You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/23 03:29:18 UTC
git commit: ARGUS-74:Fixed Delegated Admin Access
Repository: incubator-argus
Updated Branches:
refs/heads/master cfec85a65 -> 3838f13df
ARGUS-74:Fixed Delegated Admin Access
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/3838f13d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/3838f13d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/3838f13d
Branch: refs/heads/master
Commit: 3838f13df286c1fb08bfee958b8ae3ab1615c7ea
Parents: cfec85a
Author: vperiasamy <vp...@hortonworks.com>
Authored: Sat Sep 20 12:34:28 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Mon Sep 22 21:28:41 2014 -0400
----------------------------------------------------------------------
.../src/main/java/com/xasecure/biz/AssetMgr.java | 13 +++++++++++++
.../src/main/java/com/xasecure/biz/XABizUtil.java | 6 ++++++
.../java/com/xasecure/service/XResourceService.java | 10 ++++++++++
3 files changed, 29 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index da05ab6..815b464 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -40,6 +40,7 @@ import javax.naming.ldap.Rdn;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.hive.serde2.lazybinary.LazyBinaryUtils.VLong;
import org.apache.hive.com.esotericsoftware.minlog.Log;
import org.apache.log4j.Logger;
import org.codehaus.jackson.JsonGenerationException;
@@ -92,6 +93,7 @@ import com.xasecure.view.VXAccessAuditList;
import com.xasecure.view.VXAsset;
import com.xasecure.view.VXAuditMap;
import com.xasecure.view.VXAuditMapList;
+import com.xasecure.view.VXLong;
import com.xasecure.view.VXPermMap;
import com.xasecure.view.VXPermMapList;
import com.xasecure.view.VXPolicy;
@@ -3122,4 +3124,15 @@ public class AssetMgr extends AssetMgrBase {
return msBizUtil.mapStringListToVStringList(toplogyList) ;
}
+ @Override
+ public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) {
+
+ VXResourceList resList = super.searchXResources(searchCriteria);
+
+ int count = resList.getListSize();
+ VXLong vXLong = new VXLong();
+ vXLong.setValue(count);
+ return vXLong;
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index ece660f..0a3aa00 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -736,6 +736,12 @@ public class XABizUtil {
if (! matchFound) {
continue;
}
+
+ // Type(either UDFs policy or non-UDFs policy) of current policy
+ // should be of same as type of policy being iterated
+ if (!stringUtil.isEmpty(xResource.getUdfs()) && !isUdfPolicy) {
+ continue;
+ }
if (isUdfPolicy) {
// 2. does the policy match the UDF?
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XResourceService.java b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
index e6081dc..0dd09d0 100644
--- a/security-admin/src/main/java/com/xasecure/service/XResourceService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
@@ -1074,6 +1074,16 @@ public class XResourceService extends
@Override
public VXResource readResource(Long id){
VXResource vXResource = super.readResource(id);
+
+ VXResponse vXResponse = xaBizUtil.hasPermission(vXResource,
+ AppConstants.XA_PERM_TYPE_ADMIN);
+ if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) {
+ throw restErrorUtil.createRESTException(
+ "You don't have permission to perform this action",
+ MessageEnums.OPER_NO_PERMISSION, id, "Resource",
+ "Trying to read unauthorized resource.");
+ }
+
populateAssetProperties(vXResource);
populatePermList(vXResource);
populateAuditList(vXResource);