ambari-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rle...@apache.org
Subject [1/4] ambari git commit: Revert "AMBARI-1365. Authorizations given to roles, should use generic role-based principals rather than hard-coded pseudo-role-based principals (rlevas)"
Date Fri, 21 Oct 2016 20:01:57 GMT
Repository: ambari
Updated Branches:
  refs/heads/trunk 0dd7770d9 -> 176c691ea


http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java
index 980b651..a5276c2 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog242.java
@@ -19,23 +19,10 @@
 package org.apache.ambari.server.upgrade;
 
 import java.sql.SQLException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
 
 import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.orm.DBAccessor;
-import org.apache.ambari.server.orm.dao.PermissionDAO;
-import org.apache.ambari.server.orm.dao.PrincipalDAO;
-import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
-import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.orm.entities.PermissionEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
-import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -119,7 +106,6 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog {
   @Override
   protected void executeDMLUpdates() throws AmbariException, SQLException {
     addNewConfigurationsFromXml();
-    convertRolePrincipals();
   }
 
   protected void updateTablesForMysql() throws SQLException {
@@ -155,90 +141,4 @@ public class UpgradeCatalog242 extends AbstractUpgradeCatalog {
     }
   }
 
-  /**
-   * Convert the previously set inherited privileges to the more generic inherited privileges model
-   * based on role-based principals rather than specialized principal types.
-   */
-  protected void convertRolePrincipals() {
-    LOG.info("Converting pseudo principle types to role principals");
-
-    PermissionDAO permissionDAO = injector.getInstance(PermissionDAO.class);
-    PrivilegeDAO privilegeDAO = injector.getInstance(PrivilegeDAO.class);
-    PrincipalDAO principalDAO = injector.getInstance(PrincipalDAO.class);
-    PrincipalTypeDAO principalTypeDAO = injector.getInstance(PrincipalTypeDAO.class);
-
-    Map<String, String> principalTypeToRole = new HashMap<String, String>();
-    principalTypeToRole.put("ALL.CLUSTER.ADMINISTRATOR", "CLUSTER.ADMINISTRATOR");
-    principalTypeToRole.put("ALL.CLUSTER.OPERATOR", "CLUSTER.OPERATOR");
-    principalTypeToRole.put("ALL.CLUSTER.USER", "CLUSTER.USER");
-    principalTypeToRole.put("ALL.SERVICE.ADMINISTRATOR", "SERVICE.ADMINISTRATOR");
-    principalTypeToRole.put("ALL.SERVICE.OPERATOR", "SERVICE.OPERATOR");
-
-    // Handle a typo introduced in org.apache.ambari.server.upgrade.UpgradeCatalog240.updateClusterInheritedPermissionsConfig
-    principalTypeToRole.put("ALL.SERVICE.OPERATIOR", "SERVICE.OPERATOR");
-
-    for (Map.Entry<String, String> entry : principalTypeToRole.entrySet()) {
-      String principalTypeName = entry.getKey();
-      String roleName = entry.getValue();
-
-      PermissionEntity role = permissionDAO.findByName(roleName);
-      PrincipalEntity rolePrincipalEntity = (role == null) ? null : role.getPrincipal();
-
-      // Convert Privilege Records
-      PrincipalTypeEntity principalTypeEntity = principalTypeDAO.findByName(principalTypeName);
-
-      if (principalTypeEntity != null) {
-        List<PrincipalEntity> principalEntities = principalDAO.findByPrincipalType(principalTypeName);
-
-        for (PrincipalEntity principalEntity : principalEntities) {
-          Set<PrivilegeEntity> privilegeEntities = principalEntity.getPrivileges();
-
-          for (PrivilegeEntity privilegeEntity : privilegeEntities) {
-            if (rolePrincipalEntity == null) {
-              LOG.info("Removing privilege (id={}) since no role principle was found for {}:\n{}",
-                  privilegeEntity.getId(), roleName, formatPrivilegeEntityDetails(privilegeEntity));
-              // Remove this privilege
-              privilegeDAO.remove(privilegeEntity);
-            } else {
-              LOG.info("Updating privilege (id={}) to use role principle for {}:\n{}",
-                  privilegeEntity.getId(), roleName, formatPrivilegeEntityDetails(privilegeEntity));
-
-              // Set the principal to the updated principal value
-              privilegeEntity.setPrincipal(rolePrincipalEntity);
-              privilegeDAO.merge(privilegeEntity);
-            }
-          }
-
-          // Remove the obsolete principal
-          principalDAO.remove(principalEntity);
-        }
-
-        // Remove the obsolete principal type
-        principalTypeDAO.remove(principalTypeEntity);
-      }
-    }
-
-    LOG.info("Converting pseudo principle types to role principals - complete.");
-  }
-
-  private String formatPrivilegeEntityDetails(PrivilegeEntity privilegeEntity) {
-    if (privilegeEntity == null) {
-      return "";
-    } else {
-      ResourceEntity resource = privilegeEntity.getResource();
-      PrincipalEntity principal = privilegeEntity.getPrincipal();
-      PermissionEntity permission = privilegeEntity.getPermission();
-
-      return String.format("" +
-              "\tPrivilege ID: %d" +
-              "\n\tResource ID: %d" +
-              "\n\tPrincipal ID: %d" +
-              "\n\tPermission ID: %d",
-          privilegeEntity.getId(),
-          resource.getId(),
-          principal.getId(),
-          permission.getId()
-      );
-    }
-  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
index 7f58485..455b4f1 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -86,6 +86,7 @@ import org.apache.ambari.server.orm.entities.ViewParameterEntity;
 import org.apache.ambari.server.orm.entities.ViewResourceEntity;
 import org.apache.ambari.server.security.SecurityHelper;
 import org.apache.ambari.server.security.authorization.AuthorizationHelper;
+import org.apache.ambari.server.security.authorization.ClusterInheritedPermissionHelper;
 import org.apache.ambari.server.security.authorization.ResourceType;
 import org.apache.ambari.server.security.authorization.RoleAuthorization;
 import org.apache.ambari.server.state.Clusters;
@@ -121,6 +122,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.xml.sax.SAXException;
 
+import com.google.common.collect.FluentIterable;
 import com.google.common.collect.Sets;
 import com.google.common.eventbus.AllowConcurrentEvents;
 import com.google.common.eventbus.Subscribe;
@@ -1794,7 +1796,7 @@ public class ViewRegistry {
     }
 
     List<String> services = autoInstanceConfig.getServices();
-    Collection<String> roles = autoInstanceConfig.getRoles();
+    List<String> permissions = autoInstanceConfig.getPermissions();
 
     Map<String, org.apache.ambari.server.state.Cluster> allClusters = clustersProvider.get().getClusters();
     for (org.apache.ambari.server.state.Cluster cluster : allClusters.values()) {
@@ -1812,7 +1814,7 @@ public class ViewRegistry {
             ViewInstanceEntity viewInstanceEntity = createViewInstanceEntity(viewEntity, viewConfig, autoInstanceConfig);
             viewInstanceEntity.setClusterHandle(clusterId);
             installViewInstance(viewInstanceEntity);
-            setViewInstanceRoleAccess(viewInstanceEntity, roles);
+            addClusterInheritedPermissions(viewInstanceEntity, permissions);
           }
         } catch (Exception e) {
           LOG.error("Can't auto create instance of view " + viewName + " for cluster " + clusterName +
@@ -1823,45 +1825,40 @@ public class ViewRegistry {
   }
 
