You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/07 15:55:04 UTC
[2/3] incubator-ranger git commit: RANGER-250 : Build a permission
model with Ranger Admin portal
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index 7bd27c6..048d58c 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -1,135 +1,142 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- /**
- *
- */
-package org.apache.ranger.security.web.filter;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.ranger.biz.SessionMgr;
-import org.apache.ranger.common.GUIDUtil;
-import org.apache.ranger.common.HTTPUtil;
-import org.apache.ranger.common.PropertiesUtil;
-import org.apache.ranger.common.RequestContext;
-import org.apache.ranger.common.UserSessionBase;
-import org.apache.ranger.entity.XXAuthSession;
-import org.apache.ranger.security.context.RangerContextHolder;
-import org.apache.ranger.security.context.RangerSecurityContext;
-import org.apache.ranger.util.RestUtil;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class RangerSecurityContextFormationFilter extends GenericFilterBean {
-
- static Logger logger = Logger
- .getLogger(RangerSecurityContextFormationFilter.class);
-
- public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT";
- public static final String USER_AGENT = "User-Agent";
-
- @Autowired
- SessionMgr sessionMgr;
-
- @Autowired
- HTTPUtil httpUtil;
-
- String testIP = null;
-
- public RangerSecurityContextFormationFilter() {
- testIP = PropertiesUtil.getProperty("xa.env.ip");
- }
-
- /*
- * (non-Javadoc)
- *
- * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
- * javax.servlet.ServletResponse, javax.servlet.FilterChain)
- */
- @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
-
- try {
- Authentication auth = SecurityContextHolder.getContext()
- .getAuthentication();
-
- if (auth instanceof AnonymousAuthenticationToken) {
- // ignore
- } else {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpSession httpSession = httpRequest.getSession(false);
-
- // [1]get the context from session
- RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
- int clientTimeOffset = 0;
- if (context == null) {
- context = new RangerSecurityContext();
- httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
- }
- String userAgent = httpRequest.getHeader(USER_AGENT);
- clientTimeOffset=RestUtil.getTimeOffset(httpRequest);
-
- // Get the request specific info
- RequestContext requestContext = new RequestContext();
- String reqIP = testIP;
- if (testIP == null) {
- reqIP = httpRequest.getRemoteAddr();
- }
- requestContext.setIpAddress(reqIP);
- requestContext.setUserAgent(userAgent);
- requestContext.setDeviceType(httpUtil
- .getDeviceType(httpRequest));
- requestContext.setServerRequestId(GUIDUtil.genGUI());
- requestContext.setRequestURL(httpRequest.getRequestURI());
-
- requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
- context.setRequestContext(requestContext);
-
- RangerContextHolder.setSecurityContext(context);
-
- UserSessionBase userSession = sessionMgr.processSuccessLogin(
- XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
-
- if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
- userSession.setClientTimeOffsetInMinute(clientTimeOffset);
- }
-
- context.setUserSession(userSession);
- }
- chain.doFilter(request, response);
-
- } finally {
- // [4]remove context from thread-local
- RangerContextHolder.resetSecurityContext();
- }
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /**
+ *
+ */
+package org.apache.ranger.security.web.filter;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.SessionMgr;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.HTTPUtil;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RequestContext;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.entity.XXAuthSession;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.util.RestUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class RangerSecurityContextFormationFilter extends GenericFilterBean {
+
+ static Logger logger = Logger
+ .getLogger(RangerSecurityContextFormationFilter.class);
+
+ public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT";
+ public static final String USER_AGENT = "User-Agent";
+
+ @Autowired
+ SessionMgr sessionMgr;
+
+ @Autowired
+ HTTPUtil httpUtil;
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ String testIP = null;
+
+ public RangerSecurityContextFormationFilter() {
+ testIP = PropertiesUtil.getProperty("xa.env.ip");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
+ * javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+
+ try {
+ Authentication auth = SecurityContextHolder.getContext()
+ .getAuthentication();
+
+ if (auth instanceof AnonymousAuthenticationToken) {
+ // ignore
+ } else {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ String httpMethod=httpRequest.getMethod();
+ HttpSession httpSession = httpRequest.getSession(false);
+
+ // [1]get the context from session
+ RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
+ int clientTimeOffset = 0;
+ if (context == null) {
+ context = new RangerSecurityContext();
+ httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
+ }
+ String userAgent = httpRequest.getHeader(USER_AGENT);
+ clientTimeOffset=RestUtil.getTimeOffset(httpRequest);
+
+ // Get the request specific info
+ RequestContext requestContext = new RequestContext();
+ String reqIP = testIP;
+ if (testIP == null) {
+ reqIP = httpRequest.getRemoteAddr();
+ }
+ requestContext.setIpAddress(reqIP);
+ requestContext.setUserAgent(userAgent);
+ requestContext.setDeviceType(httpUtil
+ .getDeviceType(httpRequest));
+ requestContext.setServerRequestId(GUIDUtil.genGUI());
+ requestContext.setRequestURL(httpRequest.getRequestURI());
+
+ requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
+ context.setRequestContext(requestContext);
+
+ RangerContextHolder.setSecurityContext(context);
+
+ UserSessionBase userSession = sessionMgr.processSuccessLogin(
+ XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
+
+ if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
+ userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+ }
+
+ context.setUserSession(userSession);
+
+ xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod);
+ }
+ chain.doFilter(request, response);
+
+ } finally {
+ // [4]remove context from thread-local
+ RangerContextHolder.resetSecurityContext();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/UserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/UserService.java b/security-admin/src/main/java/org/apache/ranger/service/UserService.java
index 5fdca49..530244f 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/UserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/UserService.java
@@ -32,9 +32,11 @@ import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
+import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.view.VXMessage;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXResponse;
+import org.apache.ranger.view.VXUserPermission;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;
@@ -49,6 +51,9 @@ public class UserService extends UserServiceBase<XXPortalUser, VXPortalUser> {
@Autowired
RangerConfigUtil configUtil;
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
private static UserService instance = null;
public UserService() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
new file mode 100644
index 0000000..670e264
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
@@ -0,0 +1,55 @@
+package org.apache.ranger.service;
+
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class XGroupPermissionService extends XGroupPermissionServiceBase<XXGroupPermission, VXGroupPermission>{
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ public XGroupPermissionService() {
+ searchFields.add(new SearchField("id", "obj.id",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+ searchFields.add(new SearchField("groupPermissionList", "obj.groupId",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+ "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.groupId "));
+ }
+
+ @Override
+ protected void validateForCreate(VXGroupPermission vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXGroupPermission vObj, XXGroupPermission mObj) {
+
+ }
+
+ @Override
+ public VXGroupPermission populateViewBean(XXGroupPermission xObj) {
+ VXGroupPermission vObj = super.populateViewBean(xObj);
+ XXGroup xGroup = rangerDaoManager.getXXGroup().getById(
+ xObj.getGroupId());
+
+ if (xGroup == null) {
+ throw restErrorUtil.createRESTException(xGroup + " is Not Found",
+ MessageEnums.DATA_NOT_FOUND);
+ }
+
+ vObj.setGroupName(xGroup.getName());
+ return vObj;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
new file mode 100644
index 0000000..766d36c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
@@ -0,0 +1,60 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXGroupPermissionList;
+
+public abstract class XGroupPermissionServiceBase<T extends XXGroupPermission, V extends VXGroupPermission>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XGroupPermission";
+
+ public XGroupPermissionServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXGroupPermission mapViewToEntityBean(VXGroupPermission vObj,
+ XXGroupPermission mObj, int OPERATION_CONTEXT) {
+ mObj.setGroupId(vObj.getGroupId());
+ mObj.setModuleId(vObj.getModuleId());
+ mObj.setIsAllowed(vObj.getIsAllowed());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXGroupPermission mapEntityToViewBean(VXGroupPermission vObj, XXGroupPermission mObj) {
+ vObj.setGroupId(mObj.getGroupId());
+ vObj.setModuleId(mObj.getModuleId());
+ vObj.setIsAllowed(mObj.getIsAllowed());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) {
+ VXGroupPermissionList returnList = new VXGroupPermissionList();
+ List<VXGroupPermission> vXGroupPermissions = new ArrayList<VXGroupPermission>();
+
+ @SuppressWarnings("unchecked")
+ List<XXGroupPermission> resultList = (List<XXGroupPermission>) searchResources(
+ searchCriteria, searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXGroupPermission gjXUser : resultList) {
+ @SuppressWarnings("unchecked")
+ VXGroupPermission vXGroupPermission = populateViewBean((T) gjXUser);
+ vXGroupPermissions.add(vXGroupPermission);
+ }
+
+ returnList.setvXGroupPermission(vXGroupPermissions);
+ return returnList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
new file mode 100644
index 0000000..705ba0c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
@@ -0,0 +1,99 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXUserPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class XModuleDefService extends
+ XModuleDefServiceBase<XXModuleDef, VXModuleDef> {
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ @Autowired
+ XUserPermissionService xUserPermService;
+
+ @Autowired
+ XGroupPermissionService xGrpPermService;
+
+ public XModuleDefService(){
+ searchFields.add(new SearchField("module", "obj.module",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+searchFields
+ .add(new SearchField(
+ "userName",
+ "portalUser.loginId",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ " XXPortalUser portalUser, XXUserPermission userPermission",
+ "obj.id=userPermission.moduleId and portalUser.id=userPermission.userId and userPermission.isAllowed="
+ + RangerConstants.IS_ALLOWED));
+searchFields
+ .add(new SearchField(
+ "groupName",
+ "group.name",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ "XXGroup group,XXGroupPermission groupModulePermission",
+ "obj.id=groupModulePermission.moduleId and groupModulePermission.groupId=group.id and groupModulePermission.isAllowed="));
+}
+
+ @Override
+ protected void validateForCreate(VXModuleDef vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXModuleDef vObj, XXModuleDef mObj) {
+
+ }
+
+ @Override
+ public VXModuleDef populateViewBean(XXModuleDef xObj) {
+
+ VXModuleDef vModuleDef = super.populateViewBean(xObj);
+ List<VXUserPermission> vXUserPermissionList = new ArrayList<VXUserPermission>();
+ List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>();
+
+ List<XXUserPermission> xuserPermissionList = rangerDaoManager
+ .getXXUserPermission().findByModuleId(xObj.getId(), false);
+ List<XXGroupPermission> xgroupPermissionList = rangerDaoManager
+ .getXXGroupPermission().findByModuleId(xObj.getId(), false);
+ for (XXUserPermission xUserPerm : xuserPermissionList) {
+
+ VXUserPermission vXUserPerm = xUserPermService
+ .populateViewBean(xUserPerm);
+ vXUserPermissionList.add(vXUserPerm);
+
+ }
+
+ for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
+
+ VXGroupPermission vXGrpPerm = xGrpPermService
+ .populateViewBean(xGrpPerm);
+ vXGroupPermissionList.add(vXGrpPerm);
+
+ }
+
+ vModuleDef.setUserPermList(vXUserPermissionList);
+ vModuleDef.setGroupPermList(vXGroupPermissionList);
+ return vModuleDef;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
new file mode 100644
index 0000000..6d07c07
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXModuleDefList;
+
+public abstract class XModuleDefServiceBase<T extends XXModuleDef, V extends VXModuleDef>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XModuleDef";
+
+ public XModuleDefServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXModuleDef mapViewToEntityBean(VXModuleDef vObj, XXModuleDef mObj,
+ int OPERATION_CONTEXT) {
+ mObj.setModule(vObj.getModule());
+ mObj.setUrl(vObj.getUrl());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXModuleDef mapEntityToViewBean(VXModuleDef vObj, XXModuleDef mObj) {
+ vObj.setModule(mObj.getModule());
+ vObj.setUrl(mObj.getUrl());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXModuleDefList searchModuleDef(SearchCriteria searchCriteria) {
+ VXModuleDefList returnList = new VXModuleDefList();
+ List<VXModuleDef> vXModuleDefList = new ArrayList<VXModuleDef>();
+
+ @SuppressWarnings("unchecked")
+ List<XXModuleDef> resultList = (List<XXModuleDef>)searchResources(searchCriteria,
+ searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXModuleDef gjXModuleDef : resultList) {
+ @SuppressWarnings("unchecked")
+ VXModuleDef vXModuleDef = populateViewBean((T)gjXModuleDef);
+ vXModuleDefList.add(vXModuleDef);
+ }
+
+ returnList.setvXModuleDef(vXModuleDefList);
+ return returnList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
new file mode 100644
index 0000000..92d6197
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
@@ -0,0 +1,57 @@
+package org.apache.ranger.service;
+
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXUserPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+@Service
+@Scope("singleton")
+public class XUserPermissionService extends XUserPermissionServiceBase<XXUserPermission, VXUserPermission>{
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ public XUserPermissionService() {
+ searchFields.add(new SearchField("id", "obj.id",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+ searchFields.add(new SearchField("userPermissionList", "obj.userId",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+ "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.userId "));
+ }
+
+ @Override
+ protected void validateForCreate(VXUserPermission vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXUserPermission vObj, XXUserPermission mObj) {
+
+ }
+
+ @Override
+ public VXUserPermission populateViewBean(XXUserPermission xObj) {
+ VXUserPermission vObj = super.populateViewBean(xObj);
+
+ XXPortalUser xUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId());
+ if (xUser == null) {
+ xUser=rangerDaoManager.getXXPortalUser().findByXUserId(xObj.getUserId());
+ if(xUser==null)
+ throw restErrorUtil.createRESTException(xUser + " is Not Found",
+ MessageEnums.DATA_NOT_FOUND);
+ }
+
+ vObj.setUserName(xUser.getLoginId());
+ return vObj;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
new file mode 100644
index 0000000..54d0c0f
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXUserPermission;
+import org.apache.ranger.view.VXUserPermissionList;
+
+public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V extends VXUserPermission>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XUserPermission";
+
+ public XUserPermissionServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj,
+ XXUserPermission mObj, int OPERATION_CONTEXT) {
+ mObj.setUserId(vObj.getUserId());
+ mObj.setModuleId(vObj.getModuleId());
+ mObj.setIsAllowed(vObj.getIsAllowed());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXUserPermission mapEntityToViewBean(VXUserPermission vObj, XXUserPermission mObj) {
+ vObj.setUserId(mObj.getUserId());
+ vObj.setModuleId(mObj.getModuleId());
+ vObj.setIsAllowed(mObj.getIsAllowed());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) {
+ VXUserPermissionList returnList = new VXUserPermissionList();
+ List<VXUserPermission> vXUserPermissions = new ArrayList<VXUserPermission>();
+
+ @SuppressWarnings("unchecked")
+ List<XXUserPermission> resultList = (List<XXUserPermission>) searchResources(
+ searchCriteria, searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXUserPermission gjXUser : resultList) {
+ @SuppressWarnings("unchecked")
+ VXUserPermission vXUserPermission = populateViewBean((T) gjXUser);
+ vXUserPermissions.add(vXUserPermission);
+ }
+
+ returnList.setvXModuleDef(vXUserPermissions);
+ return returnList;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
new file mode 100644
index 0000000..fb54927
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
@@ -0,0 +1,129 @@
+package org.apache.ranger.view;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+
+public class VXGroupPermission extends VXDataObject implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Long groupId;
+ protected Long moduleId;
+ protected Integer isAllowed;
+ protected String moduleName;
+
+ protected String groupName;
+
+ public VXGroupPermission() {
+ // TODO Auto-generated constructor stub
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the groupId
+ */
+ public Long getGroupId() {
+ return groupId;
+ }
+
+ /**
+ * @param groupId the groupId to set
+ */
+ public void setGroupId(Long groupId) {
+ this.groupId = groupId;
+ }
+
+ /**
+ * @return the groupName
+ */
+ public String getGroupName() {
+ return groupName;
+ }
+
+ /**
