You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/07 15:55:05 UTC
[3/3] incubator-ranger git commit: RANGER-250 : Build a permission
model with Ranger Admin portal
RANGER-250 : Build a permission model with Ranger Admin portal
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a263431a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a263431a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a263431a
Branch: refs/heads/master
Commit: a263431a5aed18a668fd93e6e3fa17341db64800
Parents: 0711abe
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Apr 7 11:23:24 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Apr 7 09:50:39 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 49 +++
.../java/org/apache/ranger/biz/UserMgr.java | 34 ++
.../java/org/apache/ranger/biz/XUserMgr.java | 349 +++++++++++++++++--
.../org/apache/ranger/biz/XUserMgrBase.java | 41 +++
.../org/apache/ranger/common/AppConstants.java | 15 +-
.../apache/ranger/common/RangerCommonEnums.java | 8 +
.../apache/ranger/common/RangerConstants.java | 308 ++++++++--------
.../ranger/credentialapi/CredentialReader.java | 2 +-
.../apache/ranger/db/RangerDaoManagerBase.java | 31 +-
.../apache/ranger/db/XXGroupPermissionDao.java | 86 +++++
.../org/apache/ranger/db/XXModuleDefDao.java | 101 ++++++
.../org/apache/ranger/db/XXPortalUserDao.java | 41 ++-
.../apache/ranger/db/XXUserPermissionDao.java | 102 ++++++
.../apache/ranger/entity/XXGroupPermission.java | 144 ++++++++
.../org/apache/ranger/entity/XXModuleDef.java | 112 ++++++
.../apache/ranger/entity/XXUserPermission.java | 151 ++++++++
.../patch/PatchPersmissionModel_J10003.java | 50 +++
.../java/org/apache/ranger/rest/XUserREST.java | 200 ++++++++++-
.../RangerSecurityContextFormationFilter.java | 277 ++++++++-------
.../org/apache/ranger/service/UserService.java | 5 +
.../ranger/service/XGroupPermissionService.java | 55 +++
.../service/XGroupPermissionServiceBase.java | 60 ++++
.../ranger/service/XModuleDefService.java | 99 ++++++
.../ranger/service/XModuleDefServiceBase.java | 78 +++++
.../ranger/service/XUserPermissionService.java | 57 +++
.../service/XUserPermissionServiceBase.java | 61 ++++
.../apache/ranger/view/VXGroupPermission.java | 129 +++++++
.../ranger/view/VXGroupPermissionList.java | 61 ++++
.../org/apache/ranger/view/VXModuleDef.java | 158 +++++++++
.../org/apache/ranger/view/VXModuleDefList.java | 62 ++++
.../org/apache/ranger/view/VXPortalUser.java | 29 ++
.../apache/ranger/view/VXUserPermission.java | 147 ++++++++
.../ranger/view/VXUserPermissionList.java | 61 ++++
.../resources/META-INF/jpa_named_queries.xml | 95 +++++
.../collection_bases/UserPermissionListBase.js | 64 ++++
.../collection_bases/VXModuleDefListBase.js | 64 ++++
.../scripts/collections/UserPermissionList.js | 34 ++
.../scripts/collections/VXModuleDefList.js | 34 ++
.../webapp/scripts/controllers/Controller.js | 58 ++-
.../scripts/model_bases/UserPermissionBase.js | 59 ++++
.../scripts/model_bases/VXModuleDefBase.js | 59 ++++
.../webapp/scripts/models/UserPermission.js | 70 ++++
.../main/webapp/scripts/models/VXModuleDef.js | 70 ++++
.../src/main/webapp/scripts/modules/XALinks.js | 18 +-
.../scripts/modules/globalize/message/en.js | 8 +-
.../main/webapp/scripts/prelogin/XAPrelogin.js | 4 +-
.../src/main/webapp/scripts/routers/Router.js | 7 +-
.../src/main/webapp/scripts/utils/XAGlobals.js | 9 +-
.../src/main/webapp/scripts/utils/XAUtils.js | 62 +++-
.../views/permissions/ModulePermissionCreate.js | 199 +++++++++++
.../views/permissions/ModulePermissionForm.js | 274 +++++++++++++++
.../views/permissions/ModulePermsTableLayout.js | 245 +++++++++++++
security-admin/src/main/webapp/styles/xa.css | 5 +-
.../webapp/templates/common/TopNav_tmpl.html | 15 +-
.../main/webapp/templates/helpers/XAHelpers.js | 11 +
.../ModulePermissionCreate_tmpl.html | 28 ++
.../permissions/ModulePermissionForm_tmpl.html | 61 ++++
.../ModulePermsTableLayout_tmpl.html | 27 ++
58 files changed, 4402 insertions(+), 341 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
new file mode 100644
index 0000000..63376b4
--- /dev/null
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -0,0 +1,49 @@
+DROP TABLE IF EXISTS `x_modules_master`;
+CREATE TABLE `x_modules_master` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `module` varchar(1024) NOT NULL,
+ `url` varchar(1024) NOT NULL,
+ PRIMARY KEY (`id`)
+);
+
+
+INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,13,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData');
+
+
+DROP TABLE IF EXISTS `x_user_module_perm`;
+
+CREATE TABLE `x_user_module_perm` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `user_id` bigint(20) NULL DEFAULT NULL,
+ `module_id` bigint(20) NULL DEFAULT NULL,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `is_allowed` int(11) NOT NULL DEFAULT '1',
+ PRIMARY KEY (`id`),
+ KEY `x_user_module_perm_IDX_module_id` (`module_id`),
+ KEY `x_user_module_perm_FK_user_id` (`user_id`),
+ CONSTRAINT `x_user_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `x_user_module_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ;
+
+DROP TABLE IF EXISTS `x_group_module_perm`;
+
+CREATE TABLE `x_group_module_perm` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `group_id` bigint(20) NULL DEFAULT NULL,
+ `module_id` bigint(20) NULL DEFAULT NULL,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `is_allowed` int(11) NOT NULL DEFAULT '1',
+ PRIMARY KEY (`id`),
+ KEY `x_group_module_perm_FK_group_id` (`group_id`),
+ KEY `x_group_module_perm_FK_module_id` (`module_id`)
+) ;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 2b2178b..f2c7e5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -41,15 +41,21 @@ import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroupPermission;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.service.XUserPermissionService;
+import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXPasswordChange;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXPortalUserList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXUserPermission;
import org.apache.velocity.Template;
import org.apache.velocity.app.VelocityEngine;
import org.springframework.beans.factory.annotation.Autowired;
@@ -95,6 +101,12 @@ public class UserMgr {
@Autowired
XPortalUserService xPortalUserService;
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
String publicRoles[] = new String[] { RangerConstants.ROLE_USER,
RangerConstants.ROLE_OTHER };
@@ -587,6 +599,7 @@ public class UserMgr {
userProfile.setLoginId(user.getLoginId());
userProfile.setStatus(user.getStatus());
userProfile.setUserRoleList(new ArrayList<String>());
+
String emailAddress = user.getEmailAddress();
if (emailAddress != null && stringUtil.validateEmail(emailAddress)) {
@@ -607,6 +620,25 @@ public class UserMgr {
if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
userProfile.setId(user.getId());