   /**
-   * Set access to the a particular view instance based on a set of roles.
-   * <p>
-   * View access to the specified view instances will be granted to anyone directly or indirectly
-   * assigned to one of the roles in the suppled set of role names.
-   *
-   * @param viewInstanceEntity a view instance entity
-   * @param roles the set of roles to use to for granting access
+   * Validates principalTypes and creates privilege entities for each permission type for the view instance entity
+   * resource.
+   * @param viewInstanceEntity - view instance entity for which permission has to be set.
+   * @param principalTypes - list of cluster inherited principal types
    */
   @Transactional
-  protected void setViewInstanceRoleAccess(ViewInstanceEntity viewInstanceEntity, Collection<String> roles) {
-    if ((roles != null) && !roles.isEmpty()) {
-      PermissionEntity permissionViewUser = permissionDAO.findViewUsePermission();
+  private void addClusterInheritedPermissions(ViewInstanceEntity viewInstanceEntity, List<String> principalTypes) {
+    List<String> validPermissions = FluentIterable.from(principalTypes)
+      .filter(ClusterInheritedPermissionHelper.validPrincipalTypePredicate)
+      .toList();
 
-      if (permissionViewUser == null) {
-        LOG.error("Missing the {} role.  Access to view cannot be set.",
-            PermissionEntity.VIEW_USER_PERMISSION_NAME, viewInstanceEntity.getName());
-      } else {
-        for (String role : roles) {
-          PermissionEntity permissionRole = permissionDAO.findByName(role);
-
-          if (permissionRole == null) {
-            LOG.warn("Invalid role {} encountered while setting access to view {}, Ignoring.",
-                role, viewInstanceEntity.getName());
-          } else {
-            PrincipalEntity principalRole = permissionRole.getPrincipal();
-
-            if (principalRole == null) {
-              LOG.warn("Missing principal ID for role {} encountered while setting access to view {}. Ignoring.",
-                  role, viewInstanceEntity.getName());
-            } else {
-              PrivilegeEntity privilegeEntity = new PrivilegeEntity();
-              privilegeEntity.setPermission(permissionViewUser);
-              privilegeEntity.setPrincipal(principalRole);
-              privilegeEntity.setResource(viewInstanceEntity.getResource());
-              privilegeDAO.create(privilegeEntity);
-            }
-          }
-        }
-      }
+    for(String permission: validPermissions) {
+      addClusterInheritedPermission(viewInstanceEntity, permission);
+    }
+  }
+
+  private void addClusterInheritedPermission(ViewInstanceEntity viewInstanceEntity, String principalType) {
+    ResourceEntity resource = viewInstanceEntity.getResource();
+    List<PrincipalEntity> principals = principalDAO.findByPrincipalType(principalType);
+    if (principals.size() == 0) {
+      LOG.error("Failed to find principal for principal type '{}'", principalType);
+      return;
+    }
+
+    PrincipalEntity principal = principals.get(0); // There will be only one principal associated with the principal type
+    PermissionEntity permission = permissionDAO.findViewUsePermission();
+
+    if (!privilegeDAO.exists(principal, resource, permission)) {
+      PrivilegeEntity privilege = new PrivilegeEntity();
+      privilege.setPrincipal(principal);
+      privilege.setResource(resource);
+      privilege.setPermission(permission);
+
+      privilegeDAO.create(privilege);
     }
   }
 

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java
index f934ed5..11efc76 100644
--- a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java
+++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/AutoInstanceConfig.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -18,14 +18,16 @@
 
 package org.apache.ambari.server.view.configuration;
 
+import com.google.common.base.Function;
+import com.google.common.collect.FluentIterable;
+import com.google.common.collect.Lists;
+
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlElementWrapper;
-import javax.xml.bind.annotation.adapters.CollapsedStringAdapter;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
 
 /**
  * View auto instance configuration.
@@ -46,25 +48,14 @@ public class AutoInstanceConfig extends InstanceConfig {
    */
   @XmlElementWrapper
   @XmlElement(name="service")
-  @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
   private List<String> services;
 
   /**
-   * A list of roles that should have access to this view.
-   * <p>
-   * Example values:
-   * <ul>
-   * <li>CLUSTER.ADMINISTRATOR</li>
-   * <li>CLUSTER.OPERATOR</li>
-   * <li>SERVICE.ADMINISTRATOR</li>
-   * <li>SERVICE.OPERATOR</li>
-   * <li>CLUSTER.USER</li>
-   * </ul>
+   * Cluster Inherited permissions. Comma separated strings for multiple values
+   * Possible values: ALL.CLUSTER.ADMINISTRATOR, ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER,
+   * ALL.SERVICE.OPERATOR, ALL.SERVICE.ADMINISTRATOR
    */
-  @XmlElementWrapper
-  @XmlElement(name="role")
-  @XmlJavaTypeAdapter(CollapsedStringAdapter.class)
-  private Set<String> roles;
+  private String permissions;
 
   /**
    * Get the stack id used for auto instance creation.
@@ -85,9 +76,17 @@ public class AutoInstanceConfig extends InstanceConfig {
   }
 
   /**
-   * @return the set of roles that should have access to this view
+   * @return the list of configured cluster inherited permissions
    */
-  public Set<String> getRoles() {
-    return roles;
+  public List<String> getPermissions() {
+    if(permissions == null) {
+      return Lists.newArrayList();
+    }
+    return FluentIterable.from(Arrays.asList(permissions.split(","))).transform(new Function<String, String>() {
+      @Override
+      public String apply(String permission) {
+        return permission.trim();
+      }
+    }).toList();
   }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
index 7ab1dc7..ed94c40 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Derby-CREATE.sql
@@ -1174,6 +1174,16 @@ INSERT INTO adminprincipaltype (principal_type_id, principal_type_name)
   UNION ALL
   SELECT 2, 'GROUP' FROM SYSIBM.SYSDUMMY1
   UNION ALL
+  SELECT 3, 'ALL.CLUSTER.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 4, 'ALL.CLUSTER.OPERATOR' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 5, 'ALL.CLUSTER.USER' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 6, 'ALL.SERVICE.ADMINISTRATOR' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
+  SELECT 7, 'ALL.SERVICE.OPERRATOR' FROM SYSIBM.SYSDUMMY1
+  UNION ALL
   SELECT 8, 'ROLE' FROM SYSIBM.SYSDUMMY1;
 
 INSERT INTO adminprincipal (principal_id, principal_type_id)

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
index 5556e82..c8fbaa7 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql
@@ -1123,6 +1123,11 @@ INSERT INTO adminresource (resource_id, resource_type_id) VALUES
 INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
   (1, 'USER'),
   (2, 'GROUP'),
+  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+  (4, 'ALL.CLUSTER.OPERATOR'),
+  (5, 'ALL.CLUSTER.USER'),
+  (6, 'ALL.SERVICE.ADMINISTRATOR'),
+  (7, 'ALL.SERVICE.OPERATOR'),
   (8, 'ROLE');
 
 INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
index fb3ada5..04473d6 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql
@@ -1119,6 +1119,16 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 2, 'GROUP' from dual
   union all
+  select 3, 'ALL.CLUSTER.ADMINISTRATOR' from dual
+  union all
+  select 4, 'ALL.CLUSTER.OPERATOR' from dual
+  union all
+  select 5, 'ALL.CLUSTER.USER' from dual
+  union all
+  select 6, 'ALL.SERVICE.ADMINISTRATOR' from dual
+  union all
+  select 7, 'ALL.SERVICE.OPERATOR' from dual
+  union all
   select 8, 'ROLE' from dual;
 
 insert into adminprincipal (principal_id, principal_type_id)

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
index 137a243..09ae3b0 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql
@@ -1114,6 +1114,11 @@ INSERT INTO adminresource (resource_id, resource_type_id) VALUES
 INSERT INTO adminprincipaltype (principal_type_id, principal_type_name) VALUES
   (1, 'USER'),
   (2, 'GROUP'),
+  (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+  (4, 'ALL.CLUSTER.OPERATOR'),
+  (5, 'ALL.CLUSTER.USER'),
+  (6, 'ALL.SERVICE.ADMINISTRATOR'),
+  (7, 'ALL.SERVICE.OPERATOR'),
   (8, 'ROLE');
 
 INSERT INTO adminprincipal (principal_id, principal_type_id) VALUES

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
index 4922378..3dbd3fc 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql
@@ -1116,6 +1116,16 @@ insert into adminprincipaltype (principal_type_id, principal_type_name)
   union all
   select 2, 'GROUP'
   union all
+  select 3, 'ALL.CLUSTER.ADMINISTRATOR'
+  union all
+  select 4, 'ALL.CLUSTER.OPERATOR'
+  union all
+  select 5, 'ALL.CLUSTER.USER'
+  union all
+  select 6, 'ALL.SERVICE.ADMINISTRATOR'
+  union all
+  select 7, 'ALL.SERVICE.OPERATOR'
+  union all
   select 8, 'ROLE';
 
 insert into adminprincipal (principal_id, principal_type_id)

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
----------------------------------------------------------------------
diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
index f72b0ab..9def741 100644
--- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
+++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql
@@ -1140,6 +1140,11 @@ BEGIN TRANSACTION
   values
     (1, 'USER'),
     (2, 'GROUP'),
+    (3, 'ALL.CLUSTER.ADMINISTRATOR'),
+    (4, 'ALL.CLUSTER.OPERATOR'),
+    (5, 'ALL.CLUSTER.USER'),
+    (6, 'ALL.SERVICE.ADMINISTRATOR'),
+    (7, 'ALL.SERVICE.OPERATOR'),
     (8, 'ROLE');
 
   insert into adminprincipal (principal_id, principal_type_id)

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java
deleted file mode 100644
index 547bba5..0000000
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AbstractPrivilegeResourceProviderTest.java
+++ /dev/null
@@ -1,38 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.ambari.server.controller.internal;
-
-import org.apache.ambari.server.orm.dao.MemberDAO;
-import org.apache.ambari.server.orm.dao.PrivilegeDAO;
-import org.apache.ambari.server.security.authorization.Users;
-import org.easymock.EasyMockSupport;
-
-class AbstractPrivilegeResourceProviderTest extends EasyMockSupport {
-
-  static class TestUsers extends Users {
-
-    void setPrivilegeDAO(PrivilegeDAO privilegeDAO) {
-      this.privilegeDAO = privilegeDAO;
-    }
-
-    public void setMemberDAO(MemberDAO memberDAO) {
-      this.memberDAO = memberDAO;
-    }
-  }
-}

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
index 7702fd0..99962ee 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java
@@ -270,6 +270,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
     UserDAO userDAO = injector.getInstance(UserDAO.class);
     expect(userDAO.findUsersByPrincipal(anyObject(List.class))).andReturn(userEntities).atLeastOnce();
 
+    GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+    expect(groupDAO.findGroupsByPrincipal(anyObject(List.class))).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
+
     replayAll();
 
     SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createAdministrator("admin"));
@@ -353,11 +356,10 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
 
     Map<Long, UserEntity> userEntities = new HashMap<>();
     Map<Long, GroupEntity> groupEntities = new HashMap<>();
-    Map<Long, PermissionEntity> roleEntities = new HashMap<>();
     Map<Long, Object> resourceEntities = new HashMap<Long, Object>();
 
     AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
-    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds());
+    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds());
 
     Assert.assertEquals(ResourceType.AMBARI.name(), resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID));
 
@@ -397,13 +399,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
 
     Map<Long, UserEntity> userEntities = new HashMap<>();
     Map<Long, GroupEntity> groupEntities = new HashMap<>();
-    Map<Long, PermissionEntity> roleEntities = new HashMap<>();
 
     Map<Long, Object> resourceEntities = new HashMap<Long, Object>();
     resourceEntities.put(resourceEntity.getId(), clusterEntity);
 
     AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
-    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds());
+    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds());
 
     Assert.assertEquals("TestCluster", resource.getPropertyValue(ClusterPrivilegeResourceProvider.PRIVILEGE_CLUSTER_NAME_PROPERTY_ID));
     Assert.assertEquals(ResourceType.CLUSTER.name(), resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_TYPE_PROPERTY_ID));
@@ -449,13 +450,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
 
     Map<Long, UserEntity> userEntities = new HashMap<>();
     Map<Long, GroupEntity> groupEntities = new HashMap<>();
-    Map<Long, PermissionEntity> roleEntities = new HashMap<>();
 
     Map<Long, Object> resourceEntities = new HashMap<Long, Object>();
     resourceEntities.put(resourceEntity.getId(), viewInstanceEntity);
 
     AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
-    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds());
+    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds());
 
     Assert.assertEquals("Test View", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID));
     Assert.assertEquals("TestView", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID));
@@ -503,13 +503,12 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
 
     Map<Long, UserEntity> userEntities = new HashMap<>();
     Map<Long, GroupEntity> groupEntities = new HashMap<>();
-    Map<Long, PermissionEntity> roleEntities = new HashMap<>();
 
     Map<Long, Object> resourceEntities = new HashMap<Long, Object>();
     resourceEntities.put(resourceEntity.getId(), viewInstanceEntity);
 
     AmbariPrivilegeResourceProvider provider = new AmbariPrivilegeResourceProvider();
-    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, roleEntities, resourceEntities, provider.getPropertyIds());
+    Resource resource = provider.toResource(privilegeEntity, userEntities, groupEntities, resourceEntities, provider.getPropertyIds());
 
     Assert.assertEquals("Test View", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_INSTANCE_NAME_PROPERTY_ID));
     Assert.assertEquals("TestView", resource.getPropertyValue(ViewPrivilegeResourceProvider.PRIVILEGE_VIEW_NAME_PROPERTY_ID));
@@ -609,6 +608,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
     ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
     expect(clusterDAO.findAll()).andReturn(Collections.<ClusterEntity>emptyList()).atLeastOnce();
 
