You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ambari.apache.org by ec...@apache.org on 2017/09/04 11:56:53 UTC
ambari git commit: AMBARI-21687. User can't add node via Ambari UI
when being part of both "cluster user" and "cluster admin" roles
(echekanskiy)
Repository: ambari
Updated Branches:
refs/heads/trunk 18a16cbe4 -> c51540dee
AMBARI-21687. User can't add node via Ambari UI when being part of both "cluster user" and "cluster admin" roles (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo
Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c51540de
Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c51540de
Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c51540de
Branch: refs/heads/trunk
Commit: c51540dee89d90bb488c2b1a1269ae7d40d5d509
Parents: 18a16cb
Author: Eugene Chekanskiy <ec...@apache.org>
Authored: Mon Sep 4 14:53:51 2017 +0300
Committer: Eugene Chekanskiy <ec...@apache.org>
Committed: Mon Sep 4 14:53:51 2017 +0300
----------------------------------------------------------------------
.../server/controller/internal/RequestResourceProvider.java | 8 +++++++-
.../controller/internal/RequestResourceProviderTest.java | 2 --
2 files changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/ambari/blob/c51540de/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
index 355e572..81f283c 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java
@@ -251,7 +251,13 @@ public class RequestResourceProvider extends AbstractControllerResourceProvider
? null
: actionDefinition.getPermissions();
- if (!AuthorizationHelper.isAuthorized(resourceType, resourceId, permissions)) {
+ // here goes ResourceType handling for some specific custom actions
+ ResourceType customActionResourceType = resourceType;
+ if (actionName.contains("check_host")) { // check_host custom action
+ customActionResourceType = ResourceType.CLUSTER;
+ }
+
+ if (!AuthorizationHelper.isAuthorized(customActionResourceType, resourceId, permissions)) {
throw new AuthorizationException(String.format("The authenticated user is not authorized to execute the action %s.", actionName));
}
}
http://git-wip-us.apache.org/repos/asf/ambari/blob/c51540de/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
index b2e9472..c0695b1 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java
@@ -1358,13 +1358,11 @@ public class RequestResourceProviderTest {
EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS));
}
- @Test(expected = AuthorizationException.class)
public void testCreateResourcesCheckHostForNonClusterAsClusterAdministrator() throws Exception {
testCreateResources(TestAuthenticationFactory.createClusterAdministrator(), null, null, "check_host",
EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS));
}
- @Test(expected = AuthorizationException.class)
public void testCreateResourcesCheckHostForNonClusterAsClusterOperator() throws Exception {
testCreateResources(TestAuthenticationFactory.createClusterOperator(), null, null, "check_host",
EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS));