You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ve...@apache.org on 2015/04/07 15:55:03 UTC
[1/3] incubator-ranger git commit: RANGER-250 : Build a permission
model with Ranger Admin portal
Repository: incubator-ranger
Updated Branches:
refs/heads/master 0711abe23 -> a263431a5
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
new file mode 100644
index 0000000..8a9ff83
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionCreate.js
@@ -0,0 +1,199 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var Backbone = require('backbone');
+ var App = require('App');
+ var XALinks = require('modules/XALinks');
+ var XAUtil = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var localization = require('utils/XALangSupport');
+
+ var ModulePermissionForm = require('views/permissions/ModulePermissionForm');
+ var ModulePermsTableLayout = require('views/permissions/ModulePermsTableLayout');
+ var VXModuleDefList = require('collections/VXModuleDefList');
+ var ModulePermissionCreateTmpl = require('hbs!tmpl/permissions/ModulePermissionCreate_tmpl');
+
+ var ModulePermissionCreate = Backbone.Marionette.Layout.extend(
+ /** @lends ModulePermissionCreate */
+ {
+ _viewName : 'ModulePermissionCreate',
+
+ template: ModulePermissionCreateTmpl,
+ breadCrumbs :function(){
+ if(this.model.isNew())
+ return [XALinks.get('ModulePermissions')];
+ else
+ return [XALinks.get('ModulePermissions'),XALinks.get('ModulePermissionEdit',this.model)];
+ },
+
+ /** Layout sub regions */
+ regions: {
+ 'rForm' :'div[data-id="r_form"]'
+ },
+
+ /** ui selector cache */
+ ui: {
+ 'tab' : '.nav-tabs',
+ 'btnSave' : '[data-id="save"]',
+ 'btnCancel' : '[data-id="cancel"]'
+ },
+
+ /** ui events hash */
+ events: function() {
+ var events = {};
+ events['click ' + this.ui.btnSave] = 'onSave';
+ events['click ' + this.ui.btnCancel] = 'onCancel';
+
+ return events;
+ },
+
+ /**
+ * intialize a new ModulePermissionCreate Layout
+ * @constructs
+ */
+ initialize: function(options) {
+ console.log("initialized a ModulePermissionCreate Layout");
+
+ _.extend(this, _.pick(options));
+ this.editMode = this.model.has('id') ? true : false;
+ this.bindEvents();
+ },
+
+ /** all events binding here */
+ bindEvents : function(){
+ },
+
+ /** on render callback */
+ onRender: function() {
+ var that = this;
+ this.renderForm();
+ this.rForm.$el.dirtyFields();
+ XAUtil.preventNavigation(localization.tt('dialogMsg.preventNavUserForm'),this.rForm.$el);
+ },
+ /** all post render plugin initialization */
+ initializePlugins: function(){
+ },
+ renderForm : function(){
+ var VXGroupList = require('collections/VXGroupList');
+ var VXUserList = require('collections/VXUserList');
+ var params = {sortBy : 'name'};
+ this.userList = new VXUserList();
+ this.userList.setPageSize(100,{fetch:true});
+ this.userList.fetch({
+ cache :false,
+ data: params,
+ async : false
+ });
+ this.groupList = new VXGroupList();
+ this.groupList.setPageSize(100,{fetch:true});
+ this.groupList.fetch({
+ cache :false,
+ data : params,
+ async : false
+ });
+ var that = this;
+ this.form = new ModulePermissionForm({
+ template : require('hbs!tmpl/permissions/ModulePermissionForm_tmpl'),
+ model : that.model,
+ groupList : that.groupList,
+ userList : that.userList
+ });
+ this.rForm.show(this.form);
+ },
+ onSave: function(){
+
+ var errors = this.form.commit({validate : false});
+ if(! _.isEmpty(errors)){
+ this.form.beforeSaveModulePermissions();
+ }
+ this.saveModulePermissions();
+
+ },
+ saveModulePermissions : function(){
+ var that = this;
+ if(!this.form.beforeSaveModulePermissions()){
+ return;
+ }
+ XAUtil.blockUI();
+ this.model.save({},{
+ success: function () {
+ XAUtil.blockUI('unblock');
+ XAUtil.allowNavigation();
+ var msg = that.editMode ? 'Module Permissions updated successfully' :'Module Permissions created successfully';
+ XAUtil.notifySuccess('Success', msg);
+ if(that.editMode){
+ App.appRouter.navigate("#!/permissions",{trigger: true});
+ return;
+ }
+ App.appRouter.navigate("#!/permissions",{trigger: true});
+
+ var modulePermissionList = new VXModuleDefList();
+
+ modulePermissionList.fetch({
+ cache:false
+ }).done(function(){
+ var newColl = modulePermissionList;
+ modulePermissionList.getLastPage({
+ cache : false,
+ success : function(collection, response, options){
+ App.rContent.show(new UserTableLayout({
+ collection : collection,
+ }));
+ newColl = collection;
+ }
+ }).done(function(){
+ var model = newColl.get(that.model.id);
+ if(model){
+ model.trigger("model:highlightBackgridRow");
+ }
+ });
+
+ App.rContent.show(new UserTableLayout({
+ collection : modulePermissionList
+ }));
+ });
+ } ,
+ error : function(model,resp){
+ XAUtil.blockUI('unblock');
+ console.log('error');
+ if(!_.isUndefined(resp.responseJSON) && !_.isUndefined(resp.responseJSON.msgDesc)){
+ XAUtil.notifyError('Error',resp.responseJSON.msgDesc);
+ }else
+ XAUtil.notifyError('Error', "Error occurred while creating/updating module permissions.");
+
+ }
+ });
+ },
+ onCancel : function(){
+ XAUtil.allowNavigation();
+ App.appRouter.navigate("#!/permissions",{trigger: true});
+
+ },
+ /** on close */
+ onClose: function(){
+ }
+
+ });
+
+ return ModulePermissionCreate;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
new file mode 100644
index 0000000..8984fb9
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermissionForm.js
@@ -0,0 +1,274 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /*
+ *
+ */
+define(function(require) {
+ 'use strict';
+
+ var Backbone = require('backbone');
+ var App = require('App');
+ var XAEnums = require('utils/XAEnums');
+ var XALinks = require('modules/XALinks');
+ var XAUtil = require('utils/XAUtils');
+ var localization = require('utils/XALangSupport');
+ var VXGroup = require('models/VXGroup');
+ var VXGroupList = require('collections/VXGroupList');
+ var VXUserList = require('collections/VXUserList');
+ var VXModuleDef = require('models/VXModuleDef');
+ var VXModuleDefList = require('collections/VXModuleDefList');
+ var BackboneFormDataType = require('models/BackboneFormDataType');
+ require('bootstrap-editable');
+ require('backbone-forms');
+ require('backbone-forms.list');
+ require('backbone-forms.templates');
+ require('backbone-forms.XAOverrides');
+
+ var ModulePermissionForm = Backbone.Form.extend({
+
+ _viewName : 'ModulePermissionForm',
+ template : require('hbs!tmpl/permissions/ModulePermissionForm_tmpl'),
+ templateHelpers :function(){
+ return {
+
+ };
+ },
+ templateData : function(){
+ return { 'id' : this.model.id, 'permHeaders' : this.getPermHeaders() };
+ },
+ initialize : function(options) {
+ _.extend(this, _.pick(options, 'groupList','userList'));
+ if (!this.model.isNew()){
+ this.setupFieldsforEditModule();
+ }
+ Backbone.Form.prototype.initialize.call(this, options);
+
+ },
+ ui : {
+ /*selectGroups : 'div[data-fields="selectGroups"]',
+ selectUsers : 'div[data-fields="selectUsers"]',*/
+ },
+ events : {
+ },
+ /** fields for the form
+ */
+ fields: ['module', 'selectGroups','selectUsers','isAllowed'],
+ schema :function(){
+ return this.getSchema();
+ },
+ getSchema : function(){
+ var that = this;
+ return {
+ module : {
+ type : 'Text',
+ title : localization.tt("lbl.moduleName") +' *',
+ editorAttrs : {'readonly' :'readonly'},
+ validation : {'required': true},
+ },
+ selectGroups : {
+ type : 'Select2Remote',
+ editorAttrs : {'placeholder' :'Select Group','tokenSeparators': [",", " "],multiple:true},
+ pluginAttr: this.getPlugginAttr(true,{'lookupURL':"service/xusers/groups",'permList':that.model.get('groupPermList'),'idKey':'groupId','textKey':'groupName'}),
+ title : localization.tt('lbl.selectGroup')+' *'
+ },
+ selectUsers : {
+ type : 'Select2Remote',
+ editorAttrs : {'placeholder' :'Select User','tokenSeparators': [",", " "],multiple:true},
+ pluginAttr: this.getPlugginAttr(true,{'lookupURL':"service/users",'permList':that.model.get('userPermList'),'idKey':'userId','textKey':'userName'}),
+ title : localization.tt('lbl.selectUser')+' *',
+ },
+ isAllowed : {
+ type : 'Checkbox',
+ editorAttrs : {'checked':'checked',disabled:true},
+ title : 'Is Allowed ?'
+ },
+
+ }
+ },
+ render: function(options) {
+ var that = this;
+
+ Backbone.Form.prototype.render.call(this, options);
+ if(!this.model.isNew()){
+ //this.setUpSwitches();
+ }
+
+ },
+ setupFieldsforEditModule : function(){
+ var groupsNVList=[],usersNVList =[];
+ groupsNVList = _.map(this.model.get('groupPermList'),function(gPerm){
+ return {'id': Number(gPerm.groupId), 'text':gPerm.groupName};
+ });
+ this.model.set('selectGroups', groupsNVList);
+
+ usersNVList = _.map(this.model.get('userPermList'),function(uPerm){
+ return {'id': Number(uPerm.userId), 'text':uPerm.userName};
+ });
+ this.model.set('selectUsers', usersNVList);
+
+ },
+ getPermHeaders : function(){
+ var permList = [];
+ permList.unshift(localization.tt('lbl.allowAccess'));
+ permList.unshift(localization.tt('lbl.selectUser'));
+ permList.unshift(localization.tt('lbl.selectGroup'));
+ permList.push("");
+ return permList;
+ },
+ getPlugginAttr :function(autocomplete, options){
+ var that = this;
+ if(!autocomplete)
+ return{tags : true,width :'220px',multiple: true,minimumInputLength: 1};
+ else {
+ return {
+ closeOnSelect : true,
+ multiple: true,
+ minimumInputLength: 0,
+ tokenSeparators: [",", " "],
+ /*tags : modelDefaultTags,*/
+ initSelection : function (element, callback) {
+ var data = [];
+ _.each(options.permList,function (elem) {
+ data.push({id: elem[options.idKey], text: elem[options.textKey]});
+ });
+ callback(data);
+ },
+ createSearchChoice: function(term, data) {
+ if ($(data).filter(function() {
+ return this.text.localeCompare(term) === 0;
+ }).length === 0) {
+ return {
+ id : term,
+ text: term
+ };
+ }
+ },
+ ajax: {
+ url: options.lookupURL,
+ type : 'GET',
+ params : {
+ timeout: 3000,
+ contentType: "application/json; charset=utf-8",
+ },
+ cache: false,
+ data: function (term, page) {
+ //To be checked
+ //return {name : term, isVisible : XAEnums.VisibilityStatus.STATUS_VISIBLE.value};
+ return {loginId : term};
+ },
+ results: function (data, page) {
+ var results = [];
+ if(data.resultSize != "0"){
+ if(!_.isUndefined(data.vXGroups))
+ results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; });
+ else if(!_.isUndefined(data.vXPortalUsers))
+ results = data.vXPortalUsers.map(function(m, i){ return {id : m.id+"", text: m.loginId}; });
+ }
+ return { results : results};
+ },
+ transport: function (options) {
+ $.ajax(options).error(function() {
+ console.log("ajax failed");
+ this.success({
+ resultSize : 0
+ });
+ });
+ }
+ },
+ formatResult : function(result){
+ return result.text;
+ },
+ formatSelection : function(result){
+ return result.text;
+ },
+ formatNoMatches : function(term){
+ switch (term){
+ //case that.type.DATABASE :return localization.tt("msg.enterAlteastOneCharactere");
+ //case that.type.TABLE :return localization.tt("msg.enterAlteastOneCharactere");
+ //case that.type.COLUMN :return localization.tt("msg.enterAlteastOneCharactere");
+ default : return "No Matches found";
+ }
+ }
+ };
+ }
+ },
+ beforeSaveModulePermissions : function(){
+ if(this.model.get('module') != ''){
+ var groupValStr = this.fields.selectGroups.getValue();
+ var userValStr = this.fields.selectUsers.getValue();
+ this.compareAndUpdateObj(groupValStr,{'mode':'groups','permList':this.model.get('groupPermList'),'idKey':'groupId','textKey':'groupName'});
+ this.compareAndUpdateObj(userValStr,{'mode':'users','permList':this.model.get('userPermList'),'idKey':'userId','textKey':'userName'});
+ }
+ return true;
+ },
+ compareAndUpdateObj: function(objValsStr,options){
+
+ var selectedVals = (!_.isNull(objValsStr)) ? objValsStr.toString().split(',') : [];
+ var selectedIdList=[];
+ selectedVals = _.each(selectedVals, function(eachVal){
+ //Ignoring any non existing Group Name
+ if(_.isNumber(parseInt(eachVal)) && !_.isNaN(parseInt(eachVal))){
+ selectedIdList.push(Number(eachVal));
+ }
+ });
+ var modelPermList = options.permList;
+ var modelPerms = _.unique(_.pluck(options.permList, options.idKey));
+ if(!_.isEmpty(selectedIdList)){
+ //Look for equals
+ if(_.isEqual(selectedIdList,modelPerms)) {
+ //No changes in Selected Users
+ }else{
+
+ //look for new values -
+ //loop through each new element and check if it has any non matching ids
+ var diff = _.filter(selectedIdList, function(value){ return !_.contains(modelPerms, value); });
+ var that = this;
+ if(!_.isEmpty(diff)){
+ //push new elements to model groupPermList
+ _.each(diff, function(newEl){
+ var newObj = {};
+ newObj[options.idKey] = newEl;
+ newObj['moduleId'] = that.model.get('id');
+ newObj['isAllowed'] = 1;
+ options.permList.push(newObj);
+ });
+ }
+ //Look for removed users/groups
+ //loop through each model element and check new selected groups is missing from any original list of group ids
+ var updDiff = _.filter(modelPerms, function(value){ return !_.contains(selectedIdList, value); });
+ if(!_.isEmpty(updDiff)){
+ _.each(options.permList, function(origElem){
+ if(_.contains(updDiff, origElem[options.idKey]))
+ origElem.isAllowed = 0;
+ });
+ }
+ }
+
+ }else{
+ //Remove permissions from all objects which earlier had permission
+ _.each(options.permList, function(perm){
+ perm.isAllowed = 0;
+ });
+ }
+
+ }
+ });
+ return ModulePermissionForm;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
new file mode 100644
index 0000000..8f39a98
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/views/permissions/ModulePermsTableLayout.js
@@ -0,0 +1,245 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var Backbone = require('backbone');
+ var XAEnums = require('utils/XAEnums');
+ var XALinks = require('modules/XALinks');
+ var XAGlobals = require('utils/XAGlobals');
+ var SessionMgr = require('mgrs/SessionMgr');
+ var XAUtil = require('utils/XAUtils');
+
+ var XABackgrid = require('views/common/XABackgrid');
+ var XATableLayout = require('views/common/XATableLayout');
+ var localization = require('utils/XALangSupport');
+ var RangerServiceDef = require('models/RangerServiceDef');
+ var UserPermission = require('models/UserPermission');
+ var ModulePermsTableLayoutTmpl = require('hbs!tmpl/permissions/ModulePermsTableLayout_tmpl');
+
+ require('backgrid-filter');
+ require('backgrid-paginator');
+ require('bootbox');
+
+ var ModulePermsTableLayout = Backbone.Marionette.Layout.extend(
+ /** @lends ModulePermsTableLayout */
+ {
+ _viewName : 'ModulePermsTableLayout',
+
+ template: ModulePermsTableLayoutTmpl,
+
+ templateHelpers : function(){
+ return {
+ //rangerService:this.rangerService
+ };
+ },
+
+ breadCrumbs : function(){
+ return [XALinks.get('ModulePermissions')];
+ },
+
+ /** Layout sub regions */
+ regions: {
+ 'rTableList' : 'div[data-id="r_table"]',
+ },
+
+ // /** ui selector cache */
+ ui: {
+ 'btnShowMore' : '[data-id="showMore"]',
+ 'btnShowLess' : '[data-id="showLess"]',
+ 'visualSearch' : '.visual_search'
+ },
+
+ /** ui events hash */
+ events: function() {
+ var events = {};
+ events['click ' + this.ui.btnShowMore] = 'onShowMore';
+ events['click ' + this.ui.btnShowLess] = 'onShowLess';
+
+ return events;
+ },
+
+ /**
+ * intialize a new RangerPolicyTableLayout Layout
+ * @constructs
+ */
+ initialize: function(options) {
+ console.log("initialized a ModulePermsTableLayout Layout");
+ //_.extend(this, _.pick(options));
+ this.bindEvents();
+ },
+
+ /** all events binding here */
+ bindEvents : function(){
+ },
+ /** on render callback */
+ onRender: function() {
+ //this.initializePlugins();
+ this.addVisualSearch();
+ this.renderTable();
+ },
+ /** all post render plugin initialization */
+ initializePlugins: function(){
+ },
+ renderTable : function(){
+ var that = this;
+ this.rTableList.show(new XATableLayout({
+ columns: this.getColumns(),
+ collection: this.collection,
+ includeFilter : false,
+ gridOpts : {
+ //row: TableRow,
+ header : XABackgrid,
+ emptyText : 'No permissions found!'
