup>();
-
- List<Long> listGroupId = daoManager.getXXGroupUser()
- .findGroupIdListByUserId(loggedInVXUser.getId());
-
- for (VXGroup group : vXGroupList.getList()) {
- if (listGroupId.contains(group.getId())) {
- updatedList.add(group);
- }
- }
- logger.info("Logged-In user having user role will be able to fetch his own groups details.");
- vXGroupList.setVXGroups(updatedList);
-
- }
- }
- }
-
-
if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
if(vXGroupList!=null && vXGroupList.getListSize()>0){
List<VXGroup> listMasked=new ArrayList<VXGroup>();
http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
index 22de05b..3009d36 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
@@ -69,6 +69,11 @@ public class XGroupService extends XGroupServiceBase<XXGroup, VXGroup> {
searchFields.add(new SearchField("isVisible", "obj.isVisible",
SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL ));
+
+ searchFields.add(new SearchField("userId", "groupUser.userId",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+ "XXGroupUser groupUser", "obj.id = groupUser.parentGroupId"));
+
createdByUserId = PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1);
http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 4139183..bc69329 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -3478,5 +3478,65 @@ public class TestXUserMgr {
Assert.assertEquals(expectedVXGroup.getId(), rcvVXGroup.getId());
Assert.assertEquals(expectedVXGroup.getName(), rcvVXGroup.getName());
}
+
+ @Test
+ public void test108RoleUserWillSearchOnlyHisOwnGroupDetails() {
+ destroySession();
+
+ RangerSecurityContext context = new RangerSecurityContext();
+ context.setUserSession(new UserSessionBase());
+ RangerContextHolder.setSecurityContext(context);
+ UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+ currentUserSession.setUserAdmin(false);
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId(userLoginID);
+ xXPortalUser.setId(userId);
+ currentUserSession.setXXPortalUser(xXPortalUser);
+ List<String> permissionList = new ArrayList<String>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+
+ SearchCriteria testSearchCriteria = createsearchCriteria();
+
+ List<Long> groupIdList = new ArrayList<Long>();
+ groupIdList.add(5L);
+
+ VXGroup expectedVXGroup = new VXGroup();
+ expectedVXGroup.setId(5L);
+ expectedVXGroup.setName("testGroup");
+
+ List<VXGroup> grpList = new ArrayList<VXGroup>();
+ grpList.add(expectedVXGroup);
+
+
+ VXGroupList expectedVXGroupList = new VXGroupList();
+ expectedVXGroupList.setVXGroups(grpList);
+
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_USER);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+ loggedInUser.setGroupIdList(groupIdList);
+
+ VXUser vxUser = vxUser();
+ List<String> userRole = new ArrayList<String>();
+ userRole.add(RangerConstants.ROLE_USER);
+ vxUser.setId(8L);
+ vxUser.setName("test3");
+ vxUser.setUserRoleList(userRole);
+ vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+ Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+ Mockito.when(xGroupService.searchXGroups(testSearchCriteria)).thenReturn(expectedVXGroupList);
+ XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+ Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
+ Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList);
+
+ VXGroupList rcvVXGroupList = xUserMgr.searchXGroups(testSearchCriteria);
+ Assert.assertNotNull(rcvVXGroupList);
+
+ Assert.assertEquals(rcvVXGroupList.getList().get(0).getId(),expectedVXGroup.getId());
+ Assert.assertEquals(rcvVXGroupList.getList().get(0).getName(),expectedVXGroup.getName());
+ }
}