You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2017/09/19 06:40:36 UTC
ranger git commit: RANGER-1730 : Utility script that will list the
users with a given role
Repository: ranger
Updated Branches:
refs/heads/master 7d4f652c8 -> 938b0c8ea
RANGER-1730 : Utility script that will list the users with a given role
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/938b0c8e
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/938b0c8e
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/938b0c8e
Branch: refs/heads/master
Commit: 938b0c8eaf2e898e9420d0f34ef966b16342322b
Parents: 7d4f652
Author: fatimaawez <fa...@gmail.com>
Authored: Fri Sep 15 15:27:39 2017 +0530
Committer: Mehul Parikh <me...@apache.org>
Committed: Tue Sep 19 12:08:01 2017 +0530
----------------------------------------------------------------------
.../scripts/rolebasedusersearchutil.py | 159 +++++++++++
.../patch/cliutil/RoleBasedUserSearchUtil.java | 271 +++++++++++++++++++
.../cliutil/TestRoleBasedUserSearchUtil.java | 139 ++++++++++
src/main/assembly/admin-web.xml | 3 +-
4 files changed, 571 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/938b0c8e/security-admin/scripts/rolebasedusersearchutil.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/rolebasedusersearchutil.py b/security-admin/scripts/rolebasedusersearchutil.py
new file mode 100644
index 0000000..d651461
--- /dev/null
+++ b/security-admin/scripts/rolebasedusersearchutil.py
@@ -0,0 +1,159 @@
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License. See accompanying LICENSE file.
+#
+
+import os
+import re
+import sys
+import errno
+import shlex
+import logging
+import subprocess
+import platform
+import fileinput
+import getpass
+import shutil
+from xml.etree import ElementTree as ET
+from os.path import basename
+from subprocess import Popen,PIPE
+from datetime import date
+from datetime import datetime
+from operator import contains
+
+
+os_name = platform.system()
+os_name = os_name.upper()
+
+msgPrompt = "Enter the below options"
+msgCommand = "Usage : python rolebasedusersearchutil.py -u <userName> -p <password> -r <role>"
+msgRoleList = " <role> can be ROLE_USER/ROLE_SYS_ADMIN/ROLE_KEY_ADMIN"
+
+
+
+if os_name == "LINUX":
+ RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+ if RANGER_ADMIN_HOME is None:
+ RANGER_ADMIN_HOME = os.getcwd()
+elif os_name == "WINDOWS":
+ RANGER_ADMIN_HOME = os.getenv("RANGER_ADMIN_HOME")
+
+def log(msg,type):
+ if type == 'info':
+ logging.info(" %s",msg)
+ if type == 'debug':
+ logging.debug(" %s",msg)
+ if type == 'warning':
+ logging.warning(" %s",msg)
+ if type == 'exception':
+ logging.exception(" %s",msg)
+ if type == 'error':
+ logging.error(" %s",msg)
+
+def main(argv):
+ FORMAT = '%(asctime)-15s %(message)s'
+ logging.basicConfig(format=FORMAT, level=logging.DEBUG)
+ ews_lib = os.path.join(RANGER_ADMIN_HOME,"ews","lib")
+ app_home = os.path.join(RANGER_ADMIN_HOME,"ews","webapp")
+ ranger_log = os.path.join(RANGER_ADMIN_HOME,"ews","logs")
+
+ if os.environ['JAVA_HOME'] == "":
+ log("[E] ---------- JAVA_HOME environment property not defined, aborting installation. ----------", "error")
+ sys.exit(1)
+ JAVA_BIN=os.path.join(os.environ['JAVA_HOME'],'bin','java')
+ if os_name == "WINDOWS" :
+ JAVA_BIN = JAVA_BIN+'.exe'
+ if os.path.isfile(JAVA_BIN):
+ pass
+ else:
+ while os.path.isfile(JAVA_BIN) == False:
+ log("Enter java executable path: :","info")
+ JAVA_BIN=raw_input()
