You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by me...@apache.org on 2019/10/03 12:57:10 UTC
[ranger] branch master updated: RANGER-2597 : Allow auditor role
user to get details of services and policies from public API
This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 9a62c14 RANGER-2597 : Allow auditor role user to get details of services and policies from public API
9a62c14 is described below
commit 9a62c142ac7dbd7d3412076c26787c2d2e9ec1c6
Author: fatimaawez <fa...@gmail.com>
AuthorDate: Tue Oct 1 11:12:24 2019 +0530
RANGER-2597 : Allow auditor role user to get details of services and policies from public API
Signed-off-by: Mehul Parikh <me...@apache.org>
---
.../apache/ranger/security/context/RangerPreAuthSecurityHandler.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
index 673902d..a4bf694 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
@@ -98,9 +98,9 @@ public class RangerPreAuthSecurityHandler {
public boolean isAPISpnegoAccessible(){
UserSessionBase userSession = ContextUtil.getCurrentUserSession();
- if (userSession != null && (userSession.isSpnegoEnabled() || userSession.isUserAdmin())) {
+ if (userSession != null && (userSession.isSpnegoEnabled() || userSession.isUserAdmin() || userSession.isAuditUserAdmin())) {
return true;
- }else if(userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin())){
+ }else if(userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin() || userSession.isAuditKeyAdmin())){
return true;
}
throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not allowed to access the API", true);