+ List<XXUserPermission> xUserPermissions=daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId());
+ List<XXGroupPermission> xxGroupPermissions=daoManager.getXXGroupPermission().findbyVXPoratUserId(userProfile.getId());
+
+ List<VXGroupPermission> groupPermissions=new ArrayList<VXGroupPermission>();
+ List<VXUserPermission> vxUserPermissions=new ArrayList<VXUserPermission>();
+ for(XXGroupPermission xxGroupPermission:xxGroupPermissions)
+ {
+ VXGroupPermission groupPermission=xGroupPermissionService.populateViewBean(xxGroupPermission);
+ groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule());
+ groupPermissions.add(groupPermission);
+ }
+ for(XXUserPermission xUserPermission: xUserPermissions)
+ {
+ VXUserPermission vXUserPermission=xUserPermissionService.populateViewBean(xUserPermission);
+ vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule());
+ vxUserPermissions.add(vXUserPermission);
+ }
+ userProfile.setGroupPermissions(groupPermissions);
+ userProfile.setUserPermList(vxUserPermissions);
userProfile.setFirstName(user.getFirstName());
userProfile.setLastName(user.getLastName());
userProfile.setPublicScreenName(user.getPublicScreenName());
@@ -663,6 +695,7 @@ public class UserMgr {
// Get total count first
Query query = createUserSearchQuery(countQueryStr, null, searchCriteria);
Long count = (Long) query.getSingleResult();
+ int resultSize=Integer.parseInt(count.toString());
if (count == null || count.longValue() == 0) {
return returnList;
}
@@ -725,6 +758,7 @@ public class UserMgr {
objectList.add(userProfile);
}
+ returnList.setResultSize(resultSize);
returnList.setPageSize(query.getMaxResults());
returnList.setSortBy(sortBy);
returnList.setSortType(querySortType);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 1051991..4804dc7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -28,11 +28,19 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-
import org.apache.commons.collections.CollectionUtils;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.service.XGroupPermissionService;
+import org.apache.ranger.service.XModuleDefService;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.service.XUserPermissionService;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXUserPermission;
import org.apache.log4j.Logger;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
@@ -42,6 +50,7 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXGroupUserDao;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.service.XGroupService;
@@ -62,6 +71,10 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
XUserService xUserService;
+
+ @Autowired
+ XGroupService xGroupService;
+
@Autowired
RangerBizUtil msBizUtil;
@@ -75,7 +88,17 @@ public class XUserMgr extends XUserMgrBase {
RangerBizUtil xaBizUtil;
@Autowired
- XGroupService xGroupService;
+ XModuleDefService xModuleDefService;
+
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
static final Logger logger = Logger.getLogger(XUserMgr.class);
@@ -114,7 +137,7 @@ public class XUserMgr extends XUserMgrBase {
// XXUser xUser = daoManager.getXXUser().getById(id);
daoManager.getXXUser().remove(id);
- //applicationCache.removeUserID(id);
+ // applicationCache.removeUserID(id);
// Not Supported So Far
// List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
// xUserService.populateViewBean(xUser), "delete");
@@ -149,13 +172,17 @@ public class XUserMgr extends XUserMgrBase {
vXPortalUser.setFirstName(vXUser.getFirstName());
vXPortalUser.setLastName(vXUser.getLastName());
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
- vXPortalUser.setPublicScreenName(vXUser.getFirstName() +" "+ vXUser.getLastName());
+ vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " "
+ + vXUser.getLastName());
vXPortalUser.setPassword(actualPassword);
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
vXPortalUser = userMgr.createDefaultAccountUser(vXPortalUser);
+
VXUser createdXUser = xUserService.createResource(vXUser);
+
+
createdXUser.setPassword(actualPassword);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
createdXUser, "create");
@@ -182,8 +209,97 @@ public class XUserMgr extends XUserMgrBase {
//
xaBizUtil.createTrxLog(trxLogList);
+ assignPermissionToUser(vXPortalUser,true);
+
return createdXUser;
}
+ //Assigning Permission
+ @SuppressWarnings("unused")
+ private void assignPermissionToUser(VXPortalUser vXPortalUser,boolean isCreate)
+ {
+ HashMap<String, Long> moduleNameId=getModelNames();
+
+
+
+
+ for(String role:vXPortalUser.getUserRoleList())
+ {
+
+ if(role.equals(RangerConstants.ROLE_USER))
+ {
+
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
+ }
+ else if(role.equals(RangerConstants.ROLE_SYS_ADMIN))
+ {
+
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_KMS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_PERMISSION),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ }
+
+ }
+ }
+ //Insert or Updating Mapping permissons depending upon roles
+ private void insertMappingXUserPermisson(Long userId,Long moduleId,boolean isCreate)
+ {
+ VXUserPermission vXuserPermission;
+ List<XXUserPermission> xuserPermissionList = daoManager
+ .getXXUserPermission().findByModuleIdAndUserId(userId, moduleId);
+ if(xuserPermissionList==null || xuserPermissionList.isEmpty())
+ {
+ vXuserPermission=new VXUserPermission();
+ vXuserPermission.setUserId(userId);
+ vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
+ vXuserPermission.setModuleId(moduleId);
+ try
+ {
+ xUserPermissionService.createResource(vXuserPermission);
+ }
+ catch(Exception e)
+ {
+ System.out.println(e);
+ }
+ }
+ else if(isCreate)
+ {
+ for(XXUserPermission xUserPermission:xuserPermissionList)
+ {
+ vXuserPermission=xUserPermissionService.populateViewBean(xUserPermission);
+ vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
+ xUserPermissionService.updateResource(vXuserPermission);
+ }
+ }
+
+ }
+ @SuppressWarnings("unused")
+ public HashMap<String, Long> getModelNames()
+ {
+ List<XXModuleDef> xxModuleDefs=daoManager.getXXModuleDef().findModuleNamesWithIds();
+ if(xxModuleDefs.isEmpty() || xxModuleDefs!=null)
+ {
+ HashMap<String, Long> moduleNameId=new HashMap<String, Long>();
+ try
+ {
+
+ for(XXModuleDef xxModuleDef:xxModuleDefs)
+ {
+ moduleNameId.put(xxModuleDef.getModule(), xxModuleDef.getId());
+ }
+ return moduleNameId;
+ }
+ catch(Exception e)
+ {
+ logger.error(e);
+ }
+ }
+
+ return null;
+ }
private VXGroupUser createXGroupUser(Long userId, Long groupId) {
VXGroupUser vXGroupUser = new VXGroupUser();
@@ -200,12 +316,11 @@ public class XUserMgr extends XUserMgrBase {
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser
.getName());
VXPortalUser vXPortalUser = new VXPortalUser();
- if(oldUserProfile!=null && oldUserProfile.getId()!=null){
+ if (oldUserProfile != null && oldUserProfile.getId() != null) {
vXPortalUser.setId(oldUserProfile.getId());
}
// TODO : There is a possibility that old user may not exist.
