You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2019/08/01 18:45:39 UTC
[ranger] branch ranger-2.0 updated (54f4aac -> 2a97668)
This is an automated email from the ASF dual-hosted git repository.
vel pushed a change to branch ranger-2.0
in repository https://gitbox.apache.org/repos/asf/ranger.git.
from 54f4aac RANGER-2516 : addednum change
new 77e70cb RANGER-2517: UI changes for policy to implicitly deny all accesses not explicitly allowed by it.
new 2a97668 RANGER-2520 : Prevent Roles to be saved in Ranger Role Management page when user or groups are not added to the role.
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../webapp/scripts/modules/globalize/message/en.js | 2 +
.../src/main/webapp/scripts/utils/XAUtils.js | 26 +++--
.../scripts/views/policies/RangerPolicyForm.js | 50 +++++++-
.../scripts/views/policies/RangerPolicyRO.js | 11 +-
.../views/policies/RangerPolicyTableLayout.js | 2 +-
.../views/reports/PlugableServiceDiffDetail.js | 1 +
.../scripts/views/users/AddUsersOrGroupsList.js | 3 +
.../main/webapp/scripts/views/users/RoleCreate.js | 4 +
.../main/webapp/scripts/views/users/RoleForm.js | 16 +++
.../webapp/scripts/views/users/UserTableLayout.js | 35 +++---
security-admin/src/main/webapp/styles/xa.css | 6 +
.../templates/policies/RangerPolicyForm_tmpl.html | 6 +
.../templates/policies/RangerPolicyRO_tmpl.html | 42 ++++---
.../PlugableServicePolicyDeleteDiff_tmpl.html | 54 +++++++++
.../reports/PlugableServicePolicyDiff_tmpl.html | 126 +++++++++++++-------
.../PlugableServicePolicyUpdateDiff_tmpl.html | 130 +++++++++++++++++++--
16 files changed, 412 insertions(+), 102 deletions(-)
[ranger] 02/02: RANGER-2520 : Prevent Roles to be saved in Ranger
Role Management page when user or groups are not added to the role.
Posted by ve...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch ranger-2.0
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 2a97668824d6a05f97193f3bf21d1bbe50a48330
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Wed Jul 31 19:13:02 2019 +0530
RANGER-2520 : Prevent Roles to be saved in Ranger Role Management page when user or groups are not added to the role.
(cherry picked from commit 716591dec8a80ac50d4fc0ff4a1c3337404e3ec7)
---
.../webapp/scripts/modules/globalize/message/en.js | 1 +
.../src/main/webapp/scripts/utils/XAUtils.js | 26 +++--
.../views/policies/RangerPolicyTableLayout.js | 2 +-
.../views/reports/PlugableServiceDiffDetail.js | 1 +
.../scripts/views/users/AddUsersOrGroupsList.js | 3 +
.../main/webapp/scripts/views/users/RoleCreate.js | 4 +
.../main/webapp/scripts/views/users/RoleForm.js | 16 +++
.../webapp/scripts/views/users/UserTableLayout.js | 35 +++---
.../PlugableServicePolicyDeleteDiff_tmpl.html | 54 +++++++++
.../reports/PlugableServicePolicyDiff_tmpl.html | 126 +++++++++++++-------
.../PlugableServicePolicyUpdateDiff_tmpl.html | 130 +++++++++++++++++++--
11 files changed, 317 insertions(+), 81 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index c320fdb..4096020 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -476,6 +476,7 @@ define(function(require) {
noDeleteRoleRow :'Please select ranger role first to delete.',
addRolePermission : 'Please add permission(s) for the selected role, else role will not be added.',
addRole : 'Please select role for the selected permission(s), else role will not be added.',
+ addSelectedUserGroupRoles : 'Please add selected user/group/roles to there respective table else user/group/roles will not be added.'
},
plcHldr : {
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 5fca82c..80277f6 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -466,40 +466,40 @@ define(function(require) {
options = _.isUndefined(options) ? Opt : options;
$.msg(options);
};
- XAUtils.showGroups = function(rawValue) {
+ XAUtils.showMoreLessBtnForGroupsUsersRoles = function(rawValue , type) {
var showMoreLess = false, id;
if (_.isArray(rawValue))
rawValue = new Backbone.Collection(rawValue);
if (!_.isUndefined(rawValue) && rawValue.models.length > 0) {
var groupArr = _.uniq(_.compact(_.map(rawValue.models, function(m,
i) {
- if (m.has('groupName'))
- return _.escape(m.get('groupName'));
+ if (m.has('entityName'))
+ return _.escape(m.get('entityName'));
})));
if (groupArr.length > 0) {
if (rawValue.first().has('resourceId'))
id = rawValue.first().get('resourceId');
else
- id = rawValue.first().get('userId');
+ id = rawValue.first().get('modelId');
}
var newGroupArr = _.map(groupArr, function(name, i) {
if (i >= 4)
- return '<span class="label label-info float-left-margin-2" policy-group-id="'
+ return '<span class="label label-info float-left-margin-2" data-name='+type+' model-'+ type +'-id="'
+ id + '" style="display:none;">' + name
+ '</span>';
else if (i == 3 && groupArr.length > 4) {
showMoreLess = true;
- return '<span class="label label-info float-left-margin-2" policy-group-id="'
+ return '<span class="label label-info float-left-margin-2" data-name='+type+' model-'+ type +'-id="'
+ id + '">' + name + '</span>';
} else
- return '<span class="label label-info float-left-margin-2" policy-group-id="'
+ return '<span class="label label-info float-left-margin-2" data-name='+type+' model-'+ type +'-id="'
+ id + '">' + name + '</span>';
});
if (showMoreLess) {
newGroupArr
- .push('<span class="float-left-margin-2"><a href="javascript:void(0);" data-id="showMore" class="" policy-group-id="'
+ .push('<span class="float-left-margin-2"><a href="javascript:void(0);" data-id="showMore" class="" data-name='+type+' model-'+ type +'-id="'
+ id
- + '"><code style=""> + More..</code></a></span><span class="float-left-margin-2"><a href="javascript:void(0);" data-id="showLess" class="" policy-group-id="'
+ + '"><code style=""> + More..</code></a></span><span class="float-left-margin-2"><a href="javascript:void(0);" data-id="showLess" class="" data-name='+type+' model-'+ type +'-id="'
+ id
+ '" style="display:none;"><code> - Less..</code></a></span>');
}
@@ -1729,6 +1729,14 @@ define(function(require) {
});
}
+ //Scroll up for roles create page
+ XAUtils.scrollToRolesField = function(field) {
+ $("html, body").animate({
+ scrollTop : field.position().top - 150
+ }, 1100, function() {
+ field.focus();
+ });
+ };
return XAUtils;
});
\ No newline at end of file
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index f8b71e1..31fc7c1 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@ -417,7 +417,7 @@ define(function(require){
$td.find('[data-id="showMore"]['+attrName+'="'+id+'"]').parents('div[data-id="groupsDiv"]').removeClass('set-height-groups');
},
attributName :function(e){
- var attrName = ['policy-groups-id', 'policy-users-id', 'policy-label-id'], attributeName = "";
+ var attrName = ['policy-groups-id', 'policy-users-id', 'policy-label-id' , 'policy-roles-id'], attributeName = "";
attributeName =_.filter(attrName, function(name){
if($(e.currentTarget).attr(name)){
return name;
diff --git a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
index ce3af44..c319d81 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js
@@ -152,6 +152,7 @@ define(function(require){
_.each(oldOl, function(ol, i) {
this.highLightElement($(ol).find('.username'), $(newOl[i]).find('.username'));
+ this.highLightElement($(ol).find('.rolename'), $(newOl[i]).find('.rolename'));
this.highLightElement($(ol).find('.groupname'), $(newOl[i]).find('.groupname'));
this.highLightElement($(ol).find('.perm'), $(newOl[i]).find('.perm'));
this.highLightElement($(ol).find('.condition'), $(newOl[i]).find('.condition'));
diff --git a/security-admin/src/main/webapp/scripts/views/users/AddUsersOrGroupsList.js b/security-admin/src/main/webapp/scripts/views/users/AddUsersOrGroupsList.js
index 8d23b80..3a24690 100644
--- a/security-admin/src/main/webapp/scripts/views/users/AddUsersOrGroupsList.js
+++ b/security-admin/src/main/webapp/scripts/views/users/AddUsersOrGroupsList.js
@@ -108,6 +108,7 @@ define(function(require) {
ui : {
'selectUsersOrGroups' : '[data-js="selectUsersOrGroups"]',
+ 'addUserGroupRoleBtn' : '[data-action="addUserGroup"]'
},
events : {
@@ -128,6 +129,8 @@ define(function(require) {
+this.fieldName+' found</td></tr>');
}
this.ui.selectUsersOrGroups.select2(XAUtil.getUsersGroupsList(this.fieldName, this));
+ this.ui.selectUsersOrGroups.attr("data-name", this.fieldName+"Select");
+ this.ui.addUserGroupRoleBtn.attr("data-name", this.fieldName+"AddBtn")
},
addNew : function() {
diff --git a/security-admin/src/main/webapp/scripts/views/users/RoleCreate.js b/security-admin/src/main/webapp/scripts/views/users/RoleCreate.js
index e7e9f06..91da5ab 100644
--- a/security-admin/src/main/webapp/scripts/views/users/RoleCreate.js
+++ b/security-admin/src/main/webapp/scripts/views/users/RoleCreate.js
@@ -107,6 +107,10 @@ define(function(require){
}
XAUtil.blockUI();
this.form.beforeSave()
+ if(!this.form.beforeSave()){
+ XAUtil.blockUI('unblock');
+ return
+ }
this.form.usersColl.models.filter(function(m){
usersDetails.push ({'name' : m.get('name') , 'isAdmin' : m.get('isAdmin')});
})
diff --git a/security-admin/src/main/webapp/scripts/views/users/RoleForm.js b/security-admin/src/main/webapp/scripts/views/users/RoleForm.js
index a3fd9f3..e55899a 100644
--- a/security-admin/src/main/webapp/scripts/views/users/RoleForm.js
+++ b/security-admin/src/main/webapp/scripts/views/users/RoleForm.js
@@ -107,6 +107,21 @@ define(function(require){
beforeSave : function() {
var that = this;
+ if(!_.isEmpty(this.$el.find('[data-name="usersSelect"]').select2('data')) ||
+ !_.isEmpty(this.$el.find('[data-name="groupsSelect"]').select2('data')) ||
+ !_.isEmpty(this.$el.find('[data-name="rolesSelect"]').select2('data'))) {
+ if(!_.isEmpty(this.$el.find('[data-name="usersSelect"]').select2('data'))) {
+ XAUtils.scrollToRolesField(this.$el.find('[data-name="usersAddBtn"]'));
+ } else if (!_.isEmpty(this.$el.find('[data-name="groupsSelect"]').select2('data'))) {
+ XAUtils.scrollToRolesField(this.$el.find('[data-name="groupsAddBtn"]'));
+ } else {
+ XAUtils.scrollToRolesField(this.$el.find('[data-name="rolesAddBtn"]'));
+ }
+ XAUtils.alertPopup({
+ msg :localization.tt('msg.addSelectedUserGroupRoles'),
+ });
+ return false;
+ }
this.usersColl.remove(that.usersColl.models.filter(function(model){
return _.isUndefined(model.get('name'))
}));
@@ -116,6 +131,7 @@ define(function(require){
this.rolesColl.remove(that.rolesColl.models.filter(function(model){
return _.isUndefined(model.get('name'))
}))
+ return true;
},
});
diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
index 13f7681..dabad17 100755
--- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js
@@ -424,8 +424,8 @@ define(function(require){
label : localization.tt("lbl.groups"),
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
fromRaw: function (rawValue,model) {
- if(!_.isUndefined(rawValue)){
- return XAUtil.showGroups(_.map(rawValue,function(name){return {'userId': model.id,'groupName': name}}));
+ if(!_.isUndefined(rawValue) && !_.isEmpty(rawValue)){
