You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/23 03:29:18 UTC

git commit: ARGUS-74:Fixed Delegated Admin Access

Repository: incubator-argus
Updated Branches:
  refs/heads/master cfec85a65 -> 3838f13df


ARGUS-74:Fixed Delegated Admin Access

Signed-off-by: sneethiraj <sn...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/3838f13d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/3838f13d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/3838f13d

Branch: refs/heads/master
Commit: 3838f13df286c1fb08bfee958b8ae3ab1615c7ea
Parents: cfec85a
Author: vperiasamy <vp...@hortonworks.com>
Authored: Sat Sep 20 12:34:28 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Mon Sep 22 21:28:41 2014 -0400

----------------------------------------------------------------------
 .../src/main/java/com/xasecure/biz/AssetMgr.java       | 13 +++++++++++++
 .../src/main/java/com/xasecure/biz/XABizUtil.java      |  6 ++++++
 .../java/com/xasecure/service/XResourceService.java    | 10 ++++++++++
 3 files changed, 29 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index da05ab6..815b464 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -40,6 +40,7 @@ import javax.naming.ldap.Rdn;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
+import org.apache.hadoop.hive.serde2.lazybinary.LazyBinaryUtils.VLong;
 import org.apache.hive.com.esotericsoftware.minlog.Log;
 import org.apache.log4j.Logger;
 import org.codehaus.jackson.JsonGenerationException;
@@ -92,6 +93,7 @@ import com.xasecure.view.VXAccessAuditList;
 import com.xasecure.view.VXAsset;
 import com.xasecure.view.VXAuditMap;
 import com.xasecure.view.VXAuditMapList;
+import com.xasecure.view.VXLong;
 import com.xasecure.view.VXPermMap;
 import com.xasecure.view.VXPermMapList;
 import com.xasecure.view.VXPolicy;
@@ -3122,4 +3124,15 @@ public class AssetMgr extends AssetMgrBase {
         return msBizUtil.mapStringListToVStringList(toplogyList) ;
     }
     
+	@Override
+	public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) {
+
+		VXResourceList resList = super.searchXResources(searchCriteria);
+
+		int count = resList.getListSize();
+		VXLong vXLong = new VXLong();
+		vXLong.setValue(count);
+		return vXLong;
+	}
+    
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index ece660f..0a3aa00 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -736,6 +736,12 @@ public class XABizUtil {
 			if (! matchFound) {
 				continue;
 			}
+			
+			// Type(either UDFs policy or non-UDFs policy) of current policy
+			// should be of same as type of policy being iterated
+			if (!stringUtil.isEmpty(xResource.getUdfs()) && !isUdfPolicy) {
+				continue;
+			}
 
 			if (isUdfPolicy) {
 				// 2. does the policy match the UDF?

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/3838f13d/security-admin/src/main/java/com/xasecure/service/XResourceService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XResourceService.java b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
index e6081dc..0dd09d0 100644
--- a/security-admin/src/main/java/com/xasecure/service/XResourceService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XResourceService.java
@@ -1074,6 +1074,16 @@ public class XResourceService extends
 	@Override
 	public VXResource readResource(Long id){
 		VXResource vXResource = super.readResource(id);
+		
+		VXResponse vXResponse = xaBizUtil.hasPermission(vXResource,
+				AppConstants.XA_PERM_TYPE_ADMIN);
+		if (vXResponse.getStatusCode() == VXResponse.STATUS_ERROR) {
+			throw restErrorUtil.createRESTException(
+					"You don't have permission to perform this action",
+					MessageEnums.OPER_NO_PERMISSION, id, "Resource",
+					"Trying to read unauthorized resource.");
+		}
+		
 		populateAssetProperties(vXResource);
 		populatePermList(vXResource);
 		populateAuditList(vXResource);