-
-
+
vXPortalUser.setFirstName(vXUser.getFirstName());
vXPortalUser.setLastName(vXUser.getLastName());
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
@@ -225,15 +340,15 @@ public class XUserMgr extends XUserMgrBase {
Collection<Long> groupIdList = vXUser.getGroupIdList();
XXPortalUser xXPortalUser = new XXPortalUser();
- xXPortalUser=userMgr.updateUserWithPass(vXPortalUser);
+ xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
Collection<String> roleList = new ArrayList<String>();
- if(xXPortalUser!=null){
- roleList=userMgr.getRolesForUser(xXPortalUser);
+ if (xXPortalUser != null) {
+ roleList = userMgr.getRolesForUser(xXPortalUser);
}
- if(roleList==null || roleList.size()==0){
+ if (roleList == null || roleList.size() == 0) {
roleList.add(RangerConstants.ROLE_USER);
- }
-
+ }
+
// TODO I've to get the transaction log from here.
// There is nothing to log anything in XXUser so far.
vXUser = xUserService.updateResource(vXUser);
@@ -313,34 +428,36 @@ public class XUserMgr extends XUserMgrBase {
return vXUser;
}
-
- public VXUserGroupInfo createXUserGroupFromMap(VXUserGroupInfo vXUserGroupInfo) {
-
+
+ public VXUserGroupInfo createXUserGroupFromMap(
+ VXUserGroupInfo vXUserGroupInfo) {
+
VXUserGroupInfo vxUGInfo = new VXUserGroupInfo();
-
+
VXUser vXUser = vXUserGroupInfo.getXuserInfo();
-
+
vXUser = xUserService.createXUserWithOutLogin(vXUser);
-
+
vxUGInfo.setXuserInfo(vXUser);
-
+
List<VXGroup> vxg = new ArrayList<VXGroup>();
-
- for(VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()){
+
+ for (VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()) {
VXGroup VvXGroup = xGroupService.createXGroupWithOutLogin(vXGroup);
vxg.add(VvXGroup);
VXGroupUser vXGroupUser = new VXGroupUser();
vXGroupUser.setUserId(vXUser.getId());
vXGroupUser.setName(VvXGroup.getName());
- vXGroupUser = xGroupUserService.createXGroupUserWithOutLogin(vXGroupUser);
+ vXGroupUser = xGroupUserService
+ .createXGroupUserWithOutLogin(vXGroupUser);
}
-
+
vxUGInfo.setXgroupInfo(vxg);
-
+
return vxUGInfo;
}
- public VXUser createXUserWithOutLogin(VXUser vXUser) {
+ public VXUser createXUserWithOutLogin(VXUser vXUser) {
return xUserService.createXUserWithOutLogin(vXUser);
}
@@ -534,4 +651,178 @@ public class XUserMgr extends XUserMgrBase {
vObj = xGroupService.updateResource(vObj);
}
}
+ public void checkPermissionRoleByGivenUrls(String enteredURL,String method)
+ {
+ Long currentUserId=ContextUtil.getCurrentUserId();
+ List<String> notPermittedUrls=daoManager.getXXModuleDef().findModuleURLOfPemittedModules(currentUserId);
+ if(notPermittedUrls!=null )
+ {
+
+ boolean flag=false;
+ for(String notPermittedUrl:notPermittedUrls)
+ {
+ if(enteredURL.toLowerCase().contains(notPermittedUrl.toLowerCase()))
+ flag=true;
+ }
+ List<XXPortalUserRole> xPortalUserRoles=daoManager.getXXPortalUserRole().findByUserId(currentUserId);
+ for(XXPortalUserRole xPortalUserRole:xPortalUserRoles)
+ {
+ if(xPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_USER)&& !method.equalsIgnoreCase("GET"))
+ {
+ flag=true;
+ }
+ }
+ if(flag)
+ {
+ throw restErrorUtil.create403RESTException("Access Denied");
+ }
+ }
+ }
+ public List<VXPortalUser> updateExistingUserExisting()
+ {
+ List<XXPortalUser> allPortalUser=daoManager.getXXPortalUser().findAllXPortalUser();
+ List<VXPortalUser> vPortalUsers= new ArrayList<VXPortalUser>();
+ for(XXPortalUser xPortalUser:allPortalUser)
+ {
+ VXPortalUser vPortalUser =xPortalUserService.populateViewBean(xPortalUser);
+ vPortalUsers.add(vPortalUser);
+ vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
+ assignPermissionToUser(vPortalUser,false);
+ }
+
+ return vPortalUsers;
+
+ }
+
+ // Module permissions
+ public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xModuleDefService.createResource(vXModuleDef);
+ }
+
+ public VXModuleDef getXModuleDefPermission(Long id) {
+ return xModuleDefService.readResource(id);
+ }
+
+ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
+ List<VXGroupPermission> groupPermListNew = vXModuleDef
+ .getGroupPermList();
+ List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList();
+
+ List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>();
+ List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>();
+ XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(
+ vXModuleDef.getId());
+ VXModuleDef vModuleDefPopulateOld = xModuleDefService
+ .populateViewBean(xModuleDef);
+
+ List<XXGroupPermission> xgroupPermissionList = daoManager
+ .getXXGroupPermission().findByModuleId(vXModuleDef.getId(),true);
+
+ for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
+ VXGroupPermission vXGrpPerm = xGroupPermissionService
+ .populateViewBean(xGrpPerm);
+ groupPermListOld.add(vXGrpPerm);
+ }
+ vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
+
+ List<XXUserPermission> xuserPermissionList = daoManager
+ .getXXUserPermission().findByModuleId(vXModuleDef.getId(),true);
+
+ for (XXUserPermission xUserPerm : xuserPermissionList) {
+ VXUserPermission vUserPerm = xUserPermissionService
+ .populateViewBean(xUserPerm);
+ userPermListOld.add(vUserPerm);
+ }
+ vModuleDefPopulateOld.setUserPermList(userPermListOld);
+
+ if (groupPermListOld != null && groupPermListNew != null) {
+ for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
+
+ boolean isExist = false;
+
+ for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
+ if (newVXGroupPerm.getModuleId().equals(
+ oldVXGroupPerm.getModuleId())
+ && newVXGroupPerm.getGroupId().equals(
+ oldVXGroupPerm.getGroupId())) {
+ oldVXGroupPerm.setIsAllowed(newVXGroupPerm
+ .getIsAllowed());
+ oldVXGroupPerm = xGroupPermissionService
+ .updateResource(oldVXGroupPerm);
+ isExist = true;
+ }
+ }
+ if (!isExist) {
+ newVXGroupPerm = xGroupPermissionService
+ .createResource(newVXGroupPerm);
+ }
+ }
+ }
+
+ if (userPermListOld != null && userPermListNew != null) {
+ for (VXUserPermission newVXUserPerm : userPermListNew) {
+
+ boolean isExist = false;
+ for (VXUserPermission oldVXUserPerm : userPermListOld) {