+ * @param groupName the groupName to set
+ */
+ public void setGroupName(String groupName) {
+ this.groupName = groupName;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ public String getModuleName() {
+ return moduleName;
+ }
+
+ public void setModuleName(String moduleName) {
+ this.moduleName = moduleName;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXGroupPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "groupId={" + groupId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "moduleName={" + moduleName + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
new file mode 100644
index 0000000..0a243ef
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXGroupPermissionList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXGroupPermission> vXGroupPermission = new ArrayList<VXGroupPermission>();
+
+ public VXGroupPermissionList() {
+ super();
+ }
+
+ public VXGroupPermissionList(List<VXGroupPermission> objList) {
+ super(objList);
+ this.vXGroupPermission = objList;
+ }
+
+ /**
+ * @return the vXGroupPermission
+ */
+ public List<VXGroupPermission> getvXGroupPermission() {
+ return vXGroupPermission;
+ }
+
+ /**
+ * @param vXGroupPermission the vXGroupPermission to set
+ */
+ public void setvXGroupPermission(List<VXGroupPermission> vXGroupPermission) {
+ this.vXGroupPermission = vXGroupPermission;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXGroupPermission != null) {
+ return vXGroupPermission.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXGroupPermission> getList() {
+ return vXGroupPermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
new file mode 100644
index 0000000..e0b8157
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
@@ -0,0 +1,158 @@
+package org.apache.ranger.view;
+
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXUserPermission;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+
+public class VXModuleDef extends VXDataObject implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Date createTime;
+ protected Date updateTime;
+ protected Long addedById;
+ protected Long updatedById;
+ protected String module;
+ protected String url;
+
+ protected List<VXUserPermission> userPermList;
+ protected List<VXGroupPermission> groupPermList;
+
+ /**
+ * @return the userPermList
+ */
+ public List<VXUserPermission> getUserPermList() {
+ return userPermList;
+ }
+ /**
+ * @param userPermList the userPermList to set
+ */
+ public void setUserPermList(List<VXUserPermission> userPermList) {
+ this.userPermList = userPermList;
+ }
+ /**
+ * @return the groupPermList
+ */
+ public List<VXGroupPermission> getGroupPermList() {
+ return groupPermList;
+ }
+ /**
+ * @param groupPermList the groupPermList to set
+ */
+ public void setGroupPermList(List<VXGroupPermission> groupPermList) {
+ this.groupPermList = groupPermList;
+ }
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+ /**
+ * @return the createTime
+ */
+ public Date getCreateTime() {
+ return createTime;
+ }
+ /**
+ * @param createTime the createTime to set
+ */
+ public void setCreateTime(Date createTime) {
+ this.createTime = createTime;
+ }
+ /**
+ * @return the updateTime
+ */
+ public Date getUpdateTime() {
+ return updateTime;
+ }
+ /**
+ * @param updateTime the updateTime to set
+ */
+ public void setUpdateTime(Date updateTime) {
+ this.updateTime = updateTime;
+ }
+ /**
+ * @return the addedById
+ */
+ public Long getAddedById() {
+ return addedById;
+ }
+ /**
+ * @param addedById the addedById to set
+ */
+ public void setAddedById(Long addedById) {
+ this.addedById = addedById;
+ }
+ /**
+ * @return the updatedById
+ */
+ public Long getUpdatedById() {
+ return updatedById;
+ }
+ /**
+ * @param updatedById the updatedById to set
+ */
+ public void setUpdatedById(Long updatedById) {
+ this.updatedById = updatedById;
+ }
+ /**
+ * @return the module
+ */
+ public String getModule() {
+ return module;
+ }
+ /**
+ * @param module the module to set
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+ /**
+ * @return the url
+ */
+ public String getUrl() {
+ return url;
+ }
+ /**
+ * @param url the url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXModuleDef={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "createTime={" + createTime + "} ";
+ str += "updateTime={" + updateTime + "} ";
+ str += "addedById={" + addedById + "} ";
+ str += "updatedById={" + updatedById + "} ";
+ str += "module={" + module + "} ";
+ str += "url={" + url + "} ";
+ str += "}";
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
new file mode 100644
index 0000000..747f2ea
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
@@ -0,0 +1,62 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXModuleDefList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXModuleDef> vXModuleDef = new ArrayList<VXModuleDef>();
+
+ public VXModuleDefList() {
+ super();
+ }
+
+ public VXModuleDefList(List<VXModuleDef> objList) {
+ super(objList);
+ this.vXModuleDef = objList;
+ }
+
+ /**
+ * @return the vXModuleDef
+ */
+ public List<VXModuleDef> getvXModuleDef() {
+ return vXModuleDef;
+ }
+
+ /**
+ * @param vXModuleDef the vXModuleDef to set
+ */
+ public void setvXModuleDef(List<VXModuleDef> vXModuleDef) {
+ this.vXModuleDef = vXModuleDef;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXModuleDef != null) {
+ return vXModuleDef.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXModuleDef> getList() {
+ return vXModuleDef;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
index a0c9ec8..b08d518 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
@@ -20,6 +20,7 @@
package org.apache.ranger.view;
import java.util.Collection;
+import java.util.List;
import javax.xml.bind.annotation.XmlRootElement;
@@ -79,6 +80,9 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable {
* List of roles for this user
*/
protected Collection<String> userRoleList;
+ protected Collection<Long> groupIdList;
+ protected List<VXUserPermission> userPermList;
+ protected List<VXGroupPermission> groupPermissions;
/**
* Default constructor. This will set all the attributes to default value.