+ log("[I] Using Java:" + str(JAVA_BIN),"info")
+ userName = ""
+ password = ""
+ userRole = ""
+ userNameMsgFlag = False
+ passwordMsgFlag = False
+ userRoleMsgFlag = False
+ userroleFlag = False
+
+ if len(argv) == 1:
+ print msgPrompt + " or \n" + msgCommand + "\n " +msgRoleList
+ userName = raw_input('Enter a user name: ')
+ password = getpass.getpass('Enter a user password:')
+ userRole = raw_input('Enter a role: ')
+ elif len(argv) > 1 and len(argv) < 8 :
+ for i in range(1, len(sys.argv)) :
+ if sys.argv[i] == "-u" :
+ if len(argv)-1 > i+1 or len(argv)-1 == i+1:
+ userName = sys.argv[i+1]
+ continue
+ if sys.argv[i] == "-p" :
+ if len(argv)-1 > i+1 or len(argv)-1 == i+1:
+ password = sys.argv[i+1]
+ continue
+ if sys.argv[i] == "-r" :
+ if len(argv)-1 > i+1 or len(argv)-1 == i+1:
+ userRole = sys.argv[i+1]
+ userroleFlag = True
+ continue
+ else:
+ log("[E] Invalid argument list.", "error")
+ log("[I] " + msgCommand + "\n " + msgRoleList, "info")
+ sys.exit(1)
+
+ if userName == "" :
+ userNameMsgFlag = True
+ elif userName != "" :
+ if userName.lower() == "-p" or userName.lower() == "-r" or userName.lower() == "-u" :
+ userNameMsgFlag = True
+ if password == "" :
+ passwordMsgFlag = True
+ elif password.lower() == "-p" or password.lower() == "-r" or password.lower() == "-u" :
+ passwordMsgFlag = True
+ if userroleFlag == True :
+ if userRole == "":
+ userRoleMsgFlag = True
+ elif userRole != "":
+ if userRole.lower() == "-p" or userRole.lower() == "-r" or userRole.lower() == "-u":
+ userRoleMsgFlag = True
+ if userNameMsgFlag == True or passwordMsgFlag == True or userRoleMsgFlag == True :
+ print msgPrompt + " or \n" + msgCommand + "\n " +msgRoleList
+ if userNameMsgFlag == True :
+ userName = raw_input('Enter a user name: ')
+ if passwordMsgFlag == True :
+ password = getpass.getpass("Enter user password:")
+ if userRoleMsgFlag == True :
+ userRole = raw_input('Enter a role: ')
+ if userName != "" and password != "" :
+ if os_name == "LINUX":
+ path = os.path.join("%s","WEB-INF","classes","conf:%s","WEB-INF","classes","lib","*:%s","WEB-INF",":%s","META-INF",":%s","WEB-INF","lib","*:%s","WEB-INF","classes",":%s","WEB-INF","classes","META-INF:%s/*")%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home,ews_lib)
+ elif os_name == "WINDOWS":
+ path = os.path.join("%s","WEB-INF","classes","conf;%s","WEB-INF","classes","lib","*;%s","WEB-INF",";%s","META-INF",";%s","WEB-INF","lib","*;%s","WEB-INF","classes",";%s","WEB-INF","classes","META-INF" )%(app_home ,app_home ,app_home, app_home, app_home, app_home ,app_home)
+ if userRole != "" :
+ get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s %s"%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password,userRole)
+ if userRole == "" :
+ get_java_cmd = "%s -Dlogdir=%s -Dlog4j.configuration=db_patch.log4j.xml -cp %s org.apache.ranger.patch.cliutil.%s %s %s "%(JAVA_BIN,ranger_log,path,'RoleBasedUserSearchUtil',userName,password)
+ if os_name == "LINUX":
+ ret = subprocess.call(shlex.split(get_java_cmd))
+ elif os_name == "WINDOWS":
+ ret = subprocess.call(get_java_cmd)
+ if ret == 0:
+ log("[I] List fetched successfully","info")
+ else:
+ log("[E] Unable to fetch user list of given role ","error")
+ sys.exit(1)
+ else:
+ log("[E] Input Error","error")
+
+main(sys.argv)
http://git-wip-us.apache.org/repos/asf/ranger/blob/938b0c8e/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
new file mode 100644
index 0000000..0459be6