+ if (newVXUserPerm.getModuleId().equals(
+ oldVXUserPerm.getModuleId())
+ && newVXUserPerm.getUserId().equals(
+ oldVXUserPerm.getUserId())) {
+ oldVXUserPerm
+ .setIsAllowed(newVXUserPerm.getIsAllowed());
+ oldVXUserPerm = xUserPermissionService
+ .updateResource(oldVXUserPerm);
+ isExist = true;
+ }
+ }
+ if (!isExist) {
+ newVXUserPerm = xUserPermissionService
+ .createResource(newVXUserPerm);
+
+ }
+ }
+ }
+ return xModuleDefService.updateResource(vXModuleDef);
+ }
+
+ public void deleteXModuleDefPermission(Long id, boolean force) {
+ xModuleDefService.deleteResource(id);
+ }
+
+ // User permission
+ public VXUserPermission createXUserPermission(VXUserPermission vXUserPermission) {
+ return xUserPermissionService.createResource(vXUserPermission);
+ }
+
+ public VXUserPermission getXUserPermission(Long id) {
+ return xUserPermissionService.readResource(id);
+ }
+
+ public VXUserPermission updateXUserPermission(
+ VXUserPermission vXUserPermission) {
+
+ return xUserPermissionService.updateResource(vXUserPermission);
+ }
+
+ public void deleteXUserPermission(Long id, boolean force) {
+ xUserPermissionService.deleteResource(id);
+ }
+
+ // Group permission
+ public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
+ return xGroupPermissionService.createResource(vXGroupPermission);
+ }
+
+ public VXGroupPermission getXGroupPermission(Long id) {
+ return xGroupPermissionService.readResource(id);
+ }
+
+ public VXGroupPermission updateXGroupPermission(VXGroupPermission vXGroupPermission) {
+ return xGroupPermissionService.updateResource(vXGroupPermission);
+ }
+
+ public void deleteXGroupPermission(Long id, boolean force) {
+ xGroupPermissionService.deleteResource(id);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
index b20ce31..a89bf8d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
@@ -24,9 +24,12 @@ import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.service.XAuditMapService;
import org.apache.ranger.service.XGroupGroupService;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XGroupUserService;
+import org.apache.ranger.service.XModuleDefService;
import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
@@ -34,13 +37,16 @@ import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupGroup;
import org.apache.ranger.view.VXGroupGroupList;
import org.apache.ranger.view.VXGroupList;
+import org.apache.ranger.view.VXGroupPermissionList;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXModuleDefList;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
import org.apache.ranger.view.VXUser;
import org.apache.ranger.view.VXUserList;
+import org.apache.ranger.view.VXUserPermissionList;
import org.springframework.beans.factory.annotation.Autowired;
public class XUserMgrBase {
@@ -62,6 +68,15 @@ public class XUserMgrBase {
@Autowired
XPermMapService xPermMapService;
+ @ Autowired
+ XModuleDefService xModuleDefService;
+
+ @ Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @ Autowired
+ XGroupPermissionService xGroupPermissionService;
+
@Autowired
XAuditMapService xAuditMapService;
public VXGroup getXGroup(Long id){
@@ -262,4 +277,30 @@ public class XUserMgrBase {
xAuditMapService.searchFields);
}
+ public VXModuleDefList searchXModuleDef(SearchCriteria searchCriteria) {
+ return xModuleDefService.searchModuleDef(searchCriteria);
+ }
+
+ public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) {
+ return xUserPermissionService.searchXUserPermission(searchCriteria);
+ }
+
+ public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) {
+ return xGroupPermissionService.searchXGroupPermission(searchCriteria);
+ }
+
+ public VXLong getXModuleDefSearchCount(SearchCriteria searchCriteria) {
+ return xModuleDefService.getSearchCount(searchCriteria,
+ xModuleDefService.searchFields);
+ }
+
+ public VXLong getXUserPermissionSearchCount(SearchCriteria searchCriteria) {
+ return xUserPermissionService.getSearchCount(searchCriteria,
+ xUserPermissionService.searchFields);
+ }
+
+ public VXLong getXGroupPermissionSearchCount(SearchCriteria searchCriteria){
+ return xGroupPermissionService.getSearchCount(searchCriteria,
+ xGroupPermissionService.searchFields);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index b85f975..a5ecff7 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -507,9 +507,22 @@ public class AppConstants extends RangerCommonEnums {
public static final int CLASS_TYPE_XA_SERVICE_DEF = 1033;
/**
+ * CLASS_TYPE_RANGER_MODULE_DEF is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_MODULE_DEF".
+ */
+ public static final int CLASS_TYPE_RANGER_MODULE_DEF = 1034;
+ /**
+ * CLASS_TYPE_RANGER_USER_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_USER_PERMISSION".
+ */
+ public static final int CLASS_TYPE_RANGER_USER_PERMISSION = 1035;
+ /**
+ * CLASS_TYPE_RANGER_GROUP_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_GROUP_PERMISSION".
+ */
+ public static final int CLASS_TYPE_RANGER_GROUP_PERMISSION = 1036;
+
+ /**
* Max value for enum ClassTypes_MAX
*/
- public static final int ClassTypes_MAX = 1033;
+ public static final int ClassTypes_MAX = 1036;
/***************************************************************
* Enum values for Default SortOrder
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
index c02998d..701847f 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
@@ -27,6 +27,14 @@
public class RangerCommonEnums {
/***************************************************************
+ * Enum values for AllowedPermission
+ **************************************************************/
+ /**
+ * IS_ALLOWED is an element of enum AllowedPermission. Its value is "IS_ALLOWED".
+ */
+ public static final int IS_ALLOWED = 1;
+
+ /***************************************************************
* Enum values for VisibilityStatus
**************************************************************/
/**
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
index b09b21a..77b51db 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
@@ -17,153 +17,161 @@
* under the License.
