You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ga...@apache.org on 2015/10/15 08:55:21 UTC
incubator-ranger git commit: RANGER-688 : Handle scenario where ids
of XUser and XPortalUser are not in sync
Repository: incubator-ranger
Updated Branches:
refs/heads/master cd5841991 -> 1f43245f2
RANGER-688 : Handle scenario where ids of XUser and XPortalUser are not in sync
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1f43245f
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1f43245f
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1f43245f
Branch: refs/heads/master
Commit: 1f43245f2adceaed6b6ca3f45925b586d0f24d77
Parents: cd58419
Author: Gautam Borad <ga...@apache.org>
Authored: Wed Oct 14 15:10:57 2015 +0530
Committer: Gautam Borad <ga...@apache.com>
Committed: Thu Oct 15 12:24:55 2015 +0530
----------------------------------------------------------------------
security-admin/scripts/setup.sh | 20 +++---
.../java/org/apache/ranger/biz/XUserMgr.java | 35 +++++++----
.../apache/ranger/common/UserSessionBase.java | 3 +-
.../org/apache/ranger/db/XXPortalUserDao.java | 21 ++++---
.../java/org/apache/ranger/db/XXUserDao.java | 12 ++++
.../apache/ranger/db/XXUserPermissionDao.java | 5 +-
.../patch/PatchPersmissionModel_J10003.java | 4 +-
.../ranger/service/XUserPermissionService.java | 24 ++------
.../service/XUserPermissionServiceBase.java | 65 ++++++++++++++++++--
.../resources/META-INF/jpa_named_queries.xml | 7 ++-
10 files changed, 131 insertions(+), 65 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/scripts/setup.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh
index 9710706..cd5d2bf 100755
--- a/security-admin/scripts/setup.sh
+++ b/security-admin/scripts/setup.sh
@@ -1513,26 +1513,22 @@ setup_install_files(){
log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf
cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf
+ fi
+ if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
fi
- if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then
- chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf
- fi
-
if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib"
mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib
+ fi
+ if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then
chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/lib
fi
if [ -d /etc/init.d ]; then
log "[I] Setting up init.d"
cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN}
- if [ "${unix_user}" != "ranger" ]; then
- sed 's/LINUX_USER=ranger/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN}
- fi
-
chmod ug+rx /etc/init.d/${RANGER_ADMIN}
if [ -d /etc/rc2.d ]
@@ -1571,15 +1567,19 @@ setup_install_files(){
ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN}
fi
fi
+ if [ -f /etc/init.d/${RANGER_ADMIN} ]; then
+ if [ "${unix_user}" != "ranger" ]; then
+ sed 's/^LINUX_USER=.*$/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN}
+ fi
+ fi
if [ ! -d ${XAPOLICYMGR_DIR}/ews/logs ]; then
log "[I] ${XAPOLICYMGR_DIR}/ews/logs folder"
mkdir -p ${XAPOLICYMGR_DIR}/ews/logs
- chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs
fi
-
if [ -d ${XAPOLICYMGR_DIR}/ews/logs ]; then
chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs
+ chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs/*
fi
log "[I] Setting up installation files and directory DONE";
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index b860877..572323f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -242,38 +242,47 @@ public class XUserMgr extends XUserMgrBase {
if (role.equals(RangerConstants.ROLE_USER)) {
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
} else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) {
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate);
} else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) {
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
- createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate);
+ createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate);
}
}
}
// Insert or Updating Mapping permissions depending upon roles
- private void createOrUpdateUserPermisson(Long portalUserId, Long moduleId, boolean isCreate) {
+ private void createOrUpdateUserPermisson(VXPortalUser portalUser, Long moduleId, boolean isCreate) {
VXUserPermission vXUserPermission;
- XXUserPermission xUserPermission = daoManager.getXXUserPermission().findByModuleIdAndUserId(portalUserId, moduleId);
+ XXUserPermission xUserPermission = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(portalUser.getId(), moduleId);
if (xUserPermission == null) {
vXUserPermission = new VXUserPermission();
- vXUserPermission.setUserId(portalUserId);
+
+ // When Creating XXUserPermission UI sends xUserId, to keep it consistent here xUserId should be used
+ XXUser xUser = daoManager.getXXUser().findByPortalUserId(portalUser.getId());
+ if (xUser == null) {
+ logger.warn("Could not found corresponding xUser for username: [" + portalUser.getLoginId() + "], So not assigning permission to this user");
+ return;
+ } else {
+ vXUserPermission.setUserId(xUser.getId());
+ }
+
vXUserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
vXUserPermission.setModuleId(moduleId);
try {
vXUserPermission = this.createXUserPermission(vXUserPermission);
logger.info("Permission assigned to user: [" + vXUserPermission.getUserName() + "] For Module: [" + vXUserPermission.getModuleName() + "]");
} catch (Exception e) {
- logger.error("Error while assigning permission to user: [" + portalUserId + "] for module: [" + moduleId + "]", e);
+ logger.error("Error while assigning permission to user: [" + portalUser.getLoginId() + "] for module: [" + moduleId + "]", e);
}
} else if (isCreate) {
vXUserPermission = xUserPermissionService.populateViewBean(xUserPermission);
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
index 59e55f3..175459c 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java
@@ -128,7 +128,8 @@ public class UserSessionBase implements Serializable {
- public static class RangerUserPermission {
+ public static class RangerUserPermission implements Serializable {
+ private static final long serialVersionUID = 1L;
protected CopyOnWriteArraySet<String> userPermissions;
protected Long lastUpdatedTime;
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
index d3467f8..393252c 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java
@@ -21,9 +21,10 @@ package org.apache.ranger.db;
import java.util.List;
+import javax.persistence.NoResultException;
+
import org.apache.ranger.common.db.BaseDao;
import org.apache.ranger.entity.XXPortalUser;
-import org.apache.ranger.entity.XXPortalUserRole;
public class XXPortalUserDao extends BaseDao<XXPortalUser> {
@@ -76,16 +77,16 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> {
.getResultList();
}
-
- public XXPortalUser findByXUserId(Long id) {
-
- List resultList = getEntityManager()
- .createNamedQuery("XXPortalUser.findByXUserId")
- .setParameter("id", id).getResultList();
- if (resultList.size() != 0) {
- return (XXPortalUser) resultList.get(0);
+ public XXPortalUser findByXUserId(Long xUserId) {
+ if (xUserId == null) {
+ return null;
+ }
+ try {
+ return getEntityManager().createNamedQuery("XXPortalUser.findByXUserId", tClass)
+ .setParameter("id", xUserId).getSingleResult();
+ } catch (NoResultException e) {
+ return null;
}
- return null;
}
@SuppressWarnings("unchecked")
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
index 0887594..225e733 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java
@@ -64,4 +64,16 @@ public class XXUserDao extends BaseDao<XXUser> {
return null;
}
}
+
+ public XXUser findByPortalUserId(Long portalUserId) {
+ if (portalUserId == null) {
+ return null;
+ }
+ try {
+ return getEntityManager().createNamedQuery("XXUser.findByPortalUserId", tClass)
+ .setParameter("portalUserId", portalUserId).getSingleResult();
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
index e10dc14..2db6fd6 100644
--- a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
+++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java
@@ -25,7 +25,6 @@ import javax.persistence.NoResultException;
import org.apache.log4j.Logger;
import org.apache.ranger.common.RangerCommonEnums;
import org.apache.ranger.common.db.BaseDao;