+ },
+ }));
+ },
+
+ getColumns : function(){
+ var that = this;
+ var cols = {
+ module : {
+ cell : "uri",
+ reName : 'module',
+ href: function(model){
+ return '#!/permissions/'+model.id+'/edit';
+ },
+ label : localization.tt("lbl.permissions"),
+ editable: false,
+ sortable : false
+ },
+ groupPermList : {
+ reName : 'groupPermList',
+ cell : Backgrid.HtmlCell.extend({className: 'cellWidth-1'}),
+ label : localization.tt("lbl.group"),
+ formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
+ fromRaw: function (rawValue, model) {
+ if(!_.isUndefined(rawValue)){
+ return XAUtil.showGroupsOrUsers(rawValue,model,'groups');
+ }else{
+ return '--';
+ }
+ }
+ }),
+ editable : false,
+ sortable : false
+ },
+ //Hack for backgrid plugin doesn't allow to have same column name
+ userPermList : {
+ reName : 'userPermList',
+ cell : Backgrid.HtmlCell.extend({className: 'cellWidth-1'}),
+ label : localization.tt("lbl.users"),
+ formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
+ fromRaw: function (rawValue, model) {
+ if(!_.isUndefined(rawValue))
+ return XAUtil.showGroupsOrUsers(rawValue, model, 'users');
+ else
+ return '--';
+ }
+ }),
+ editable : false,
+ sortable : false
+ },
+ };
+ cols['permissions'] = {
+ cell : "html",
+ label : localization.tt("lbl.action"),
+ formatter: _.extend({}, Backgrid.CellFormatter.prototype, {
+ fromRaw: function (rawValue,model) {
+ return '<a href="#!/permissions/'+model.id+'/edit" class="btn btn-mini" title="Edit"><i class="icon-edit icon-large" /></a>';
+ }
+ }),
+ editable: false,
+ sortable : false
+
+ };
+ return this.collection.constructor.getTableCols(cols, this.collection);
+ },
+ onShowMore : function(e){
+ var attrName = 'policy-groups-id';
+ var id = $(e.currentTarget).attr(attrName);
+ if(_.isUndefined(id)){
+ id = $(e.currentTarget).attr('policy-users-id');
+ attrName = 'policy-users-id';
+ }
+ var $td = $(e.currentTarget).parents('td');
+ $td.find('['+attrName+'="'+id+'"]').show();
+ $td.find('[data-id="showLess"]['+attrName+'="'+id+'"]').show();
+ $td.find('[data-id="showMore"]['+attrName+'="'+id+'"]').hide();
+ },
+ onShowLess : function(e){
+ var attrName = 'policy-groups-id';
+ var id = $(e.currentTarget).attr(attrName);
+ if(_.isUndefined(id)){
+ id = $(e.currentTarget).attr('policy-users-id');
+ attrName = 'policy-users-id';
+ }
+ var $td = $(e.currentTarget).parents('td');
+ $td.find('['+attrName+'="'+id+'"]').slice(4).hide();
+ $td.find('[data-id="showLess"]['+attrName+'="'+id+'"]').hide();
+ $td.find('[data-id="showMore"]['+attrName+'="'+id+'"]').show();
+ },
+ addVisualSearch : function(){
+ var that = this;
+ //var resourceSearchOpt = _.map(this.collection.models, function(resource){ return XAUtil.capitaliseFirstLetter(resource.module) });
+
+ var searchOpt = ['Module Name','Group Name','User Name'];
+
+ var serverAttrName = [{text : "Module Name", label :"module"},{text : "Group Name", label :"groupName"},{text : "User Name", label :"userName"}];
+
+ var pluginAttr = {
+ placeholder :localization.tt('h.searchForPermissions'),
+ container : this.ui.visualSearch,
+ query : '',
+ callbacks : {
+ valueMatches :function(facet, searchTerm, callback) {
+ switch (facet) {
+ /*case 'Module Name':
+ callback(that.getActiveStatusNVList());
+ break;
+ case 'Group Name':
+ callback(XAUtil.enumToSelectLabelValuePairs(XAEnums.AuthType));
+ break;
+ case 'User Name' :
+ setTimeout(function () { XAUtil.displayDatepicker(that.ui.visualSearch, callback); }, 0);
+ break;*/
+ }
+
+ }
+ }
+ };
+ window.vs = XAUtil.addVisualSearch(searchOpt,serverAttrName, this.collection,pluginAttr);
+ },
+ getActiveStatusNVList : function() {
+ var activeStatusList = _.filter(XAEnums.ActiveStatus, function(obj){
+ if(obj.label != XAEnums.ActiveStatus.STATUS_DELETED.label)
+ return obj;
+ });
+ return _.map(activeStatusList, function(status) { return { 'label': status.label, 'value': status.label.toLowerCase()}; })
+ },
+ /** on close */
+ onClose: function(){
+ }
+
+ });
+
+ return ModulePermsTableLayout;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/styles/xa.css
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css
index 31e2a46..7deda0d 100644
--- a/security-admin/src/main/webapp/styles/xa.css
+++ b/security-admin/src/main/webapp/styles/xa.css
@@ -1822,4 +1822,7 @@ td.select-row-cell {
.ranger-notifications {
right: 33px!important;
top: 41px!important;
-}
\ No newline at end of file
+}table.table-permission.visible-border tr td:last-child {
+ border: 1px solid #dddddd;
+ padding-left: 0;
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
index 7268074..2bbd349 100644
--- a/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
+++ b/security-admin/src/main/webapp/templates/common/TopNav_tmpl.html
@@ -19,21 +19,30 @@
<!-- <li class="active">
<a href="#" id="nav1"><i class="icon-dashboard"></i> {{tt 'h.dashboard'}} </a>
</li> -->
+ {{#hasAccessToTab 'Policy Manager'}}
<li >
<a href="#!/policymanager" id="nav2"><i class="icon-shield"></i>{{tt 'h.policyManager'}} </a>
</li>
- {{#isSystemAdmin .}}
+ {{/hasAccessToTab}}
+ {{#hasAccessToTab 'Users/Groups'}}
<li>
<a href="#!/users/usertab" id="nav3"><i class="icon-group"></i> {{tt 'h.usersOrGroups'}} </a>
</li>
- {{/isSystemAdmin}}
+ {{/hasAccessToTab}}
+ {{#hasAccessToTab 'Analytics'}}
<li>
<a href="#!/reports/userAccess" id="nav7"><i class="icon-beaker"></i> {{tt 'h.analytics'}} </a>
</li>
- {{#isSystemAdmin .}}
+ {{/hasAccessToTab}}
+ {{#hasAccessToTab 'Audit'}}
<li>
<a href="#!/reports/audit/bigData" id="nav8"><i class=" icon-file-alt"></i> {{tt 'h.audit'}} </a>
</li>
+ {{/hasAccessToTab}}
+ {{#isSystemAdmin .}}
+ <li>
+ <a href="#!/permissions" id="nav8"><i class=" icon-file-alt"></i> {{tt 'h.permissions'}} </a>
+ </li>
{{/isSystemAdmin}}
<!-- <li>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
index 537baa3..2058b25 100644
--- a/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
+++ b/security-admin/src/main/webapp/templates/helpers/XAHelpers.js
@@ -534,6 +534,17 @@
Handlebars.registerHelper('capitaliseLetter', function(str) {
return str.toUpperCase();
});
+ Handlebars.registerHelper('hasAccessToTab', function(tabName,options) {
+ var vxPortalUser = SessionMgr.getUserProfile();
+ var userModules = _.pluck(vxPortalUser.get('userPermList'), 'moduleName');
+ var groupModules = _.pluck(vxPortalUser.get('groupPermissions'), 'moduleName');
+ var moduleNames = _.union(userModules,groupModules);
+ var returnFlag = _.contains(moduleNames, tabName);
+ if (returnFlag)
+ return options.fn(this);
+ else
+ return options.inverse(this);
+ });
return HHelpers;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/templates/permissions/ModulePermissionCreate_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/permissions/ModulePermissionCreate_tmpl.html b/security-admin/src/main/webapp/templates/permissions/ModulePermissionCreate_tmpl.html
new file mode 100644
index 0000000..2c9f4d9
--- /dev/null
+++ b/security-admin/src/main/webapp/templates/permissions/ModulePermissionCreate_tmpl.html
@@ -0,0 +1,28 @@
+{{!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--}}
+<h3 class="wrap-header bold">Edit Permission</h3>
+<div class="wrap non-collapsible">
+<div data-id="r_form"></div>
+ <div class="form-actions form-policy">
+ <button type="button" data-id="save" class="btn btn-primary">
+ Save
+ </button>
+ <button type="button" data-id="cancel" class="btn btn-inverse">
+ Cancel
+ </button>
+ </div>
+</div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/templates/permissions/ModulePermissionForm_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/permissions/ModulePermissionForm_tmpl.html b/security-admin/src/main/webapp/templates/permissions/ModulePermissionForm_tmpl.html
new file mode 100644
index 0000000..badb615
--- /dev/null
+++ b/security-admin/src/main/webapp/templates/permissions/ModulePermissionForm_tmpl.html
@@ -0,0 +1,61 @@
+{{!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--}}
+<form class="form-horizontal">
+ <fieldset>
+ <p class="formHeader"> Policy Details : </p>
+ <div class="clearfix"></div>
+ <b class="policy-form">
+ <fieldset>
+ <div class="control-group field-database">
+ <!-- <div class="controls"> -->
+ <div class="" data-fields="module"></div>
+ <!-- </div> -->
+ </div>
+ </fieldset>
+ </b>
+ </fieldset>
+ <fieldset>
+ <p class="formHeader"> User and Group Permissions : </p>
+ <div class="control-group">
+ <label class="control-label">{{tt 'lbl.permissions'}}</label>
+ <div class="controls">
+ <table class="table-permission table-condensed visible-border">
+ <thead>
+ <tr>
+ {{#each permHeaders}}
+ <th>{{./this}}</th>
+ {{/each}}
+ </tr>
+ </thead>
+ <tbody class="js-formInput">
+ <tr>
+ <td>
+ <div data-editors="selectGroups"></div>
+ </td>
+ <td>
+ <div data-editors="selectUsers"></div>
+ </td>
+ <td>
+ <div data-editors="isAllowed"></div>
+ </td>
+ </tr>
+ </tbody>
+ </table>
+ </div>
+ </div>
+ </fieldset>
+</form>
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
new file mode 100644
index 0000000..52b36a1
--- /dev/null
+++ b/security-admin/src/main/webapp/templates/permissions/ModulePermsTableLayout_tmpl.html
@@ -0,0 +1,27 @@
+{{!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+--}}
+<h3 class="wrap-header bold"> {{tt 'lbl.permissions'}}</h3>
+<div class="wrap non-collapsible m-height ">
+ <div>
+ <div class="span9">
+ <div class="visual_search"></div><br/><br/>
+
+ </div>
+ <div class="clearfix"></div>
+ <div data-id="r_table" class="clickable"></div>
+ </div>
+</div>
[2/3] incubator-ranger git commit: RANGER-250 : Build a permission
model with Ranger Admin portal
Posted by ve...@apache.org.
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
index 7bd27c6..048d58c 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java
@@ -1,135 +1,142 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
- /**
- *
- */
-package org.apache.ranger.security.web.filter;
-
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.ranger.biz.SessionMgr;
-import org.apache.ranger.common.GUIDUtil;
-import org.apache.ranger.common.HTTPUtil;
-import org.apache.ranger.common.PropertiesUtil;
-import org.apache.ranger.common.RequestContext;
-import org.apache.ranger.common.UserSessionBase;
-import org.apache.ranger.entity.XXAuthSession;
-import org.apache.ranger.security.context.RangerContextHolder;
-import org.apache.ranger.security.context.RangerSecurityContext;
-import org.apache.ranger.util.RestUtil;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.AnonymousAuthenticationToken;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.filter.GenericFilterBean;
-
-public class RangerSecurityContextFormationFilter extends GenericFilterBean {
-
- static Logger logger = Logger
- .getLogger(RangerSecurityContextFormationFilter.class);
-
- public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT";
- public static final String USER_AGENT = "User-Agent";
-
- @Autowired
- SessionMgr sessionMgr;
-
- @Autowired
- HTTPUtil httpUtil;
-
- String testIP = null;
-
- public RangerSecurityContextFormationFilter() {
- testIP = PropertiesUtil.getProperty("xa.env.ip");
- }
-
- /*
- * (non-Javadoc)
- *
- * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
- * javax.servlet.ServletResponse, javax.servlet.FilterChain)
- */
- @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
-
- try {
- Authentication auth = SecurityContextHolder.getContext()
- .getAuthentication();
-
- if (auth instanceof AnonymousAuthenticationToken) {
- // ignore
- } else {
- HttpServletRequest httpRequest = (HttpServletRequest) request;
- HttpSession httpSession = httpRequest.getSession(false);
-
- // [1]get the context from session
- RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
- int clientTimeOffset = 0;
- if (context == null) {
- context = new RangerSecurityContext();
- httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
- }
- String userAgent = httpRequest.getHeader(USER_AGENT);
- clientTimeOffset=RestUtil.getTimeOffset(httpRequest);
-
- // Get the request specific info
- RequestContext requestContext = new RequestContext();
- String reqIP = testIP;
- if (testIP == null) {
- reqIP = httpRequest.getRemoteAddr();
- }
- requestContext.setIpAddress(reqIP);
- requestContext.setUserAgent(userAgent);
- requestContext.setDeviceType(httpUtil
- .getDeviceType(httpRequest));
- requestContext.setServerRequestId(GUIDUtil.genGUI());
- requestContext.setRequestURL(httpRequest.getRequestURI());
-
- requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
- context.setRequestContext(requestContext);
-
- RangerContextHolder.setSecurityContext(context);
-
- UserSessionBase userSession = sessionMgr.processSuccessLogin(
- XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
-
- if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
- userSession.setClientTimeOffsetInMinute(clientTimeOffset);
- }
-
- context.setUserSession(userSession);
- }
- chain.doFilter(request, response);
-
- } finally {
- // [4]remove context from thread-local
- RangerContextHolder.resetSecurityContext();
- }
- }
-}
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+ /**
+ *
+ */
+package org.apache.ranger.security.web.filter;
+
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.SessionMgr;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.common.GUIDUtil;
+import org.apache.ranger.common.HTTPUtil;
+import org.apache.ranger.common.PropertiesUtil;
+import org.apache.ranger.common.RequestContext;
+import org.apache.ranger.common.UserSessionBase;
+import org.apache.ranger.entity.XXAuthSession;
+import org.apache.ranger.security.context.RangerContextHolder;
+import org.apache.ranger.security.context.RangerSecurityContext;
+import org.apache.ranger.util.RestUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.filter.GenericFilterBean;
+
+public class RangerSecurityContextFormationFilter extends GenericFilterBean {
+
+ static Logger logger = Logger
+ .getLogger(RangerSecurityContextFormationFilter.class);
+
+ public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT";
+ public static final String USER_AGENT = "User-Agent";
+
+ @Autowired
+ SessionMgr sessionMgr;
+
+ @Autowired
+ HTTPUtil httpUtil;
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ String testIP = null;
+
+ public RangerSecurityContextFormationFilter() {
+ testIP = PropertiesUtil.getProperty("xa.env.ip");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
+ * javax.servlet.ServletResponse, javax.servlet.FilterChain)
+ */
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response,
+ FilterChain chain) throws IOException, ServletException {
+
+ try {
+ Authentication auth = SecurityContextHolder.getContext()
+ .getAuthentication();
+
+ if (auth instanceof AnonymousAuthenticationToken) {
+ // ignore
+ } else {
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ String httpMethod=httpRequest.getMethod();
+ HttpSession httpSession = httpRequest.getSession(false);
+
+ // [1]get the context from session
+ RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY);
+ int clientTimeOffset = 0;
+ if (context == null) {
+ context = new RangerSecurityContext();
+ httpSession.setAttribute(AKA_SC_SESSION_KEY, context);
+ }
+ String userAgent = httpRequest.getHeader(USER_AGENT);
+ clientTimeOffset=RestUtil.getTimeOffset(httpRequest);
+
+ // Get the request specific info
+ RequestContext requestContext = new RequestContext();
+ String reqIP = testIP;
+ if (testIP == null) {
+ reqIP = httpRequest.getRemoteAddr();
+ }
+ requestContext.setIpAddress(reqIP);
+ requestContext.setUserAgent(userAgent);
+ requestContext.setDeviceType(httpUtil
+ .getDeviceType(httpRequest));
+ requestContext.setServerRequestId(GUIDUtil.genGUI());
+ requestContext.setRequestURL(httpRequest.getRequestURI());
+
+ requestContext.setClientTimeOffsetInMinute(clientTimeOffset);
+ context.setRequestContext(requestContext);
+
+ RangerContextHolder.setSecurityContext(context);
+
+ UserSessionBase userSession = sessionMgr.processSuccessLogin(
+ XXAuthSession.AUTH_TYPE_PASSWORD, userAgent);
+
+ if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){
+ userSession.setClientTimeOffsetInMinute(clientTimeOffset);
+ }
+
+ context.setUserSession(userSession);
+
+ xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod);
+ }
+ chain.doFilter(request, response);
+
+ } finally {
+ // [4]remove context from thread-local
+ RangerContextHolder.resetSecurityContext();
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/UserService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/UserService.java b/security-admin/src/main/java/org/apache/ranger/service/UserService.java
index 5fdca49..530244f 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/UserService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/UserService.java
@@ -32,9 +32,11 @@ import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
+import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.view.VXMessage;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXResponse;
+import org.apache.ranger.view.VXUserPermission;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Service;
@@ -49,6 +51,9 @@ public class UserService extends UserServiceBase<XXPortalUser, VXPortalUser> {
@Autowired
RangerConfigUtil configUtil;
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
private static UserService instance = null;
public UserService() {
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
new file mode 100644
index 0000000..670e264
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java
@@ -0,0 +1,55 @@
+package org.apache.ranger.service;
+