*/
- /**
- *
- */
-
-package org.apache.ranger.common;
-
-public class RangerConstants extends RangerCommonEnums {
-
- // Default Roles
- public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN";
- public final static String ROLE_ADMIN = "ROLE_ADMIN";
- public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR";
- public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST";
- public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR";
-
- public final static String ROLE_USER = "ROLE_USER";
- public final static String ROLE_ANON = "ROLE_ANON";
- public final static String ROLE_OTHER = "ROLE_OTHER";
- public final static String GROUP_PUBLIC = "public";
- // Action constants
- public final static String ACTION_EDIT = "edit";
- public final static String ACTION_CHANGE = "change";
- public final static String ACTION_DELETE = "delete";
- public final static String ACTION_MARK_SPAM = "mark_spam";
- public final static String ACTION_RATE = "rate";
- public final static String ACTION_SELECT = "select";
- public final static String ACTION_UNSELECT = "unselect";
- public final static String ACTION_HIDE = "hide";
- public final static String ACTION_UNHIDE = "unhide";
- public final static String ACTION_SHARE = "share";
- public final static String ACTION_UNSHARE = "unshare";
- public final static String ACTION_BOOKMARK = "bookmark";
- public final static String ACTION_UNBOOKMARK = "unbookmark";
-
- // Sendgrid email API constants
- public static final String SENDGRID_API_USER = "api_user";
- public static final String SENDGRID_API_KEY = "api_key";
- public static final String SENDGRID_TO = "to";
- public static final String SENDGRID_TO_NAME = "toname";
- public static final String SENDGRID_SUBJECT = "subject";
- public static final String SENDGRID_TEXT = "text";
- public static final String SENDGRID_HTML = "html";
- public static final String SENDGRID_FROM_EMAIL = "from";
- public static final String SENDGRID_FROM_NAME = "fromname";
- public static final String SENDGRID_BCC = "bcc";
- public static final String SENDGRID_CC = "cc";
- public static final String SENDGRID_REPLY_TO = "replyto";
-
- // User create validation errors
- public enum ValidationUserProfile {
-
- NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr",
- "Email address not provided"), INVALID_EMAIL_ADDR(
- "xa.validation.userprofile.userprofile.invalid_email_addr",
- "Invalid email address"), NO_FIRST_NAME(
- "xa.validation.userprofile.userprofile.no_first_name",
- "First name not provided"), INVALID_FIRST_NAME(
- "xa.validation.userprofile.invalid_first_name",
- "Invalid first name"), NO_LAST_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), INVALID_LAST_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), NO_PUBLIC_SCREEN_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided");
-
- String rbKey;
- String message;
-
- ValidationUserProfile(String rbKey, String message) {
- this.rbKey = rbKey;
- this.message = message;
- }
- };
-
- // these constants will be used in setting GjResponse object.
-
- public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>.";
- public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0;
-
- public final static String USER_APPROVAL_MSG = "User is approved";
- public final static int USER_APPROVAL_STATUS_CODE = 1;
-
- public final static String USER_REJECTION_MSG = "User is rejected";
- public final static int USER_REJECTION_STATUS_CODE = 1;
-
- public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected";
- public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0;
-
- public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'";
- public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0;
-
- public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first.";
- public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0;
-
- public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address";
- public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0;
-
- public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code";
- public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0;
-
- public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address";
- public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1;
-
- public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:";
- public final static String NO_ACTIVATION_ENTRY = "activation entry not found";
-
- public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for";
- public final static int VALIDATION_INVALID_DATA_CODE = 0;
- public static final String GROUP_MODERATORS = "GROUP_MODERATORS";
-
- // public final static String EMAIL_WELCOME_MSG =
- // "Welcome to iSchoolCircle";
- // public final static String EMAIL_LINK_WELCOME_MSG =
- // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: ";
- // public static final String EMAIL_EDIT_REJECTED_MSG =
- // "Your changes not approved for public sharing.";
- // public static final String EMAIL_APPROVAL_NEEDED_MSG =
- // "New objects pending approval";
- // public static final String EMAIL_PWD_RESET_CODE_MSG =
- // "iSchoolCircle - Password Reset";
-
- public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request";
-
- public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password";
- public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from";
- public static final int INITIAL_DOCUMENT_VERSION = 1;
-
- public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0;
- public static final int EMAIL_TYPE_USER_CREATE = 1;
- public static final int EMAIL_TYPE_USER_ACCT_ADD = 2;
- public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3;
- public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4;
- public static final int EMAIL_TYPE_NOTE_CREATE = 5;
- public static final int EMAIL_TYPE_TASK_CREATE = 6;
- public static final int EMAIL_TYPE_USER_PASSWORD = 7;
- public static final int EMAIL_TYPE_USER_ACTIVATION = 8;
- public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9;
- public static final int EMAIL_TYPE_USER_GRP_ADD = 10;
-
- public static enum RBAC_PERM {
- ALLOW_NONE,
- ALLOW_READ,
- ALLOW_WRITE,
- ALLOW_DELETE
- }
-
-}
+ /**
+ *
+ */
+
+package org.apache.ranger.common;
+
+public class RangerConstants extends RangerCommonEnums {
+
+ // Default Roles
+ public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN";
+ public final static String ROLE_ADMIN = "ROLE_ADMIN";
+ public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR";
+ public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST";
+ public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR";
+
+ public final static String ROLE_USER = "ROLE_USER";
+ public final static String ROLE_ANON = "ROLE_ANON";
+ public final static String ROLE_OTHER = "ROLE_OTHER";
+ public final static String GROUP_PUBLIC = "public";
+ // Action constants
+ public final static String ACTION_EDIT = "edit";
+ public final static String ACTION_CHANGE = "change";
+ public final static String ACTION_DELETE = "delete";
+ public final static String ACTION_MARK_SPAM = "mark_spam";
+ public final static String ACTION_RATE = "rate";
+ public final static String ACTION_SELECT = "select";
+ public final static String ACTION_UNSELECT = "unselect";
+ public final static String ACTION_HIDE = "hide";
+ public final static String ACTION_UNHIDE = "unhide";
+ public final static String ACTION_SHARE = "share";
+ public final static String ACTION_UNSHARE = "unshare";
+ public final static String ACTION_BOOKMARK = "bookmark";
+ public final static String ACTION_UNBOOKMARK = "unbookmark";
+
+ // Sendgrid email API constants
+ public static final String SENDGRID_API_USER = "api_user";
+ public static final String SENDGRID_API_KEY = "api_key";
+ public static final String SENDGRID_TO = "to";
+ public static final String SENDGRID_TO_NAME = "toname";
+ public static final String SENDGRID_SUBJECT = "subject";
+ public static final String SENDGRID_TEXT = "text";
+ public static final String SENDGRID_HTML = "html";
+ public static final String SENDGRID_FROM_EMAIL = "from";
+ public static final String SENDGRID_FROM_NAME = "fromname";
+ public static final String SENDGRID_BCC = "bcc";
+ public static final String SENDGRID_CC = "cc";
+ public static final String SENDGRID_REPLY_TO = "replyto";
+
+ //Permission Names
+ public static final String MODULE_POLICY_MANAGER="Policy Manager";
+ public static final String MODULE_USER_GROUPS="Users/Groups";
+ public static final String MODULE_ANALYTICS="Analytics";
+ public static final String MODULE_AUDIT="Audit";
+ public static final String MODULE_PERMISSION="Permissions";
+ public static final String MODULE_KMS="KMS";
+
+ // User create validation errors
+ public enum ValidationUserProfile {
+
+ NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr",
+ "Email address not provided"), INVALID_EMAIL_ADDR(
+ "xa.validation.userprofile.userprofile.invalid_email_addr",
+ "Invalid email address"), NO_FIRST_NAME(
+ "xa.validation.userprofile.userprofile.no_first_name",
+ "First name not provided"), INVALID_FIRST_NAME(
+ "xa.validation.userprofile.invalid_first_name",
+ "Invalid first name"), NO_LAST_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), INVALID_LAST_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), NO_PUBLIC_SCREEN_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided");
+
+ String rbKey;
+ String message;
+
+ ValidationUserProfile(String rbKey, String message) {
+ this.rbKey = rbKey;
+ this.message = message;
+ }
+ };
+
+ // these constants will be used in setting GjResponse object.
