You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by ni...@apache.org on 2020/09/16 10:05:58 UTC
[ranger] 01/02: RANGER-2988 : Role Name Search filter is not
available on policy listing page
This is an automated email from the ASF dual-hosted git repository.
ni3galave pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 4952d138070d02370af8314103972fccda7fab64
Author: Nitin Galave <ni...@apache.org>
AuthorDate: Mon Sep 14 17:49:01 2020 +0530
RANGER-2988 : Role Name Search filter is not available on policy listing page
Change-Id: I3252349576cb5e66f4f807d19f096fe0876a1dcf
---
.../ranger/plugin/store/AbstractPredicateUtil.java | 59 ++++++++++++++++++++++
.../org/apache/ranger/common/RangerSearchUtil.java | 1 +
.../webapp/scripts/modules/globalize/message/en.js | 1 +
.../views/policies/NRangerPolicyTableLayout.js | 9 +++-
.../views/policies/RangerPolicyTableLayout.js | 3 +-
5 files changed, 70 insertions(+), 3 deletions(-)
diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
index 85fa213..38d6b03 100644
--- a/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
+++ b/agents-common/src/main/java/org/apache/ranger/plugin/store/AbstractPredicateUtil.java
@@ -92,6 +92,7 @@ public class AbstractPredicateUtil {
// addPredicateForTagServiceId(filter.getParam(SearchFilter.TAG_SERVICE_ID), predicates); // not supported
addPredicateForUserName(filter.getParam(SearchFilter.USER), predicates);
addPredicateForGroupName(filter.getParam(SearchFilter.GROUP), predicates);
+ addPredicateForRoleName(filter.getParam(SearchFilter.ROLE), predicates);
addPredicateForResources(filter.getParamsWithPrefix(SearchFilter.RESOURCE_PREFIX, true), predicates);
addPredicateForPolicyResource(filter.getParam(SearchFilter.POL_RESOURCE), predicates);
addPredicateForPartialPolicyName(filter.getParam(SearchFilter.POLICY_NAME_PARTIAL), predicates);
@@ -564,6 +565,64 @@ public class AbstractPredicateUtil {
return ret;
}
+ private Predicate addPredicateForRoleName(final String roleName, List<Predicate> predicates) {
+ if(StringUtils.isEmpty(roleName)) {
+ return null;
+ }
+
+ Predicate ret = new Predicate() {
+ @Override
+ public boolean evaluate(Object object) {
+ if(object == null) {
+ return false;
+ }
+
+ boolean ret = false;
+
+ if(object instanceof RangerPolicy) {
+ RangerPolicy policy = (RangerPolicy)object;
+
+ List<?>[] policyItemsList = new List<?>[] { policy.getPolicyItems(),
+ policy.getDenyPolicyItems(),
+ policy.getAllowExceptions(),
+ policy.getDenyExceptions(),
+ policy.getDataMaskPolicyItems(),
+ policy.getRowFilterPolicyItems()
+ };
+ for(List<?> policyItemsObj : policyItemsList) {
+ @SuppressWarnings("unchecked")
+ List<RangerPolicyItem> policyItems = (List<RangerPolicyItem>)policyItemsObj;
+
+ for(RangerPolicyItem policyItem : policyItems) {
+ if(! policyItem.getRoles().isEmpty()) {
+ for(String role : policyItem.getRoles()) {
+ if(StringUtils.containsIgnoreCase(role, roleName)) {
+ ret = true;
+ break;
+ }
+ }
+ }
+ }
+ if (ret) {
+ break;
+ }
+ }
+ }else {
+ ret = true;
+ }
+
+ return ret;
+ }
+ };
+
+ if(predicates != null) {
+ predicates.add(ret);
+ }
+
+ return ret;
+
+ }
+
private Predicate addPredicateForIsEnabled(final String status, List<Predicate> predicates) {
if(StringUtils.isEmpty(status)) {
return null;
diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
index 98a8596..7006214 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java
@@ -65,6 +65,7 @@ public class RangerSearchUtil extends SearchUtil {