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroup;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class XGroupPermissionService extends XGroupPermissionServiceBase<XXGroupPermission, VXGroupPermission>{
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ public XGroupPermissionService() {
+ searchFields.add(new SearchField("id", "obj.id",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+ searchFields.add(new SearchField("groupPermissionList", "obj.groupId",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+ "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.groupId "));
+ }
+
+ @Override
+ protected void validateForCreate(VXGroupPermission vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXGroupPermission vObj, XXGroupPermission mObj) {
+
+ }
+
+ @Override
+ public VXGroupPermission populateViewBean(XXGroupPermission xObj) {
+ VXGroupPermission vObj = super.populateViewBean(xObj);
+ XXGroup xGroup = rangerDaoManager.getXXGroup().getById(
+ xObj.getGroupId());
+
+ if (xGroup == null) {
+ throw restErrorUtil.createRESTException(xGroup + " is Not Found",
+ MessageEnums.DATA_NOT_FOUND);
+ }
+
+ vObj.setGroupName(xGroup.getName());
+ return vObj;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
new file mode 100644
index 0000000..766d36c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java
@@ -0,0 +1,60 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXGroupPermissionList;
+
+public abstract class XGroupPermissionServiceBase<T extends XXGroupPermission, V extends VXGroupPermission>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XGroupPermission";
+
+ public XGroupPermissionServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXGroupPermission mapViewToEntityBean(VXGroupPermission vObj,
+ XXGroupPermission mObj, int OPERATION_CONTEXT) {
+ mObj.setGroupId(vObj.getGroupId());
+ mObj.setModuleId(vObj.getModuleId());
+ mObj.setIsAllowed(vObj.getIsAllowed());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXGroupPermission mapEntityToViewBean(VXGroupPermission vObj, XXGroupPermission mObj) {
+ vObj.setGroupId(mObj.getGroupId());
+ vObj.setModuleId(mObj.getModuleId());
+ vObj.setIsAllowed(mObj.getIsAllowed());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) {
+ VXGroupPermissionList returnList = new VXGroupPermissionList();
+ List<VXGroupPermission> vXGroupPermissions = new ArrayList<VXGroupPermission>();
+
+ @SuppressWarnings("unchecked")
+ List<XXGroupPermission> resultList = (List<XXGroupPermission>) searchResources(
+ searchCriteria, searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXGroupPermission gjXUser : resultList) {
+ @SuppressWarnings("unchecked")
+ VXGroupPermission vXGroupPermission = populateViewBean((T) gjXUser);
+ vXGroupPermissions.add(vXGroupPermission);
+ }
+
+ returnList.setvXGroupPermission(vXGroupPermissions);
+ return returnList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
new file mode 100644
index 0000000..705ba0c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java
@@ -0,0 +1,99 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.RangerConstants;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXUserPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+
+@Service
+@Scope("singleton")
+public class XModuleDefService extends
+ XModuleDefServiceBase<XXModuleDef, VXModuleDef> {
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ @Autowired
+ XUserPermissionService xUserPermService;
+
+ @Autowired
+ XGroupPermissionService xGrpPermService;
+
+ public XModuleDefService(){
+ searchFields.add(new SearchField("module", "obj.module",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL));
+searchFields
+ .add(new SearchField(
+ "userName",
+ "portalUser.loginId",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ " XXPortalUser portalUser, XXUserPermission userPermission",
+ "obj.id=userPermission.moduleId and portalUser.id=userPermission.userId and userPermission.isAllowed="
+ + RangerConstants.IS_ALLOWED));
+searchFields
+ .add(new SearchField(
+ "groupName",
+ "group.name",
+ SearchField.DATA_TYPE.STRING,
+ SearchField.SEARCH_TYPE.PARTIAL,
+ "XXGroup group,XXGroupPermission groupModulePermission",
+ "obj.id=groupModulePermission.moduleId and groupModulePermission.groupId=group.id and groupModulePermission.isAllowed="));
+}
+
+ @Override
+ protected void validateForCreate(VXModuleDef vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXModuleDef vObj, XXModuleDef mObj) {
+
+ }
+
+ @Override
+ public VXModuleDef populateViewBean(XXModuleDef xObj) {
+
+ VXModuleDef vModuleDef = super.populateViewBean(xObj);
+ List<VXUserPermission> vXUserPermissionList = new ArrayList<VXUserPermission>();
+ List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>();
+
+ List<XXUserPermission> xuserPermissionList = rangerDaoManager
+ .getXXUserPermission().findByModuleId(xObj.getId(), false);
+ List<XXGroupPermission> xgroupPermissionList = rangerDaoManager
+ .getXXGroupPermission().findByModuleId(xObj.getId(), false);
+ for (XXUserPermission xUserPerm : xuserPermissionList) {
+
+ VXUserPermission vXUserPerm = xUserPermService
+ .populateViewBean(xUserPerm);
+ vXUserPermissionList.add(vXUserPerm);
+
+ }
+
+ for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
+
+ VXGroupPermission vXGrpPerm = xGrpPermService
+ .populateViewBean(xGrpPerm);
+ vXGroupPermissionList.add(vXGrpPerm);
+
+ }
+
+ vModuleDef.setUserPermList(vXUserPermissionList);
+ vModuleDef.setGroupPermList(vXGroupPermissionList);
+ return vModuleDef;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
new file mode 100644
index 0000000..6d07c07
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXModuleDefList;
+
+public abstract class XModuleDefServiceBase<T extends XXModuleDef, V extends VXModuleDef>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XModuleDef";
+
+ public XModuleDefServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXModuleDef mapViewToEntityBean(VXModuleDef vObj, XXModuleDef mObj,
+ int OPERATION_CONTEXT) {
+ mObj.setModule(vObj.getModule());
+ mObj.setUrl(vObj.getUrl());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXModuleDef mapEntityToViewBean(VXModuleDef vObj, XXModuleDef mObj) {
+ vObj.setModule(mObj.getModule());
+ vObj.setUrl(mObj.getUrl());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXModuleDefList searchModuleDef(SearchCriteria searchCriteria) {
+ VXModuleDefList returnList = new VXModuleDefList();
+ List<VXModuleDef> vXModuleDefList = new ArrayList<VXModuleDef>();
+
+ @SuppressWarnings("unchecked")
+ List<XXModuleDef> resultList = (List<XXModuleDef>)searchResources(searchCriteria,
+ searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXModuleDef gjXModuleDef : resultList) {
+ @SuppressWarnings("unchecked")
+ VXModuleDef vXModuleDef = populateViewBean((T)gjXModuleDef);
+ vXModuleDefList.add(vXModuleDef);
+ }
+
+ returnList.setvXModuleDef(vXModuleDefList);
+ return returnList;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
new file mode 100644
index 0000000..92d6197
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
@@ -0,0 +1,57 @@
+package org.apache.ranger.service;
+
+import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.SearchField;
+import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXUser;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXUserPermission;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Scope;
+import org.springframework.stereotype.Service;
+@Service
+@Scope("singleton")
+public class XUserPermissionService extends XUserPermissionServiceBase<XXUserPermission, VXUserPermission>{
+
+ public static Long createdByUserId = 1L;
+
+ @Autowired
+ RangerDaoManager rangerDaoManager;
+
+ public XUserPermissionService() {
+ searchFields.add(new SearchField("id", "obj.id",
+ SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL));
+
+ searchFields.add(new SearchField("userPermissionList", "obj.userId",
+ SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL,
+ "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.userId "));
+ }
+
+ @Override
+ protected void validateForCreate(VXUserPermission vObj) {
+
+ }
+
+ @Override
+ protected void validateForUpdate(VXUserPermission vObj, XXUserPermission mObj) {
+
+ }
+
+ @Override
+ public VXUserPermission populateViewBean(XXUserPermission xObj) {
+ VXUserPermission vObj = super.populateViewBean(xObj);
+
+ XXPortalUser xUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId());
+ if (xUser == null) {
+ xUser=rangerDaoManager.getXXPortalUser().findByXUserId(xObj.getUserId());
+ if(xUser==null)
+ throw restErrorUtil.createRESTException(xUser + " is Not Found",
+ MessageEnums.DATA_NOT_FOUND);
+ }
+
+ vObj.setUserName(xUser.getLoginId());
+ return vObj;
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
new file mode 100644
index 0000000..54d0c0f
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.view.VXUserPermission;
+import org.apache.ranger.view.VXUserPermissionList;
+
+public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V extends VXUserPermission>
+ extends AbstractBaseResourceService<T, V> {
+
+ public static final String NAME = "XUserPermission";
+
+ public XUserPermissionServiceBase() {
+
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj,
+ XXUserPermission mObj, int OPERATION_CONTEXT) {
+ mObj.setUserId(vObj.getUserId());
+ mObj.setModuleId(vObj.getModuleId());
+ mObj.setIsAllowed(vObj.getIsAllowed());
+ return mObj;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ protected VXUserPermission mapEntityToViewBean(VXUserPermission vObj, XXUserPermission mObj) {
+ vObj.setUserId(mObj.getUserId());
+ vObj.setModuleId(mObj.getModuleId());
+ vObj.setIsAllowed(mObj.getIsAllowed());
+ return vObj;
+ }
+
+ /**
+ * @param searchCriteria
+ * @return
+ */
+ public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) {
+ VXUserPermissionList returnList = new VXUserPermissionList();
+ List<VXUserPermission> vXUserPermissions = new ArrayList<VXUserPermission>();
+
+ @SuppressWarnings("unchecked")
+ List<XXUserPermission> resultList = (List<XXUserPermission>) searchResources(
+ searchCriteria, searchFields, sortFields, returnList);
+
+ // Iterate over the result list and create the return list
+ for (XXUserPermission gjXUser : resultList) {
+ @SuppressWarnings("unchecked")
+ VXUserPermission vXUserPermission = populateViewBean((T) gjXUser);
+ vXUserPermissions.add(vXUserPermission);
+ }
+
+ returnList.setvXModuleDef(vXUserPermissions);
+ return returnList;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
new file mode 100644
index 0000000..fb54927
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java
@@ -0,0 +1,129 @@
+package org.apache.ranger.view;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+
+public class VXGroupPermission extends VXDataObject implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Long groupId;
+ protected Long moduleId;
+ protected Integer isAllowed;
+ protected String moduleName;
+
+ protected String groupName;
+
+ public VXGroupPermission() {
+ // TODO Auto-generated constructor stub
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the groupId
+ */
+ public Long getGroupId() {
+ return groupId;
+ }
+
+ /**
+ * @param groupId the groupId to set
+ */
+ public void setGroupId(Long groupId) {
+ this.groupId = groupId;
+ }
+
+ /**
+ * @return the groupName
+ */
+ public String getGroupName() {
+ return groupName;
+ }
+
+ /**
+ * @param groupName the groupName to set
+ */
+ public void setGroupName(String groupName) {
+ this.groupName = groupName;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ public String getModuleName() {
+ return moduleName;
+ }
+
+ public void setModuleName(String moduleName) {
+ this.moduleName = moduleName;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXGroupPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "groupId={" + groupId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "moduleName={" + moduleName + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
new file mode 100644
index 0000000..0a243ef
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXGroupPermissionList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXGroupPermission> vXGroupPermission = new ArrayList<VXGroupPermission>();
+
+ public VXGroupPermissionList() {
+ super();
+ }
+
+ public VXGroupPermissionList(List<VXGroupPermission> objList) {
+ super(objList);
+ this.vXGroupPermission = objList;
+ }
+
+ /**
+ * @return the vXGroupPermission
+ */
+ public List<VXGroupPermission> getvXGroupPermission() {
+ return vXGroupPermission;
+ }
+
+ /**
+ * @param vXGroupPermission the vXGroupPermission to set
+ */
+ public void setvXGroupPermission(List<VXGroupPermission> vXGroupPermission) {
+ this.vXGroupPermission = vXGroupPermission;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXGroupPermission != null) {
+ return vXGroupPermission.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXGroupPermission> getList() {
+ return vXGroupPermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
new file mode 100644
index 0000000..e0b8157
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java
@@ -0,0 +1,158 @@
+package org.apache.ranger.view;
+
+import java.util.Date;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXUserPermission;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY)
+@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL )
+@JsonIgnoreProperties(ignoreUnknown=true)
+@XmlRootElement
+
+public class VXModuleDef extends VXDataObject implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Date createTime;
+ protected Date updateTime;
+ protected Long addedById;
+ protected Long updatedById;
+ protected String module;
+ protected String url;
+
+ protected List<VXUserPermission> userPermList;
+ protected List<VXGroupPermission> groupPermList;
+
+ /**
+ * @return the userPermList
+ */
+ public List<VXUserPermission> getUserPermList() {
+ return userPermList;
+ }
+ /**
+ * @param userPermList the userPermList to set
+ */
+ public void setUserPermList(List<VXUserPermission> userPermList) {
+ this.userPermList = userPermList;
+ }
+ /**
+ * @return the groupPermList
+ */
+ public List<VXGroupPermission> getGroupPermList() {
+ return groupPermList;
+ }
+ /**
+ * @param groupPermList the groupPermList to set
+ */
+ public void setGroupPermList(List<VXGroupPermission> groupPermList) {
+ this.groupPermList = groupPermList;
+ }
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+ /**
+ * @return the createTime
+ */
+ public Date getCreateTime() {
+ return createTime;
+ }
+ /**
+ * @param createTime the createTime to set
+ */
+ public void setCreateTime(Date createTime) {
+ this.createTime = createTime;
+ }
+ /**
+ * @return the updateTime
+ */
+ public Date getUpdateTime() {
+ return updateTime;
+ }
+ /**
+ * @param updateTime the updateTime to set
+ */
+ public void setUpdateTime(Date updateTime) {
+ this.updateTime = updateTime;
+ }
+ /**
+ * @return the addedById
+ */
+ public Long getAddedById() {
+ return addedById;
+ }
+ /**
+ * @param addedById the addedById to set
+ */
+ public void setAddedById(Long addedById) {
+ this.addedById = addedById;
+ }
+ /**
+ * @return the updatedById
+ */
+ public Long getUpdatedById() {
+ return updatedById;
+ }
+ /**
+ * @param updatedById the updatedById to set
+ */
+ public void setUpdatedById(Long updatedById) {
+ this.updatedById = updatedById;
+ }
+ /**
+ * @return the module
+ */
+ public String getModule() {
+ return module;
+ }
+ /**
+ * @param module the module to set
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+ /**
+ * @return the url
+ */
+ public String getUrl() {
+ return url;
+ }
+ /**
+ * @param url the url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXModuleDef={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "createTime={" + createTime + "} ";
+ str += "updateTime={" + updateTime + "} ";
+ str += "addedById={" + addedById + "} ";
+ str += "updatedById={" + updatedById + "} ";
+ str += "module={" + module + "} ";
+ str += "url={" + url + "} ";
+ str += "}";
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
new file mode 100644
index 0000000..747f2ea
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java
@@ -0,0 +1,62 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXModuleDefList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXModuleDef> vXModuleDef = new ArrayList<VXModuleDef>();
+
+ public VXModuleDefList() {
+ super();
+ }
+
+ public VXModuleDefList(List<VXModuleDef> objList) {
+ super(objList);
+ this.vXModuleDef = objList;
+ }
+
+ /**
+ * @return the vXModuleDef
+ */
+ public List<VXModuleDef> getvXModuleDef() {
+ return vXModuleDef;
+ }
+
+ /**
+ * @param vXModuleDef the vXModuleDef to set
+ */
+ public void setvXModuleDef(List<VXModuleDef> vXModuleDef) {
+ this.vXModuleDef = vXModuleDef;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXModuleDef != null) {
+ return vXModuleDef.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXModuleDef> getList() {
+ return vXModuleDef;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
index a0c9ec8..b08d518 100644
--- a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java
@@ -20,6 +20,7 @@
package org.apache.ranger.view;
import java.util.Collection;
+import java.util.List;
import javax.xml.bind.annotation.XmlRootElement;
@@ -79,6 +80,9 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable {
* List of roles for this user
*/
protected Collection<String> userRoleList;
+ protected Collection<Long> groupIdList;
+ protected List<VXUserPermission> userPermList;
+ protected List<VXGroupPermission> groupPermissions;
/**
* Default constructor. This will set all the attributes to default value.