+
+ public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>.";
+ public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0;
+
+ public final static String USER_APPROVAL_MSG = "User is approved";
+ public final static int USER_APPROVAL_STATUS_CODE = 1;
+
+ public final static String USER_REJECTION_MSG = "User is rejected";
+ public final static int USER_REJECTION_STATUS_CODE = 1;
+
+ public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected";
+ public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0;
+
+ public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'";
+ public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0;
+
+ public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first.";
+ public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0;
+
+ public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address";
+ public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0;
+
+ public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code";
+ public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0;
+
+ public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address";
+ public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1;
+
+ public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:";
+ public final static String NO_ACTIVATION_ENTRY = "activation entry not found";
+
+ public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for";
+ public final static int VALIDATION_INVALID_DATA_CODE = 0;
+ public static final String GROUP_MODERATORS = "GROUP_MODERATORS";
+
+ // public final static String EMAIL_WELCOME_MSG =
+ // "Welcome to iSchoolCircle";
+ // public final static String EMAIL_LINK_WELCOME_MSG =
+ // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: ";
+ // public static final String EMAIL_EDIT_REJECTED_MSG =
+ // "Your changes not approved for public sharing.";
+ // public static final String EMAIL_APPROVAL_NEEDED_MSG =
+ // "New objects pending approval";
+ // public static final String EMAIL_PWD_RESET_CODE_MSG =
+ // "iSchoolCircle - Password Reset";
+
+ public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request";
+
+ public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password";
+ public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from";
+ public static final int INITIAL_DOCUMENT_VERSION = 1;
+
+ public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0;
+ public static final int EMAIL_TYPE_USER_CREATE = 1;
+ public static final int EMAIL_TYPE_USER_ACCT_ADD = 2;
+ public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3;
+ public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4;
+ public static final int EMAIL_TYPE_NOTE_CREATE = 5;
+ public static final int EMAIL_TYPE_TASK_CREATE = 6;
+ public static final int EMAIL_TYPE_USER_PASSWORD = 7;
+ public static final int EMAIL_TYPE_USER_ACTIVATION = 8;
+ public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9;
+ public static final int EMAIL_TYPE_USER_GRP_ADD = 10;
+
+ public static enum RBAC_PERM {
+ ALLOW_NONE,
+ ALLOW_READ,
+ ALLOW_WRITE,
+ ALLOW_DELETE
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
index 920c12d..5d536ac 100644
--- a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
+++ b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
@@ -31,7 +31,7 @@ public class CredentialReader {
public static String getDecryptedString(String CrendentialProviderPath,String alias) {
String credential=null;
try{
- if(CrendentialProviderPath==null || alias==null){
+ if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){
return null;
}
char[] pass = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
index 962eb02..2dd0797 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
@@ -143,7 +143,15 @@ public abstract class RangerDaoManagerBase {
if (classType == AppConstants.CLASS_TYPE_XA_DATA_HIST) {
return getXXDataHist();
}
-
+ if (classType == AppConstants.CLASS_TYPE_RANGER_MODULE_DEF) {
+ return getXXModuleDef();
+ }
+ if (classType == AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION) {
+ return getXXUserPermission();
+ }
+ if (classType == AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION) {
+ return getXXUserPermission();
+ }
logger.error("No DaoManager found for classType=" + classType, new Throwable());
return null;
@@ -255,6 +263,15 @@ public abstract class RangerDaoManagerBase {
if (className.equals("XXDataHist")) {
return getXXDataHist();
}
+ if (className.equals("XXModuleDef")) {
+ return getXXModuleDef();
+ }
+ if (className.equals("XXUserPermission")) {
+ return getXXUserPermission();
+ }
+ if (className.equals("XXGroupPermission")) {
+ return getXXGroupPermission();
+ }
logger.error("No DaoManager found for className=" + className, new Throwable());
return null;
@@ -407,5 +424,17 @@ public abstract class RangerDaoManagerBase {
return new XXDataHistDao(this);
}
+ public XXModuleDefDao getXXModuleDef(){
+ return new XXModuleDefDao(this);
+ }
+
+ public XXUserPermissionDao getXXUserPermission(){
+ return new XXUserPermissionDao(this);
+ }
+
+ public XXGroupPermissionDao getXXGroupPermission(){
+ return new XXGroupPermissionDao(this);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
new file mode 100644
index 0000000..1be3148
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
@@ -0,0 +1,86 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXUserPermission;
+
+public class XXGroupPermissionDao extends BaseDao<XXGroupPermission> {
+
+ static final Logger logger = Logger.getLogger(XXGroupPermissionDao.class);
+
+ public XXGroupPermissionDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public List<XXGroupPermission> findByModuleId(Long moduleId,
+ boolean isUpdate) {
+ if (moduleId != null) {
+ try {
+ if (isUpdate) {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermissionUpdate.findByModuleId",
+ XXGroupPermission.class)
+ .setParameter("moduleId", moduleId).getResultList();
+ }
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermissionUpdates.findByModuleId",
+ XXGroupPermission.class)
+ .setParameter("moduleId", moduleId)
+ .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+
+ public List<XXGroupPermission> findByGroupPermissionId(Long groupId) {
+ if (groupId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermission.findByGroupPermissionId",
+ XXGroupPermission.class)
+ .setParameter("groupId", groupId).getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+ public List<XXGroupPermission> findbyVXPoratUserId(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermission.findByVXPoratUserId",
+ XXGroupPermission.class)
+ .setParameter("userId", userId)
+ .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
new file mode 100644
index 0000000..85cc41b
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
@@ -0,0 +1,101 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXModuleDef;
+
+public class XXModuleDefDao extends BaseDao<XXModuleDef>{
+
+ static final Logger logger = Logger.getLogger(XXModuleDefDao.class);
+
+ public XXModuleDefDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public XXModuleDef findByModuleName(String moduleName){
+ if (moduleName == null) {
+ return null;
+ }
+ try {
+
+ return (XXModuleDef) getEntityManager()
+ .createNamedQuery("XXModuleDef.findByModuleName")
+ .setParameter("moduleName", moduleName)
+ .getSingleResult();
+ } catch (Exception e) {
+
+ }
+ return null;
+ }
+
+
+ public XXModuleDef findByModuleId(Long id) {
+ if(id == null) {
+ return new XXModuleDef();
+ }
+ try {
+ List<XXModuleDef> xxModuelDefs=getEntityManager()
+ .createNamedQuery("XXModuleDef.findByModuleId", tClass)
+ .setParameter("id", id).getResultList();
+ return xxModuelDefs.get(0);
+ } catch (NoResultException e) {
+ return new XXModuleDef();
+ }
+ }
+ @SuppressWarnings("unchecked")
+ public List<XXModuleDef> findModuleNamesWithIds() {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXModuleDef.findModuleNamesWithIds")
+ .getResultList();
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<String> findModuleURLOfPemittedModules(Long userId) {
+ try {
+
+ String query="select";
+ query+=" url";
+ query+=" FROM";
+ query+=" x_modules_master";
+ query+=" WHERE";
+ query+=" url NOT IN (SELECT ";
+ query+=" moduleMaster.url";
+ query+=" FROM";
+ query+=" x_modules_master moduleMaster,";
+ query+=" x_user_module_perm userModulePermission";
+ query+=" WHERE";
+ query+=" moduleMaster.id = userModulePermission.module_id";
+ query+=" AND userModulePermission.user_id = "+userId+")";
+ query+=" AND ";
+ query+=" id NOT IN (SELECT DISTINCT";
+ query+=" gmp.module_id";
+ query+=" FROM";
+ query+=" x_group_users xgu,";
+ query+=" x_user xu,";
+ query+=" x_group_module_perm gmp,";
+ query+=" x_portal_user xpu";
+ query+=" WHERE";
+ query+=" xu.user_name = xpu.login_id";
+ query+=" AND xu.id = xgu.user_id";
+ query+=" AND xgu.p_group_id = gmp.group_id";
+ query+=" AND xpu.id = "+userId+")";
+
+ return getEntityManager()
+ .createNativeQuery(query)
+ .getResultList();
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
index 9069f29..d3467f8 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
@@ -17,13 +17,13 @@
* under the License.
