You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/12/13 06:47:19 UTC

ranger git commit: RANGER-2308: User role user should not able to access usersync audit report if it does not have permissions on the audit module.

Repository: ranger
Updated Branches:
  refs/heads/master 5b07a8dfd -> 51461487f


RANGER-2308: User role user should not able to access usersync audit report if it does not have permissions on the audit module.


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/51461487
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/51461487
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/51461487

Branch: refs/heads/master
Commit: 51461487f72e0959aa01d657ef77a1a4176b4738
Parents: 5b07a8d
Author: Pradeep <pr...@apache.org>
Authored: Fri Dec 7 17:23:09 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Thu Dec 13 12:16:46 2018 +0530

----------------------------------------------------------------------
 .../src/main/java/org/apache/ranger/biz/AssetMgr.java          | 5 ++++-
 .../src/main/java/org/apache/ranger/biz/XUserMgr.java          | 6 ++++--
 .../src/main/java/org/apache/ranger/rest/ServiceREST.java      | 4 ++++
 .../src/test/java/org/apache/ranger/biz/TestXUserMgr.java      | 1 +
 .../src/test/java/org/apache/ranger/rest/TestServiceREST.java  | 1 +
 5 files changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 941691a..41b42ca 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -44,6 +44,7 @@ import org.apache.ranger.common.JSONUtil;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.common.SearchCriteria;
 import org.apache.ranger.common.StringUtil;
 import org.apache.ranger.db.RangerDaoManager;
@@ -1087,7 +1088,9 @@ public class AssetMgr extends AssetMgrBase {
     }
 
 	public VXUgsyncAuditInfoList getUgsyncAudits(SearchCriteria searchCriteria) {
-
+		if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_AUDIT)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_AUDIT+" module.", true);
+		}
 		if (searchCriteria == null) {
 			searchCriteria = new SearchCriteria();
 		}

http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index e1a6b58..e330b5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -882,8 +882,10 @@ public class XUserMgr extends XUserMgrBase {
 		return ret;
 	}
 
-        public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
-
+	public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
+		if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_USER_GROUPS+" module.", true);
+		}
                 VXUserList vXUserList = new VXUserList();
 
 		VXGroupUserList vXGroupUserList = xGroupUserService

http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 865e115..0b854d0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -464,6 +464,10 @@ public class ServiceREST {
 			LOG.debug("==> ServiceREST.getServiceDefs()");
 		}
 
+		if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)) {
+			throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_RESOURCE_BASED_POLICIES+" module.", true);
+		}
+
 		RangerServiceDefList ret  = null;
 		RangerPerfTracer     perf = null;
 

http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 471052f..49c57a6 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -928,6 +928,7 @@ public class TestXUserMgr {
 		testSearchCriteria.addParam("xGroupId", userId);
 		VXGroupUserList vxGroupUserList = vxGroupUserList();
 		Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
+		Mockito.when(msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)).thenReturn(true);
 		VXUserList dbVXUserList = xUserMgr.getXGroupUsers(testSearchCriteria);
 		Assert.assertNotNull(dbVXUserList);
 	}

http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index a8e6e61..0196e24 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -573,6 +573,7 @@ public class TestServiceREST {
 		serviceDefList.setStartIndex(0);
 		serviceDefList.setTotalCount(10);
 		serviceDefList.setList(serviceDefsList);
+		Mockito.when(bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)).thenReturn(true);
 		Mockito.when(svcStore.getPaginatedServiceDefs(filter)).thenReturn(
 				serviceDefList);
 		RangerServiceDefList dbRangerServiceDef = serviceREST