You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ranger.apache.org by Nitin Galave <ni...@gmail.com> on 2017/09/01 06:06:34 UTC
Review Request 62024: RANGER-1756: User is able to see "Admin" role
user details.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
A 'USER' role user is able to see details of 'ADMIN' role users.
Steps-
1.Create a user 'testuser4'.
2.Give user/group page permission to the user 'testuser4'.
3.Login with 'testuser4'.
4.Go to user/group page and check the list of users.
Expected result: It should just show USER role users.
Actual result: It is showing USER role users and ADMIN role users
Diffs
-----
security-admin/src/main/webapp/scripts/utils/XAUtils.js 1979847
Diff: https://reviews.apache.org/r/62024/diff/1/
Testing
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see which has USER_ROLE.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186458
-----------------------------------------------------------
Ship it!
Ship It!
- Alejandro Fernandez
On Sept. 27, 2017, 11:27 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2017, 11:27 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/4/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nikhil P <ni...@gmail.com>.
> On Sept. 28, 2017, 12:10 a.m., Ramesh Mani wrote:
> > security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
> > Line 361 (original), 370 (patched)
> > <https://reviews.apache.org/r/62024/diff/4/?file=1837429#file1837429line370>
> >
> > will CollectionUtils.size be more 1?, if so change this check CollectionUtils.size(userRolesList) == 1 to CollectionUtils.size(userRolesList) > 0
we dont want code flow to go in if loop if userRolesList size is more than 1.If loop should be executed only when userRolesList contains one entry i.e.ROLE_USER.
- Nikhil
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186457
-----------------------------------------------------------
On Sept. 27, 2017, 4:57 p.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2017, 4:57 p.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/4/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Ramesh Mani <rm...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186457
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Lines 353 (patched)
<https://reviews.apache.org/r/62024/#comment263009>
why you need to create VXUserList() instance, just return the value from xUserMgr.searchXUsers(searchCriteria) as it was earlier.
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Line 361 (original), 370 (patched)
<https://reviews.apache.org/r/62024/#comment263010>
will CollectionUtils.size be more 1?, if so change this check CollectionUtils.size(userRolesList) == 1 to CollectionUtils.size(userRolesList) > 0
- Ramesh Mani
On Sept. 27, 2017, 11:27 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2017, 11:27 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/4/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 29, 2017, 7:12 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Changes
-------
Fix pmd violation and some clean.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
Handle role related restrictions for users having User role.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
Diff: https://reviews.apache.org/r/62024/diff/5/
Changes: https://reviews.apache.org/r/62024/diff/4-5/
Testing
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see only himself.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186416
-----------------------------------------------------------
Fix it, then Ship it!
agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java
Line 74 (original), 74 (patched)
<https://reviews.apache.org/r/62024/#comment262976>
Fix PMD violation - Avoid unused local variable
- Velmurugan Periasamy
On Sept. 27, 2017, 11:27 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 27, 2017, 11:27 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/4/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 27, 2017, 11:27 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Changes
-------
Updated patch with best coding practices.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
Handle role related restrictions for users having User role.
Diffs (updated)
-----
agents-common/src/main/java/org/apache/hadoop/security/SecureClientLogin.java 320a9a4
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
Diff: https://reviews.apache.org/r/62024/diff/4/
Changes: https://reviews.apache.org/r/62024/diff/3-4/
Testing
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see only himself.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Alejandro Fernandez <af...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186293
-----------------------------------------------------------
Fix it, then Ship it!
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Line 358 (original), 367 (patched)
<https://reviews.apache.org/r/62024/#comment262769>
Nitpick here, but should have a space before and after = sign.
Same in line 353 and 382
- Alejandro Fernandez
On Sept. 25, 2017, 5:05 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 25, 2017, 5:05 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/3/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review186269
-----------------------------------------------------------
Ship it!
Ship It!
- Velmurugan Periasamy
On Sept. 25, 2017, 5:05 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 25, 2017, 5:05 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/3/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 25, 2017, 5:05 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Changes
-------
fix unit test case issue.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
Handle role related restrictions for users having User role.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
Diff: https://reviews.apache.org/r/62024/diff/3/
Changes: https://reviews.apache.org/r/62024/diff/2-3/
Testing
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see only himself.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Velmurugan Periasamy <vp...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/#review185830
-----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
Line 351 (original), 357 (patched)
<https://reviews.apache.org/r/62024/#comment262181>
This patch fails unit tests. Can you address the issue and provide an updated patch?
```
Tests run: 112, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 3.92 sec <<< FAILURE! - in org.apache.ranger.rest.TestXUserREST
test24searchXUsers(org.apache.ranger.rest.TestXUserREST) Time elapsed: 0.01 sec <<< ERROR!
java.lang.NullPointerException: null
at org.apache.ranger.rest.XUserREST.searchXUsers(XUserREST.java:357)
at org.apache.ranger.rest.TestXUserREST.test24searchXUsers(TestXUserREST.java:517)
```
- Velmurugan Periasamy
On Sept. 20, 2017, 10:25 a.m., Nitin Galave wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/62024/
> -----------------------------------------------------------
>
> (Updated Sept. 20, 2017, 10:25 a.m.)
>
>
> Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
>
>
> Bugs: RANGER-1756
> https://issues.apache.org/jira/browse/RANGER-1756
>
>
> Repository: ranger
>
>
> Description
> -------
>
> Handle role related restrictions for users having User role.
>
>
> Diffs
> -----
>
> security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
> security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
>
>
> Diff: https://reviews.apache.org/r/62024/diff/2/
>
>
> Testing
> -------
>
> Verified scenario's :
> 1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
> 2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
> 3. A user with role ROLE_USER able to see only himself.
>
>
> Thanks,
>
> Nitin Galave
>
>
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 20, 2017, 10:25 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
Handle role related restrictions for users having User role.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
Diff: https://reviews.apache.org/r/62024/diff/2/
Testing (updated)
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see only himself.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 20, 2017, 6 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Changes
-------
Updated patch with minor changes.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description
-------
Handle role related restrictions for users having User role.
Diffs (updated)
-----
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 739ea05
security-admin/src/main/webapp/scripts/utils/XAUtils.js ecf43ad
Diff: https://reviews.apache.org/r/62024/diff/2/
Changes: https://reviews.apache.org/r/62024/diff/1-2/
Testing (updated)
-------
Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see which has USER_ROLE.
Thanks,
Nitin Galave
Re: Review Request 62024: RANGER-1756: Handle role related
restrictions for users having User role.
Posted by Nitin Galave <ni...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------
(Updated Sept. 7, 2017, 4:25 a.m.)
Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan Periasamy.
Summary (updated)
-----------------
RANGER-1756: Handle role related restrictions for users having User role.
Bugs: RANGER-1756
https://issues.apache.org/jira/browse/RANGER-1756
Repository: ranger
Description (updated)
-------
Handle role related restrictions for users having User role.
Diffs
-----
security-admin/src/main/webapp/scripts/utils/XAUtils.js 1979847
Diff: https://reviews.apache.org/r/62024/diff/1/
Testing (updated)
-------
Thanks,
Nitin Galave