You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ni...@apache.org on 2019/10/17 11:42:47 UTC
[ranger] branch master updated: RANGER-2618 : Restrict rolename
change when a policy & another role with that role exist
This is an automated email from the ASF dual-hosted git repository.
nikhil pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new c267ee7 RANGER-2618 : Restrict rolename change when a policy & another role with that role exist
c267ee7 is described below
commit c267ee7ef05078eea77770f7a4701d3189d05ca1
Author: Nikhil P <ni...@apache.org>
AuthorDate: Thu Oct 17 17:08:17 2019 +0530
RANGER-2618 : Restrict rolename change when a policy & another role with that role exist
---
.../main/java/org/apache/ranger/biz/RoleDBStore.java | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
index 0854ff2..213639a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RoleDBStore.java
@@ -122,6 +122,10 @@ public class RoleDBStore implements RoleStore {
throw restErrorUtil.createRESTException("role with id: " + role.getId() + " does not exist");
}
+ if (!role.getName().equals(xxRole.getName())) { // ensure only if role name is changed
+ ensureRoleNameUpdateAllowed(xxRole.getName());
+ }
+
Gson gsonBuilder = new GsonBuilder().setDateFormat("yyyyMMdd-HH:mm:ss.SSS-Z").create();
RangerRole oldRole = gsonBuilder.fromJson(xxRole.getRoleText(), RangerRole.class);
@@ -145,7 +149,21 @@ public class RoleDBStore implements RoleStore {
return role;
}
- @Override
+ private void ensureRoleNameUpdateAllowed(String roleName) throws Exception {
+ boolean roleNotInPolicy = ensureRoleNotInPolicy(roleName);
+ if (!roleNotInPolicy) {
+ throw new Exception(
+ "Rolename for '" + roleName + "' can not be updated as it is referenced in one or more policies");
+ }
+
+ boolean roleNotInOtherRole = ensureRoleNotInRole(roleName);
+ if (!roleNotInOtherRole) {
+ throw new Exception("Rolename for '" + roleName
+ + "' can not be updated as it is referenced in one or more other roles");
+ }
+ }
+
+ @Override
public void deleteRole(String roleName) throws Exception {
XXRole xxRole = daoMgr.getXXRole().findByRoleName(roleName);
if (xxRole == null) {