@@ -263,6 +267,31 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable {
return AppConstants.CLASS_TYPE_USER_PROFILE;
}
+ public Collection<Long> getGroupIdList() {
+ return groupIdList;
+ }
+
+ public void setGroupIdList(Collection<Long> groupIdList) {
+ this.groupIdList = groupIdList;
+ }
+
+
+ public List<VXUserPermission> getUserPermList() {
+ return userPermList;
+ }
+
+ public void setUserPermList(List<VXUserPermission> userPermList) {
+ this.userPermList = userPermList;
+ }
+
+ public List<VXGroupPermission> getGroupPermissions() {
+ return groupPermissions;
+ }
+
+ public void setGroupPermissions(List<VXGroupPermission> groupPermissions) {
+ this.groupPermissions = groupPermissions;
+ }
+
/**
* This return the bean content in string format
* @return formatedStr
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
new file mode 100644
index 0000000..591f516
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java
@@ -0,0 +1,147 @@
+package org.apache.ranger.view;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonIgnoreProperties;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@JsonIgnoreProperties(ignoreUnknown = true)
+@XmlRootElement
+public class VXUserPermission extends VXDataObject implements
+ java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ protected Long id;
+ protected Long userId;
+ protected Long moduleId;
+ protected Integer isAllowed;
+ protected String userName;
+ protected String moduleName;
+ protected String loginId;
+
+
+
+ public VXUserPermission() {
+ // TODO Auto-generated constructor stub
+ }
+
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id
+ * the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the userId
+ */
+ public Long getUserId() {
+ return userId;
+ }
+
+ /**
+ * @param userId
+ * the userId to set
+ */
+ public void setUserId(Long userId) {
+ this.userId = userId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId
+ * the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed
+ * the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ /**
+ * @return the userName
+ */
+ public String getUserName() {
+ return userName;
+ }
+
+ /**
+ * @param userName the userName to set
+ */
+ public void setUserName(String userName) {
+ this.userName = userName;
+ }
+
+ public String getModuleName() {
+ return moduleName;
+ }
+
+ public void setModuleName(String moduleName) {
+ this.moduleName = moduleName;
+ }
+
+ public String getLoginId() {
+ return loginId;
+ }
+
+
+ public void setLoginId(String loginId) {
+ this.loginId = loginId;
+ }
+
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXUserPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "userId={" + userId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "moduleName={" + moduleName + "} ";
+ str += "loginId={" + loginId + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
new file mode 100644
index 0000000..075ce00
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java
@@ -0,0 +1,61 @@
+package org.apache.ranger.view;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.view.VList;
+import org.codehaus.jackson.annotate.JsonAutoDetect;
+import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility;
+import org.codehaus.jackson.map.annotate.JsonSerialize;
+
+@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY)
+@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL)
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.FIELD)
+
+public class VXUserPermissionList extends VList {
+
+ private static final long serialVersionUID = 1L;
+
+ List<VXUserPermission> vXUserPermission = new ArrayList<VXUserPermission>();
+
+ public VXUserPermissionList() {
+ super();
+ }
+
+ public VXUserPermissionList(List<VXUserPermission> objList) {
+ super(objList);
+ this.vXUserPermission = objList;
+ }
+
+ /**
+ * @return the vXModuleDef
+ */
+ public List<VXUserPermission> getvXModuleDef() {
+ return vXUserPermission;
+ }
+
+ /**
+ * @param vXModuleDef the vXModuleDef to set
+ */
+ public void setvXModuleDef(List<VXUserPermission> vXModuleDef) {
+ this.vXUserPermission = vXModuleDef;
+ }
+
+ @Override
+ public int getListSize() {
+ if (vXUserPermission != null) {
+ return vXUserPermission.size();
+ }
+ return 0;
+ }
+
+ @Override
+ public List<VXUserPermission> getList() {
+ return vXUserPermission;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index b806dff..b94ef13 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -377,4 +377,99 @@
<query>select MAX(obj.objectId) from XXTrxLog obj where obj.objectClassType = :classType</query>
</named-query>
+ <!-- XXUserPermission -->
+ <named-query name="XXUserPermission.findByUserPermissionId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.userId=:userId
+ </query>
+ </named-query>
+ <named-query name="XXUserPermission.findByUserPermissionIdAndIsAllowed">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.userId=:userId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+
+ <named-query name="XXUserPermission.findByModuleId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXUserPermissionUpdates.findByModuleId">
+ <query>SELECT obj FROM XXUserPermission obj
+ WHERE obj.moduleId=:moduleId
+ </query>
+ </named-query>
+
+ <!-- XXUserPermission -->
+ <named-query name="XXGroupPermission.findByGroupPermissionId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.groupId=:groupId
+ </query>
+ </named-query>
+
+ <named-query name="XXGroupPermission.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXGroupPermissionUpdates.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed
+ </query>
+ </named-query>
+ <named-query name="XXGroupPermissionUpdate.findByModuleId">
+ <query>SELECT obj FROM XXGroupPermission obj
+ WHERE obj.moduleId=:moduleId
+ </query>
+ </named-query>
+
+ <named-query name="XXUserPermission.findByModuleIdAndUserId">
+ <query>SELECT XXUserPermObj
+ FROM XXUserPermission XXUserPermObj
+ WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId
+ </query>
+ </named-query>
+ <named-query name="XXModuleDef.findModuleNamesWithIds">
+ <query>SELECT XXMObj
+ FROM XXModuleDef XXMObj
+ </query>
+</named-query>
+<named-query name="XXPortalUser.findByUserName">
+ <query>SELECT Obj FROM XXPortalUser obj
+ WHERE obj.loginId=:loginId
+ </query>
+ </named-query>
+
+ <named-query name="XXPortalUser.findByXUserId">
+ <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser,XXUser xxUser
+ WHERE xxUser.id=:id and xxPortalUser.loginId=xxUser.name
+ </query>
+ </named-query>
+
+ <named-query name="XXPortalUser.findAllXPortalUser">
+ <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser
+ </query>
+</named-query>
+ <!-- VXModuleDef -->
+ <named-query name="XXModuleDef.findByModuleId">
+ <query>SELECT obj FROM XXModuleDef obj
+ WHERE obj.id=:id
+ </query>
+ </named-query>
+
+ <named-query name="XXModuleDef.findByModuleName">
+ <query>SELECT Obj FROM XXModuleDef obj
+ WHERE obj.module=:moduleName
+ </query>
+ </named-query>
+
+ <named-query name="XXGroupPermission.findByVXPoratUserId">
+ <query>SELECT distinct gmp FROM XXGroupUser xgu,XXUser xu,XXGroupPermission gmp, XXPortalUser xpu
+ WHERE xu.name=xpu.loginId and xu.id=xgu.userId and xgu.parentGroupId=gmp.groupId and xpu.id=:userId and gmp.isAllowed=:isAllowed
+ </query>
+</named-query>
+
+
+
+
</entity-mappings>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
new file mode 100644
index 0000000..597e589
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseCollection = require('collections/XABaseCollection');
+ var XAGlobals = require('utils/XAGlobals');
+ var UserPermission = require('models/UserPermission');
+
+ var UserPermissionListBase = XABaseCollection.extend(
+ /** @lends UserPermissionListBase.prototype */
+ {
+ url: XAGlobals.baseURL + 'permissions',
+
+ model : UserPermission,
+
+ /**
+ * UserPermissionListBase initialize method
+ * @augments XABaseCollection
+ * @constructs
+ */
+ initialize : function() {
+ this.modelName = 'UserPermission';
+ this.modelAttrName = 'UserPermissions';
+ this.bindErrorEvents();
+ },
+ /**
+ * override the parseRecords of PageableCollection for our use
+ */
+ parseRecords : function(resp, options){
+ return resp;
+ }
+ },{
+ // static class members
+ /**
+ * Table Cols to be passed to Backgrid
+ * UI has to use this as base and extend this.
+ *
+ */
+
+ tableCols : {}
+
+ });
+
+ return UserPermissionListBase;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
new file mode 100644
index 0000000..3ebee8f
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseCollection = require('collections/XABaseCollection');
+ var XAGlobals = require('utils/XAGlobals');
+ var VXModuleDef = require('models/VXModuleDef');
+
+ var VXModuleDefListBase = XABaseCollection.extend(
+ /** @lends VXModuleDefListBase.prototype */
+ {
+ url: XAGlobals.baseURL + 'xusers/permission',
+
+ model : VXModuleDef,
+
+ /**
+ * VXModuleDefListBase initialize method
+ * @augments XABaseCollection
+ * @constructs
+ */
+ initialize : function() {
+ this.modelName = 'VXModuleDef';
+ this.modelAttrName = 'vXModuleDef';
+ this.bindErrorEvents();
+ },
+ /**
+ * override the parseRecords of PageableCollection for our use
+ */
+ /*parseRecords : function(resp, options){
+ return resp;
+ }*/
+ },{
+ // static class members
+ /**
+ * Table Cols to be passed to Backgrid
+ * UI has to use this as base and extend this.
+ *
+ */
+
+ tableCols : {}
+
+ });
+
+ return VXModuleDefListBase;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
new file mode 100644
index 0000000..3218fe4
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var UserPermissionListBase = require('collection_bases/UserPermissionListBase');
+
+ var UserPermissionList = UserPermissionListBase.extend(
+ /** @lends UserPermissionList.prototype */
+ {
+ },{
+ // static class members
+ });
+
+ return UserPermissionList;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
new file mode 100644
index 0000000..83225f6
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js
@@ -0,0 +1,34 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXModuleDefListBase = require('collection_bases/VXModuleDefListBase');
+
+ var VXModuleDefList = VXModuleDefListBase.extend(
+ /** @lends VXModuleDefList.prototype */
+ {
+ },{
+ // static class members
+ });
+
+ return VXModuleDefList;
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/controllers/Controller.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js
index 34a0a94..e3a129e 100644
--- a/security-admin/src/main/webapp/scripts/controllers/Controller.js
+++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js
@@ -340,11 +340,67 @@ define(function(require) {
}));
});
},
+ /************PERMISSIONS LISTING *****************************************/
+ modulePermissionsAction :function(){
+ MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Permissions.value });
+ var view = require('views/permissions/ModulePermsTableLayout');
+ var ModulePermission = require('models/VXModuleDef');
+ var ModulePermissionList = require('collections/VXModuleDefList');
+
+ var modulePermission = new ModulePermission();
+ var modulePermissionList = new ModulePermissionList();
+
+ modulePermissionList.fetch({
+ cache : false,
+ });
+ App.rContent.show(new view({
+ collection : modulePermissionList
+ }));
+
+ },
+ modulePermissionEditAction : function(moduleId){
+ MAppState.set({
+ 'currentTab' : XAGlobals.AppTabs.Permissions.value
+ });
+ var view = require('views/permissions/ModulePermissionCreate');
+ var ModulePermission = require('models/VXModuleDef');
+ var ModulePermissionList = require('collections/VXModuleDefList');
+ var modulePermission = new ModulePermission({id : moduleId});
+ var that = this
+ modulePermission.collection = new ModulePermissionList();
+ modulePermission.fetch({cache : true}).done(function(){
+ App.rContent.show(new view({
+ model : modulePermission,
+ groupList : that.groupList,
+ userList : that.userList
+ }));
+ });
+ },
+ postLoginDefaultView : function(){
+ var SessionMgr = require('mgrs/SessionMgr');
+ var XAGlobals = require('utils/XAGlobals');
+ var XALinks = require('modules/XALinks');
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ if (_.contains(userModuleNames, 'Policy Manager')){
+ location.hash = XALinks.get('ServiceManager').href;
+ }else if(_.contains(userModuleNames, 'Users/Groups')){
+ location.hash = XALinks.get('Users').href;
+ }else if(_.contains(userModuleNames, 'Analytics')){
+ location.hash = XALinks.get('UserAccessReport').href;
+ }else if(_.contains(userModuleNames, 'Audit')){
+ location.hash = XALinks.get('AuditReport').href +'/bigData';
+ }else if(SessionMgr.isSystemAdmin()){
+ location.hash = XALinks.get('ModulePermissions').href;
+ }else{
+ //If a user doesnot has access to any tab - taking user to by default Profile page.