+ return XAUtil.showMoreLessBtnForGroupsUsersRoles(_.map(rawValue,function(name){return {'modelId': model.id,'entityName': name}}) , 'groups');
}
else
return '--';
@@ -621,8 +621,7 @@ define(function(require){
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
fromRaw: function (rawValue, model) {
if(!_.isUndefined(rawValue) && rawValue.length != 0){
- var users = rawValue.map(function(m){return m.name});
- return XAUtil.showMoreAndLessButton(users, model)
+ return XAUtil.showMoreLessBtnForGroupsUsersRoles(_.map(rawValue,function(m){return {'modelId': model.id,'entityName': m.name}}), 'users');
}else{
return '--';
}
@@ -637,8 +636,7 @@ define(function(require){
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
fromRaw: function (rawValue, model) {
if(!_.isUndefined(rawValue) && rawValue.length != 0){
- var groups = rawValue.map(function(m){return m.name});
- return XAUtil.showMoreAndLessButton(groups, model)
+ return XAUtil.showMoreLessBtnForGroupsUsersRoles(_.map(rawValue,function(m){return {'modelId': model.id,'entityName': m.name}}), 'groups');
}else{
return '--';
}
@@ -653,8 +651,7 @@ define(function(require){
formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
fromRaw: function (rawValue, model) {
if(!_.isUndefined(rawValue) && rawValue.length != 0){
- var roles = rawValue.map(function(m){return m.name});
- return XAUtil.showMoreAndLessButton(roles, model)
+ return XAUtil.showMoreLessBtnForGroupsUsersRoles(_.map(rawValue,function(m){return {'modelId': model.id,'entityName': m.name}}), 'roles');
}else{
return '--';
}
@@ -1040,18 +1037,20 @@ define(function(require){
return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label}; })
},
onShowMore : function(e){
- var id = $(e.currentTarget).attr('policy-group-id');
- this.rTableList.$el.find('[policy-group-id="'+id+'"]').show();
- $('[data-id="showLess"][policy-group-id="'+id+'"]').show();
- $('[data-id="showMore"][policy-group-id="'+id+'"]').hide();
- $('[data-id="showMore"][policy-group-id="'+id+'"]').parents('div[data-id="groupsDiv"]').addClass('set-height-groups');
+ var name = $(e.currentTarget).attr('data-name');
+ var id = $(e.currentTarget).attr('model-'+name+'-id');
+ this.rTableList.$el.find('[model-'+name+'-id="'+id+'"]').show();
+ $('[data-id="showLess"][model-'+name+'-id="'+id+'"]').show();
+ $('[data-id="showMore"][model-'+name+'-id="'+id+'"]').hide();
+ $('[data-id="showMore"][model-'+name+'-id="'+id+'"]').parents('div[data-id="groupsDiv"]').addClass('set-height-groups');
},
onShowLess : function(e){
- var id = $(e.currentTarget).attr('policy-group-id');
- this.rTableList.$el.find('[policy-group-id="'+id+'"]').slice(4).hide();
- $('[data-id="showLess"][policy-group-id="'+id+'"]').hide();
- $('[data-id="showMore"][policy-group-id="'+id+'"]').show();
- $('[data-id="showMore"][policy-group-id="'+id+'"]').parents('div[data-id="groupsDiv"]').removeClass('set-height-groups')
+ var name = $(e.currentTarget).attr('data-name');
+ var id = $(e.currentTarget).attr('model-'+name+'-id');
+ this.rTableList.$el.find('[model-'+name+'-id="'+id+'"]').slice(4).hide();
+ $('[data-id="showLess"][model-'+name+'-id="'+id+'"]').hide();
+ $('[data-id="showMore"][model-'+name+'-id="'+id+'"]').show();
+ $('[data-id="showMore"][model-'+name+'-id="'+id+'"]').parents('div[data-id="groupsDiv"]').removeClass('set-height-groups')
},
checkRoleKeyAdmin : function() {
if(SessionMgr.isKeyAdmin()){
diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html
index fc5c302..f37c158 100644
--- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html
@@ -104,6 +104,15 @@
<h3>Old Value</h3>
{{#each oldPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -149,6 +158,15 @@
<h3>old Value</h3>
{{#each oldMaskPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Groups:
{{#if_eq this.groups compare=0}}
<empty>
@@ -190,6 +208,15 @@
<h3>Old Value</h3>
{{#each oldRowFilterPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Groups:
{{#if_eq this.groups compare=0}}
<empty>
@@ -228,6 +255,15 @@
<h3>Old Value</h3>
{{#each oldAllowExceptionPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -273,6 +309,15 @@
<h3>Old Value</h3>
{{#each oldDenyPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -318,6 +363,15 @@
<h3>Old Value</h3>
{{#each oldDenyExceptionPolicyItems}}
<ol class="unstyled data">
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
index 0dcae38..59fa1f3 100644
--- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html
@@ -103,13 +103,20 @@
<h3>New Value</h3>
{{#each newPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
@@ -146,13 +153,20 @@
<h3>New Value</h3>
{{#each newAllowExceptionPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
@@ -189,13 +203,20 @@
<h3>New Value</h3>
{{#each newDenyPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
@@ -230,13 +251,20 @@
<h3>New Value</h3>
{{#each newDenyExceptionPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
@@ -272,13 +300,20 @@
<h3>New Value</h3>
{{#each newMaskPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
@@ -313,13 +348,20 @@
<h3>New Value</h3>
{{#each newRowFilterPolicyItems}}
<ol class="unstyled data">
- <li class="change-row">Groups:
- {{#if_eq this.groups compare=0}}
- <empty>
- {{else}}
- {{this.groups}}
- {{/if_eq}}
- </li>
+ <li class="change-row">Roles:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{this.roles}}
+ {{/if_eq}}
+ </li>
+ <li class="change-row">Groups:
+ {{#if_eq this.groups compare=0}}
+ <empty>
+ {{else}}
+ {{this.groups}}
+ {{/if_eq}}
+ </li>
<li class="change-row">Users:
{{#if_eq this.users compare=0}}
<empty>
diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
index c06c237..4c00a8a 100644
--- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
+++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html
@@ -180,6 +180,15 @@
{{#each oldPolicyItems}}
<ol class="unstyled data">
{{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -222,7 +231,16 @@
<h3>New Value</h3>
{{#each newPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -271,7 +289,16 @@
<h3>Old Value</h3>
{{#each oldAllowExceptionPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -314,7 +341,16 @@
<h3>New Value</h3>
{{#each newAllowExceptionPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -364,7 +400,16 @@
<h3>Old Value</h3>
{{#each oldDenyPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -407,7 +452,16 @@
<h3>New Value</h3>
{{#each newDenyPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -458,7 +512,16 @@
<h3>Old Value</h3>
{{#each oldDenyExceptionPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -501,7 +564,16 @@
<h3>New Value</h3>
{{#each newDenyExceptionPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -551,7 +623,16 @@
<h3>Old Value</h3>
{{#each oldMaskPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -591,7 +672,16 @@
<h3>New Value</h3>
{{#each newMaskPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -639,7 +729,16 @@
<h3>Old Value</h3>
{{#each oldRowFilterPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
@@ -679,7 +778,16 @@
<h3>New Value</h3>
{{#each newRowFilterPolicyItems}}
<ol class="unstyled data">
- {{#ifCond this.users '||' this.groups}}
+ {{#ifCond this.users '||' this.groups }}
+ <li class="change-row"><i>Roles</i>:
+ {{#if_eq this.roles compare=0}}
+ <empty>
+ {{else}}
+ {{#each this.roles}}
+ <span class="rolename">{{this}}</span><span>,</span>
+ {{/each}}
+ {{/if_eq}}
+ </li>
<li class="change-row"><i>Groups</i>:
{{#if_eq this.groups compare=0}}
<empty>
[ranger] 01/02: RANGER-2517: UI changes for policy to implicitly
deny all accesses not explicitly allowed by it.
