You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2018/11/14 18:46:33 UTC

ranger git commit: RANGER-2283 : User is getting total count of groups even if he is assigned to one group due to which pagination is breaking

Repository: ranger
Updated Branches:
  refs/heads/master 4b735de08 -> a7d29df1f


RANGER-2283 : User is getting total count of groups even if he is assigned to one group due to which pagination is breaking

Signed-off-by: Mehul Parikh <me...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/a7d29df1
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/a7d29df1
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/a7d29df1

Branch: refs/heads/master
Commit: a7d29df1f735a102c59079b4dbe7dde0129554f9
Parents: 4b735de
Author: Bhavik Patel <bh...@gmail.com>
Authored: Wed Nov 14 14:23:35 2018 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Thu Nov 15 00:16:19 2018 +0530

----------------------------------------------------------------------
 .../java/org/apache/ranger/biz/XUserMgr.java    | 56 +++++++++---------
 .../apache/ranger/service/XGroupService.java    |  5 ++
 .../org/apache/ranger/biz/TestXUserMgr.java     | 60 ++++++++++++++++++++
 3 files changed, 94 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index ced600f..6eaa448 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -1750,7 +1750,23 @@ public class XUserMgr extends XUserMgrBase {
 	public VXGroupList searchXGroups(SearchCriteria searchCriteria) {
 		VXGroupList vXGroupList= new VXGroupList();
 		VXGroup vXGroupExactMatch = null;
+		VXUser loggedInVXUser = null;
 		try{
+			//In case of user we need to fetch only its associated groups.
+			UserSessionBase userSession = ContextUtil.getCurrentUserSession();
+			if (userSession != null
+					&& userSession.getUserRoleList().size() == 1
+					&& userSession.getUserRoleList().contains(
+							RangerConstants.ROLE_USER)
+					&& userSession.getLoginId() != null) {
+				loggedInVXUser = xUserService.getXUserByUserName(userSession
+						.getLoginId());
+				if (loggedInVXUser != null) {
+					searchCriteria.addParam("userId", loggedInVXUser.getId());
+				}
+
+			}
+			
 			VXGroupList vXGroupListSort= new VXGroupList();
 			if(searchCriteria.getParamList() != null && searchCriteria.getParamList().get("name") != null){
 				searchCriteria.setSortBy("name");
@@ -1776,6 +1792,18 @@ public class XUserMgr extends XUserMgrBase {
 								vXGroupExactMatchwithSearchCriteria = -1;
 							}
 							break;
+						//Its required because we need to filter groups for user role
+						case "userid":
+							if (loggedInVXUser != null) {
+									List<Long> listGroupId = daoManager
+											.getXXGroupUser()
+											.findGroupIdListByUserId(loggedInVXUser.getId());
+									if (!listGroupId.contains(vXGroupExactMatch.getId())) {
+										vXGroupExactMatchwithSearchCriteria = -1;
+									}
+							}
+	
+							break;
 						default:
 							logger.warn("XUserMgr.searchXGroups: unexpected searchCriteriaParam:" + caseKey);
 							break;
@@ -1785,6 +1813,7 @@ public class XUserMgr extends XUserMgrBase {
 					}
 				}
 			}
+			
 			if(vXGroupExactMatchwithSearchCriteria == 1){
 				List<VXGroup> vXGroups = new ArrayList<VXGroup>();
 				if(searchCriteria.getStartIndex() == 0){
@@ -1813,33 +1842,6 @@ public class XUserMgr extends XUserMgrBase {
 			vXGroupList=xGroupService.searchXGroups(searchCriteria);
 		}
 		