+    GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+    expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
+
     replayAll();
 
     SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -662,6 +664,9 @@ public class AmbariPrivilegeResourceProviderTest extends EasyMockSupport {
     ClusterDAO clusterDAO = injector.getInstance(ClusterDAO.class);
     expect(clusterDAO.findAll()).andReturn(clusterEntities).atLeastOnce();
 
+    GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+    expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()).atLeastOnce();
+
     replayAll();
 
     SecurityContextHolder.getContext().setAuthentication(authentication);

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
index 976dd34..f00a21a 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java
@@ -38,6 +38,7 @@ import org.apache.ambari.server.orm.dao.ResourceDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.ClusterEntity;
+import org.apache.ambari.server.orm.entities.GroupEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
@@ -60,6 +61,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 
 import javax.persistence.EntityManager;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.LinkedList;
@@ -249,6 +251,9 @@ public class ClusterPrivilegeResourceProviderTest extends EasyMockSupport {
     UserDAO userDAO = injector.getInstance(UserDAO.class);
     expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
 
+    GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+    expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
+
     replayAll();
 
     SecurityContextHolder.getContext().setAuthentication(authentication);
@@ -301,6 +306,9 @@ public class ClusterPrivilegeResourceProviderTest extends EasyMockSupport {
     UserDAO userDAO = injector.getInstance(UserDAO.class);
     expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
 
+    GroupDAO groupDAO = injector.getInstance(GroupDAO.class);
+    expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
+
     replayAll();
 
     SecurityContextHolder.getContext().setAuthentication(authentication);

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
index d417595..c3510a8 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/GroupPrivilegeResourceProviderTest.java
@@ -18,6 +18,7 @@
 
 package org.apache.ambari.server.controller.internal;
 
+import com.google.common.collect.Lists;
 import junit.framework.Assert;
 import org.apache.ambari.server.controller.spi.Predicate;
 import org.apache.ambari.server.controller.spi.Request;
@@ -30,6 +31,7 @@ import org.apache.ambari.server.orm.dao.GroupDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
 import org.apache.ambari.server.orm.entities.ClusterEntity;
+import org.apache.ambari.server.orm.entities.MemberEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
@@ -42,15 +44,13 @@ import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.security.TestAuthenticationFactory;
 import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.security.authorization.ResourceType;
-import org.apache.ambari.server.security.authorization.Users;
+import org.easymock.EasyMockSupport;
 import org.junit.Test;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
 import java.util.Set;
 
 import static org.easymock.EasyMock.anyObject;
@@ -59,7 +59,7 @@ import static org.easymock.EasyMock.expect;
 /**
  * GroupPrivilegeResourceProvider tests.
  */
-public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest {
+public class GroupPrivilegeResourceProviderTest extends EasyMockSupport {
 
   @Test(expected = SystemException.class)
   public void testCreateResources() throws Exception {
@@ -124,11 +124,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
 
     ClusterDAO clusterDAO = createMock(ClusterDAO.class);
     ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class);
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users);
+    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds());
 
@@ -175,11 +175,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
 
     GroupDAO groupDAO = createMock(GroupDAO.class);
     expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes();
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users);
+    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds());
 
@@ -233,11 +233,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
     GroupDAO groupDAO = createMock(GroupDAO.class);
     expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes();
 
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users);
+    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds());
 
@@ -292,11 +292,11 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
 
     GroupDAO groupDAO = createMock(GroupDAO.class);
     expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes();
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users);
+    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     GroupPrivilegeResourceProvider provider = new GroupPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "group1", provider.getPropertyIds());
 
@@ -320,32 +320,30 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
     final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class);
     final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
     final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class);
-    final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
-
-    final TestUsers users = new TestUsers();
-    users.setPrivilegeDAO(privilegeDAO);
-
-    List<PrincipalEntity> groupPrincipals = new LinkedList<PrincipalEntity>();
-    groupPrincipals.add(principalEntity);
-
-    expect(privilegeDAO.findAllByPrincipal(groupPrincipals)).
-        andReturn(Collections.singletonList(privilegeEntity))
-        .once();
-    expect(groupDAO.findGroupByName(requestedGroupName)).andReturn(groupEntity).atLeastOnce();
-    expect(groupEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
-    expect(privilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce();
-    expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
-    expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce();
-    expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME).atLeastOnce();
-    expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).atLeastOnce();
-    expect(groupEntity.getGroupName()).andReturn(requestedGroupName).atLeastOnce();
-    expect(privilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce();
-    expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).atLeastOnce();
+    final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+
+    expect(groupDAO.findGroupByName(requestedGroupName)).andReturn(groupEntity).anyTimes();
+    expect(groupEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+    expect(groupEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes();
+    expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes();
+    expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+    expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
+    expect(principalTypeEntity.getName()).andReturn(PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME).anyTimes();
+    expect(principalEntity.getPrivileges()).andReturn(new HashSet<PrivilegeEntity>() {
+      {
+        add(privilegeEntity);
+      }
+    }).anyTimes();
+    expect(groupDAO.findGroupByPrincipal(anyObject(PrincipalEntity.class))).andReturn(groupEntity).anyTimes();
+    expect(groupEntity.getGroupName()).andReturn(requestedGroupName).anyTimes();
+    expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes();
+    expect(resourceEntity.getResourceType()).andReturn(resourceTypeEntity).anyTimes();
     expect(resourceTypeEntity.getName()).andReturn(ResourceType.AMBARI.name());
+    expect(viewInstanceDAO.findAll()).andReturn(Lists.<ViewInstanceEntity>newArrayList()).anyTimes();
 
     replayAll();
 
-    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, users);
+    GroupPrivilegeResourceProvider.init(clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
 
     final Set<String> propertyIds = new HashSet<String>();
     propertyIds.add(GroupPrivilegeResourceProvider.PRIVILEGE_GROUP_NAME_PROPERTY_ID);
@@ -369,4 +367,5 @@ public class GroupPrivilegeResourceProviderTest extends AbstractPrivilegeResourc
 
     verifyAll();
   }
+
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
index ddb510d..1f3cb52 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserPrivilegeResourceProviderTest.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -18,6 +18,8 @@
 
 package org.apache.ambari.server.controller.internal;
 
+import com.google.common.collect.Lists;
+import com.google.common.collect.Sets;
 import junit.framework.Assert;
 import org.apache.ambari.server.controller.spi.Predicate;
 import org.apache.ambari.server.controller.spi.Request;
@@ -27,7 +29,6 @@ import org.apache.ambari.server.controller.utilities.PredicateBuilder;
 import org.apache.ambari.server.controller.utilities.PropertyHelper;
 import org.apache.ambari.server.orm.dao.ClusterDAO;
 import org.apache.ambari.server.orm.dao.GroupDAO;
-import org.apache.ambari.server.orm.dao.MemberDAO;
 import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
@@ -45,7 +46,7 @@ import org.apache.ambari.server.orm.entities.ViewInstanceEntity;
 import org.apache.ambari.server.security.TestAuthenticationFactory;
 import org.apache.ambari.server.security.authorization.AuthorizationException;
 import org.apache.ambari.server.security.authorization.ResourceType;
-import org.apache.ambari.server.security.authorization.Users;
+import org.easymock.EasyMockSupport;
 import org.junit.Test;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -53,8 +54,6 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
 import java.util.Set;
 
 import static org.easymock.EasyMock.anyObject;
@@ -63,7 +62,7 @@ import static org.easymock.EasyMock.expect;
 /**
  * UserPrivilegeResourceProvider tests.
  */
-public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResourceProviderTest {
+public class UserPrivilegeResourceProviderTest extends EasyMockSupport {
 