Posted by ve...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
vel pushed a commit to branch ranger-2.0
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 77e70cbbc29c23657d41a231927d559cc349aead
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Wed Jul 31 18:29:08 2019 +0530
RANGER-2517: UI changes for policy to implicitly deny all accesses not explicitly allowed by it.
(cherry picked from commit 630d4b7cd112094df1ac9fe55261c112094a9d97)
---
.../webapp/scripts/modules/globalize/message/en.js | 1 +
.../scripts/views/policies/RangerPolicyForm.js | 50 +++++++++++++++++++---
.../scripts/views/policies/RangerPolicyRO.js | 11 ++++-
security-admin/src/main/webapp/styles/xa.css | 6 +++
.../templates/policies/RangerPolicyForm_tmpl.html | 6 +++
.../templates/policies/RangerPolicyRO_tmpl.html | 42 ++++++++++++------
6 files changed, 95 insertions(+), 21 deletions(-)
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 8078829..c320fdb 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -64,6 +64,7 @@ define(function(require) {
groups : 'Groups',
group : 'Groups',
auditLogging : 'Audit Logging',
+ isDenyAllElse : 'Deny All Other Accesses',
encrypted : 'Encrypt',
resourceType : 'Resource Type',
description : 'Description',
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
index a862dde..e2bd6ed 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js
@@ -113,7 +113,8 @@ define(function(require){
'allowExcludePerm' : '[data-js="allowExcludePerm"]',
'policyTimeBtn' : '[data-js="policyTimeBtn"]',
'policyConditions' : '[data-js="customPolicyConditions"]',
- 'conditionData' : '[data-id="conditionData"]'
+ 'conditionData' : '[data-id="conditionData"]',
+ 'isDenyAllElse' : '[data-js="isDenyAllElse"]',
},
/** fields for the form
*/
@@ -142,10 +143,13 @@ define(function(require){
if(!_.isUndefined(this.initilializePathPlugin) && this.initilializePathPlugin){
this.initializePathPlugins(this.pathPluginOpts);
}
- this.renderCustomFields();
+ if(XAUtil.isAccessPolicy(this.model.get('policyType'))){
+ this.evdenyAccessChange();
+ }
if(!this.model.isNew()){
this.setUpSwitches();
}
+ this.renderCustomFields();
//checkParent
this.renderParentChildHideShow();
@@ -321,6 +325,22 @@ define(function(require){
evIsEnabledChange : function(form, fieldEditor){
XAUtil.checkDirtyFieldForToggle(fieldEditor.$el);
},
+ evdenyAccessChange : function(){
+ var that =this;
+ this.$el.find(this.ui.isDenyAllElse).toggles({
+ on : that.model.has('isDenyAllElse') ? that.model.get('isDenyAllElse') : false,
+ text : {on : 'True', off : 'False' },
+ width : 80,
+ }).on('click', function(e){
+ XAUtil.checkDirtyFieldForToggle(that.$el.find(that.ui.isDenyAllElse));
+ if(that.$el.find(that.ui.isDenyAllElse).find('.toggle-slide').hasClass('active')) {
+ that.$el.find(that.ui.denyConditionItems).hide();
+ } else {
+ that.$el.find(that.ui.denyConditionItems).show();
+ }
+ });
+
+ },
setupForm : function() {
if(!this.model.isNew()){
this.selectedResourceTypes = {};
@@ -393,7 +413,10 @@ define(function(require){
if( !enableDenyAndExceptionsInPolicies ){
this.$el.find(this.ui.allowExcludePerm).hide();