+ location.hash = XALinks.get('UserProfile').href;
+ }
+ },
/**************** ERROR PAGE ******************************/
pageNotFoundAction : function() {
var XAUtils = require('utils/XAUtils');
XAUtils.defaultErrorHandler(undefined, { 'status' : 404 });
},
-
});
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
new file mode 100644
index 0000000..3751362
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseModel = require('models/XABaseModel');
+ var XAGlobals = require('utils/XAGlobals');
+
+ var UserPermissionBase = XABaseModel.extend(
+ /** @lends UserPermissionBase.prototype */
+ {
+ urlRoot: XAGlobals.baseURL + 'permissions',
+
+ defaults: {},
+
+ serverSchema : {
+ "id" : {
+ "dataType" : "Long"
+ }
+ },
+
+
+ idAttribute: 'id',
+
+ /**
+ * UserPermissionBase initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'UserPermission';
+ //this.bind("error", XAUtils.defaultErrorHandler);
+ this.bindErrorEvents();
+ },
+ }, {
+ // static class members
+ });
+
+ return UserPermissionBase;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
new file mode 100644
index 0000000..aed67af
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var XABaseModel = require('models/XABaseModel');
+ var XAGlobals = require('utils/XAGlobals');
+
+ var VXModuleDefBase = XABaseModel.extend(
+ /** @lends VXModuleDefBase.prototype */
+ {
+ urlRoot: XAGlobals.baseURL + 'xusers/permission',
+
+ defaults: {},
+
+ serverSchema : {
+ "id" : {
+ "dataType" : "Long"
+ }
+ },
+
+
+ idAttribute: 'id',
+
+ /**
+ * VXModuleDefBase initialize method
+ * @augments XABaseModel
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXModuleDefBase';
+ //this.bind("error", XAUtils.defaultErrorHandler);
+ this.bindErrorEvents();
+ },
+ }, {
+ // static class members
+ });
+
+ return VXModuleDefBase;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/UserPermission.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/UserPermission.js b/security-admin/src/main/webapp/scripts/models/UserPermission.js
new file mode 100644
index 0000000..505abe7
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/models/UserPermission.js
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var UserPermissionBase = require('model_bases/UserPermissionBase');
+ var XAUtils = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var localization= require('utils/XALangSupport');
+
+ var UserPermission = UserPermissionBase.extend(
+ /** @lends UserPermissionBase.prototype */
+ {
+ /**
+ * UserPermissionBase initialize method
+ * @augments UserPermissionBase
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'UserPermission';
+ this.bindErrorEvents();
+ },
+ /**
+ * @function schema
+ * This method is meant to be used by UI,
+ * by default we will remove the unrequired attributes from serverSchema
+ */
+
+ schemaBase : function(){
+ var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version",
+ "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem");
+
+ _.each(attrs, function(o){
+ o.type = 'Hidden';
+ });
+
+ // Overwrite your schema definition here
+ return _.extend(attrs,{});
+ },
+
+ /** This models toString() */
+ toString : function(){
+ return this.get('name');
+ }
+
+ }, {
+ // static class members
+ });
+
+ return UserPermission;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
new file mode 100644
index 0000000..1a5edc8
--- /dev/null
+++ b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+
+define(function(require){
+ 'use strict';
+
+ var VXModuleDefBase = require('model_bases/VXModuleDefBase');
+ var XAUtils = require('utils/XAUtils');
+ var XAEnums = require('utils/XAEnums');
+ var localization= require('utils/XALangSupport');
+
+ var VXModuleDef = VXModuleDefBase.extend(
+ /** @lends VXModuleDefBase.prototype */
+ {
+ /**
+ * VXModuleDefBase initialize method
+ * @augments VXModuleDefBase
+ * @constructs
+ */
+ initialize: function() {
+ this.modelName = 'VXModuleDef';
+ this.bindErrorEvents();
+ },
+ /**
+ * @function schema
+ * This method is meant to be used by UI,
+ * by default we will remove the unrequired attributes from serverSchema
+ */
+
+ schemaBase : function(){
+ var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version",
+ "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem");
+
+ _.each(attrs, function(o){
+ o.type = 'Hidden';
+ });
+
+ // Overwrite your schema definition here
+ return _.extend(attrs,{});
+ },
+
+ /** This models toString() */
+ toString : function(){
+ return this.get('name');
+ }
+
+ }, {
+ // static class members
+ });
+
+ return VXModuleDef;
+
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/XALinks.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js
index 00267b3..1c8ec93 100644
--- a/security-admin/src/main/webapp/scripts/modules/XALinks.js
+++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js
@@ -267,7 +267,23 @@ define(function(require) {
text : options.model.get('name') +' Policies',
title: options.model.get('name') +' Policies'
};
- }
+ },
+ ModulePermissions :{
+ href : '#!/permissions',
+ text : 'h.permissions',
+ title: 'h.permissions'
+ },
+ ModulePermissionEdit : function(options){
+ var href = "javascript:void(0);";
+ if(_.has(options,'model')){
+ href = '#!/permissions/'+options.model.id+"/edit";
+ }
+ return {
+ href : href,
+ text : options.model.get('module'),
+ title: options.model.get('module')
+ };
+ },
};
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index 843d70c..fa475b3 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -204,6 +204,7 @@ define(function(require) {
groupSource : 'Group Source',
policyName : 'Policy Name',
allow : 'Allow',
+ allowAccess : 'Allow Access',
selectTopologyName : 'Select Topology Name',
selectServiceName : 'Select Service Name',
topologyName : 'Topology Name',
@@ -212,7 +213,8 @@ define(function(require) {
ipAddress : 'IP Address',
isVisible : 'Visible',
delegatedAdmin : 'Delegate Admin',
- policyId : 'Policy ID'
+ policyId : 'Policy ID',
+ moduleName : 'Module Name'
},
btn : {
add : 'Add',
@@ -267,10 +269,12 @@ define(function(require) {
searchForYourLoginSession :"Search for your login sessions...",
searchForYourAgent :"Search for your plugins...",
searchForPolicy :"Search for your policy...",
+ searchForPermissions :"Search for permissions...",
searchForYourUser :"Search for your users...",
searchForYourGroup :"Search for your groups...",
access : 'Access',
- policyCondition : 'Policy Condtions'
+ policyCondition : 'Policy Condtions',
+ permissions : 'Permissions'
},
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
index 752a7fc..530babf 100644
--- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
+++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js
@@ -74,7 +74,7 @@ function doLogin() {
if(location.hash.length > 2)
window.location.replace('index.html'+location.hash);
else
- window.location.replace('index.html'+'#!/policymanager');
+ window.location.replace('index.html');
},
error : function(jqXHR, textStatus, err ) {
$('#signIn').removeAttr('disabled');
@@ -124,4 +124,4 @@ $(function() {
$(e.target).parent().removeClass('error');
}
});
-});
\ No newline at end of file
+});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/routers/Router.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js
index d4b047c..61377ee 100644
--- a/security-admin/src/main/webapp/scripts/routers/Router.js
+++ b/security-admin/src/main/webapp/scripts/routers/Router.js
@@ -30,7 +30,7 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){
return Backbone.Marionette.AppRouter.extend({
/** Backbone routes hash */
appRoutes: {
- "" : "serviceManagerAction",//"dashboardAction",
+ "" : "postLoginDefaultView",//"dashboardAction",
"!/policymanager" : "serviceManagerAction",
/****** Analytics Report related **********************/
@@ -57,7 +57,10 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){
"!/service/:serviceId/policies" : "policyManageAction",
"!/service/:serviceId/policies/create" : "RangerPolicyCreateAction",
"!/service/:serviceId/policies/:id/edit": "RangerPolicyEditAction",
-
+
+ /************PERMISSIONS VIEWS *****************************************/
+ "!/permissions": "modulePermissionsAction",
+ "!/permissions/:id/edit" : "modulePermissionEditAction",
/*************** ERROR PAGE ****************************************/
"*actions" : "pageNotFoundAction"
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
index a3dbe9b..6805ffd 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js
@@ -51,7 +51,8 @@ define(function(require){
Assets : { value:6, valStr: 'Assets'},
Analytics : { value:7, valStr: 'Analytics'},
Audit : { value:8, valStr: 'Analytics'},
- None : { value:9, valStr: 'None'}
+ Permissions : { value:9, valStr:'Permissions'},
+ None : { value:10, valStr: 'None'}
};
XAGlobals.BooleanValue = {
@@ -65,5 +66,11 @@ define(function(require){
XAGlobals.DenyControllerActions = ['userManagerAction','userCreateAction','userEditAction','groupCreateAction',
'groupEditAction','auditReportAction','loginSessionDetail','serviceCreateAction','serviceEditAction'];
+ XAGlobals.ListOfModuleActions = {
+ 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'],
+ 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'],
+ 'Analytics' : ['userAccessReportAction'],
+ 'Audit' : ['auditReportAction','loginSessionDetail']
+ };
return XAGlobals;
});
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
index 1bcb4b3..9b184e5 100644
--- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js
+++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js
@@ -409,7 +409,39 @@ define(function(require) {
return newGroupArr.length ? newGroupArr.join(' ') : '--';
};
-
+
+ XAUtils.showGroupsOrUsers = function(rawValue, model, userOrGroups){
+ var showMoreLess = false, objArr = [];
+ if(!_.isArray(rawValue) && rawValue.length == 0)
+ return '--';
+ if(userOrGroups == 'groups'){
+ _.each(rawValue,function(perm){
+ objArr = _.union(objArr, perm.groupName)
+ });
+ }else if(userOrGroups == 'users'){
+ _.each(rawValue,function(perm){
+ objArr = _.union(objArr, perm.userName)
+ });
+ }
+
+ var newObjArr = _.map(objArr, function(name, i){
+ if(i >= 4){
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;">' + name + '</span>';
+ }else if(i == 3 && objArr.length > 4){
+ showMoreLess = true;
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>';
+ }else{
+ return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>';
+ }
+ });
+ if(showMoreLess){
+ newObjArr.push('<span class="pull-left"><a href="javascript:void(0);" data-id="showMore" class="" policy-'+userOrGroups+'-id="'+model.id+'"><code style=""> + More..</code></a></span><span class="pull-left" ><a href="javascript:void(0);" data-id="showLess" class="" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;"><code> - Less..</code></a></span>');
+ }
+ return newObjArr.length ? newObjArr.join(' ') : '--';
+
+ };
+
+
XAUtils.defaultErrorHandler = function(model, error) {
var App = require('App');
var vError = require('views/common/ErrorView');
@@ -795,14 +827,28 @@ define(function(require) {
var SessionMgr = require('mgrs/SessionMgr');
var XAGlobals = require('utils/XAGlobals');
var that = this;
- if(!SessionMgr.isSystemAdmin()){
- _.each(XAGlobals.DenyControllerActions, function(routeMethodName) {
- if(!_.isUndefined(controller[routeMethodName])){
- controller[routeMethodName] = function(){
- that.defaultErrorHandler(undefined, {'status':401});
- };
- }
+ var vXPortalUser = SessionMgr.getUserProfile();
+ var denyControllerActions= [];
+ var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName');
+ var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName');
+ var moduleNames = _.union(userModuleNames,groupModuleNames);
+ var denyModulesObj = _.omit(XAGlobals.ListOfModuleActions, moduleNames);
+ if(!_.isEmpty(denyModulesObj)){
+ _.each(denyModulesObj, function(deniedModule){
+ denyControllerActions.push(_.values(deniedModule));
});
+ denyControllerActions = _.flatten(denyControllerActions);
+ }
+
+ if(!_.isEmpty(denyControllerActions)){
+ _.each(denyControllerActions, function(routeMethodName) {
+ if(!_.isUndefined(controller[routeMethodName])){
+ controller[routeMethodName] = function(){
+ that.defaultErrorHandler(undefined, {'status':401});
+ };
+ }
+ });
+
}
return controller;
};
[3/3] incubator-ranger git commit: RANGER-250 : Build a permission
model with Ranger Admin portal
Posted by ve...@apache.org.
RANGER-250 : Build a permission model with Ranger Admin portal
Signed-off-by: Velmurugan Periasamy <ve...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a263431a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a263431a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a263431a
Branch: refs/heads/master
Commit: a263431a5aed18a668fd93e6e3fa17341db64800
Parents: 0711abe
Author: Gautam Borad <gb...@gmail.com>
Authored: Tue Apr 7 11:23:24 2015 +0530
Committer: Velmurugan Periasamy <ve...@apache.org>
Committed: Tue Apr 7 09:50:39 2015 -0400
----------------------------------------------------------------------
.../db/mysql/patches/013-permissionmodel.sql | 49 +++
.../java/org/apache/ranger/biz/UserMgr.java | 34 ++
.../java/org/apache/ranger/biz/XUserMgr.java | 349 +++++++++++++++++--
.../org/apache/ranger/biz/XUserMgrBase.java | 41 +++
.../org/apache/ranger/common/AppConstants.java | 15 +-
.../apache/ranger/common/RangerCommonEnums.java | 8 +
.../apache/ranger/common/RangerConstants.java | 308 ++++++++--------
.../ranger/credentialapi/CredentialReader.java | 2 +-
.../apache/ranger/db/RangerDaoManagerBase.java | 31 +-
.../apache/ranger/db/XXGroupPermissionDao.java | 86 +++++
.../org/apache/ranger/db/XXModuleDefDao.java | 101 ++++++
.../org/apache/ranger/db/XXPortalUserDao.java | 41 ++-
.../apache/ranger/db/XXUserPermissionDao.java | 102 ++++++
.../apache/ranger/entity/XXGroupPermission.java | 144 ++++++++
.../org/apache/ranger/entity/XXModuleDef.java | 112 ++++++
.../apache/ranger/entity/XXUserPermission.java | 151 ++++++++
.../patch/PatchPersmissionModel_J10003.java | 50 +++
.../java/org/apache/ranger/rest/XUserREST.java | 200 ++++++++++-
.../RangerSecurityContextFormationFilter.java | 277 ++++++++-------
.../org/apache/ranger/service/UserService.java | 5 +
.../ranger/service/XGroupPermissionService.java | 55 +++
.../service/XGroupPermissionServiceBase.java | 60 ++++
.../ranger/service/XModuleDefService.java | 99 ++++++
.../ranger/service/XModuleDefServiceBase.java | 78 +++++
.../ranger/service/XUserPermissionService.java | 57 +++
.../service/XUserPermissionServiceBase.java | 61 ++++
.../apache/ranger/view/VXGroupPermission.java | 129 +++++++
.../ranger/view/VXGroupPermissionList.java | 61 ++++
.../org/apache/ranger/view/VXModuleDef.java | 158 +++++++++
.../org/apache/ranger/view/VXModuleDefList.java | 62 ++++
.../org/apache/ranger/view/VXPortalUser.java | 29 ++
.../apache/ranger/view/VXUserPermission.java | 147 ++++++++
.../ranger/view/VXUserPermissionList.java | 61 ++++
.../resources/META-INF/jpa_named_queries.xml | 95 +++++
.../collection_bases/UserPermissionListBase.js | 64 ++++
.../collection_bases/VXModuleDefListBase.js | 64 ++++
.../scripts/collections/UserPermissionList.js | 34 ++
.../scripts/collections/VXModuleDefList.js | 34 ++
.../webapp/scripts/controllers/Controller.js | 58 ++-
.../scripts/model_bases/UserPermissionBase.js | 59 ++++
.../scripts/model_bases/VXModuleDefBase.js | 59 ++++
.../webapp/scripts/models/UserPermission.js | 70 ++++
.../main/webapp/scripts/models/VXModuleDef.js | 70 ++++
.../src/main/webapp/scripts/modules/XALinks.js | 18 +-
.../scripts/modules/globalize/message/en.js | 8 +-
.../main/webapp/scripts/prelogin/XAPrelogin.js | 4 +-
.../src/main/webapp/scripts/routers/Router.js | 7 +-
.../src/main/webapp/scripts/utils/XAGlobals.js | 9 +-
.../src/main/webapp/scripts/utils/XAUtils.js | 62 +++-
.../views/permissions/ModulePermissionCreate.js | 199 +++++++++++
.../views/permissions/ModulePermissionForm.js | 274 +++++++++++++++
.../views/permissions/ModulePermsTableLayout.js | 245 +++++++++++++
security-admin/src/main/webapp/styles/xa.css | 5 +-
.../webapp/templates/common/TopNav_tmpl.html | 15 +-
.../main/webapp/templates/helpers/XAHelpers.js | 11 +
.../ModulePermissionCreate_tmpl.html | 28 ++
.../permissions/ModulePermissionForm_tmpl.html | 61 ++++
.../ModulePermsTableLayout_tmpl.html | 27 ++
58 files changed, 4402 insertions(+), 341 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/db/mysql/patches/013-permissionmodel.sql
----------------------------------------------------------------------
diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql
new file mode 100644
index 0000000..63376b4
--- /dev/null
+++ b/security-admin/db/mysql/patches/013-permissionmodel.sql
@@ -0,0 +1,49 @@
+DROP TABLE IF EXISTS `x_modules_master`;
+CREATE TABLE `x_modules_master` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `module` varchar(1024) NOT NULL,
+ `url` varchar(1024) NOT NULL,
+ PRIMARY KEY (`id`)
+);
+
+
+INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,13,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData');
+
+
+DROP TABLE IF EXISTS `x_user_module_perm`;
+
+CREATE TABLE `x_user_module_perm` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `user_id` bigint(20) NULL DEFAULT NULL,
+ `module_id` bigint(20) NULL DEFAULT NULL,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `is_allowed` int(11) NOT NULL DEFAULT '1',
+ PRIMARY KEY (`id`),
+ KEY `x_user_module_perm_IDX_module_id` (`module_id`),
+ KEY `x_user_module_perm_FK_user_id` (`user_id`),
+ CONSTRAINT `x_user_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE,
+ CONSTRAINT `x_user_module_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
+) ;
+
+DROP TABLE IF EXISTS `x_group_module_perm`;
+
+CREATE TABLE `x_group_module_perm` (
+ `id` bigint(20) NOT NULL AUTO_INCREMENT,
+ `group_id` bigint(20) NULL DEFAULT NULL,
+ `module_id` bigint(20) NULL DEFAULT NULL,
+ `create_time` datetime NULL DEFAULT NULL,
+ `update_time` datetime NULL DEFAULT NULL,
+ `added_by_id` bigint(20) NULL DEFAULT NULL,
+ `upd_by_id` bigint(20) NULL DEFAULT NULL,
+ `is_allowed` int(11) NOT NULL DEFAULT '1',
+ PRIMARY KEY (`id`),
+ KEY `x_group_module_perm_FK_group_id` (`group_id`),
+ KEY `x_group_module_perm_FK_module_id` (`module_id`)
+) ;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 2b2178b..f2c7e5a 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -41,15 +41,21 @@ import org.apache.ranger.common.SearchUtil;
import org.apache.ranger.common.StringUtil;
import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroupPermission;
import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXTrxLog;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.service.XUserPermissionService;
+import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXPasswordChange;
import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXPortalUserList;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
+import org.apache.ranger.view.VXUserPermission;
import org.apache.velocity.Template;
import org.apache.velocity.app.VelocityEngine;
import org.springframework.beans.factory.annotation.Autowired;
@@ -95,6 +101,12 @@ public class UserMgr {
@Autowired
XPortalUserService xPortalUserService;
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
String publicRoles[] = new String[] { RangerConstants.ROLE_USER,
RangerConstants.ROLE_OTHER };
@@ -587,6 +599,7 @@ public class UserMgr {
userProfile.setLoginId(user.getLoginId());
userProfile.setStatus(user.getStatus());
userProfile.setUserRoleList(new ArrayList<String>());
+
String emailAddress = user.getEmailAddress();
if (emailAddress != null && stringUtil.validateEmail(emailAddress)) {
@@ -607,6 +620,25 @@ public class UserMgr {
if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) {
userProfile.setId(user.getId());
+ List<XXUserPermission> xUserPermissions=daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId());
+ List<XXGroupPermission> xxGroupPermissions=daoManager.getXXGroupPermission().findbyVXPoratUserId(userProfile.getId());
+
+ List<VXGroupPermission> groupPermissions=new ArrayList<VXGroupPermission>();
+ List<VXUserPermission> vxUserPermissions=new ArrayList<VXUserPermission>();
+ for(XXGroupPermission xxGroupPermission:xxGroupPermissions)
+ {
+ VXGroupPermission groupPermission=xGroupPermissionService.populateViewBean(xxGroupPermission);
+ groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule());
+ groupPermissions.add(groupPermission);
+ }
+ for(XXUserPermission xUserPermission: xUserPermissions)
+ {
+ VXUserPermission vXUserPermission=xUserPermissionService.populateViewBean(xUserPermission);
+ vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule());
+ vxUserPermissions.add(vXUserPermission);
+ }
+ userProfile.setGroupPermissions(groupPermissions);
+ userProfile.setUserPermList(vxUserPermissions);
userProfile.setFirstName(user.getFirstName());
userProfile.setLastName(user.getLastName());
userProfile.setPublicScreenName(user.getPublicScreenName());
@@ -663,6 +695,7 @@ public class UserMgr {
// Get total count first
Query query = createUserSearchQuery(countQueryStr, null, searchCriteria);
Long count = (Long) query.getSingleResult();
+ int resultSize=Integer.parseInt(count.toString());
if (count == null || count.longValue() == 0) {
return returnList;
}
@@ -725,6 +758,7 @@ public class UserMgr {
objectList.add(userProfile);
}
+ returnList.setResultSize(resultSize);
returnList.setPageSize(query.getMaxResults());
returnList.setSortBy(sortBy);
returnList.setSortType(querySortType);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 1051991..4804dc7 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -28,11 +28,19 @@ import java.util.List;
import java.util.Map;
import java.util.Set;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-
import org.apache.commons.collections.CollectionUtils;
+import org.apache.ranger.common.ContextUtil;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXModuleDef;
+import org.apache.ranger.entity.XXUserPermission;
+import org.apache.ranger.service.XGroupPermissionService;
+import org.apache.ranger.service.XModuleDefService;
+import org.apache.ranger.service.XPortalUserService;
+import org.apache.ranger.service.XUserPermissionService;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXUserPermission;
import org.apache.log4j.Logger;
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.PropertiesUtil;
@@ -42,6 +50,7 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.db.XXGroupUserDao;
import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
import org.apache.ranger.service.XGroupService;
@@ -62,6 +71,10 @@ public class XUserMgr extends XUserMgrBase {
@Autowired
XUserService xUserService;
+
+ @Autowired
+ XGroupService xGroupService;
+
@Autowired
RangerBizUtil msBizUtil;
@@ -75,7 +88,17 @@ public class XUserMgr extends XUserMgrBase {
RangerBizUtil xaBizUtil;
@Autowired
- XGroupService xGroupService;
+ XModuleDefService xModuleDefService;
+
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
+ @Autowired
+ XPortalUserService xPortalUserService;
+
static final Logger logger = Logger.getLogger(XUserMgr.class);
@@ -114,7 +137,7 @@ public class XUserMgr extends XUserMgrBase {
// XXUser xUser = daoManager.getXXUser().getById(id);
daoManager.getXXUser().remove(id);
- //applicationCache.removeUserID(id);
+ // applicationCache.removeUserID(id);
// Not Supported So Far
// List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
// xUserService.populateViewBean(xUser), "delete");
@@ -149,13 +172,17 @@ public class XUserMgr extends XUserMgrBase {
vXPortalUser.setFirstName(vXUser.getFirstName());
vXPortalUser.setLastName(vXUser.getLastName());
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
- vXPortalUser.setPublicScreenName(vXUser.getFirstName() +" "+ vXUser.getLastName());
+ vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " "
+ + vXUser.getLastName());
vXPortalUser.setPassword(actualPassword);
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
vXPortalUser = userMgr.createDefaultAccountUser(vXPortalUser);
+
VXUser createdXUser = xUserService.createResource(vXUser);
+
+
createdXUser.setPassword(actualPassword);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(
createdXUser, "create");
@@ -182,8 +209,97 @@ public class XUserMgr extends XUserMgrBase {
//
xaBizUtil.createTrxLog(trxLogList);
+ assignPermissionToUser(vXPortalUser,true);
+
return createdXUser;
}
+ //Assigning Permission
+ @SuppressWarnings("unused")
+ private void assignPermissionToUser(VXPortalUser vXPortalUser,boolean isCreate)
+ {
+ HashMap<String, Long> moduleNameId=getModelNames();
+
+
+
+
+ for(String role:vXPortalUser.getUserRoleList())
+ {
+
+ if(role.equals(RangerConstants.ROLE_USER))
+ {
+
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
+ }
+ else if(role.equals(RangerConstants.ROLE_SYS_ADMIN))
+ {
+
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_KMS),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_PERMISSION),isCreate);
+ insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate);
+ }
+
+ }
+ }
+ //Insert or Updating Mapping permissons depending upon roles
+ private void insertMappingXUserPermisson(Long userId,Long moduleId,boolean isCreate)
+ {
+ VXUserPermission vXuserPermission;
+ List<XXUserPermission> xuserPermissionList = daoManager
+ .getXXUserPermission().findByModuleIdAndUserId(userId, moduleId);
+ if(xuserPermissionList==null || xuserPermissionList.isEmpty())
+ {
+ vXuserPermission=new VXUserPermission();
+ vXuserPermission.setUserId(userId);
+ vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
+ vXuserPermission.setModuleId(moduleId);
+ try
+ {
+ xUserPermissionService.createResource(vXuserPermission);
+ }
+ catch(Exception e)
+ {
+ System.out.println(e);
+ }
+ }
+ else if(isCreate)
+ {
+ for(XXUserPermission xUserPermission:xuserPermissionList)
+ {
+ vXuserPermission=xUserPermissionService.populateViewBean(xUserPermission);
+ vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
+ xUserPermissionService.updateResource(vXuserPermission);
+ }
+ }
+
+ }
+ @SuppressWarnings("unused")
+ public HashMap<String, Long> getModelNames()
+ {
+ List<XXModuleDef> xxModuleDefs=daoManager.getXXModuleDef().findModuleNamesWithIds();
+ if(xxModuleDefs.isEmpty() || xxModuleDefs!=null)
+ {
+ HashMap<String, Long> moduleNameId=new HashMap<String, Long>();
+ try
+ {
+
+ for(XXModuleDef xxModuleDef:xxModuleDefs)
+ {
+ moduleNameId.put(xxModuleDef.getModule(), xxModuleDef.getId());
+ }
+ return moduleNameId;
+ }
+ catch(Exception e)
+ {
+ logger.error(e);
+ }
+ }
+
+ return null;
+ }
private VXGroupUser createXGroupUser(Long userId, Long groupId) {
VXGroupUser vXGroupUser = new VXGroupUser();
@@ -200,12 +316,11 @@ public class XUserMgr extends XUserMgrBase {
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser
.getName());
VXPortalUser vXPortalUser = new VXPortalUser();
- if(oldUserProfile!=null && oldUserProfile.getId()!=null){
+ if (oldUserProfile != null && oldUserProfile.getId() != null) {
vXPortalUser.setId(oldUserProfile.getId());
}
// TODO : There is a possibility that old user may not exist.