-		UserSessionBase userSession = ContextUtil.getCurrentUserSession();
-		if (userSession != null && userSession.getLoginId() != null) {
-			VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession
-					.getLoginId());
-			if (loggedInVXUser != null) {
-				if (loggedInVXUser.getUserRoleList().size() == 1
-						&& loggedInVXUser.getUserRoleList().contains(
-								RangerConstants.ROLE_USER)) {
-
-					List<VXGroup> updatedList = new ArrayList<VXGroup>();
-
-					List<Long> listGroupId = daoManager.getXXGroupUser()
-							.findGroupIdListByUserId(loggedInVXUser.getId());
-
-					for (VXGroup group : vXGroupList.getList()) {
-						if (listGroupId.contains(group.getId())) {
-							updatedList.add(group);
-						}
-					}
-					logger.info("Logged-In user having user role will be able to fetch his own groups details.");
-					vXGroupList.setVXGroups(updatedList);
-
-				}
-			}
-		}
-		
-		
 		if(vXGroupList!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
 			if(vXGroupList!=null && vXGroupList.getListSize()>0){
 				List<VXGroup> listMasked=new ArrayList<VXGroup>();

http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
index 22de05b..3009d36 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
@@ -69,6 +69,11 @@ public class XGroupService extends XGroupServiceBase<XXGroup, VXGroup> {
 
 		searchFields.add(new SearchField("isVisible", "obj.isVisible",
 				SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL ));
+		
+		searchFields.add(new SearchField("userId", "groupUser.userId",
+				SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+				"XXGroupUser groupUser", "obj.id = groupUser.parentGroupId"));
+
 
 		createdByUserId = PropertiesUtil.getLongProperty("ranger.xuser.createdByUserId", 1);
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/a7d29df1/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 4139183..bc69329 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -3478,5 +3478,65 @@ public class TestXUserMgr {
 		Assert.assertEquals(expectedVXGroup.getId(), rcvVXGroup.getId());
 		Assert.assertEquals(expectedVXGroup.getName(), rcvVXGroup.getName());
 	}
+	
+	@Test
+	public void test108RoleUserWillSearchOnlyHisOwnGroupDetails() {
+		destroySession();
+		
+		RangerSecurityContext context = new RangerSecurityContext();
+		context.setUserSession(new UserSessionBase());
+		RangerContextHolder.setSecurityContext(context);
+		UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
+		currentUserSession.setUserAdmin(false);
+		XXPortalUser xXPortalUser = new XXPortalUser();
+		xXPortalUser.setLoginId(userLoginID);
+		xXPortalUser.setId(userId);
+		currentUserSession.setXXPortalUser(xXPortalUser);
+		List<String> permissionList = new ArrayList<String>();
+		permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+		
+		SearchCriteria testSearchCriteria = createsearchCriteria();
+		
+		List<Long> groupIdList = new ArrayList<Long>();
+		groupIdList.add(5L);
+		
+		VXGroup expectedVXGroup = new VXGroup();
+		expectedVXGroup.setId(5L);
+		expectedVXGroup.setName("testGroup");
+		
+		List<VXGroup> grpList = new ArrayList<VXGroup>();
+		grpList.add(expectedVXGroup);
+		
+		
+		VXGroupList expectedVXGroupList = new VXGroupList();
+		expectedVXGroupList.setVXGroups(grpList);
+		
+		VXUser loggedInUser = vxUser();
+		List<String> loggedInUserRole = new ArrayList<String>();
+		loggedInUserRole.add(RangerConstants.ROLE_USER);
+		loggedInUser.setId(8L);
+		loggedInUser.setName("testuser");
+		loggedInUser.setUserRoleList(loggedInUserRole);
+		loggedInUser.setGroupIdList(groupIdList);
+		
+		VXUser vxUser = vxUser();
+		List<String> userRole = new ArrayList<String>();
+		userRole.add(RangerConstants.ROLE_USER);
+		vxUser.setId(8L);
+		vxUser.setName("test3");
+		vxUser.setUserRoleList(userRole);
+		vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
+		Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
+		Mockito.when(xGroupService.searchXGroups(testSearchCriteria)).thenReturn(expectedVXGroupList);
+		XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+		Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
+		Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList);
+
+		VXGroupList rcvVXGroupList = xUserMgr.searchXGroups(testSearchCriteria);
+		Assert.assertNotNull(rcvVXGroupList);
+		
+		Assert.assertEquals(rcvVXGroupList.getList().get(0).getId(),expectedVXGroup.getId());
+		Assert.assertEquals(rcvVXGroupList.getList().get(0).getName(),expectedVXGroup.getName());
+	}
 
 }