this.$el.find(this.ui.denyConditionItems).remove();
- }
+ }
+ if(enableDenyAndExceptionsInPolicies && this.$el.find(this.ui.isDenyAllElse).find('.toggle-slide').hasClass('active')){
+ this.$el.find(this.ui.denyConditionItems).hide();
+ }
that.$('[data-customfields="groupPerms"]').html(new PermissionList({
collection : that.formInputList,
@@ -578,10 +601,20 @@ define(function(require){
}else if( XAUtil.isRowFilterPolicy(this.model.get('policyType')) ){
this.model.set('rowFilterPolicyItems', this.setPermissionsToColl(this.formInputList, new RangerPolicyItem()));
}else{
+ if(this.$el.find(this.ui.isDenyAllElse).find('.toggle-slide').hasClass('active')) {
+ this.model.set('isDenyAllElse',true);
+ } else {
+ this.model.set('isDenyAllElse',false);
+ }
this.model.set('policyItems', this.setPermissionsToColl(this.formInputList, new RangerPolicyItem()));
- this.model.set('denyPolicyItems', this.setPermissionsToColl(this.formInputDenyList, new RangerPolicyItem()));
this.model.set('allowExceptions', this.setPermissionsToColl(this.formInputAllowExceptionList, new RangerPolicyItem()));
- this.model.set('denyExceptions', this.setPermissionsToColl(this.formInputDenyExceptionList, new RangerPolicyItem()));
+ if(!this.model.get('isDenyAllElse')){
+ this.model.set('denyPolicyItems', this.setPermissionsToColl(this.formInputDenyList, new RangerPolicyItem()));
+ this.model.set('denyExceptions', this.setPermissionsToColl(this.formInputDenyExceptionList, new RangerPolicyItem()));
+ }else{
+ this.model.set('denyPolicyItems',[]);
+ this.model.set('denyExceptions',[]);
+ }
}
this.model.set('service',this.rangerService.get('name'));
var policyName = this.model.get('name');
@@ -592,6 +625,7 @@ define(function(require){
if(this.model.has('policyPriority')){
this.model.set('policyPriority', this.model.get('policyPriority') ? 1 : 0);
}
+
},
setPermissionsToColl : function(list, policyItemList) {
list.each(function(m){
@@ -917,7 +951,11 @@ define(function(require){
return obj;
},
getPolicyBaseFieldNames : function(){
- return ['description','isAuditEnabled'];
+ var baseField = ['description','isAuditEnabled', 'isDenyAllElse'];
+ if(XAUtil.isMaskingPolicy(this.model.get('policyType')) || XAUtil.isRowFilterPolicy(this.model.get('policyType'))){
+ baseField = _.without(baseField, 'isDenyAllElse');
+ }
+ return baseField;
},
getResources : function(){
if(XAUtil.isMaskingPolicy(this.model.get('policyType'))){
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
index e9fcd7d..af024e2 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js
@@ -49,7 +49,8 @@ define(function(require) {
return {
PolicyDetails: this.policyDetails,
isDelegatAdmin: isDelegatAdminChk,
- policyType: policyType.label
+ policyType: policyType.label,
+ isDenyAllElse : this.policy.has('isDenyAllElse') && !_.isUndefined(this.policy.get('isDenyAllElse')) ? true : false,
};
},
@@ -177,6 +178,9 @@ define(function(require) {
if(this.policy.has('conditions') && this.policy.get('conditions').length > 0 && self.serviceDef){
details.conditions = XAUtils.getPolicyConditionDetails(this.policy.get('conditions'), self.serviceDef);
}
+ if(this.policy.has('isDenyAllElse')) {
+ details.isDenyAllElse = this.policy.get('isDenyAllElse') ? 'TRUE' : 'FALSE';
+ }
//get policyItems
this.createPolicyItems();
@@ -198,6 +202,11 @@ define(function(require) {
items.push({'itemName': 'allowExceptions',title : 'Exclude from Allow Conditions'},
{'itemName': 'denyPolicyItems',title : 'Deny Condition'},
{'itemName': 'denyExceptions',title : 'Exclude from Deny Conditions'});
+ if(this.policy.has('isDenyAllElse') && this.policy.get('isDenyAllElse')){
+ items = _.reject(items, function(m){
+ return m.itemName == 'denyPolicyItems' || m.itemName == 'denyExceptions'
+ })
+ }
}
_.each(items, function(item){
if(!_.isUndefined(this.policy.get(item.itemName))){
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index 3f39024..ee637d2 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -2807,3 +2807,9 @@ div#zoneServiceAccordion table thead {
padding: 9px 15px;
background-color: white;
}
+
+.deny-all-else {
+ margin-top: 16px;
+ margin-bottom: 15px;
+ padding: 9px 0;
+}
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
index 7436829..ffea44d 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html
@@ -101,6 +101,12 @@ language governing permissions and limitations under the License. --}}
{{/compare}}
</div>
{{#compare "Allow" "eq" conditionType}}
+ <div>
+ <div class="toggle-xa control-group">
+ <label class="control-label"> Deny All Other Accesses : </label>
+ <div data-js="isDenyAllElse" class="toggle controls"></div>
+ </div>
+ </div>
<div data-js="denyConditionItems">
<p class="wrap-header bold formHeader">Deny Conditions :</p>
diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
index f8c6bce..c36dc26 100644
--- a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
+++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html
@@ -66,6 +66,20 @@
<span class="label label-inverse pull-right">{{PolicyDetails.isEnabled}}</span>
</td>
</tr>
+ <tr>
+ <td>
+ {{tt 'lbl.policyLabels'}}
+ </td>
+ <td>
+ {{#ifCond PolicyDetails.policyLabels.length '==' "0"}}
+ --
+ {{else}}
+ {{#each PolicyDetails.policyLabels}}
+ <span class="label label-inverse ">{{this}}</span>
+ {{/each}}
+ {{/ifCond}}
+ </td>
+ </tr>
{{#each PolicyDetails.resources}}
<tr>
<td>
@@ -102,20 +116,6 @@
<span class="label label-info">{{PolicyDetails.isAuditEnabled}}</span>
</td>
</tr>
- <tr>
- <td>
- {{tt 'lbl.policyLabels'}}
- </td>
- <td>
- {{#ifCond PolicyDetails.policyLabels.length '==' "0"}}
- --
- {{else}}
- {{#each PolicyDetails.policyLabels}}
- <span class="label label-inverse ">{{this}}</span>
- {{/each}}
- {{/ifCond}}
- </td>
- </tr>
<tr>
{{#if PolicyDetails.zoneName}}
<td>{{tt 'lbl.zoneName'}}</td>
@@ -267,6 +267,20 @@
</tbody>
</table>
</div>
+ {{#compare "Exclude from Allow Conditions" "eq" this.title}}
+ {{#if ../../isDenyAllElse}}
+ <div class="deny-all-else">
+ <tr>
+ <td>
+ <b>{{tt 'lbl.isDenyAllElse'}} : </b>
+ </td>
+ <td>
+ <span class="label label-inverse">{{ ../../../ PolicyDetails.isDenyAllElse}}</span>
+ </td>
+ </tr>
+ </div>
+ {{/if}}
+ {{/compare}}
{{/each}}
<div class="updateInfo row-fluid">
<div class="pull-left">