   @Test(expected = SystemException.class)
   public void testCreateResources() throws Exception {
@@ -135,11 +134,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     GroupDAO groupDAO = createMock(GroupDAO.class);
     ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class);
 
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds());
 
@@ -188,11 +187,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     UserDAO userDAO = createMock(UserDAO.class);
     expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes();
 
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds());
 
@@ -247,11 +246,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     UserDAO userDAO = createMock(UserDAO.class);
     expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes();
 
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds());
 
@@ -308,11 +307,11 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     UserDAO userDAO = createMock(UserDAO.class);
     expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes();
 
-    Users users = createNiceMock(Users.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
 
     replayAll();
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider();
     Resource resource = provider.toResource(privilegeEntity, "jdoe", provider.getPropertyIds());
 
@@ -328,14 +327,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
   public void testToResource_SpecificVIEW_WithClusterInheritedPermission() throws Exception {
     SecurityContextHolder.getContext().setAuthentication(TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L));
 
-    PrincipalTypeEntity rolePrincipalTypeEntity = createMock(PrincipalTypeEntity.class);
-    expect(rolePrincipalTypeEntity.getName()).andReturn("ROLE").atLeastOnce();
-
-    PrincipalEntity rolePrincipalEntity = createMock(PrincipalEntity.class);
-    expect(rolePrincipalEntity.getPrincipalType()).andReturn(rolePrincipalTypeEntity).atLeastOnce();
-
     PermissionEntity permissionEntity = createMock(PermissionEntity.class);
-    expect(permissionEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce();
     expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").atLeastOnce();
     expect(permissionEntity.getPermissionLabel()).andReturn("Cluster Administrator").atLeastOnce();
 
@@ -345,10 +337,19 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     PrincipalEntity principalEntity = createMock(PrincipalEntity.class);
     expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).atLeastOnce();
 
+
+    PrincipalTypeEntity principalTypeWithAllClusterAdministrator = createNiceMock(PrincipalTypeEntity.class);
+    expect(principalTypeWithAllClusterAdministrator.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").atLeastOnce();
+
+    PrincipalEntity principalEntityWithAllClusterAdministrator = createNiceMock(PrincipalEntity.class);
+    expect(principalEntityWithAllClusterAdministrator.getPrincipalType()).andReturn(principalTypeWithAllClusterAdministrator).atLeastOnce();
+
     ViewEntity viewEntity = createMock(ViewEntity.class);
     expect(viewEntity.getCommonName()).andReturn("TestView").atLeastOnce();
     expect(viewEntity.getVersion()).andReturn("1.2.3.4").atLeastOnce();
 
+
+
     ResourceTypeEntity resourceTypeEntity = createMock(ResourceTypeEntity.class);
     expect(resourceTypeEntity.getName()).andReturn("TestView{1.2.3.4}").atLeastOnce();
 
@@ -359,56 +360,38 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     ViewInstanceEntity viewInstanceEntity = createMock(ViewInstanceEntity.class);
     expect(viewInstanceEntity.getViewEntity()).andReturn(viewEntity).atLeastOnce();
     expect(viewInstanceEntity.getName()).andReturn("Test View").atLeastOnce();
+    expect(viewInstanceEntity.getClusterHandle()).andReturn(1L).atLeastOnce();
+    expect(viewInstanceEntity.getResource()).andReturn(resourceEntity).atLeastOnce();
 
-    PrivilegeEntity explicitPrivilegeEntity = createMock(PrivilegeEntity.class);
-    expect(explicitPrivilegeEntity.getId()).andReturn(1).atLeastOnce();
-    expect(explicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce();
-    expect(explicitPrivilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
-    expect(explicitPrivilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce();
+    PrivilegeEntity privilegeEntityViewWithClusterAdminAccess = createMock(PrivilegeEntity.class);
+    expect(privilegeEntityViewWithClusterAdminAccess.getPrincipal()).andReturn(principalEntityWithAllClusterAdministrator).atLeastOnce();
 
-    PrivilegeEntity implicitPrivilegeEntity = createMock(PrivilegeEntity.class);
-    expect(implicitPrivilegeEntity.getId()).andReturn(2).atLeastOnce();
-    expect(implicitPrivilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce();
-    expect(implicitPrivilegeEntity.getPrincipal()).andReturn(rolePrincipalEntity).atLeastOnce();
-    expect(implicitPrivilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce();
+    PrivilegeEntity privilegeEntity = createMock(PrivilegeEntity.class);
+    expect(privilegeEntity.getId()).andReturn(1).atLeastOnce();
+    expect(privilegeEntity.getPermission()).andReturn(permissionEntity).atLeastOnce();
+    expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
+    expect(privilegeEntity.getResource()).andReturn(resourceEntity).atLeastOnce();
+
+    expect(principalEntity.getPrivileges()).andReturn(Sets.newHashSet(privilegeEntity)).atLeastOnce();
 
     UserEntity userEntity = createMock(UserEntity.class);
     expect(userEntity.getUserName()).andReturn("jdoe").atLeastOnce();
     expect(userEntity.getPrincipal()).andReturn(principalEntity).atLeastOnce();
+    expect(userEntity.getMemberEntities()).andReturn(Sets.<MemberEntity>newHashSet()).atLeastOnce();
 
     ClusterDAO clusterDAO = createMock(ClusterDAO.class);
     GroupDAO groupDAO = createMock(GroupDAO.class);
 
     ViewInstanceDAO viewInstanceDAO = createMock(ViewInstanceDAO.class);
     expect(viewInstanceDAO.findByResourceId(1L)).andReturn(viewInstanceEntity).atLeastOnce();
+    expect(viewInstanceDAO.findAll()).andReturn(Lists.newArrayList(viewInstanceEntity)).atLeastOnce();
 
     final UserDAO userDAO = createNiceMock(UserDAO.class);
     expect(userDAO.findLocalUserByName("jdoe")).andReturn(userEntity).anyTimes();
     expect(userDAO.findUserByPrincipal(anyObject(PrincipalEntity.class))).andReturn(userEntity).anyTimes();
 