-
-
+
vXPortalUser.setFirstName(vXUser.getFirstName());
vXPortalUser.setLastName(vXUser.getLastName());
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
@@ -225,15 +340,15 @@ public class XUserMgr extends XUserMgrBase {
Collection<Long> groupIdList = vXUser.getGroupIdList();
XXPortalUser xXPortalUser = new XXPortalUser();
- xXPortalUser=userMgr.updateUserWithPass(vXPortalUser);
+ xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
Collection<String> roleList = new ArrayList<String>();
- if(xXPortalUser!=null){
- roleList=userMgr.getRolesForUser(xXPortalUser);
+ if (xXPortalUser != null) {
+ roleList = userMgr.getRolesForUser(xXPortalUser);
}
- if(roleList==null || roleList.size()==0){
+ if (roleList == null || roleList.size() == 0) {
roleList.add(RangerConstants.ROLE_USER);
- }
-
+ }
+
// TODO I've to get the transaction log from here.
// There is nothing to log anything in XXUser so far.
vXUser = xUserService.updateResource(vXUser);
@@ -313,34 +428,36 @@ public class XUserMgr extends XUserMgrBase {
return vXUser;
}
-
- public VXUserGroupInfo createXUserGroupFromMap(VXUserGroupInfo vXUserGroupInfo) {
-
+
+ public VXUserGroupInfo createXUserGroupFromMap(
+ VXUserGroupInfo vXUserGroupInfo) {
+
VXUserGroupInfo vxUGInfo = new VXUserGroupInfo();
-
+
VXUser vXUser = vXUserGroupInfo.getXuserInfo();
-
+
vXUser = xUserService.createXUserWithOutLogin(vXUser);
-
+
vxUGInfo.setXuserInfo(vXUser);
-
+
List<VXGroup> vxg = new ArrayList<VXGroup>();
-
- for(VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()){
+
+ for (VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()) {
VXGroup VvXGroup = xGroupService.createXGroupWithOutLogin(vXGroup);
vxg.add(VvXGroup);
VXGroupUser vXGroupUser = new VXGroupUser();
vXGroupUser.setUserId(vXUser.getId());
vXGroupUser.setName(VvXGroup.getName());
- vXGroupUser = xGroupUserService.createXGroupUserWithOutLogin(vXGroupUser);
+ vXGroupUser = xGroupUserService
+ .createXGroupUserWithOutLogin(vXGroupUser);
}
-
+
vxUGInfo.setXgroupInfo(vxg);
-
+
return vxUGInfo;
}
- public VXUser createXUserWithOutLogin(VXUser vXUser) {
+ public VXUser createXUserWithOutLogin(VXUser vXUser) {
return xUserService.createXUserWithOutLogin(vXUser);
}
@@ -534,4 +651,178 @@ public class XUserMgr extends XUserMgrBase {
vObj = xGroupService.updateResource(vObj);
}
}
+ public void checkPermissionRoleByGivenUrls(String enteredURL,String method)
+ {
+ Long currentUserId=ContextUtil.getCurrentUserId();
+ List<String> notPermittedUrls=daoManager.getXXModuleDef().findModuleURLOfPemittedModules(currentUserId);
+ if(notPermittedUrls!=null )
+ {
+
+ boolean flag=false;
+ for(String notPermittedUrl:notPermittedUrls)
+ {
+ if(enteredURL.toLowerCase().contains(notPermittedUrl.toLowerCase()))
+ flag=true;
+ }
+ List<XXPortalUserRole> xPortalUserRoles=daoManager.getXXPortalUserRole().findByUserId(currentUserId);
+ for(XXPortalUserRole xPortalUserRole:xPortalUserRoles)
+ {
+ if(xPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_USER)&& !method.equalsIgnoreCase("GET"))
+ {
+ flag=true;
+ }
+ }
+ if(flag)
+ {
+ throw restErrorUtil.create403RESTException("Access Denied");
+ }
+ }
+ }
+ public List<VXPortalUser> updateExistingUserExisting()
+ {
+ List<XXPortalUser> allPortalUser=daoManager.getXXPortalUser().findAllXPortalUser();
+ List<VXPortalUser> vPortalUsers= new ArrayList<VXPortalUser>();
+ for(XXPortalUser xPortalUser:allPortalUser)
+ {
+ VXPortalUser vPortalUser =xPortalUserService.populateViewBean(xPortalUser);
+ vPortalUsers.add(vPortalUser);
+ vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
+ assignPermissionToUser(vPortalUser,false);
+ }
+
+ return vPortalUsers;
+
+ }
+
+ // Module permissions
+ public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xModuleDefService.createResource(vXModuleDef);
+ }
+
+ public VXModuleDef getXModuleDefPermission(Long id) {
+ return xModuleDefService.readResource(id);
+ }
+
+ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
+ List<VXGroupPermission> groupPermListNew = vXModuleDef
+ .getGroupPermList();
+ List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList();
+
+ List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>();
+ List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>();
+ XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(
+ vXModuleDef.getId());
+ VXModuleDef vModuleDefPopulateOld = xModuleDefService
+ .populateViewBean(xModuleDef);
+
+ List<XXGroupPermission> xgroupPermissionList = daoManager
+ .getXXGroupPermission().findByModuleId(vXModuleDef.getId(),true);
+
+ for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
+ VXGroupPermission vXGrpPerm = xGroupPermissionService
+ .populateViewBean(xGrpPerm);
+ groupPermListOld.add(vXGrpPerm);
+ }
+ vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
+
+ List<XXUserPermission> xuserPermissionList = daoManager
+ .getXXUserPermission().findByModuleId(vXModuleDef.getId(),true);
+
+ for (XXUserPermission xUserPerm : xuserPermissionList) {
+ VXUserPermission vUserPerm = xUserPermissionService
+ .populateViewBean(xUserPerm);
+ userPermListOld.add(vUserPerm);
+ }
+ vModuleDefPopulateOld.setUserPermList(userPermListOld);
+
+ if (groupPermListOld != null && groupPermListNew != null) {
+ for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
+
+ boolean isExist = false;
+
+ for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
+ if (newVXGroupPerm.getModuleId().equals(
+ oldVXGroupPerm.getModuleId())
+ && newVXGroupPerm.getGroupId().equals(
+ oldVXGroupPerm.getGroupId())) {
+ oldVXGroupPerm.setIsAllowed(newVXGroupPerm
+ .getIsAllowed());
+ oldVXGroupPerm = xGroupPermissionService
+ .updateResource(oldVXGroupPerm);
+ isExist = true;
+ }
+ }
+ if (!isExist) {
+ newVXGroupPerm = xGroupPermissionService
+ .createResource(newVXGroupPerm);
+ }
+ }
+ }
+
+ if (userPermListOld != null && userPermListNew != null) {
+ for (VXUserPermission newVXUserPerm : userPermListNew) {
+
+ boolean isExist = false;
+ for (VXUserPermission oldVXUserPerm : userPermListOld) {
+ if (newVXUserPerm.getModuleId().equals(
+ oldVXUserPerm.getModuleId())
+ && newVXUserPerm.getUserId().equals(
+ oldVXUserPerm.getUserId())) {
+ oldVXUserPerm
+ .setIsAllowed(newVXUserPerm.getIsAllowed());
+ oldVXUserPerm = xUserPermissionService
+ .updateResource(oldVXUserPerm);
+ isExist = true;
+ }
+ }
+ if (!isExist) {
+ newVXUserPerm = xUserPermissionService
+ .createResource(newVXUserPerm);
+
+ }
+ }
+ }
+ return xModuleDefService.updateResource(vXModuleDef);
+ }
+
+ public void deleteXModuleDefPermission(Long id, boolean force) {
+ xModuleDefService.deleteResource(id);
+ }
+
+ // User permission
+ public VXUserPermission createXUserPermission(VXUserPermission vXUserPermission) {
+ return xUserPermissionService.createResource(vXUserPermission);
+ }
+
+ public VXUserPermission getXUserPermission(Long id) {
+ return xUserPermissionService.readResource(id);
+ }
+
+ public VXUserPermission updateXUserPermission(
+ VXUserPermission vXUserPermission) {
+
+ return xUserPermissionService.updateResource(vXUserPermission);
+ }
+
+ public void deleteXUserPermission(Long id, boolean force) {
+ xUserPermissionService.deleteResource(id);
+ }
+
+ // Group permission
+ public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
+ return xGroupPermissionService.createResource(vXGroupPermission);
+ }
+
+ public VXGroupPermission getXGroupPermission(Long id) {
+ return xGroupPermissionService.readResource(id);
+ }
+
+ public VXGroupPermission updateXGroupPermission(VXGroupPermission vXGroupPermission) {
+ return xGroupPermissionService.updateResource(vXGroupPermission);
+ }
+
+ public void deleteXGroupPermission(Long id, boolean force) {
+ xGroupPermissionService.deleteResource(id);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
index b20ce31..a89bf8d 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java
@@ -24,9 +24,12 @@ import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.service.XAuditMapService;
import org.apache.ranger.service.XGroupGroupService;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XGroupUserService;
+import org.apache.ranger.service.XModuleDefService;
import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
@@ -34,13 +37,16 @@ import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupGroup;
import org.apache.ranger.view.VXGroupGroupList;
import org.apache.ranger.view.VXGroupList;
+import org.apache.ranger.view.VXGroupPermissionList;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXModuleDefList;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
import org.apache.ranger.view.VXUser;
import org.apache.ranger.view.VXUserList;
+import org.apache.ranger.view.VXUserPermissionList;
import org.springframework.beans.factory.annotation.Autowired;
public class XUserMgrBase {
@@ -62,6 +68,15 @@ public class XUserMgrBase {
@Autowired
XPermMapService xPermMapService;
+ @ Autowired
+ XModuleDefService xModuleDefService;
+
+ @ Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @ Autowired
+ XGroupPermissionService xGroupPermissionService;
+
@Autowired
XAuditMapService xAuditMapService;
public VXGroup getXGroup(Long id){
@@ -262,4 +277,30 @@ public class XUserMgrBase {
xAuditMapService.searchFields);
}
+ public VXModuleDefList searchXModuleDef(SearchCriteria searchCriteria) {
+ return xModuleDefService.searchModuleDef(searchCriteria);
+ }
+
+ public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) {
+ return xUserPermissionService.searchXUserPermission(searchCriteria);
+ }
+
+ public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) {
+ return xGroupPermissionService.searchXGroupPermission(searchCriteria);
+ }
+
+ public VXLong getXModuleDefSearchCount(SearchCriteria searchCriteria) {
+ return xModuleDefService.getSearchCount(searchCriteria,
+ xModuleDefService.searchFields);
+ }
+
+ public VXLong getXUserPermissionSearchCount(SearchCriteria searchCriteria) {
+ return xUserPermissionService.getSearchCount(searchCriteria,
+ xUserPermissionService.searchFields);
+ }
+
+ public VXLong getXGroupPermissionSearchCount(SearchCriteria searchCriteria){
+ return xGroupPermissionService.getSearchCount(searchCriteria,
+ xGroupPermissionService.searchFields);
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
index b85f975..a5ecff7 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java
@@ -507,9 +507,22 @@ public class AppConstants extends RangerCommonEnums {
public static final int CLASS_TYPE_XA_SERVICE_DEF = 1033;
/**
+ * CLASS_TYPE_RANGER_MODULE_DEF is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_MODULE_DEF".
+ */
+ public static final int CLASS_TYPE_RANGER_MODULE_DEF = 1034;
+ /**
+ * CLASS_TYPE_RANGER_USER_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_USER_PERMISSION".
+ */
+ public static final int CLASS_TYPE_RANGER_USER_PERMISSION = 1035;
+ /**
+ * CLASS_TYPE_RANGER_GROUP_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_GROUP_PERMISSION".
+ */
+ public static final int CLASS_TYPE_RANGER_GROUP_PERMISSION = 1036;
+
+ /**
* Max value for enum ClassTypes_MAX
*/
- public static final int ClassTypes_MAX = 1033;
+ public static final int ClassTypes_MAX = 1036;
/***************************************************************
* Enum values for Default SortOrder
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
index c02998d..701847f 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java
@@ -27,6 +27,14 @@
public class RangerCommonEnums {
/***************************************************************
+ * Enum values for AllowedPermission
+ **************************************************************/
+ /**
+ * IS_ALLOWED is an element of enum AllowedPermission. Its value is "IS_ALLOWED".