*/
- package org.apache.ranger.db;
-
+package org.apache.ranger.db;
import java.util.List;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
public class XXPortalUserDao extends BaseDao<XXPortalUser> {
@@ -76,4 +76,41 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> {
.getResultList();
}
+
+ public XXPortalUser findByXUserId(Long id) {
+
+ List resultList = getEntityManager()
+ .createNamedQuery("XXPortalUser.findByXUserId")
+ .setParameter("id", id).getResultList();
+ if (resultList.size() != 0) {
+ return (XXPortalUser) resultList.get(0);
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<XXPortalUser> findAllXPortalUser() {
+
+ try {
+ return getEntityManager().createNamedQuery(
+ "XXPortalUser.findAllXPortalUser").getResultList();
+
+ } catch (Exception e) {
+ return null;
+ }
+
+ }
+ @SuppressWarnings("unchecked")
+ public List<String> findXPortalUserRolebyXPortalUserId(Long userId)
+ {
+ try {
+ return getEntityManager()
+ .createNativeQuery("select user_role from x_portal_user_role where user_id="+userId+"")
+ .getResultList();
+
+ } catch (Exception e) {
+ return null;
+ }
+
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
new file mode 100644
index 0000000..1147edb
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
@@ -0,0 +1,102 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGroupUser;
+import org.apache.ranger.entity.XXUserPermission;
+
+public class XXUserPermissionDao extends BaseDao<XXUserPermission>{
+
+ static final Logger logger = Logger.getLogger(XXUserPermissionDao.class);
+
+ public XXUserPermissionDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public List<XXUserPermission> findByModuleId(Long moduleId,boolean isUpdate) {
+ if (moduleId != null) {
+ try {
+
+ if(isUpdate)
+ {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermissionUpdates.findByModuleId", XXUserPermission.class)
+ .setParameter("moduleId", moduleId)
+ .getResultList();
+ }
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByModuleId", XXUserPermission.class)
+ .setParameter("moduleId", moduleId)
+ .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<XXUserPermission> findByUserPermissionIdAndIsAllowed(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByUserPermissionIdAndIsAllowed")
+ .setParameter("userId", userId)
+ .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+
+ public List<XXUserPermission> findByUserPermissionId(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByUserPermissionId", XXUserPermission.class)
+ .setParameter("userId", userId)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+ public List<XXUserPermission> findByModuleIdAndUserId(Long userId,Long moduleId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByModuleIdAndUserId", XXUserPermission.class)
+ .setParameter("userId", userId)
+ .setParameter("moduleId", moduleId)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
new file mode 100644
index 0000000..f9190b8
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
@@ -0,0 +1,144 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.RangerCommonEnums;
+
+@Entity
+@Table(name="x_group_module_perm")
+@XmlRootElement
+
+public class XXGroupPermission extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name="X_GROUP_MODULE_PERM_SEQ",sequenceName="X_GROUP_MODULE_PERM_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="X_GROUP_MODULE_PERM_SEQ")
+ @Column(name="ID")
+ protected Long id;
+
+ @Column(name="GROUP_ID" , nullable=false)
+ protected Long groupId;
+
+ @Column(name="MODULE_ID" , nullable=false)
+ protected Long moduleId;
+
+ @Column(name="IS_ALLOWED" , nullable=false)
+ protected Integer isAllowed;
+
+ public XXGroupPermission() {
+ isAllowed = RangerCommonEnums.STATUS_ENABLED;
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the groupId
+ */
+ public Long getGroupId() {
+ return groupId;
+ }
+ /**
+ * @param groupId the groupId to set
+ */
+ public void setGroupId(Long groupId) {
+ this.groupId = groupId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+ /**
+ * @param moduleId the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXGroupPermission other = (XXGroupPermission) obj;
+ if (groupId == null) {
+ if (other.groupId != null)
+ return false;
+ } else if (!groupId.equals(other.groupId))
+ return false;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (isAllowed == null) {
+ if (other.isAllowed != null)
+ return false;
+ } else if (!isAllowed.equals(other.isAllowed))
+ return false;
+ if (moduleId == null) {
+ if (other.moduleId != null)
+ return false;
+ } else if (!moduleId.equals(other.moduleId))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "XXGroupPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "groupId={" + groupId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "}";
+
+ return str;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
new file mode 100644
index 0000000..4a6645c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
@@ -0,0 +1,112 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.common.AppConstants;
+
+@Entity
+@Table(name="x_modules_master")
+@XmlRootElement
+public class XXModuleDef extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name="X_MODULES_MASTER_SEQ",sequenceName="X_MODULES_MASTER_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="X_MODULES_MASTER_SEQ")
+ @Column(name="ID")
+ protected Long id;
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ @Column(name="MODULE" , nullable=false)
+ protected String module;
+ /**
+ * @return the module
+ */
+ public String getModule() {
+ return module;
+ }
+ /**
+ * @param module the module to set
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ @Column(name="URL" , nullable=false)
+ protected String url;
+ /**
+ * @return the url
+ */
+ public String getUrl() {
+ return url;
+ }
+ /**
+ * @param url the url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ @Override
+ public int getMyClassType( ) {
+ return AppConstants.CLASS_TYPE_RANGER_MODULE_DEF;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXModuleDef other = (XXModuleDef) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (module == null) {
+ if (other.module != null)
+ return false;
+ } else if (!module.equals(other.module))
+ return false;
+ if (url == null) {
+ if (other.url != null)
+ return false;
+ } else if (!url.equals(other.url))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ String str = "XXModuleDef={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "module={" + module + "} ";
+ str += "url={" + url + "} ";
+ str += "}";
+ return str;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
new file mode 100644
index 0000000..cf33a18
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
@@ -0,0 +1,151 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.RangerCommonEnums;
+import com.sun.research.ws.wadl.Application;
+
+@Entity
+@Table(name = "x_user_module_perm")
+@XmlRootElement
+public class XXUserPermission extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name = "X_USER_MODULE_PERM_SEQ", sequenceName = "X_USER_MODULE_PERM_SEQ", allocationSize = 1)
+ @GeneratedValue(strategy = GenerationType.AUTO, generator = "X_USER_MODULE_PERM_SEQ")
+ @Column(name = "ID")
+ protected Long id;
+
+ @Column(name = "USER_ID", nullable = false)
+ protected Long userId;
+
+ @Column(name = "MODULE_ID", nullable = false)
+ protected Long moduleId;
+
+ @Column(name = "IS_ALLOWED", nullable = false)
+ protected Integer isAllowed;
+
+ public XXUserPermission(){
+ isAllowed = RangerCommonEnums.IS_ALLOWED;
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id
+ * the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the userId
+ */
+ public Long getUserId() {
+ return userId;
+ }
+
+ /**
+ * @param userId
+ * the userId to set
+ */
+ public void setUserId(Long userId) {
+ this.userId = userId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId
+ * the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed
+ * the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXUserPermission other = (XXUserPermission) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (isAllowed == null) {
+ if (other.isAllowed != null)
+ return false;
+ } else if (!isAllowed.equals(other.isAllowed))
+ return false;
+ if (moduleId == null) {
+ if (other.moduleId != null)
+ return false;
+ } else if (!moduleId.equals(other.moduleId))
+ return false;
+ if (userId == null) {
+ if (other.userId != null)
+ return false;
+ } else if (!userId.equals(other.userId))
+ return false;
+ return true;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXUserPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "userId={" + userId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
new file mode 100644
index 0000000..7a11656
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
@@ -0,0 +1,50 @@
+package org.apache.ranger.patch;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+@Component
+public class PatchPersmissionModel_J10003 extends BaseLoader {
+ private static Logger logger = Logger.getLogger(PatchPersmissionModel_J10003.class);
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil.getBean(PatchPersmissionModel_J10003.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PermissionPatch.execLoad()");
+ try {
+ xUserMgr.updateExistingUserExisting();
+ } catch (Exception e) {
+ logger.error("Error whille migrating data.", e);
+ }
+ logger.info("<== PermissionPatch.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index beb4829..8f417bc 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -45,9 +45,12 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.service.AuthSessionService;
import org.apache.ranger.service.XAuditMapService;
import org.apache.ranger.service.XGroupGroupService;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XGroupUserService;
+import org.apache.ranger.service.XModuleDefService;
import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
@@ -57,14 +60,21 @@ import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupGroup;
import org.apache.ranger.view.VXGroupGroupList;
import org.apache.ranger.view.VXGroupList;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXGroupPermissionList;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXModuleDefList;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
+import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXUser;
import org.apache.ranger.view.VXUserGroupInfo;
import org.apache.ranger.view.VXUserList;
+import org.apache.ranger.view.VXUserPermission;
+import org.apache.ranger.view.VXUserPermissionList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -72,6 +82,7 @@ import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+
@Path("xusers")
@Component
@Scope("request")
@@ -90,6 +101,15 @@ public class XUserREST {
XGroupService xGroupService;
@Autowired
+ XModuleDefService xModuleDefService;
+
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
+ @Autowired
XUserService xUserService;
@Autowired
@@ -115,7 +135,7 @@ public class XUserREST {
@Autowired
AuthSessionService authSessionService;
-
+
// Handle XGroup
@GET
@Path("/groups/{id}")
@@ -635,4 +655,182 @@ public class XUserREST {
return sessionMgr.getAuthSessionBySessionId(authSessionId);
}
+ // Handle module permissions
+ @POST
+ @Path("/permission")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xUserMgr.createXModuleDefPermission(vXModuleDef);
+ }
+
+ @GET
+ @Path("/permission/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef getXModuleDefPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXModuleDefPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xUserMgr.updateXModuleDefPermission(vXModuleDef);
+ }
+
+ @DELETE
+ @Path("/permission/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXModuleDefPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXModuleDefPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDefList searchXModuleDef(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xModuleDefService.sortFields);
+
+ searchUtil.extractString(request, searchCriteria, "module",
+ "modulename", null);
+
+ searchUtil.extractString(request, searchCriteria, "moduleDefList",
+ "id", null);
+ searchUtil.extractString(request, searchCriteria, "userName",
+ "userName", null);
+ searchUtil.extractString(request, searchCriteria, "groupName",
+ "groupName", null);
+
+ return xUserMgr.searchXModuleDef(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXModuleDef(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xModuleDefService.sortFields);
+ return xUserMgr.getXModuleDefSearchCount(searchCriteria);
+ }
+
+ // Handle user permissions
+ @POST
+ @Path("/permission/user")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission createXUserPermission(
+ VXUserPermission vXUserPermission) {
+ return xUserMgr.createXUserPermission(vXUserPermission);
+ }
+
+ @GET
+ @Path("/permission/user/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission getXUserPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXUserPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/user/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission updateXUserPermission(
+ VXUserPermission vXUserPermission) {
+ return xUserMgr.updateXUserPermission(vXUserPermission);
+ }
+
+ @DELETE
+ @Path("/permission/user/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXUserPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXUserPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission/user")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermissionList searchXUserPermission(
+ @Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xUserPermissionService.sortFields);
+ searchUtil.extractString(request, searchCriteria, "id", "id",
+ StringUtil.VALIDATION_NAME);
+
+ searchUtil.extractString(request, searchCriteria, "userPermissionList",
+ "userId", StringUtil.VALIDATION_NAME);
+ return xUserMgr.searchXUserPermission(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/user/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXUserPermission(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xUserPermissionService.sortFields);
+ return xUserMgr.getXUserPermissionSearchCount(searchCriteria);
+ }
+
+ // Handle group permissions
+ @POST
+ @Path("/permission/group")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission createXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
+ return xUserMgr.createXGroupPermission(vXGroupPermission);
+ }
+
+ @GET
+ @Path("/permission/group/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission getXGroupPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXGroupPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/group/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission updateXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
+ return xUserMgr.updateXGroupPermission(vXGroupPermission);
+ }
+
+ @DELETE
+ @Path("/permission/group/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXGroupPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXGroupPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission/group")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermissionList searchXGroupPermission(
+ @Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xGroupPermissionService.sortFields);
+ searchUtil.extractString(request, searchCriteria, "id", "id",
+ StringUtil.VALIDATION_NAME);
+ searchUtil.extractString(request, searchCriteria,
+ "groupPermissionList", "groupId", StringUtil.VALIDATION_NAME);
+ return xUserMgr.searchXGroupPermission(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/group/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXGroupPermission(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xGroupPermissionService.sortFields);
+ return xUserMgr.getXGroupPermissionSearchCount(searchCriteria);
+ }
+ @GET
+ @Path("/permission/existingusers/update")
+ @Produces({ "application/xml", "application/json" })
+ public List<VXPortalUser> existingusersupdate(@Context HttpServletRequest request) {
+ return xUserMgr.updateExistingUserExisting();
+ }
}