@@ -263,6 +267,31 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable {
return AppConstants.CLASS_TYPE_USER_PROFILE;
}
+ public Collection<Long> getGroupIdList() {
+ return groupIdList;
+ }
+
+ public void setGroupIdList(Collection<Long> groupIdList) {
+ this.groupIdList = groupIdList;
+ }
+
+
+ public List<VXUserPermission> getUserPermList() {
+ return userPermList;
+ }
+
+ public void setUserPermList(List<VXUserPermission> userPermList) {
+ this.userPermList = userPermList;
+ }
+
+ public List<VXGroupPermission> getGroupPermissions() {
+ return groupPermissions;
+ }
+
+ public void setGroupPermissions(List<VXGroupPermission> groupPermissions) {
+ this.groupPermissions = groupPermissions;
+ }
+
/**
* This return the bean content in string format
* @return formatedStr
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
new file mode 100644
index 0000000..591f516
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
@@ -0,0 +1,147 @@
+package org.apache.ranger.view;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+@XmlRootElement
+public class VXUserPermission extends VXDataObject implements
+ java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Long userId;
+ protected Long moduleId;
+ protected Integer isAllowed;
+ protected String userName;
+ protected String moduleName;
+ protected String loginId;
+
+
+
+ public VXUserPermission() {
+ // TODO Auto-generated constructor stub
+ }
+
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id
+ * the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the userId
+ */
+ public Long getUserId() {
+ return userId;
+ }
+
+ /**
+ * @param userId
+ * the userId to set
+ */
+ public void setUserId(Long userId) {
+ this.userId = userId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId
+ * the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed
+ * the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ /**
+ * @return the userName
+ */
+ public String getUserName() {
+ return userName;
+ }
+
+ /**
+ * @param userName the userName to set
+ */
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
+ public String getModuleName() {
+ return moduleName;
+ }
+
+ public void setModuleName(String moduleName) {
+ this.moduleName = moduleName;
+ }
+
+ public String getLoginId() {
+ return loginId;
+ }
+
+
+ public void setLoginId(String loginId) {
+ this.loginId = loginId;
+ }
+
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXUserPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "userId={" + userId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "moduleName={" + moduleName + "} ";
+ str += "loginId={" + loginId + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
new file mode 100644
index 0000000..075ce00
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXUserPermissionList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXUserPermission> vXUserPermission = new ArrayList<VXUserPermission>();
+
+ public VXUserPermissionList() {
+ super();
+ }
+
+ public VXUserPermissionList(List<VXUserPermission> objList) {
+ super(objList);
+ this.vXUserPermission = objList;
+ }
+
+ /**
+ * @return the vXModuleDef
+ */
+ public List<VXUserPermission> getvXModuleDef() {
+ return vXUserPermission;
+ }
+
+ /**
+ * @param vXModuleDef the vXModuleDef to set
+ */
+ public void setvXModuleDef(List<VXUserPermission> vXModuleDef) {
+ this.vXUserPermission = vXModuleDef;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXUserPermission != null) {
+ return vXUserPermission.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXUserPermission> getList() {
+ return vXUserPermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index b806dff..b94ef13 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -377,4 +377,99 @@
<query>select MAX(obj.objectId) from XXTrxLog obj where obj.objectClassType = :classType</query>
</named-query>
+ <!-- XXUserPermission -->
+ <named-query name="XXUserPermission.findByUserPermissionId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.userId=:userId
+ </query>
+ </named-query>
+ <named-query name="XXUserPermission.findByUserPermissionIdAndIsAllowed">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.userId=:userId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+
+ <named-query name="XXUserPermission.findByModuleId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXUserPermissionUpdates.findByModuleId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.moduleId=:moduleId
+ </query>
+ </named-query>
+
+ <!-- XXUserPermission -->
+ <named-query name="XXGroupPermission.findByGroupPermissionId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.groupId=:groupId
+ </query>
+ </named-query>
+
+ <named-query name="XXGroupPermission.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXGroupPermissionUpdates.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXGroupPermissionUpdate.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId
+ </query>
+ </named-query>
+
+ <named-query name="XXUserPermission.findByModuleIdAndUserId">
+ <query>SELECT XXUserPermObj
+ FROM XXUserPermission XXUserPermObj
+ WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId
+ </query>
+ </named-query>
+ <named-query name="XXModuleDef.findModuleNamesWithIds">
+ <query>SELECT XXMObj
+ FROM XXModuleDef XXMObj
+ </query>
+</named-query>
+<named-query name="XXPortalUser.findByUserName">
+ <query>SELECT Obj FROM XXPortalUser obj
+ WHERE obj.loginId=:loginId
+ </query>
+ </named-query>
+
+ <named-query name="XXPortalUser.findByXUserId">
+ <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser,XXUser xxUser
+ WHERE xxUser.id=:id and xxPortalUser.loginId=xxUser.name
+ </query>
+ </named-query>
+
+ <named-query name="XXPortalUser.findAllXPortalUser">
+ <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser
+ </query>
+</named-query>
+ <!-- VXModuleDef -->
+ <named-query name="XXModuleDef.findByModuleId">
+ <query>SELECT obj FROM XXModuleDef obj
+ WHERE obj.id=:id
+ </query>
+ </named-query>
+
+ <named-query name="XXModuleDef.findByModuleName">
+ <query>SELECT Obj FROM XXModuleDef obj
+ WHERE obj.module=:moduleName
+ </query>
+ </named-query>
+
+ <named-query name="XXGroupPermission.findByVXPoratUserId">
+ <query>SELECT distinct gmp FROM XXGroupUser xgu,XXUser xu,XXGroupPermission gmp, XXPortalUser xpu
+ WHERE xu.name=xpu.loginId and xu.id=xgu.userId and xgu.parentGroupId=gmp.groupId and xpu.id=:userId and gmp.isAllowed=:isAllowed
+ </query>
+</named-query>
+
+
+
+
</entity-mappings>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
new file mode 100644
index 0000000..597e589
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseCollection = require('collections/XABaseCollection');
+ var XAGlobals = require('utils/XAGlobals');
+ var UserPermission = require('models/UserPermission');
+
+ var UserPermissionListBase = XABaseCollection.extend(
+ /** @lends UserPermissionListBase.prototype */
+ {
+ url: XAGlobals.baseURL + 'permissions',
+
+ model : UserPermission,
+
+ /**
+ * UserPermissionListBase initialize method
+ * @augments XABaseCollection
+ * @constructs
+ */
+ initialize : function() {
+ this.modelName = 'UserPermission';
+ this.modelAttrName = 'UserPermissions';
+ this.bindErrorEvents();
+ },
+ /**
+ * override the parseRecords of PageableCollection for our use
+ */
+ parseRecords : function(resp, options){
+ return resp;
+ }
+ },{
+ // static class members
+ /**
+ * Table Cols to be passed to Backgrid
+ * UI has to use this as base and extend this.