-    final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
-    final MemberDAO memberDAO = createMock(MemberDAO.class);
-
-    final TestUsers users = new TestUsers();
-    users.setPrivilegeDAO(privilegeDAO);
-    users.setMemberDAO(memberDAO);
-
-    List<PrincipalEntity> rolePrincipals = new LinkedList<PrincipalEntity>();
-    rolePrincipals.add(rolePrincipalEntity);
-
-    List<PrincipalEntity> userPrincipals = new LinkedList<PrincipalEntity>();
-    userPrincipals.add(principalEntity);
-
-    expect(privilegeDAO.findAllByPrincipal(userPrincipals)).
-        andReturn(Collections.singletonList(explicitPrivilegeEntity))
-        .once();
-    // Implicit privileges...
-    expect(privilegeDAO.findAllByPrincipal(rolePrincipals)).
-        andReturn(Collections.singletonList(implicitPrivilegeEntity))
-        .once();
-    expect(memberDAO.findAllMembersByUser(userEntity)).
-        andReturn(Collections.<MemberEntity>emptyList())
-        .atLeastOnce();
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+    expect(privilegeDAO.findByResourceId(1L)).andReturn(Lists.newArrayList(privilegeEntity, privilegeEntityViewWithClusterAdminAccess)).anyTimes();
 
     replayAll();
 
@@ -421,7 +404,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     TestAuthenticationFactory.createClusterAdministrator("jdoe", 2L);
     Request request = PropertyHelper.getReadRequest(propertyIds);
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
     UserPrivilegeResourceProvider provider = new UserPrivilegeResourceProvider();
     Set<Resource> resources = provider.getResources(request, predicate);
 
@@ -441,6 +424,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     final GroupDAO groupDAO = createNiceMock(GroupDAO.class);
     final ClusterDAO clusterDAO = createNiceMock(ClusterDAO.class);
     final ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
+    final PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
     final UserEntity userEntity = createNiceMock(UserEntity.class);
     final PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class);
     final PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
@@ -448,22 +432,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
     final PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class);
     final ResourceEntity resourceEntity = createNiceMock(ResourceEntity.class);
     final ResourceTypeEntity resourceTypeEntity = createNiceMock(ResourceTypeEntity.class);
-    final PrivilegeDAO privilegeDAO = createMock(PrivilegeDAO.class);
-    final MemberDAO memberDAO = createMock(MemberDAO.class);
-
-    final TestUsers users = new TestUsers();
-    users.setPrivilegeDAO(privilegeDAO);
-    users.setMemberDAO(memberDAO);
-
-    List<PrincipalEntity> userPrincipals = new LinkedList<PrincipalEntity>();
-    userPrincipals.add(principalEntity);
-
-    expect(privilegeDAO.findAllByPrincipal(userPrincipals)).
-        andReturn(Collections.singletonList(privilegeEntity))
-        .atLeastOnce();
-    expect(memberDAO.findAllMembersByUser(userEntity)).
-        andReturn(Collections.<MemberEntity>emptyList())
-        .atLeastOnce();
+
     expect(userDAO.findLocalUserByName(requestedUsername)).andReturn(userEntity).anyTimes();
     expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
     expect(userEntity.getMemberEntities()).andReturn(Collections.<MemberEntity>emptySet()).anyTimes();
@@ -485,7 +454,7 @@ public class UserPrivilegeResourceProviderTest extends AbstractPrivilegeResource
 
     replayAll();
 
-    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, users);
+    UserPrivilegeResourceProvider.init(userDAO, clusterDAO, groupDAO, viewInstanceDAO, privilegeDAO);
 
     final Set<String> propertyIds = new HashSet<String>();
     propertyIds.add(UserPrivilegeResourceProvider.PRIVILEGE_USER_NAME_PROPERTY_ID);

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
index 20ecc88..d85b37b 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -30,6 +30,7 @@ import org.apache.ambari.server.orm.dao.ResourceTypeDAO;
 import org.apache.ambari.server.orm.dao.UserDAO;
 import org.apache.ambari.server.orm.dao.ViewDAO;
 import org.apache.ambari.server.orm.dao.ViewInstanceDAO;
+import org.apache.ambari.server.orm.entities.GroupEntity;
 import org.apache.ambari.server.orm.entities.PermissionEntity;
 import org.apache.ambari.server.orm.entities.PrincipalEntity;
 import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
@@ -52,6 +53,7 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 import org.springframework.security.core.context.SecurityContextHolder;
 
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
@@ -144,6 +146,7 @@ public class ViewPrivilegeResourceProviderTest {
     expect(permissionDAO.findById(PermissionEntity.VIEW_USER_PERMISSION)).andReturn(permissionEntity);
 
     expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities);
+    expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList());
 
     replay(privilegeDAO, userDAO, groupDAO, principalDAO, permissionDAO, resourceDAO, privilegeEntity, resourceEntity,
         userEntity, principalEntity, permissionEntity, principalTypeEntity);

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
index d376d4b..47211ef 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java
@@ -362,6 +362,72 @@ public class AuthorizationHelperTest  extends EasyMockSupport {
   }
 
   @Test
+  public void testIsAuthorizedForClusterInheritedPermission() {
+
+    ResourceTypeEntity clusterResourceTypeEntity = new ResourceTypeEntity();
+    clusterResourceTypeEntity.setId(1);
+    clusterResourceTypeEntity.setName(ResourceType.CLUSTER.name());
+
+    ResourceEntity clusterResourceEntity = new ResourceEntity();
+    clusterResourceEntity.setResourceType(clusterResourceTypeEntity);
+    clusterResourceEntity.setId(1L);
+
+    PermissionEntity clusterPermissionEntity = new PermissionEntity();
+    clusterPermissionEntity.setPermissionName("CLUSTER.ADMINISTRATOR");
+
+    RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity();
+    readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId());
+
+    RoleAuthorizationEntity privilegedRoleAuthorizationEntity = new RoleAuthorizationEntity();
+    privilegedRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_TOGGLE_KERBEROS.getId());
+
+
+    clusterPermissionEntity.setAuthorizations(Arrays.asList(readOnlyRoleAuthorizationEntity,
+      privilegedRoleAuthorizationEntity));
+
+    PrivilegeEntity clusterPrivilegeEntity = new PrivilegeEntity();
+    clusterPrivilegeEntity.setPermission(clusterPermissionEntity);
+    clusterPrivilegeEntity.setResource(clusterResourceEntity);
+
+    GrantedAuthority clusterAuthority = new AmbariGrantedAuthority(clusterPrivilegeEntity);
+    Authentication clusterUser = new TestAuthentication(Collections.singleton(clusterAuthority));
+
+
+    Provider viewInstanceDAOProvider = createNiceMock(Provider.class);
+    Provider privilegeDAOProvider = createNiceMock(Provider.class);
+
+    ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class);
+    PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class);
+
+    ViewInstanceEntity viewInstanceEntity = createNiceMock(ViewInstanceEntity.class);
+    expect(viewInstanceEntity.getClusterHandle()).andReturn(1L).anyTimes();
+
+    PrivilegeEntity privilegeEntity = createNiceMock(PrivilegeEntity.class);
+    PrincipalEntity principalEntity = createNiceMock(PrincipalEntity.class);
+    PrincipalTypeEntity principalTypeEntity = createNiceMock(PrincipalTypeEntity.class);
+
+    expect(viewInstanceDAOProvider.get()).andReturn(viewInstanceDAO).anyTimes();
+    expect(privilegeDAOProvider.get()).andReturn(privilegeDAO).anyTimes();
+
+    expect(viewInstanceDAO.findByResourceId(2L)).andReturn(viewInstanceEntity).anyTimes();
+
+    expect(privilegeDAO.findByResourceId(2L)).andReturn(Lists.newArrayList(privilegeEntity)).anyTimes();
+
+    expect(principalTypeEntity.getName()).andReturn("ALL.CLUSTER.ADMINISTRATOR").anyTimes();
+    expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes();
+    expect(privilegeEntity.getPrincipal()).andReturn(principalEntity).anyTimes();
+
+    replayAll();
+
+    AuthorizationHelper.viewInstanceDAOProvider = viewInstanceDAOProvider;
+    AuthorizationHelper.privilegeDAOProvider = privilegeDAOProvider;
+
+    SecurityContext context = SecurityContextHolder.getContext();
+    context.setAuthentication(clusterUser);
+
+    assertTrue(AuthorizationHelper.isAuthorized(ResourceType.VIEW, 2L, EnumSet.of(RoleAuthorization.VIEW_USE)));
+  }
+
   public void testIsAuthorizedForSpecificView() {
     RoleAuthorizationEntity readOnlyRoleAuthorizationEntity = new RoleAuthorizationEntity();
     readOnlyRoleAuthorizationEntity.setAuthorizationId(RoleAuthorization.CLUSTER_VIEW_METRICS.getId());