+ */
+ public static final int IS_ALLOWED = 1;
+
+ /***************************************************************
* Enum values for VisibilityStatus
**************************************************************/
/**
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
index b09b21a..77b51db 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java
@@ -17,153 +17,161 @@
* under the License.
*/
- /**
- *
- */
-
-package org.apache.ranger.common;
-
-public class RangerConstants extends RangerCommonEnums {
-
- // Default Roles
- public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN";
- public final static String ROLE_ADMIN = "ROLE_ADMIN";
- public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR";
- public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST";
- public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR";
-
- public final static String ROLE_USER = "ROLE_USER";
- public final static String ROLE_ANON = "ROLE_ANON";
- public final static String ROLE_OTHER = "ROLE_OTHER";
- public final static String GROUP_PUBLIC = "public";
- // Action constants
- public final static String ACTION_EDIT = "edit";
- public final static String ACTION_CHANGE = "change";
- public final static String ACTION_DELETE = "delete";
- public final static String ACTION_MARK_SPAM = "mark_spam";
- public final static String ACTION_RATE = "rate";
- public final static String ACTION_SELECT = "select";
- public final static String ACTION_UNSELECT = "unselect";
- public final static String ACTION_HIDE = "hide";
- public final static String ACTION_UNHIDE = "unhide";
- public final static String ACTION_SHARE = "share";
- public final static String ACTION_UNSHARE = "unshare";
- public final static String ACTION_BOOKMARK = "bookmark";
- public final static String ACTION_UNBOOKMARK = "unbookmark";
-
- // Sendgrid email API constants
- public static final String SENDGRID_API_USER = "api_user";
- public static final String SENDGRID_API_KEY = "api_key";
- public static final String SENDGRID_TO = "to";
- public static final String SENDGRID_TO_NAME = "toname";
- public static final String SENDGRID_SUBJECT = "subject";
- public static final String SENDGRID_TEXT = "text";
- public static final String SENDGRID_HTML = "html";
- public static final String SENDGRID_FROM_EMAIL = "from";
- public static final String SENDGRID_FROM_NAME = "fromname";
- public static final String SENDGRID_BCC = "bcc";
- public static final String SENDGRID_CC = "cc";
- public static final String SENDGRID_REPLY_TO = "replyto";
-
- // User create validation errors
- public enum ValidationUserProfile {
-
- NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr",
- "Email address not provided"), INVALID_EMAIL_ADDR(
- "xa.validation.userprofile.userprofile.invalid_email_addr",
- "Invalid email address"), NO_FIRST_NAME(
- "xa.validation.userprofile.userprofile.no_first_name",
- "First name not provided"), INVALID_FIRST_NAME(
- "xa.validation.userprofile.invalid_first_name",
- "Invalid first name"), NO_LAST_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), INVALID_LAST_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), NO_PUBLIC_SCREEN_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME(
- "xa.validation.userprofile.noemailaddr",
- "Email address not provided");
-
- String rbKey;
- String message;
-
- ValidationUserProfile(String rbKey, String message) {
- this.rbKey = rbKey;
- this.message = message;
- }
- };
-
- // these constants will be used in setting GjResponse object.
-
- public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>.";
- public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0;
-
- public final static String USER_APPROVAL_MSG = "User is approved";
- public final static int USER_APPROVAL_STATUS_CODE = 1;
-
- public final static String USER_REJECTION_MSG = "User is rejected";
- public final static int USER_REJECTION_STATUS_CODE = 1;
-
- public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected";
- public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0;
-
- public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'";
- public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0;
-
- public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first.";
- public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0;
-
- public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address";
- public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0;
-
- public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code";
- public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0;
-
- public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address";
- public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1;
-
- public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:";
- public final static String NO_ACTIVATION_ENTRY = "activation entry not found";
-
- public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for";
- public final static int VALIDATION_INVALID_DATA_CODE = 0;
- public static final String GROUP_MODERATORS = "GROUP_MODERATORS";
-
- // public final static String EMAIL_WELCOME_MSG =
- // "Welcome to iSchoolCircle";
- // public final static String EMAIL_LINK_WELCOME_MSG =
- // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: ";
- // public static final String EMAIL_EDIT_REJECTED_MSG =
- // "Your changes not approved for public sharing.";
- // public static final String EMAIL_APPROVAL_NEEDED_MSG =
- // "New objects pending approval";
- // public static final String EMAIL_PWD_RESET_CODE_MSG =
- // "iSchoolCircle - Password Reset";
-
- public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request";
-
- public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password";
- public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from";
- public static final int INITIAL_DOCUMENT_VERSION = 1;
-
- public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0;
- public static final int EMAIL_TYPE_USER_CREATE = 1;
- public static final int EMAIL_TYPE_USER_ACCT_ADD = 2;
- public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3;
- public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4;
- public static final int EMAIL_TYPE_NOTE_CREATE = 5;
- public static final int EMAIL_TYPE_TASK_CREATE = 6;
- public static final int EMAIL_TYPE_USER_PASSWORD = 7;
- public static final int EMAIL_TYPE_USER_ACTIVATION = 8;
- public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9;
- public static final int EMAIL_TYPE_USER_GRP_ADD = 10;
-
- public static enum RBAC_PERM {
- ALLOW_NONE,
- ALLOW_READ,
- ALLOW_WRITE,
- ALLOW_DELETE
- }
-
-}
+ /**
+ *
+ */
+
+package org.apache.ranger.common;
+
+public class RangerConstants extends RangerCommonEnums {
+
+ // Default Roles
+ public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN";
+ public final static String ROLE_ADMIN = "ROLE_ADMIN";
+ public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR";
+ public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST";
+ public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR";
+
+ public final static String ROLE_USER = "ROLE_USER";
+ public final static String ROLE_ANON = "ROLE_ANON";
+ public final static String ROLE_OTHER = "ROLE_OTHER";
+ public final static String GROUP_PUBLIC = "public";
+ // Action constants
+ public final static String ACTION_EDIT = "edit";
+ public final static String ACTION_CHANGE = "change";
+ public final static String ACTION_DELETE = "delete";
+ public final static String ACTION_MARK_SPAM = "mark_spam";
+ public final static String ACTION_RATE = "rate";
+ public final static String ACTION_SELECT = "select";
+ public final static String ACTION_UNSELECT = "unselect";
+ public final static String ACTION_HIDE = "hide";
+ public final static String ACTION_UNHIDE = "unhide";
+ public final static String ACTION_SHARE = "share";
+ public final static String ACTION_UNSHARE = "unshare";
+ public final static String ACTION_BOOKMARK = "bookmark";
+ public final static String ACTION_UNBOOKMARK = "unbookmark";
+
+ // Sendgrid email API constants
+ public static final String SENDGRID_API_USER = "api_user";
+ public static final String SENDGRID_API_KEY = "api_key";
+ public static final String SENDGRID_TO = "to";
+ public static final String SENDGRID_TO_NAME = "toname";
+ public static final String SENDGRID_SUBJECT = "subject";
+ public static final String SENDGRID_TEXT = "text";
+ public static final String SENDGRID_HTML = "html";
+ public static final String SENDGRID_FROM_EMAIL = "from";
+ public static final String SENDGRID_FROM_NAME = "fromname";
+ public static final String SENDGRID_BCC = "bcc";
+ public static final String SENDGRID_CC = "cc";
+ public static final String SENDGRID_REPLY_TO = "replyto";
+
+ //Permission Names
+ public static final String MODULE_POLICY_MANAGER="Policy Manager";
+ public static final String MODULE_USER_GROUPS="Users/Groups";
+ public static final String MODULE_ANALYTICS="Analytics";
+ public static final String MODULE_AUDIT="Audit";
+ public static final String MODULE_PERMISSION="Permissions";
+ public static final String MODULE_KMS="KMS";
+
+ // User create validation errors
+ public enum ValidationUserProfile {
+
+ NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr",
+ "Email address not provided"), INVALID_EMAIL_ADDR(
+ "xa.validation.userprofile.userprofile.invalid_email_addr",
+ "Invalid email address"), NO_FIRST_NAME(
+ "xa.validation.userprofile.userprofile.no_first_name",
+ "First name not provided"), INVALID_FIRST_NAME(
+ "xa.validation.userprofile.invalid_first_name",
+ "Invalid first name"), NO_LAST_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), INVALID_LAST_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), NO_PUBLIC_SCREEN_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME(
+ "xa.validation.userprofile.noemailaddr",
+ "Email address not provided");
+
+ String rbKey;
+ String message;
+
+ ValidationUserProfile(String rbKey, String message) {
+ this.rbKey = rbKey;
+ this.message = message;
+ }
+ };
+
+ // these constants will be used in setting GjResponse object.
+
+ public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>.";
+ public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0;
+
+ public final static String USER_APPROVAL_MSG = "User is approved";
+ public final static int USER_APPROVAL_STATUS_CODE = 1;
+
+ public final static String USER_REJECTION_MSG = "User is rejected";
+ public final static int USER_REJECTION_STATUS_CODE = 1;
+
+ public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected";
+ public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0;
+
+ public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'";
+ public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0;
+
+ public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first.";
+ public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0;
+
+ public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address";
+ public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0;
+
+ public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code";
+ public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0;
+
+ public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address";
+ public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1;
+
+ public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:";
+ public final static String NO_ACTIVATION_ENTRY = "activation entry not found";
+
+ public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for";
+ public final static int VALIDATION_INVALID_DATA_CODE = 0;
+ public static final String GROUP_MODERATORS = "GROUP_MODERATORS";
+
+ // public final static String EMAIL_WELCOME_MSG =
+ // "Welcome to iSchoolCircle";
+ // public final static String EMAIL_LINK_WELCOME_MSG =
+ // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: ";
+ // public static final String EMAIL_EDIT_REJECTED_MSG =
+ // "Your changes not approved for public sharing.";
+ // public static final String EMAIL_APPROVAL_NEEDED_MSG =
+ // "New objects pending approval";
+ // public static final String EMAIL_PWD_RESET_CODE_MSG =
+ // "iSchoolCircle - Password Reset";
+
+ public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request";
+
+ public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password";
+ public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from";
+ public static final int INITIAL_DOCUMENT_VERSION = 1;
+
+ public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0;
+ public static final int EMAIL_TYPE_USER_CREATE = 1;
+ public static final int EMAIL_TYPE_USER_ACCT_ADD = 2;
+ public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3;
+ public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4;
+ public static final int EMAIL_TYPE_NOTE_CREATE = 5;
+ public static final int EMAIL_TYPE_TASK_CREATE = 6;
+ public static final int EMAIL_TYPE_USER_PASSWORD = 7;
+ public static final int EMAIL_TYPE_USER_ACTIVATION = 8;
+ public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9;
+ public static final int EMAIL_TYPE_USER_GRP_ADD = 10;
+
+ public static enum RBAC_PERM {
+ ALLOW_NONE,
+ ALLOW_READ,
+ ALLOW_WRITE,
+ ALLOW_DELETE
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
index 920c12d..5d536ac 100644
--- a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
+++ b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java
@@ -31,7 +31,7 @@ public class CredentialReader {
public static String getDecryptedString(String CrendentialProviderPath,String alias) {
String credential=null;
try{
- if(CrendentialProviderPath==null || alias==null){
+ if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){
return null;
}
char[] pass = null;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
index 962eb02..2dd0797 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java
@@ -143,7 +143,15 @@ public abstract class RangerDaoManagerBase {
if (classType == AppConstants.CLASS_TYPE_XA_DATA_HIST) {
return getXXDataHist();
}
-
+ if (classType == AppConstants.CLASS_TYPE_RANGER_MODULE_DEF) {
+ return getXXModuleDef();
+ }
+ if (classType == AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION) {
+ return getXXUserPermission();
+ }
+ if (classType == AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION) {
+ return getXXUserPermission();
+ }
logger.error("No DaoManager found for classType=" + classType, new Throwable());
return null;
@@ -255,6 +263,15 @@ public abstract class RangerDaoManagerBase {
if (className.equals("XXDataHist")) {
return getXXDataHist();
}
+ if (className.equals("XXModuleDef")) {
+ return getXXModuleDef();
+ }
+ if (className.equals("XXUserPermission")) {
+ return getXXUserPermission();
+ }
+ if (className.equals("XXGroupPermission")) {
+ return getXXGroupPermission();
+ }
logger.error("No DaoManager found for className=" + className, new Throwable());
return null;
@@ -407,5 +424,17 @@ public abstract class RangerDaoManagerBase {
return new XXDataHistDao(this);
}
+ public XXModuleDefDao getXXModuleDef(){
+ return new XXModuleDefDao(this);
+ }
+
+ public XXUserPermissionDao getXXUserPermission(){
+ return new XXUserPermissionDao(this);
+ }
+
+ public XXGroupPermissionDao getXXGroupPermission(){
+ return new XXGroupPermissionDao(this);
+ }
+
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
new file mode 100644
index 0000000..1be3148
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java
@@ -0,0 +1,86 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGroupPermission;
+import org.apache.ranger.entity.XXUserPermission;
+
+public class XXGroupPermissionDao extends BaseDao<XXGroupPermission> {
+
+ static final Logger logger = Logger.getLogger(XXGroupPermissionDao.class);
+
+ public XXGroupPermissionDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public List<XXGroupPermission> findByModuleId(Long moduleId,
+ boolean isUpdate) {
+ if (moduleId != null) {
+ try {
+ if (isUpdate) {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermissionUpdate.findByModuleId",
+ XXGroupPermission.class)
+ .setParameter("moduleId", moduleId).getResultList();
+ }
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermissionUpdates.findByModuleId",
+ XXGroupPermission.class)
+ .setParameter("moduleId", moduleId)
+ .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+
+ public List<XXGroupPermission> findByGroupPermissionId(Long groupId) {
+ if (groupId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermission.findByGroupPermissionId",
+ XXGroupPermission.class)
+ .setParameter("groupId", groupId).getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+ public List<XXGroupPermission> findbyVXPoratUserId(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery(
+ "XXGroupPermission.findByVXPoratUserId",
+ XXGroupPermission.class)
+ .setParameter("userId", userId)
+ .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourcegropuIdId not provided.");
+ return new ArrayList<XXGroupPermission>();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
new file mode 100644
index 0000000..85cc41b
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java
@@ -0,0 +1,101 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXModuleDef;
+
+public class XXModuleDefDao extends BaseDao<XXModuleDef>{
+
+ static final Logger logger = Logger.getLogger(XXModuleDefDao.class);
+
+ public XXModuleDefDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public XXModuleDef findByModuleName(String moduleName){
+ if (moduleName == null) {
+ return null;
+ }
+ try {
+
+ return (XXModuleDef) getEntityManager()
+ .createNamedQuery("XXModuleDef.findByModuleName")
+ .setParameter("moduleName", moduleName)
+ .getSingleResult();
+ } catch (Exception e) {
+
+ }
+ return null;
+ }
+
+
+ public XXModuleDef findByModuleId(Long id) {
+ if(id == null) {
+ return new XXModuleDef();
+ }
+ try {
+ List<XXModuleDef> xxModuelDefs=getEntityManager()
+ .createNamedQuery("XXModuleDef.findByModuleId", tClass)
+ .setParameter("id", id).getResultList();
+ return xxModuelDefs.get(0);
+ } catch (NoResultException e) {
+ return new XXModuleDef();
+ }
+ }
+ @SuppressWarnings("unchecked")
+ public List<XXModuleDef> findModuleNamesWithIds() {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXModuleDef.findModuleNamesWithIds")
+ .getResultList();
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<String> findModuleURLOfPemittedModules(Long userId) {
+ try {
+
+ String query="select";
+ query+=" url";
+ query+=" FROM";
+ query+=" x_modules_master";
+ query+=" WHERE";
+ query+=" url NOT IN (SELECT ";
+ query+=" moduleMaster.url";
+ query+=" FROM";
+ query+=" x_modules_master moduleMaster,";
+ query+=" x_user_module_perm userModulePermission";
+ query+=" WHERE";
+ query+=" moduleMaster.id = userModulePermission.module_id";
+ query+=" AND userModulePermission.user_id = "+userId+")";
+ query+=" AND ";
+ query+=" id NOT IN (SELECT DISTINCT";
+ query+=" gmp.module_id";
+ query+=" FROM";
+ query+=" x_group_users xgu,";
+ query+=" x_user xu,";
+ query+=" x_group_module_perm gmp,";
+ query+=" x_portal_user xpu";
+ query+=" WHERE";
+ query+=" xu.user_name = xpu.login_id";
+ query+=" AND xu.id = xgu.user_id";
+ query+=" AND xgu.p_group_id = gmp.group_id";
+ query+=" AND xpu.id = "+userId+")";
+
+ return getEntityManager()
+ .createNativeQuery(query)
+ .getResultList();
+
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
index 9069f29..d3467f8 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
@@ -17,13 +17,13 @@
* under the License.
*/
- package org.apache.ranger.db;
-
+package org.apache.ranger.db;
import java.util.List;
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXPortalUserRole;
public class XXPortalUserDao extends BaseDao<XXPortalUser> {
@@ -76,4 +76,41 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> {
.getResultList();
}
+
+ public XXPortalUser findByXUserId(Long id) {
+
+ List resultList = getEntityManager()
+ .createNamedQuery("XXPortalUser.findByXUserId")
+ .setParameter("id", id).getResultList();
+ if (resultList.size() != 0) {
+ return (XXPortalUser) resultList.get(0);
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<XXPortalUser> findAllXPortalUser() {
+
+ try {
+ return getEntityManager().createNamedQuery(
+ "XXPortalUser.findAllXPortalUser").getResultList();
+
+ } catch (Exception e) {
+ return null;
+ }
+
+ }
+ @SuppressWarnings("unchecked")
+ public List<String> findXPortalUserRolebyXPortalUserId(Long userId)
+ {
+ try {
+ return getEntityManager()
+ .createNativeQuery("select user_role from x_portal_user_role where user_id="+userId+"")
+ .getResultList();
+
+ } catch (Exception e) {
+ return null;
+ }
+
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
new file mode 100644
index 0000000..1147edb
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
@@ -0,0 +1,102 @@
+package org.apache.ranger.db;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.persistence.NoResultException;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.common.RangerCommonEnums;
+import org.apache.ranger.common.db.BaseDao;
+import org.apache.ranger.entity.XXGroupUser;
+import org.apache.ranger.entity.XXUserPermission;
+
+public class XXUserPermissionDao extends BaseDao<XXUserPermission>{
+
+ static final Logger logger = Logger.getLogger(XXUserPermissionDao.class);
+
+ public XXUserPermissionDao(RangerDaoManagerBase daoManager) {
+ super(daoManager);
+ }
+
+ public List<XXUserPermission> findByModuleId(Long moduleId,boolean isUpdate) {
+ if (moduleId != null) {
+ try {
+
+ if(isUpdate)
+ {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermissionUpdates.findByModuleId", XXUserPermission.class)
+ .setParameter("moduleId", moduleId)
+ .getResultList();
+ }
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByModuleId", XXUserPermission.class)
+ .setParameter("moduleId", moduleId)
+ .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public List<XXUserPermission> findByUserPermissionIdAndIsAllowed(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByUserPermissionIdAndIsAllowed")
+ .setParameter("userId", userId)
+ .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+
+ public List<XXUserPermission> findByUserPermissionId(Long userId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByUserPermissionId", XXUserPermission.class)
+ .setParameter("userId", userId)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+
+ public List<XXUserPermission> findByModuleIdAndUserId(Long userId,Long moduleId) {
+ if (userId != null) {
+ try {
+ return getEntityManager()
+ .createNamedQuery("XXUserPermission.findByModuleIdAndUserId", XXUserPermission.class)
+ .setParameter("userId", userId)
+ .setParameter("moduleId", moduleId)
+ .getResultList();
+ } catch (NoResultException e) {
+ logger.debug(e.getMessage());
+ }
+ } else {
+ logger.debug("ResourceUserId not provided.");
+ return new ArrayList<XXUserPermission>();
+ }
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
new file mode 100644
index 0000000..f9190b8
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java
@@ -0,0 +1,144 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.RangerCommonEnums;
+
+@Entity
+@Table(name="x_group_module_perm")
+@XmlRootElement
+
+public class XXGroupPermission extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name="X_GROUP_MODULE_PERM_SEQ",sequenceName="X_GROUP_MODULE_PERM_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="X_GROUP_MODULE_PERM_SEQ")
+ @Column(name="ID")
+ protected Long id;
+
+ @Column(name="GROUP_ID" , nullable=false)
+ protected Long groupId;
+
+ @Column(name="MODULE_ID" , nullable=false)
+ protected Long moduleId;
+
+ @Column(name="IS_ALLOWED" , nullable=false)
+ protected Integer isAllowed;
+
+ public XXGroupPermission() {
+ isAllowed = RangerCommonEnums.STATUS_ENABLED;
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the groupId
+ */
+ public Long getGroupId() {
+ return groupId;
+ }
+ /**
+ * @param groupId the groupId to set
+ */
+ public void setGroupId(Long groupId) {
+ this.groupId = groupId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+ /**
+ * @param moduleId the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+ /**
+ * @param isAllowed the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXGroupPermission other = (XXGroupPermission) obj;
+ if (groupId == null) {
+ if (other.groupId != null)
+ return false;
+ } else if (!groupId.equals(other.groupId))
+ return false;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (isAllowed == null) {
+ if (other.isAllowed != null)
+ return false;
+ } else if (!isAllowed.equals(other.isAllowed))
+ return false;
+ if (moduleId == null) {
+ if (other.moduleId != null)
+ return false;
+ } else if (!moduleId.equals(other.moduleId))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "XXGroupPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "groupId={" + groupId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "}";
+
+ return str;
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
new file mode 100644
index 0000000..4a6645c
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java
@@ -0,0 +1,112 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.common.AppConstants;
+
+@Entity
+@Table(name="x_modules_master")
+@XmlRootElement
+public class XXModuleDef extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name="X_MODULES_MASTER_SEQ",sequenceName="X_MODULES_MASTER_SEQ",allocationSize=1)
+ @GeneratedValue(strategy=GenerationType.AUTO,generator="X_MODULES_MASTER_SEQ")
+ @Column(name="ID")
+ protected Long id;
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+ /**
+ * @param id the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ @Column(name="MODULE" , nullable=false)
+ protected String module;
+ /**
+ * @return the module
+ */
+ public String getModule() {
+ return module;
+ }
+ /**
+ * @param module the module to set
+ */
+ public void setModule(String module) {
+ this.module = module;
+ }
+
+ @Column(name="URL" , nullable=false)
+ protected String url;
+ /**
+ * @return the url
+ */
+ public String getUrl() {
+ return url;
+ }
+ /**
+ * @param url the url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ @Override
+ public int getMyClassType( ) {
+ return AppConstants.CLASS_TYPE_RANGER_MODULE_DEF;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXModuleDef other = (XXModuleDef) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (module == null) {
+ if (other.module != null)
+ return false;
+ } else if (!module.equals(other.module))
+ return false;
+ if (url == null) {
+ if (other.url != null)
+ return false;
+ } else if (!url.equals(other.url))
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ String str = "XXModuleDef={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "module={" + module + "} ";
+ str += "url={" + url + "} ";
+ str += "}";
+ return str;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
new file mode 100644
index 0000000..cf33a18
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java
@@ -0,0 +1,151 @@
+package org.apache.ranger.entity;
+
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.SequenceGenerator;
+import javax.persistence.Table;
+import javax.xml.bind.annotation.XmlRootElement;
+import org.apache.ranger.common.AppConstants;
+import org.apache.ranger.common.RangerCommonEnums;
+import com.sun.research.ws.wadl.Application;
+
+@Entity
+@Table(name = "x_user_module_perm")
+@XmlRootElement
+public class XXUserPermission extends XXDBBase implements java.io.Serializable {
+
+ private static final long serialVersionUID = 1L;
+
+ @Id
+ @SequenceGenerator(name = "X_USER_MODULE_PERM_SEQ", sequenceName = "X_USER_MODULE_PERM_SEQ", allocationSize = 1)
+ @GeneratedValue(strategy = GenerationType.AUTO, generator = "X_USER_MODULE_PERM_SEQ")
+ @Column(name = "ID")
+ protected Long id;
+
+ @Column(name = "USER_ID", nullable = false)
+ protected Long userId;
+
+ @Column(name = "MODULE_ID", nullable = false)
+ protected Long moduleId;
+
+ @Column(name = "IS_ALLOWED", nullable = false)
+ protected Integer isAllowed;
+
+ public XXUserPermission(){
+ isAllowed = RangerCommonEnums.IS_ALLOWED;
+ }
+
+ /**
+ * @return the id
+ */
+ public Long getId() {
+ return id;
+ }
+
+ /**
+ * @param id
+ * the id to set
+ */
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ /**
+ * @return the userId
+ */
+ public Long getUserId() {
+ return userId;
+ }
+
+ /**
+ * @param userId
+ * the userId to set
+ */
+ public void setUserId(Long userId) {
+ this.userId = userId;
+ }
+
+ /**
+ * @return the moduleId
+ */
+ public Long getModuleId() {
+ return moduleId;
+ }
+
+ /**
+ * @param moduleId
+ * the moduleId to set
+ */
+ public void setModuleId(Long moduleId) {
+ this.moduleId = moduleId;
+ }
+
+ /**
+ * @return the isAllowed
+ */
+ public Integer getIsAllowed() {
+ return isAllowed;
+ }
+
+ /**
+ * @param isAllowed
+ * the isAllowed to set
+ */
+ public void setIsAllowed(Integer isAllowed) {
+ this.isAllowed = isAllowed;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (!super.equals(obj))
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ XXUserPermission other = (XXUserPermission) obj;
+ if (id == null) {
+ if (other.id != null)
+ return false;
+ } else if (!id.equals(other.id))
+ return false;
+ if (isAllowed == null) {
+ if (other.isAllowed != null)
+ return false;
+ } else if (!isAllowed.equals(other.isAllowed))
+ return false;
+ if (moduleId == null) {
+ if (other.moduleId != null)
+ return false;
+ } else if (!moduleId.equals(other.moduleId))
+ return false;
+ if (userId == null) {
+ if (other.userId != null)
+ return false;
+ } else if (!userId.equals(other.userId))
+ return false;
+ return true;
+ }
+
+ @Override
+ public int getMyClassType() {
+ return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION;
+ }
+
+ @Override
+ public String toString() {
+
+ String str = "VXUserPermission={";
+ str += super.toString();
+ str += "id={" + id + "} ";
+ str += "userId={" + userId + "} ";
+ str += "moduleId={" + moduleId + "} ";
+ str += "isAllowed={" + isAllowed + "} ";
+ str += "}";
+
+ return str;
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
new file mode 100644
index 0000000..7a11656
--- /dev/null
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
@@ -0,0 +1,50 @@
+package org.apache.ranger.patch;
+
+import org.apache.log4j.Logger;
+import org.apache.ranger.biz.XUserMgr;
+import org.apache.ranger.util.CLIUtil;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+@Component
+public class PatchPersmissionModel_J10003 extends BaseLoader {
+ private static Logger logger = Logger.getLogger(PatchPersmissionModel_J10003.class);
+
+ @Autowired
+ XUserMgr xUserMgr;
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil.getBean(PatchPersmissionModel_J10003.class);
+ loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ } catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+ @Override
+ public void init() throws Exception {
+ // Do Nothing
+ }
+
+ @Override
+ public void execLoad() {
+ logger.info("==> PermissionPatch.execLoad()");
+ try {
+ xUserMgr.updateExistingUserExisting();
+ } catch (Exception e) {
+ logger.error("Error whille migrating data.", e);
+ }
+ logger.info("<== PermissionPatch.execLoad()");
+ }
+
+ @Override
+ public void printStats() {
+ }
+}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index beb4829..8f417bc 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -45,9 +45,12 @@ import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.service.AuthSessionService;
import org.apache.ranger.service.XAuditMapService;
import org.apache.ranger.service.XGroupGroupService;
+import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XGroupUserService;
+import org.apache.ranger.service.XModuleDefService;
import org.apache.ranger.service.XPermMapService;
+import org.apache.ranger.service.XUserPermissionService;
import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.VXAuditMap;
import org.apache.ranger.view.VXAuditMapList;
@@ -57,14 +60,21 @@ import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupGroup;
import org.apache.ranger.view.VXGroupGroupList;
import org.apache.ranger.view.VXGroupList;
+import org.apache.ranger.view.VXGroupPermission;
+import org.apache.ranger.view.VXGroupPermissionList;
import org.apache.ranger.view.VXGroupUser;
import org.apache.ranger.view.VXGroupUserList;
import org.apache.ranger.view.VXLong;
+import org.apache.ranger.view.VXModuleDef;
+import org.apache.ranger.view.VXModuleDefList;
import org.apache.ranger.view.VXPermMap;
import org.apache.ranger.view.VXPermMapList;
+import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXUser;
import org.apache.ranger.view.VXUserGroupInfo;
import org.apache.ranger.view.VXUserList;
+import org.apache.ranger.view.VXUserPermission;
+import org.apache.ranger.view.VXUserPermissionList;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Scope;
import org.springframework.security.access.prepost.PreAuthorize;
@@ -72,6 +82,7 @@ import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
+
@Path("xusers")
@Component
@Scope("request")
@@ -90,6 +101,15 @@ public class XUserREST {
XGroupService xGroupService;
@Autowired
+ XModuleDefService xModuleDefService;
+
+ @Autowired
+ XUserPermissionService xUserPermissionService;
+
+ @Autowired
+ XGroupPermissionService xGroupPermissionService;
+
+ @Autowired
XUserService xUserService;
@Autowired
@@ -115,7 +135,7 @@ public class XUserREST {
@Autowired
AuthSessionService authSessionService;
-
+
// Handle XGroup
@GET
@Path("/groups/{id}")
@@ -635,4 +655,182 @@ public class XUserREST {
return sessionMgr.getAuthSessionBySessionId(authSessionId);
}
+ // Handle module permissions
+ @POST
+ @Path("/permission")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xUserMgr.createXModuleDefPermission(vXModuleDef);
+ }
+
+ @GET
+ @Path("/permission/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef getXModuleDefPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXModuleDefPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
+ return xUserMgr.updateXModuleDefPermission(vXModuleDef);
+ }
+
+ @DELETE
+ @Path("/permission/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXModuleDefPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXModuleDefPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission")
+ @Produces({ "application/xml", "application/json" })
+ public VXModuleDefList searchXModuleDef(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xModuleDefService.sortFields);
+
+ searchUtil.extractString(request, searchCriteria, "module",
+ "modulename", null);
+
+ searchUtil.extractString(request, searchCriteria, "moduleDefList",
+ "id", null);
+ searchUtil.extractString(request, searchCriteria, "userName",
+ "userName", null);
+ searchUtil.extractString(request, searchCriteria, "groupName",
+ "groupName", null);
+
+ return xUserMgr.searchXModuleDef(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXModuleDef(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xModuleDefService.sortFields);
+ return xUserMgr.getXModuleDefSearchCount(searchCriteria);
+ }
+
+ // Handle user permissions
+ @POST
+ @Path("/permission/user")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission createXUserPermission(
+ VXUserPermission vXUserPermission) {
+ return xUserMgr.createXUserPermission(vXUserPermission);
+ }
+
+ @GET
+ @Path("/permission/user/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission getXUserPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXUserPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/user/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermission updateXUserPermission(
+ VXUserPermission vXUserPermission) {
+ return xUserMgr.updateXUserPermission(vXUserPermission);
+ }
+
+ @DELETE
+ @Path("/permission/user/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXUserPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXUserPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission/user")
+ @Produces({ "application/xml", "application/json" })
+ public VXUserPermissionList searchXUserPermission(
+ @Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xUserPermissionService.sortFields);
+ searchUtil.extractString(request, searchCriteria, "id", "id",
+ StringUtil.VALIDATION_NAME);
+
+ searchUtil.extractString(request, searchCriteria, "userPermissionList",
+ "userId", StringUtil.VALIDATION_NAME);
+ return xUserMgr.searchXUserPermission(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/user/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXUserPermission(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xUserPermissionService.sortFields);
+ return xUserMgr.getXUserPermissionSearchCount(searchCriteria);
+ }
+
+ // Handle group permissions
+ @POST
+ @Path("/permission/group")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission createXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
+ return xUserMgr.createXGroupPermission(vXGroupPermission);
+ }
+
+ @GET
+ @Path("/permission/group/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission getXGroupPermission(@PathParam("id") Long id) {
+ return xUserMgr.getXGroupPermission(id);
+ }
+
+ @PUT
+ @Path("/permission/group/{id}")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermission updateXGroupPermission(
+ VXGroupPermission vXGroupPermission) {
+ return xUserMgr.updateXGroupPermission(vXGroupPermission);
+ }
+
+ @DELETE
+ @Path("/permission/group/{id}")
+ @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
+ public void deleteXGroupPermission(@PathParam("id") Long id,
+ @Context HttpServletRequest request) {
+ boolean force = true;
+ xUserMgr.deleteXGroupPermission(id, force);
+ }
+
+ @GET
+ @Path("/permission/group")
+ @Produces({ "application/xml", "application/json" })
+ public VXGroupPermissionList searchXGroupPermission(
+ @Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xGroupPermissionService.sortFields);
+ searchUtil.extractString(request, searchCriteria, "id", "id",
+ StringUtil.VALIDATION_NAME);
+ searchUtil.extractString(request, searchCriteria,
+ "groupPermissionList", "groupId", StringUtil.VALIDATION_NAME);
+ return xUserMgr.searchXGroupPermission(searchCriteria);
+ }
+
+ @GET
+ @Path("/permission/group/count")
+ @Produces({ "application/xml", "application/json" })
+ public VXLong countXGroupPermission(@Context HttpServletRequest request) {
+ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+ request, xGroupPermissionService.sortFields);
+ return xUserMgr.getXGroupPermissionSearchCount(searchCriteria);
+ }
+ @GET
+ @Path("/permission/existingusers/update")
+ @Produces({ "application/xml", "application/json" })
+ public List<VXPortalUser> existingusersupdate(@Context HttpServletRequest request) {
+ return xUserMgr.updateExistingUserExisting();
+ }
}