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/cliutil/RoleBasedUserSearchUtil.java
@@ -0,0 +1,271 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.patch.cliutil;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.collections.MapUtils;
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.UserMgr;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.commons.lang.StringUtils;
+import org.apache.ranger.patch.BaseLoader;
+import org.apache.ranger.service.XUserService;
+import org.apache.ranger.util.CLIUtil;
+import org.apache.ranger.view.VXUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class RoleBasedUserSearchUtil extends BaseLoader {
+
+ private static final Logger logger = Logger
+ .getLogger(RoleBasedUserSearchUtil.class);
+ @Autowired
+ XUserService xUserService;
+
+ @Autowired
+ RangerDaoManager daoMgr;
+
+ @Autowired
+ UserMgr userMgr;
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ public static Boolean checkRole = true;
+ public static String userLoginId = "";
+ public static String currentPassword = "";
+ public static String userRole = "";
+
+ public static void main(String[] args) {
+ logger.info("RoleBaseUserSearchUtil : main()");
+ try {
+ RoleBasedUserSearchUtil loader = (RoleBasedUserSearchUtil) CLIUtil.getBean(RoleBasedUserSearchUtil.class);
+ loader.init();
+ if (args.length == 3 || args.length == 2) {
+ userLoginId = args[0];
+ currentPassword = args[1];
+ if (args.length == 3) {
+ userRole = args[2];
+ List<String> roles = new ArrayList<String>();
+ roles.add(RangerConstants.ROLE_USER);
+ roles.add(RangerConstants.ROLE_SYS_ADMIN);
+ roles.add(RangerConstants.ROLE_KEY_ADMIN);
+ if (!StringUtils.isBlank(userRole)) {
+ userRole = userRole.toUpperCase();
+ if (!roles.contains(userRole)) {
+ System.out.println("Invalid UserRole. Exiting!!!");
+ logger.info("Invalid UserRole. Exiting!!!");
+ System.exit(1);
+ } else {
+ checkRole = false;
+ }
+ }
+ }
+ if (StringUtils.isBlank(userLoginId)) {
+ System.out.println("Invalid login ID. Exiting!!!");
+ logger.info("Invalid login ID. Exiting!!!");
+ System.exit(1);
+ }
+ if (StringUtils.isBlank(currentPassword)) {
+ System.out.println("Invalid current password. Exiting!!!");
+ logger.info("Invalid current password. Exiting!!!");
+ System.exit(1);
+ }
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } else {
+ System.out.println("RoleBaseUserSearchUtil: Incorrect Arguments \n Usage: \n <UserRole> ");
+ logger.error("RoleBaseUserSearchUtil: Incorrect Arguments \n Usage: \n <UserRole> ");
+ System.exit(1);
+ }
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ logger.info("==> RoleBaseUserSearchUtil.init()");
+ }
+
+ @Override
+ public void printStats() {
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> RoleBaseUserSearchUtil.execLoad()");
+ validateUserAndFetchUserList();
+ logger.info("<== RoleBaseUserSearchUtil.execLoad()");
+ }
+
+ public void getUsersBasedOnRole(List<String> userRoleList) {
+ try {
+ if (!CollectionUtils.isEmpty(userRoleList) && userRoleList != null) {
+ Map<String, String> roleSysAdminMap = new HashMap<String, String>();
+ Map<String, String> roleKeyAdminMap = new HashMap<String, String>();
+ Map<String, String> roleUserMap = new HashMap<String, String>();
+ for (String userRole : userRoleList) {
+ List<XXPortalUser> listXXPortalUser = daoMgr.getXXPortalUser().findByRole(userRole);
+ if (listXXPortalUser != null && !CollectionUtils.isEmpty(listXXPortalUser)) {