-import org.apache.ranger.entity.XXGroupUser;
import org.apache.ranger.entity.XXUserPermission;
public class XXUserPermissionDao extends BaseDao<XXUserPermission>{
@@ -99,10 +98,10 @@ public class XXUserPermissionDao extends BaseDao<XXUserPermission>{
return null;
}
- public XXUserPermission findByModuleIdAndUserId(Long userId, Long moduleId) {
+ public XXUserPermission findByModuleIdAndPortalUserId(Long userId, Long moduleId) {
if (userId != null) {
try {
- return getEntityManager().createNamedQuery("XXUserPermission.findByModuleIdAndUserId", XXUserPermission.class)
+ return getEntityManager().createNamedQuery("XXUserPermission.findByModuleIdAndPortalUserId", XXUserPermission.class)
.setParameter("userId", userId)
.setParameter("moduleId", moduleId)
.getSingleResult();
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
index f0aa938..804d08e 100644
--- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
+++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java
@@ -84,9 +84,9 @@ public class PatchPersmissionModel_J10003 extends BaseLoader {
vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId()));
xUserMgr.assignPermissionToUser(vPortalUser, false);
countUserPermissionUpdated += 1;
- logger.info(" Permission was assigned to UserId - " + xPortalUser.getId());
+ logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]");
}
- logger.info(countUserPermissionUpdated + " permissions where assigned");
+ logger.info(countUserPermissionUpdated + " permissions were assigned");
}
@Override
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
index 3ff9c8d..bd3a50d 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java
@@ -17,7 +17,6 @@
package org.apache.ranger.service;
-import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.SearchField;
import org.apache.ranger.db.RangerDaoManager;
import org.apache.ranger.entity.XXModuleDef;
@@ -47,36 +46,23 @@ public class XUserPermissionService extends XUserPermissionServiceBase<XXUserPer
@Override
protected void validateForCreate(VXUserPermission vObj) {
- XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndUserId(vObj.getUserId(), vObj.getModuleId());
- if (xUserPerm != null) {
- throw restErrorUtil.createRESTException("User with ID [" + vObj.getUserId() + "] " + "is already " + "assigned to the module with ID [" + vObj.getModuleId() + "]",
- MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
+
}
@Override
protected void validateForUpdate(VXUserPermission vObj, XXUserPermission mObj) {
- XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndUserId(vObj.getUserId(), vObj.getModuleId());
- if (xUserPerm != null && !xUserPerm.getId().equals(vObj.getId())) {
- throw restErrorUtil.createRESTException("User with ID [" + vObj.getUserId() + "] " + "is already " + "assigned to the module with ID [" + vObj.getModuleId() + "]",
- MessageEnums.ERROR_DUPLICATE_OBJECT);
- }
+
}
@Override
public VXUserPermission populateViewBean(XXUserPermission xObj) {
VXUserPermission vObj = super.populateViewBean(xObj);
- XXPortalUser xUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId());
- if (xUser == null) {
- xUser=rangerDaoManager.getXXPortalUser().findByXUserId(xObj.getUserId());
- if(xUser==null)
- throw restErrorUtil.createRESTException(xUser + " is Not Found",
- MessageEnums.DATA_NOT_FOUND);
+ XXPortalUser xPortalUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId());
+ if (xPortalUser != null) {
+ vObj.setUserName(xPortalUser.getLoginId());
}
- vObj.setUserName(xUser.getLoginId());
-
XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(xObj.getModuleId());
if (xModuleDef != null) {
vObj.setModuleName(xModuleDef.getModule());
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
index 59c082d..a5a1213 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java
@@ -20,7 +20,10 @@ package org.apache.ranger.service;
import java.util.ArrayList;
import java.util.List;
+import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.SearchCriteria;
+import org.apache.ranger.entity.XXPortalUser;
+import org.apache.ranger.entity.XXUser;
import org.apache.ranger.entity.XXUserPermission;
import org.apache.ranger.view.VXUserPermission;
import org.apache.ranger.view.VXUserPermissionList;
@@ -34,20 +37,48 @@ public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V e
}
- @SuppressWarnings("unchecked")
@Override
- protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj,
- XXUserPermission mObj, int OPERATION_CONTEXT) {
- mObj.setUserId(vObj.getUserId());
+ @SuppressWarnings("unchecked")
+ protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj, XXUserPermission mObj, int OPERATION_CONTEXT) {
+
+ // Assuming that vObj.userId coming from UI/Client would be of XXUser, but in DB it should be of XXPortalUser so
+ // have to map XXUser.ID to XXPortalUser.ID and if portalUser does not exist then not allowing to create/update
+
+ XXPortalUser portalUser = daoManager.getXXPortalUser().findByXUserId(vObj.getUserId());
+ if (portalUser == null) {
+ throw restErrorUtil.createRESTException("Invalid UserId: [" + vObj.getUserId()
+ + "], Please make sure while create/update given userId should be of x_user",
+ MessageEnums.INVALID_INPUT_DATA);
+ }
+
+ mObj.setUserId(portalUser.getId());
mObj.setModuleId(vObj.getModuleId());
mObj.setIsAllowed(vObj.getIsAllowed());
+
+ if (OPERATION_CONTEXT == OPERATION_CREATE_CONTEXT) {
+ validateXUserPermForCreate(mObj);
+ } else if (OPERATION_CONTEXT == OPERATION_UPDATE_CONTEXT) {
+ validateXUserPermForUpdate(mObj);
+ }
+
return mObj;
}
- @SuppressWarnings("unchecked")
@Override
+ @SuppressWarnings("unchecked")
protected VXUserPermission mapEntityToViewBean(VXUserPermission vObj, XXUserPermission mObj) {
- vObj.setUserId(mObj.getUserId());
+
+ // As XXUserPermission.userID refers to XXPortalUser.ID, But UI/Client expects XXUser.ID so have to map
+ // XXUserPermission.userID from XXPortalUser.ID to XXUser.ID
+ XXUser xUser = daoManager.getXXUser().findByPortalUserId(mObj.getUserId());
+ Long userId;
+ if (xUser != null) {
+ userId = xUser.getId();
+ } else {
+ // In this case rather throwing exception, send it as null
+ userId = null;
+ }
+ vObj.setUserId(userId);
vObj.setModuleId(mObj.getModuleId());
vObj.setIsAllowed(mObj.getIsAllowed());
return vObj;
@@ -75,4 +106,26 @@ public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V e
returnList.setvXModuleDef(vXUserPermissions);
return returnList;
}
+
+ protected void validateXUserPermForCreate(XXUserPermission mObj) {
+ XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(mObj.getUserId(),
+ mObj.getModuleId());
+ if (xUserPerm != null) {
+ throw restErrorUtil.createRESTException("User with ID [" + mObj.getUserId() + "] " + "is already "
+ + "assigned to the module with ID [" + mObj.getModuleId() + "]",
+ MessageEnums.ERROR_DUPLICATE_OBJECT);
+ }
+ }
+
+ protected void validateXUserPermForUpdate(XXUserPermission mObj) {
+
+ XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(mObj.getUserId(),
+ mObj.getModuleId());
+ if (xUserPerm != null && !xUserPerm.getId().equals(mObj.getId())) {
+ throw restErrorUtil.createRESTException("User with ID [" + mObj.getUserId() + "] " + "is already "
+ + "assigned to the module with ID [" + mObj.getModuleId() + "]",
+ MessageEnums.ERROR_DUPLICATE_OBJECT);
+ }
+ }
+
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
index 0370e9a..12c4c6d 100644
--- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
+++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml
@@ -192,6 +192,11 @@
where polItemUser.policyItemId = :polItemId and polItemUser.userId = obj.id </query>
</named-query>
+ <named-query name="XXUser.findByPortalUserId">
+ <query>select obj from XXUser obj, XXPortalUser portalUser where portalUser.id = :portalUserId and
+ obj.name = portalUser.loginId</query>
+ </named-query>
+
<named-query name="XXGroup.findByPolicyItemId">
<query>select obj.name from XXGroup obj, XXPolicyItemGroupPerm polItemGrp
where polItemGrp.policyItemId = :polItemId and polItemGrp.groupId = obj.id </query>
@@ -489,7 +494,7 @@
</query>
</named-query>
- <named-query name="XXUserPermission.findByModuleIdAndUserId">
+ <named-query name="XXUserPermission.findByModuleIdAndPortalUserId">
<query>SELECT XXUserPermObj
FROM XXUserPermission XXUserPermObj
WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId