You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2018/12/13 06:47:19 UTC
ranger git commit: RANGER-2308: User role user should not able to
access usersync audit report if it does not have permissions on the audit
module.
Repository: ranger
Updated Branches:
refs/heads/master 5b07a8dfd -> 51461487f
RANGER-2308: User role user should not able to access usersync audit report if it does not have permissions on the audit module.
Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/51461487
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/51461487
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/51461487
Branch: refs/heads/master
Commit: 51461487f72e0959aa01d657ef77a1a4176b4738
Parents: 5b07a8d
Author: Pradeep <pr...@apache.org>
Authored: Fri Dec 7 17:23:09 2018 +0530
Committer: Pradeep <pr...@apache.org>
Committed: Thu Dec 13 12:16:46 2018 +0530
----------------------------------------------------------------------
.../src/main/java/org/apache/ranger/biz/AssetMgr.java | 5 ++++-
.../src/main/java/org/apache/ranger/biz/XUserMgr.java | 6 ++++--
.../src/main/java/org/apache/ranger/rest/ServiceREST.java | 4 ++++
.../src/test/java/org/apache/ranger/biz/TestXUserMgr.java | 1 +
.../src/test/java/org/apache/ranger/rest/TestServiceREST.java | 1 +
5 files changed, 14 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 941691a..41b42ca 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -44,6 +44,7 @@ import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.db.RangerDaoManager;
@@ -1087,7 +1088,9 @@ public class AssetMgr extends AssetMgrBase {
}
public VXUgsyncAuditInfoList getUgsyncAudits(SearchCriteria searchCriteria) {
-
+ if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_AUDIT)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_AUDIT+" module.", true);
+ }
if (searchCriteria == null) {
searchCriteria = new SearchCriteria();
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index e1a6b58..e330b5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -882,8 +882,10 @@ public class XUserMgr extends XUserMgrBase {
return ret;
}
- public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
-
+ public VXUserList getXGroupUsers(SearchCriteria searchCriteria) {
+ if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_USER_GROUPS+" module.", true);
+ }
VXUserList vXUserList = new VXUserList();
VXGroupUserList vXGroupUserList = xGroupUserService
http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index 865e115..0b854d0 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -464,6 +464,10 @@ public class ServiceREST {
LOG.debug("==> ServiceREST.getServiceDefs()");
}
+ if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)) {
+ throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_RESOURCE_BASED_POLICIES+" module.", true);
+ }
+
RangerServiceDefList ret = null;
RangerPerfTracer perf = null;
http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index 471052f..49c57a6 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -928,6 +928,7 @@ public class TestXUserMgr {
testSearchCriteria.addParam("xGroupId", userId);
VXGroupUserList vxGroupUserList = vxGroupUserList();
Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
+ Mockito.when(msBizUtil.hasModuleAccess(RangerConstants.MODULE_USER_GROUPS)).thenReturn(true);
VXUserList dbVXUserList = xUserMgr.getXGroupUsers(testSearchCriteria);
Assert.assertNotNull(dbVXUserList);
}
http://git-wip-us.apache.org/repos/asf/ranger/blob/51461487/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index a8e6e61..0196e24 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -573,6 +573,7 @@ public class TestServiceREST {
serviceDefList.setStartIndex(0);
serviceDefList.setTotalCount(10);
serviceDefList.setList(serviceDefsList);
+ Mockito.when(bizUtil.hasModuleAccess(RangerConstants.MODULE_RESOURCE_BASED_POLICIES)).thenReturn(true);
Mockito.when(svcStore.getPaginatedServiceDefs(filter)).thenReturn(
serviceDefList);
RangerServiceDefList dbRangerServiceDef = serviceREST