You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by pr...@apache.org on 2021/01/02 12:37:39 UTC

[ranger] 01/03: RANGER-3135: optimze log print for querying roles

This is an automated email from the ASF dual-hosted git repository.

pradeep pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git

commit 5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f
Author: rujia1019 <82...@163.com>
AuthorDate: Tue Dec 29 20:21:26 2020 +0800

    RANGER-3135: optimze log print for querying roles
    
    Signed-off-by: pradeep <pr...@apache.org>
---
 .../main/java/org/apache/ranger/rest/RoleREST.java   | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 86cda07..20db16d 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -280,6 +280,9 @@ public class RoleREST {
             if (ret == null) {
                 throw restErrorUtil.createRESTException("User doesn't have permissions to get details for " + roleName);
             }
+            if (ret.getName() == null) {
+                throw restErrorUtil.createRESTException("Role with name: " + roleName + " does not exist");
+            }
 
         } catch(WebApplicationException excp) {
             throw excp;
@@ -931,16 +934,17 @@ public class RoleREST {
             effectiveUser = loggedInUser;
         }
         try {
-            if (!bizUtil.isUserRangerAdmin(effectiveUser)) {
-                existingRole = roleStore.getRole(roleName);
-                ensureRoleAccess(effectiveUser, userGroups, existingRole);
-
-            } else {
-                existingRole = roleStore.getRole(roleName);
+            existingRole = roleStore.getRole(roleName);
+            if (!ensureRoleAccess(effectiveUser, userGroups, existingRole)) {
+                LOG.error("User does not have permission for this operation");
+                return null;
             }
         } catch (Exception ex) {
-            LOG.error(ex.getMessage());
-            return null;
+            if (bizUtil.isUserRangerAdmin(effectiveUser)) {
+                return new RangerRole();
+            } else {
+                return null;
+            }
         }
 
         return existingRole;