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java
index 29bf820..4457858 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog242Test.java
@@ -20,8 +20,6 @@ package org.apache.ambari.server.upgrade;
 
 import javax.persistence.EntityManager;
 import junit.framework.Assert;
-
-import static org.easymock.EasyMock.anyString;
 import static org.easymock.EasyMock.aryEq;
 import static org.easymock.EasyMock.capture;
 import static org.easymock.EasyMock.createMockBuilder;
@@ -36,13 +34,7 @@ import static org.easymock.EasyMock.reset;
 import static org.easymock.EasyMock.verify;
 
 import java.lang.reflect.Method;
-import java.sql.SQLException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
 
-import org.apache.ambari.server.AmbariException;
 import org.apache.ambari.server.api.services.AmbariMetaInfo;
 import org.apache.ambari.server.configuration.Configuration;
 import org.apache.ambari.server.controller.AmbariManagementController;
@@ -52,22 +44,12 @@ import org.apache.ambari.server.orm.InMemoryDefaultTestModule;
 import org.apache.ambari.server.orm.dao.ClusterDAO;
 import org.apache.ambari.server.orm.dao.ClusterVersionDAO;
 import org.apache.ambari.server.orm.dao.HostVersionDAO;
-import org.apache.ambari.server.orm.dao.PermissionDAO;
-import org.apache.ambari.server.orm.dao.PrincipalDAO;
-import org.apache.ambari.server.orm.dao.PrincipalTypeDAO;
-import org.apache.ambari.server.orm.dao.PrivilegeDAO;
 import org.apache.ambari.server.orm.dao.RepositoryVersionDAO;
 import org.apache.ambari.server.orm.dao.StackDAO;
-import org.apache.ambari.server.orm.entities.PermissionEntity;
-import org.apache.ambari.server.orm.entities.PrincipalEntity;
-import org.apache.ambari.server.orm.entities.PrincipalTypeEntity;
-import org.apache.ambari.server.orm.entities.PrivilegeEntity;
-import org.apache.ambari.server.orm.entities.ResourceEntity;
 import org.apache.ambari.server.orm.entities.StackEntity;
 import org.apache.ambari.server.state.stack.OsFamily;
 import org.easymock.Capture;
 import org.easymock.EasyMock;
-import org.easymock.EasyMockSupport;
 import org.easymock.IMocksControl;
 import org.junit.After;
 import org.junit.Before;
@@ -237,19 +219,16 @@ public class UpgradeCatalog242Test {
   @Test
   public void testExecuteDMLUpdates() throws Exception {
     Method addNewConfigurationsFromXml = AbstractUpgradeCatalog.class.getDeclaredMethod("addNewConfigurationsFromXml");
-    Method convertRolePrincipals = UpgradeCatalog242.class.getDeclaredMethod("convertRolePrincipals");
+
 
     UpgradeCatalog242 upgradeCatalog242 = createMockBuilder(UpgradeCatalog242.class)
-        .addMockedMethod(addNewConfigurationsFromXml)
-        .addMockedMethod(convertRolePrincipals)
-        .createMock();
+            .addMockedMethod(addNewConfigurationsFromXml)
+            .createMock();
 
 
     upgradeCatalog242.addNewConfigurationsFromXml();
     expectLastCall().once();
 
-    upgradeCatalog242.convertRolePrincipals();
-    expectLastCall().once();
 
     replay(upgradeCatalog242);
 
