You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@ambari.apache.org by Sangeeta Ravindran <sa...@gmail.com> on 2017/01/16 19:51:19 UTC
Review Request 55586: Cannot change group/user privileges in list
view if the user has VIEW.USER privilege
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/55586/
-----------------------------------------------------------
Review request for Ambari, Oleg Nechiporenko and Richard Zang.
Bugs: AMBARI-19542
https://issues.apache.org/jira/browse/AMBARI-19542
Repository: ambari
Description
-------
1. Create a view for e.g. Capacity Scheduler view and grant a group / user permissions for the view.
2. Go to Roles list view. Try to assign the group / user a different role via the List view.
There is no response in the UI and the role is not updated. On the browser console, the following erorr can be seen.
DELETE http://9.30.56.80:8081/api/v1/clusters/C1/privileges?PrivilegeInfo/privilege_id.in(416) 500 (Internal Server Error)
In the ambari-server.log, the following exception is seen:
Caused by: org.apache.ambari.server.AmbariException: Can't remove VIEW permission from a CAPACITY-SCHEDULER{1.0.0} resource.
at org.apache.ambari.server.controller.internal.PrivilegeResourceProvider$2.invoke(PrivilegeResourceProvider.java:460)
This does not happen when roles are assigned via the Block view.
This seems to be because the VIEW.USER privilege is also being passed in as one of the privileges to be deleted when the role is being changed in the List view.
To fix this, the arrayOfPrivileges passed in for deletion to the backend should not contain VIEW.USER privilege.
Diffs
-----
ambari-admin/src/main/resources/ui/admin-web/app/scripts/controllers/clusters/UserAccessListCtrl.js 9869d0b
Diff: https://reviews.apache.org/r/55586/diff/
Testing
-------
Manual testing
Ran mvn test
Thanks,
Sangeeta Ravindran