+ *
+ */
+
+ tableCols : {}
+
+ });
+
+ return UserPermissionListBase;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
new file mode 100644
index 0000000..3ebee8f
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseCollection = require('collections/XABaseCollection');
+ var XAGlobals = require('utils/XAGlobals');
+ var VXModuleDef = require('models/VXModuleDef');
+
+ var VXModuleDefListBase = XABaseCollection.extend(
+ /** @lends VXModuleDefListBase.prototype */
+ {
+ url: XAGlobals.baseURL + 'xusers/permission',
+
+ model : VXModuleDef,
+
+ /**
+ * VXModuleDefListBase initialize method
+ * @augments XABaseCollection
+ * @constructs
+ */
+ initialize : function() {
+ this.modelName = 'VXModuleDef';
+ this.modelAttrName = 'vXModuleDef';
+ this.bindErrorEvents();
+ },
+ /**
+ * override the parseRecords of PageableCollection for our use
+ */
+ /*parseRecords : function(resp, options){
+ return resp;
+ }*/
+ },{
+ // static class members
+ /**
+ * Table Cols to be passed to Backgrid
+ * UI has to use this as base and extend this.
+ *
+ */
+
+ tableCols : {}
+
+ });
+
+ return VXModuleDefListBase;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
new file mode 100644
index 0000000..3218fe4
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var UserPermissionListBase = require('collection_bases/UserPermissionListBase');
+
+ var UserPermissionList = UserPermissionListBase.extend(
+ /** @lends UserPermissionList.prototype */
+ {
+ },{
+ // static class members
+ });
+
+ return UserPermissionList;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
new file mode 100644
index 0000000..83225f6
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXModuleDefListBase = require('collection_bases/VXModuleDefListBase');
+
+ var VXModuleDefList = VXModuleDefListBase.extend(
+ /** @lends VXModuleDefList.prototype */
+ {
+ },{
+ // static class members
+ });
+
+ return VXModuleDefList;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 34a0a94..e3a129e 100644
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -340,11 +340,67 @@ define(function(require) {
}));
});
},
+ /************PERMISSIONS LISTING *****************************************/
+ modulePermissionsAction :function(){
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Permissions.value });
+ var view = require('views/permissions/ModulePermsTableLayout');
+ var ModulePermission = require('models/VXModuleDef');
+ var ModulePermissionList = require('collections/VXModuleDefList');
+
+ var modulePermission = new ModulePermission();
+ var modulePermissionList = new ModulePermissionList();
+
+ modulePermissionList.fetch({
+ cache : false,
+ });
+ App.rContent.show(new view({
+ collection : modulePermissionList
+ }));
+
+ },
+ modulePermissionEditAction : function(moduleId){
+ MAppState.set({
+ 'currentTab' : XAGlobals.AppTabs.Permissions.value
+ });
+ var view = require('views/permissions/ModulePermissionCreate');
+ var ModulePermission = require('models/VXModuleDef');
+ var ModulePermissionList = require('collections/VXModuleDefList');
+ var modulePermission = new ModulePermission({id : moduleId});
+ var that = this
+ modulePermission.collection = new ModulePermissionList();
+ modulePermission.fetch({cache : true}).done(function(){
+ App.rContent.show(new view({
+ model : modulePermission,
+ groupList : that.groupList,
+ userList : that.userList
+ }));
+ });
+ },
+ postLoginDefaultView : function(){
+ var SessionMgr = require('mgrs/SessionMgr');
+ var XAGlobals = require('utils/XAGlobals');
+ var XALinks = require('modules/XALinks');
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ if (_.contains(userModuleNames, 'Policy Manager')){
+ location.hash = XALinks.get('ServiceManager').href;
+ }else if(_.contains(userModuleNames, 'Users/Groups')){
+ location.hash = XALinks.get('Users').href;
+ }else if(_.contains(userModuleNames, 'Analytics')){
+ location.hash = XALinks.get('UserAccessReport').href;
+ }else if(_.contains(userModuleNames, 'Audit')){
+ location.hash = XALinks.get('AuditReport').href +'/bigData';
+ }else if(SessionMgr.isSystemAdmin()){
+ location.hash = XALinks.get('ModulePermissions').href;
+ }else{
+ //If a user doesnot has access to any tab - taking user to by default Profile page.