ret.setParam(SearchFilter.IS_RECURSIVE, request.getParameter(SearchFilter.IS_RECURSIVE));
ret.setParam(SearchFilter.USER, request.getParameter(SearchFilter.USER));
ret.setParam(SearchFilter.GROUP, request.getParameter(SearchFilter.GROUP));
+ ret.setParam(SearchFilter.ROLE, request.getParameter(SearchFilter.ROLE));
ret.setParam(SearchFilter.POL_RESOURCE, request.getParameter(SearchFilter.POL_RESOURCE));
ret.setParam(SearchFilter.RESOURCE_SIGNATURE, request.getParameter(SearchFilter.RESOURCE_SIGNATURE));
ret.setParam(SearchFilter.POLICY_TYPE, request.getParameter(SearchFilter.POLICY_TYPE));
diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
index f92e985..0989976 100644
--- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
+++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js
@@ -360,6 +360,7 @@ define(function(require) {
serviceTypeMsg :'Select type of service.',
startDate :'Set start date.',
userMsg :'Name of User.',
+ roleMsg :'Name of Role.',
application :'Application.',
tagsMsg :'Tag Name.',
endDate :'Set end date.',
diff --git a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
index 79632cf..53e9865 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/NRangerPolicyTableLayout.js
@@ -522,7 +522,7 @@ define(function(require) {
};
});
- var searchOpt = ['Policy Name', 'Group Name', 'User Name', 'Status', 'Policy Label']; //,'Start Date','End Date','Today'];
+ var searchOpt = ['Policy Name', 'Group Name', 'User Name', 'Status', 'Policy Label', 'Role Name']; //,'Start Date','End Date','Today'];
searchOpt = _.union(searchOpt, _.map(resourceSearchOpt, function(opt) {
return opt.label
}))
@@ -553,7 +553,12 @@ define(function(require) {
label: "policyLabelsPartial",
info: localization.tt('h.policyLabelsinfo'),
urlLabel: 'policyLabel'
- }, ];
+ }, {
+ text : "Role Name",
+ label :"role" ,
+ info :localization.tt('h.roleMsg'),
+ urlLabel : 'roleName'
+ }];
// {text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},
// {text : 'Today',label :'today'}];
var info = {
diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
index 9656fb5..9ab925b 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js
@@ -468,12 +468,13 @@ define(function(require){
});
var PolicyStatusValue = _.map(XAEnums.ActiveStatus, function(status) { return { 'label': status.label, 'value': Boolean(status.value)}; });
- var searchOpt = ['Policy Name','Group Name','User Name','Status', 'Policy Label'];//,'Start Date','End Date','Today'];
+ var searchOpt = ['Policy Name','Group Name','User Name','Status', 'Policy Label', 'Role Name'];//,'Start Date','End Date','Today'];
searchOpt = _.union(searchOpt, _.map(resourceSearchOpt, function(opt){ return opt.label }))
var serverAttrName = [{text : "Group Name", label :"group", info:localization.tt('h.groupNameMsg'), urlLabel : 'groupName'},
{text : "Policy Name", label :"policyNamePartial", info :localization.tt('msg.policyNameMsg'), urlLabel : 'policyName'},
{text : "Status", info : localization.tt('msg.statusMsg') , label :"isEnabled",'multiple' : true, 'optionsArr' : PolicyStatusValue, urlLabel : 'status'},
{text : "User Name", label :"user" , info :localization.tt('h.userMsg'), urlLabel : 'userName'},
+ {text : "Role Name", label :"role" , info :localization.tt('h.roleMsg'), urlLabel : 'roleName'},
{text : "Policy Label", label :"policyLabelsPartial" , info :localization.tt('h.policyLabelsinfo'), urlLabel : 'policyLabel'},
];
// {text : 'Start Date',label :'startDate'},{text : 'End Date',label :'endDate'},