+ if (userRole.equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)) {
+ for (XXPortalUser xXPortalUser : listXXPortalUser) {
+ roleSysAdminMap.put(xXPortalUser.getLoginId(),userRole);
+ }
+ } else if (userRole.equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN)) {
+ for (XXPortalUser xXPortalUser : listXXPortalUser) {
+ roleKeyAdminMap.put(xXPortalUser.getLoginId(),userRole);
+ }
+ } else if (userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ for (XXPortalUser xXPortalUser : listXXPortalUser) {
+ roleUserMap.put(xXPortalUser.getLoginId(),userRole);
+ }
+ }
+ }
+ }
+ if (MapUtils.isEmpty( roleSysAdminMap) && MapUtils.isEmpty(roleKeyAdminMap) && MapUtils.isEmpty(roleUserMap)) {
+ System.out.println("users with given user role are not there");
+ logger.error("users with given user role are not there");
+ System.exit(1);
+ } else {
+ if (!MapUtils.isEmpty(roleSysAdminMap)) {
+ for (String key : roleSysAdminMap.keySet()) {
+ System.out.println(roleSysAdminMap.get(key) + " : " + key);
+ }
+ }
+ if (!MapUtils.isEmpty(roleKeyAdminMap)) {
+ for (String key : roleKeyAdminMap.keySet()) {
+ System.out.println(roleKeyAdminMap.get(key) + " : " + key);
+ }
+ }
+ if (!MapUtils.isEmpty(roleUserMap)) {
+ for (String key : roleUserMap.keySet()) {
+ System.out.println(roleUserMap.get(key) + " : " + key);
+ }
+ }
+ if (userRoleList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
+ System.out.println("ROLE_SYS_ADMIN Total Count : " + roleSysAdminMap.size());
+ }
+ if (userRoleList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
+ System.out.println("ROLE_KEY_ADMIN Total Count : " + roleKeyAdminMap.size());
+ }
+ if (userRoleList.contains(RangerConstants.ROLE_USER)) {
+ System.out.println("ROLE_USER Total Count : " + roleUserMap.size());
+ }
+ int total = roleSysAdminMap.size() + roleKeyAdminMap.size() + roleUserMap.size();
+ System.out.println("Total Count : " + total);
+ }
+ }
+
+ } catch (Exception e) {
+ logger.error("Error getting User's List with the mentioned role: "+ e.getMessage());
+ }
+ }
+
+ public void validateUserAndFetchUserList() {
+ userLoginId = userLoginId.toLowerCase();
+ XXPortalUser xxPortalUser = daoMgr.getXXPortalUser().findByLoginId(
+ userLoginId);
+ Boolean isUserAuthorized = false;
+ if (xxPortalUser != null) {
+ String dbPassword = xxPortalUser.getPassword();
+ String currentEncryptedPassword = null;
+ try {
+ currentEncryptedPassword = userMgr.encrypt(userLoginId,currentPassword);
+ if (currentEncryptedPassword != null && currentEncryptedPassword.equals(dbPassword)) {
+ VXUser vxUser = xUserService.getXUserByUserName(xxPortalUser.getLoginId());
+ if (vxUser != null) {
+ List<String> existingRole = (List<String>) vxUser.getUserRoleList();
+ List<String> permissionList = daoMgr.getXXModuleDef().findAccessibleModulesByUserId(xxPortalUser.getId(), vxUser.getId());
+ if (permissionList != null && permissionList.contains(RangerConstants.MODULE_USER_GROUPS) && !CollectionUtils.isEmpty(existingRole) && !StringUtils.isBlank(existingRole.get(0))) {
+ List<String> userRoleList = new ArrayList<String>();
+ if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ userRoleList.add(RangerConstants.ROLE_USER);
+ if (checkRole) {
+ getUsersBasedOnRole(userRoleList);
+ } else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ getUsersBasedOnRole(userRoleList);
+ } else {
+ isUserAuthorized = true;
+ }
+ } else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_SYS_ADMIN)) {
+ if (checkRole) {
+ userRoleList.add(RangerConstants.ROLE_SYS_ADMIN);
+ userRoleList.add(RangerConstants.ROLE_USER);
+ getUsersBasedOnRole(userRoleList);
+ } else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ userRoleList.add(userRole);
+ getUsersBasedOnRole(userRoleList);
+ } else {
+ isUserAuthorized = true;
+ }
+ } else if (existingRole.get(0).equalsIgnoreCase(RangerConstants.ROLE_KEY_ADMIN) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ if (checkRole) {
+ userRoleList.add(RangerConstants.ROLE_KEY_ADMIN);
+ userRoleList.add(RangerConstants.ROLE_USER);
+ getUsersBasedOnRole(userRoleList);
+ } else if (existingRole.get(0).equalsIgnoreCase(userRole) || userRole.equalsIgnoreCase(RangerConstants.ROLE_USER)) {
+ userRoleList.add(userRole);
+ getUsersBasedOnRole(userRoleList);
+ } else {
+ isUserAuthorized = true;
+ }
+
+ }
+ if (isUserAuthorized == true) {
+ System.out.println("user is not authorized to fetch this list");
+ logger.error("user is not authorized to fetch this list");
+ System.exit(1);
+ }
+ } else {
+ System.out.println("user permission denied");
+ logger.error("user permission denied");
+ System.exit(1);
+ }
+ }
+ } else {
+ System.out.println("Invalid user password");
+ logger.error("Invalid user password");
+ System.exit(1);
+ }
+ } catch (Exception e) {
+ logger.error("Getting User's List with the mentioned role failure. Detail: \n",e);
+ System.exit(1);
+ }
+ } else {
+ System.out.println("User does not exist in DB!!");
+ logger.error("User does not exist in DB");
+ System.exit(1);
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/ranger/blob/938b0c8e/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
new file mode 100644
index 0000000..83eab7a
--- /dev/null
+++ b/security-admin/src/test/java/org/apache/ranger/patch/cliutil/TestRoleBasedUserSearchUtil.java
@@ -0,0 +1,139 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ranger.patch.cliutil;
+
+import static org.junit.Assert.fail;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ranger.biz.UserMgr;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.RangerConstants;
+
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.db.XXModuleDefDao;
+import org.apache.ranger.db.XXPortalUserDao;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.service.XUserService;
+import org.apache.ranger.view.VXUser;
+import org.apache.ranger.view.VXUserList;
+import org.junit.FixMethodOrder;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.MethodSorters;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Mockito;
+import org.mockito.runners.MockitoJUnitRunner;
+
+@RunWith(MockitoJUnitRunner.class)
+@FixMethodOrder(MethodSorters.NAME_ASCENDING)
+public class TestRoleBasedUserSearchUtil {
+ @Mock
+ XUserService xUserService;
+
+ @Mock
+ RangerDaoManager daoMgr;
+
+ @Mock
+ UserMgr userMgr;
+
+ @Mock
+ XUserMgr xUserMgr;
+ @Mock
+ XXPortalUserDao xXPortalUserDao;
+
+
+ @InjectMocks
+ RoleBasedUserSearchUtil roleBasedUserSearchUtil = new RoleBasedUserSearchUtil();
+
+
+ public TestRoleBasedUserSearchUtil() {
+
+ }
+ @Test
+ public void TestGetUsersBasedOnRole() {
+ try {
+ XXPortalUser xXPortalUser = new XXPortalUser();
+ xXPortalUser.setLoginId("testUser");
+ xXPortalUser.setId(1L);
+ xXPortalUser.setFirstName("testUser");
+ xXPortalUser.setPublicScreenName("testUser");
+ xXPortalUser.setPassword("testUserPassword");
+ List<XXPortalUser> listXXPortalUser = new ArrayList<XXPortalUser>();
+ listXXPortalUser.add(xXPortalUser);
+ List<String> userRoleList = new ArrayList<String>();
+ userRoleList.add("ROLE_SYS_ADMIN");
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByRole(RangerConstants.ROLE_SYS_ADMIN)).thenReturn(listXXPortalUser);
+
+ roleBasedUserSearchUtil.getUsersBasedOnRole(userRoleList);
+
+ Mockito.verify(daoMgr).getXXPortalUser();
+ Mockito.verify(xXPortalUserDao).findByRole(RangerConstants.ROLE_SYS_ADMIN);
+
+ } catch(Exception e) {
+ fail("test failed due to: " + e.getMessage());
+ }
+ }
+ @Test
+ public void TestValidateUserAndFetchUserList() {
+ List<String> permissionList = new ArrayList<String>();
+ permissionList.add(RangerConstants.MODULE_USER_GROUPS);
+ String currentEncryptedPassword = "testpassword";
+ XXPortalUser xxPortalUser = new XXPortalUser();
+ xxPortalUser.setId(1L);
+ xxPortalUser.setLoginId("testUser");
+ xxPortalUser.setPassword("testpassword");
+ xxPortalUser.setFirstName("testUser");
+ VXUser vxUser = new VXUser();
+ vxUser.setId(1L);
+ VXUserList vXUserList = new VXUserList();
+ List<VXUser> vXUsers = new ArrayList<VXUser>();
+ vXUsers.add(vxUser);
+ vXUserList.setVXUsers(vXUsers );
+
+ List<String> userRoleList = new ArrayList<String>();
+ userRoleList.add("ROLE_SYS_ADMIN");
+ List<XXPortalUser> listXXPortalUser = new ArrayList<XXPortalUser>();
+ listXXPortalUser.add(xxPortalUser);
+ vxUser.setUserRoleList(userRoleList);
+ XXModuleDefDao xXModuleDefDao = Mockito.mock(XXModuleDefDao.class);
+
+ Mockito.when(daoMgr.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ Mockito.when(xXPortalUserDao.findByLoginId(Mockito.anyString())).thenReturn(xxPortalUser);
+ Mockito.when(xUserService.getXUserByUserName(xxPortalUser.getLoginId())).thenReturn(vxUser);
+ Mockito.when(daoMgr.getXXModuleDef()).thenReturn(xXModuleDefDao);
+ Mockito.when(xXModuleDefDao.findAccessibleModulesByUserId(Mockito.anyLong(), Mockito.anyLong())).thenReturn(permissionList);
+ Mockito.when(userMgr.encrypt(Mockito.anyString(),Mockito.anyString())).thenReturn(currentEncryptedPassword);
+ Mockito.when(xXPortalUserDao.findByRole(Mockito.anyString())).thenReturn(listXXPortalUser);
+
+ roleBasedUserSearchUtil.validateUserAndFetchUserList();
+ Mockito.verify(daoMgr, Mockito.atLeast(2)).getXXPortalUser();
+ Mockito.verify(xXPortalUserDao).findByLoginId(Mockito.anyString());
+ Mockito.verify(xUserService).getXUserByUserName(xxPortalUser.getLoginId());
+ Mockito.verify(daoMgr).getXXModuleDef();
+ Mockito.verify(xXModuleDefDao).findAccessibleModulesByUserId(Mockito.anyLong(), Mockito.anyLong());
+ Mockito.verify(userMgr).encrypt(Mockito.anyString(),Mockito.anyString());
+ Mockito.verify(xXPortalUserDao, Mockito.atLeast(2)).findByRole(Mockito.anyString());
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/ranger/blob/938b0c8e/src/main/assembly/admin-web.xml
----------------------------------------------------------------------
diff --git a/src/main/assembly/admin-web.xml b/src/main/assembly/admin-web.xml
index cb1aad2..0e97818 100644
--- a/src/main/assembly/admin-web.xml
+++ b/src/main/assembly/admin-web.xml
@@ -378,7 +378,8 @@
<include>ranger_credential_helper.py</include>
<include>deleteUserGroupUtil.py</include>
<include>changepasswordutil.py</include>
- <include>changeusernameutil.py</include>
+ <include>changeusernameutil.py</include>
+ <include>rolebasedusersearchutil.py</include>
</includes>
<fileMode>544</fileMode>
</fileSet>