+ location.hash = XALinks.get('UserProfile').href;
+ }
+ },
/**************** ERROR PAGE ******************************/
pageNotFoundAction : function() {
var XAUtils = require('utils/XAUtils');
XAUtils.defaultErrorHandler(undefined, { 'status' : 404 });
},
-
});
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
new file mode 100644
index 0000000..3751362
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseModel = require('models/XABaseModel');
+ var XAGlobals = require('utils/XAGlobals');
+
+ var UserPermissionBase = XABaseModel.extend(
+ /** @lends UserPermissionBase.prototype */
+ {
+ urlRoot: XAGlobals.baseURL + 'permissions',
+
+ defaults: {},
+
+ serverSchema : {
+ "id" : {
+ "dataType" : "Long"
+ }
+ },
+
+
+ idAttribute: 'id',
+
+ /**
+ * UserPermissionBase initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'UserPermission';
+ //this.bind("error", XAUtils.defaultErrorHandler);
+ this.bindErrorEvents();
+ },
+ }, {
+ // static class members
+ });
+
+ return UserPermissionBase;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
new file mode 100644
index 0000000..aed67af
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseModel = require('models/XABaseModel');
+ var XAGlobals = require('utils/XAGlobals');
+
+ var VXModuleDefBase = XABaseModel.extend(
+ /** @lends VXModuleDefBase.prototype */
+ {
+ urlRoot: XAGlobals.baseURL + 'xusers/permission',
+
+ defaults: {},
+
+ serverSchema : {
+ "id" : {
+ "dataType" : "Long"
+ }
+ },
+
+
+ idAttribute: 'id',
+
+ /**
+ * VXModuleDefBase initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXModuleDefBase';
+ //this.bind("error", XAUtils.defaultErrorHandler);
+ this.bindErrorEvents();
+ },
+ }, {
+ // static class members
+ });
+
+ return VXModuleDefBase;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/UserPermission.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/UserPermission.js b/security-admin/src/main/webapp/scripts/models/UserPermission.js
new file mode 100644
index 0000000..505abe7
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/models/UserPermission.js
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var UserPermissionBase = require('model_bases/UserPermissionBase');
+ var XAUtils = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var localization= require('utils/XALangSupport');
+
+ var UserPermission = UserPermissionBase.extend(
+ /** @lends UserPermissionBase.prototype */
+ {
+ /**
+ * UserPermissionBase initialize method
+ * @augments UserPermissionBase
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'UserPermission';
+ this.bindErrorEvents();
+ },
+ /**
+ * @function schema
+ * This method is meant to be used by UI,
+ * by default we will remove the unrequired attributes from serverSchema
+ */
+
+ schemaBase : function(){
+ var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version",
+ "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem");
+
+ _.each(attrs, function(o){
+ o.type = 'Hidden';
+ });
+
+ // Overwrite your schema definition here
+ return _.extend(attrs,{});
+ },
+
+ /** This models toString() */
+ toString : function(){
+ return this.get('name');
+ }
+
+ }, {
+ // static class members
+ });
+
+ return UserPermission;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
new file mode 100644
index 0000000..1a5edc8
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXModuleDefBase = require('model_bases/VXModuleDefBase');
+ var XAUtils = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var localization= require('utils/XALangSupport');
+
+ var VXModuleDef = VXModuleDefBase.extend(
+ /** @lends VXModuleDefBase.prototype */
+ {
+ /**
+ * VXModuleDefBase initialize method
+ * @augments VXModuleDefBase
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXModuleDef';
+ this.bindErrorEvents();
+ },
+ /**
+ * @function schema
+ * This method is meant to be used by UI,
+ * by default we will remove the unrequired attributes from serverSchema
+ */
+
+ schemaBase : function(){
+ var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version",
+ "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem");
+
+ _.each(attrs, function(o){
+ o.type = 'Hidden';
+ });
+
+ // Overwrite your schema definition here
+ return _.extend(attrs,{});
+ },
+
+ /** This models toString() */
+ toString : function(){
+ return this.get('name');
+ }
+
+ }, {
+ // static class members
+ });
+
+ return VXModuleDef;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index 00267b3..1c8ec93 100644
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -267,7 +267,23 @@ define(function(require) {
text : options.model.get('name') +' Policies',
title: options.model.get('name') +' Policies'
};
- }
+ },
+ ModulePermissions :{
+ href : '#!/permissions',
+ text : 'h.permissions',
+ title: 'h.permissions'
+ },
+ ModulePermissionEdit : function(options){
+ var href = "javascript:void(0);";
+ if(_.has(options,'model')){
+ href = '#!/permissions/'+options.model.id+"/edit";
+ }
+ return {
+ href : href,
+ text : options.model.get('module'),
+ title: options.model.get('module')
+ };
+ },
};
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 843d70c..fa475b3 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -204,6 +204,7 @@ define(function(require) {
groupSource : 'Group Source',
policyName : 'Policy Name',
allow : 'Allow',
+ allowAccess : 'Allow Access',
selectTopologyName : 'Select Topology Name',
selectServiceName : 'Select Service Name',
topologyName : 'Topology Name',
@@ -212,7 +213,8 @@ define(function(require) {
ipAddress : 'IP Address',
isVisible : 'Visible',
delegatedAdmin : 'Delegate Admin',
- policyId : 'Policy ID'
+ policyId : 'Policy ID',
+ moduleName : 'Module Name'
},
btn : {
add : 'Add',
@@ -267,10 +269,12 @@ define(function(require) {
searchForYourLoginSession :"Search for your login sessions...",
searchForYourAgent :"Search for your plugins...",
searchForPolicy :"Search for your policy...",
+ searchForPermissions :"Search for permissions...",
searchForYourUser :"Search for your users...",
searchForYourGroup :"Search for your groups...",
access : 'Access',
- policyCondition : 'Policy Condtions'
+ policyCondition : 'Policy Condtions',
+ permissions : 'Permissions'
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 752a7fc..530babf 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -74,7 +74,7 @@ function doLogin() {
if(location.hash.length > 2)
window.location.replace('index.html'+location.hash);
else
- window.location.replace('index.html'+'#!/policymanager');
+ window.location.replace('index.html');
},
error : function(jqXHR, textStatus, err ) {
$('#signIn').removeAttr('disabled');
@@ -124,4 +124,4 @@ $(function() {
$(e.target).parent().removeClass('error');
}
});
-});
\ No newline at end of file
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/routers/Router.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js
index d4b047c..61377ee 100644
--- a/security-admin/src/main/webapp/scripts/routers/Router.js
+++ b/security-admin/src/main/webapp/scripts/routers/Router.js
@@ -30,7 +30,7 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){
return Backbone.Marionette.AppRouter.extend({
/** Backbone routes hash */
appRoutes: {
- "" : "serviceManagerAction",//"dashboardAction",
+ "" : "postLoginDefaultView",//"dashboardAction",
"!/policymanager" : "serviceManagerAction",
/****** Analytics Report related **********************/
@@ -57,7 +57,10 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){
"!/service/:serviceId/policies" : "policyManageAction",
"!/service/:serviceId/policies/create" : "RangerPolicyCreateAction",
"!/service/:serviceId/policies/:id/edit": "RangerPolicyEditAction",
-
+
+ /************PERMISSIONS VIEWS *****************************************/
+ "!/permissions": "modulePermissionsAction",
+ "!/permissions/:id/edit" : "modulePermissionEditAction",
/*************** ERROR PAGE ****************************************/
"*actions" : "pageNotFoundAction"
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index a3dbe9b..6805ffd 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -51,7 +51,8 @@ define(function(require){
Assets : { value:6, valStr: 'Assets'},
Analytics : { value:7, valStr: 'Analytics'},
Audit : { value:8, valStr: 'Analytics'},
- None : { value:9, valStr: 'None'}
+ Permissions : { value:9, valStr:'Permissions'},
+ None : { value:10, valStr: 'None'}
};
XAGlobals.BooleanValue = {
@@ -65,5 +66,11 @@ define(function(require){
XAGlobals.DenyControllerActions = ['userManagerAction','userCreateAction','userEditAction','groupCreateAction',
'groupEditAction','auditReportAction','loginSessionDetail','serviceCreateAction','serviceEditAction'];
+ XAGlobals.ListOfModuleActions = {
+ 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
+ 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
+ 'Analytics' : ['userAccessReportAction'],
+ 'Audit' : ['auditReportAction','loginSessionDetail']
+ };
return XAGlobals;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 1bcb4b3..9b184e5 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -409,7 +409,39 @@ define(function(require) {
return newGroupArr.length ? newGroupArr.join(' ') : '--';
};
-
+
+ XAUtils.showGroupsOrUsers = function(rawValue, model, userOrGroups){
+ var showMoreLess = false, objArr = [];
+ if(!_.isArray(rawValue) && rawValue.length == 0)
+ return '--';
+ if(userOrGroups == 'groups'){
+ _.each(rawValue,function(perm){
+ objArr = _.union(objArr, perm.groupName)
+ });
+ }else if(userOrGroups == 'users'){
+ _.each(rawValue,function(perm){
+ objArr = _.union(objArr, perm.userName)
+ });
+ }
+
+ var newObjArr = _.map(objArr, function(name, i){
+ if(i >= 4){
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;">' + name + '</span>';
+ }else if(i == 3 && objArr.length > 4){
+ showMoreLess = true;
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>';
+ }else{
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>';
+ }
+ });
+ if(showMoreLess){
+ newObjArr.push('<span class="pull-left"><a href="javascript:void(0);" data-id="showMore" class="" policy-'+userOrGroups+'-id="'+model.id+'"><code style=""> + More..</code></a></span><span class="pull-left" ><a href="javascript:void(0);" data-id="showLess" class="" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;"><code> - Less..</code></a></span>');
+ }
+ return newObjArr.length ? newObjArr.join(' ') : '--';
+
+ };
+
+
XAUtils.defaultErrorHandler = function(model, error) {
var App = require('App');
var vError = require('views/common/ErrorView');
@@ -795,14 +827,28 @@ define(function(require) {
var SessionMgr = require('mgrs/SessionMgr');
var XAGlobals = require('utils/XAGlobals');
var that = this;
- if(!SessionMgr.isSystemAdmin()){
- _.each(XAGlobals.DenyControllerActions, function(routeMethodName) {
- if(!_.isUndefined(controller[routeMethodName])){
- controller[routeMethodName] = function(){
- that.defaultErrorHandler(undefined, {'status':401});
- };
- }
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var denyControllerActions= [];
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName');
+ var moduleNames = _.union(userModuleNames,groupModuleNames);
+ var denyModulesObj = _.omit(XAGlobals.ListOfModuleActions, moduleNames);
+ if(!_.isEmpty(denyModulesObj)){
+ _.each(denyModulesObj, function(deniedModule){
+ denyControllerActions.push(_.values(deniedModule));
});
+ denyControllerActions = _.flatten(denyControllerActions);
+ }
+
+ if(!_.isEmpty(denyControllerActions)){
+ _.each(denyControllerActions, function(routeMethodName) {
+ if(!_.isUndefined(controller[routeMethodName])){
+ controller[routeMethodName] = function(){
+ that.defaultErrorHandler(undefined, {'status':401});
+ };
+ }
+ });
+
}
return controller;
};