@@ -257,111 +236,4 @@ public class UpgradeCatalog242Test {
 
     verify(upgradeCatalog242);
   }
-
-  @Test
-  public void testConvertRolePrincipals() throws AmbariException, SQLException {
-
-    EasyMockSupport easyMockSupport = new EasyMockSupport();
-
-    PrincipalEntity clusterAdministratorPrincipalEntity = easyMockSupport.createMock(PrincipalEntity.class);
-
-    PermissionEntity clusterAdministratorPermissionEntity = easyMockSupport.createMock(PermissionEntity.class);
-    expect(clusterAdministratorPermissionEntity.getPrincipal())
-        .andReturn(clusterAdministratorPrincipalEntity)
-        .once();
-
-    PrincipalTypeEntity allClusterAdministratorPrincipalTypeEntity = easyMockSupport.createMock(PrincipalTypeEntity.class);
-
-    PermissionDAO permissionDAO = easyMockSupport.createMock(PermissionDAO.class);
-    expect(permissionDAO.findByName("CLUSTER.ADMINISTRATOR"))
-        .andReturn(clusterAdministratorPermissionEntity)
-        .once();
-    expect(permissionDAO.findByName(anyString()))
-        .andReturn(null)
-        .anyTimes();
-
-    PrincipalTypeDAO principalTypeDAO = easyMockSupport.createMock(PrincipalTypeDAO.class);
-    expect(principalTypeDAO.findByName("ALL.CLUSTER.ADMINISTRATOR"))
-        .andReturn(allClusterAdministratorPrincipalTypeEntity)
-        .once();
-    expect(principalTypeDAO.findByName(anyString()))
-        .andReturn(null)
-        .anyTimes();
-    principalTypeDAO.remove(allClusterAdministratorPrincipalTypeEntity);
-    expectLastCall().once();
-
-    ResourceEntity allClusterAdministratorPrivilege1Resource = easyMockSupport.createMock(ResourceEntity.class);
-    expect(allClusterAdministratorPrivilege1Resource.getId()).andReturn(1L).once();
-
-    PrincipalEntity allClusterAdministratorPrivilege1Principal = easyMockSupport.createMock(PrincipalEntity.class);
-    expect(allClusterAdministratorPrivilege1Principal.getId()).andReturn(1L).once();
-
-    PermissionEntity allClusterAdministratorPrivilege1Permission = easyMockSupport.createMock(PermissionEntity.class);
-    expect(allClusterAdministratorPrivilege1Permission.getId()).andReturn(1).once();
-
-    PrivilegeEntity allClusterAdministratorPrivilege1  = easyMockSupport.createMock(PrivilegeEntity.class);
-    expect(allClusterAdministratorPrivilege1.getId()).andReturn(1).atLeastOnce();
-    expect(allClusterAdministratorPrivilege1.getResource()).andReturn(allClusterAdministratorPrivilege1Resource).once();
-    expect(allClusterAdministratorPrivilege1.getPrincipal()).andReturn(allClusterAdministratorPrivilege1Principal).once();
-    expect(allClusterAdministratorPrivilege1.getPermission()).andReturn(allClusterAdministratorPrivilege1Permission).once();
-    allClusterAdministratorPrivilege1.setPrincipal(clusterAdministratorPrincipalEntity);
-    expectLastCall().once();
-
-    ResourceEntity allClusterAdministratorPrivilege2Resource = easyMockSupport.createMock(ResourceEntity.class);
-    expect(allClusterAdministratorPrivilege2Resource.getId()).andReturn(2L).once();
-
-    PrincipalEntity allClusterAdministratorPrivilege2Principal = easyMockSupport.createMock(PrincipalEntity.class);
-    expect(allClusterAdministratorPrivilege2Principal.getId()).andReturn(2L).once();
-
-    PermissionEntity allClusterAdministratorPrivilege2Permission = easyMockSupport.createMock(PermissionEntity.class);
-    expect(allClusterAdministratorPrivilege2Permission.getId()).andReturn(2).once();
-
-    PrivilegeEntity allClusterAdministratorPrivilege2  = easyMockSupport.createMock(PrivilegeEntity.class);
-    expect(allClusterAdministratorPrivilege2.getId()).andReturn(2).atLeastOnce();
-    expect(allClusterAdministratorPrivilege2.getResource()).andReturn(allClusterAdministratorPrivilege2Resource).once();
-    expect(allClusterAdministratorPrivilege2.getPrincipal()).andReturn(allClusterAdministratorPrivilege2Principal).once();
-    expect(allClusterAdministratorPrivilege2.getPermission()).andReturn(allClusterAdministratorPrivilege2Permission).once();
-    allClusterAdministratorPrivilege2.setPrincipal(clusterAdministratorPrincipalEntity);
-    expectLastCall().once();
-
-    Set<PrivilegeEntity> allClusterAdministratorPrivileges = new HashSet<PrivilegeEntity>();
-    allClusterAdministratorPrivileges.add(allClusterAdministratorPrivilege1);
-    allClusterAdministratorPrivileges.add(allClusterAdministratorPrivilege2);
-
-    PrincipalEntity allClusterAdministratorPrincipalEntity = easyMockSupport.createMock(PrincipalEntity.class);
-    expect(allClusterAdministratorPrincipalEntity.getPrivileges())
-        .andReturn(allClusterAdministratorPrivileges)
-        .once();
-
-    List<PrincipalEntity> allClusterAdministratorPrincipals = new ArrayList<PrincipalEntity>();
-    allClusterAdministratorPrincipals.add(allClusterAdministratorPrincipalEntity);
-
-    PrincipalDAO principalDAO = easyMockSupport.createMock(PrincipalDAO.class);
-    expect(principalDAO.findByPrincipalType("ALL.CLUSTER.ADMINISTRATOR"))
-        .andReturn(allClusterAdministratorPrincipals)
-        .once();
-    principalDAO.remove(allClusterAdministratorPrincipalEntity);
-    expectLastCall().once();
-
-
-    PrivilegeDAO privilegeDAO = easyMockSupport.createMock(PrivilegeDAO.class);
-    expect(privilegeDAO.merge(allClusterAdministratorPrivilege1))
-        .andReturn(allClusterAdministratorPrivilege1)
-        .once();
-    expect(privilegeDAO.merge(allClusterAdministratorPrivilege2))
-        .andReturn(allClusterAdministratorPrivilege2)
-        .once();
-
-    Injector injector = easyMockSupport.createNiceMock(Injector.class);
-    expect(injector.getInstance(PrincipalTypeDAO.class)).andReturn(principalTypeDAO).atLeastOnce();
-    expect(injector.getInstance(PrincipalDAO.class)).andReturn(principalDAO).atLeastOnce();
-    expect(injector.getInstance(PermissionDAO.class)).andReturn(permissionDAO).atLeastOnce();
-    expect(injector.getInstance(PrivilegeDAO.class)).andReturn(privilegeDAO).atLeastOnce();
-
-    easyMockSupport.replayAll();
-    UpgradeCatalog242 upgradeCatalog = new UpgradeCatalog242(injector);
-    injector.injectMembers(upgradeCatalog);
-    upgradeCatalog.convertRolePrincipals();
-    easyMockSupport.verifyAll();
-  }
 }

http://git-wip-us.apache.org/repos/asf/ambari/blob/b90b2863/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java
----------------------------------------------------------------------
diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java
index a24f041..3c4a440 100644
--- a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java
+++ b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/AutoInstanceConfigTest.java
@@ -1,4 +1,4 @@
-/*
+/**
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
@@ -22,8 +22,9 @@ import junit.framework.Assert;
 import org.junit.Test;
 
 import javax.xml.bind.JAXBException;
-import java.util.Collection;
+import java.util.LinkedList;
 import java.util.List;
+import java.util.Set;
 
 import static org.junit.Assert.*;
 
@@ -74,7 +75,7 @@ public class AutoInstanceConfigTest {
       "        </property>\n" +
       "        <stack-id>HDP-2.0</stack-id>\n" +
       "        <services><service>HIVE</service><service>HDFS</service></services>\n" +
-      "        <roles><role>CLUSTER.OPERATOR </role><role> CLUSTER.USER</role></roles>\n" +
+      "        <permissions>ALL.CLUSTER.OPERATOR, ALL.CLUSTER.USER</permissions>\n" +
       "    </auto-instance>\n" +
       "</view>";
 
@@ -112,13 +113,13 @@ public class AutoInstanceConfigTest {
   @Test
   public void shouldParseClusterInheritedPermissions() throws Exception {
     AutoInstanceConfig config = getAutoInstanceConfigs(VIEW_XML);
-    Collection<String> roles = config.getRoles();
-    assertEquals(2, roles.size());
-    assertTrue(roles.contains("CLUSTER.OPERATOR"));
-    assertTrue(roles.contains("CLUSTER.USER"));
+    List<String> permissions = config.getPermissions();
+    assertEquals(2, permissions.size());
+    assertTrue(permissions.contains("ALL.CLUSTER.OPERATOR"));
+    assertTrue(permissions.contains("ALL.CLUSTER.USER"));
   }
 
-  private static AutoInstanceConfig getAutoInstanceConfigs(String xml) throws JAXBException {
+  public static AutoInstanceConfig getAutoInstanceConfigs(String xml) throws JAXBException {
     ViewConfig config = ViewConfigTest.getConfig(xml);
     return config.getAutoInstance();
   }


Mime
View raw message