You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@ranger.apache.org by me...@apache.org on 2019/10/03 12:57:10 UTC

[ranger] branch master updated: RANGER-2597 : Allow auditor role user to get details of services and policies from public API

This is an automated email from the ASF dual-hosted git repository.

mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new 9a62c14  RANGER-2597 : Allow auditor role user to get details of services and policies from public API
9a62c14 is described below

commit 9a62c142ac7dbd7d3412076c26787c2d2e9ec1c6
Author: fatimaawez <fa...@gmail.com>
AuthorDate: Tue Oct 1 11:12:24 2019 +0530

    RANGER-2597 : Allow auditor role user to get details of services and policies from public API
    
    Signed-off-by: Mehul Parikh <me...@apache.org>
---
 .../apache/ranger/security/context/RangerPreAuthSecurityHandler.java  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
index 673902d..a4bf694 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerPreAuthSecurityHandler.java
@@ -98,9 +98,9 @@ public class RangerPreAuthSecurityHandler {
 
 	public boolean isAPISpnegoAccessible(){
 		UserSessionBase userSession = ContextUtil.getCurrentUserSession();
-		if (userSession != null && (userSession.isSpnegoEnabled() || userSession.isUserAdmin())) {
+                if (userSession != null && (userSession.isSpnegoEnabled() || userSession.isUserAdmin() || userSession.isAuditUserAdmin())) {
 			return true;
-		}else if(userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin())){
+                }else if(userSession != null && (userSession.isUserAdmin() || userSession.isKeyAdmin() || userSession.isAuditKeyAdmin())){
 			return true;
 		}
 		throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not allowed to access the API", true);