ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mad...@apache.org
Subject [1/2] git commit: ARGUS-58: GRANT/REVOKE REST APIs don't handle 'Admin' privileges given to 'public' group. Includes fix for NPE in GRANT after a REVOKE was executed for the same user.
Date Mon, 15 Sep 2014 23:08:42 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master 6fdad49d1 -> d3e9ad6d1


ARGUS-58: GRANT/REVOKE REST APIs don't handle 'Admin' privileges given
to 'public' group. Includes fix for NPE in GRANT after a REVOKE was
executed for the same user.

Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/40b82337
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/40b82337
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/40b82337

Branch: refs/heads/master
Commit: 40b82337b9046d51484dd8f272e25ce991f5fe54
Parents: 6fdad49
Author: mneethiraj <mneethiraj@hortonworks.com>
Authored: Mon Sep 15 15:26:29 2014 -0700
Committer: mneethiraj <mneethiraj@hortonworks.com>
Committed: Mon Sep 15 15:26:29 2014 -0700

----------------------------------------------------------------------
 .../main/java/com/xasecure/biz/AssetMgr.java    | 13 ++++----
 .../main/java/com/xasecure/biz/XABizUtil.java   | 32 ++++++++++++++------
 2 files changed, 29 insertions(+), 16 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/40b82337/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index ded8e91..dfed3b9 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -2643,9 +2643,10 @@ public class AssetMgr extends AssetMgrBase {
 						permMapDeleteKeys.add(userKey);
 					}
 				}
-				for (VXPermMap permMap : permMapListtoDelete) {
-					if(permMap!=null){
-						if(permMap==null||permMap.getPermFor()==0||(permMap.getUserId()==null && permMap.getGroupId()==null)){
+				
+				if(permMapListtoDelete != null) {
+					for (VXPermMap permMap : permMapListtoDelete) {
+						if(permMap==null || permMap.getPermFor()==0 || (permMap.getUserId()==null &&
permMap.getGroupId()==null)){
 							continue;					
 						}
 						userKey=null;
@@ -2659,9 +2660,9 @@ public class AssetMgr extends AssetMgrBase {
 							xPermMapService.deleteResource(permMap.getId());
 							trxLogListDelete.addAll(xPermMapService.getTransactionLog(permMap,"delete"));
 						}					
-					}
-				}//permission deletion processing end
-				xaBizUtil.createTrxLog(trxLogListDelete);	
+					}//permission deletion processing end
+					xaBizUtil.createTrxLog(trxLogListDelete);	
+				}
 			}
 		}
 		

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/40b82337/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
index 8e5e37e..464c265 100644
--- a/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
+++ b/security-admin/src/main/java/com/xasecure/biz/XABizUtil.java
@@ -31,6 +31,7 @@ import java.util.Set;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
+
 import com.xasecure.common.GUIDUtil;
 import com.xasecure.common.XACommonEnums;
 import com.xasecure.common.XAConstants;
@@ -95,6 +96,7 @@ public class XABizUtil {
 	private static final String PATH_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrst0123456789-_.";
 	private static char[] PATH_CHAR_SET = PATH_CHARS.toCharArray();
 	private static int PATH_CHAR_SET_LEN = PATH_CHAR_SET.length;
+	private static Long sGroupIdPublic = null;
 
 	public XABizUtil() {
 		maxFirstNameLength = Integer.parseInt(PropertiesUtil.getProperty(
@@ -1020,16 +1022,12 @@ public class XABizUtil {
 		boolean matchFound = false;
 		for (XXPermMap permMap : permMapList) {
 			if (permMap.getPermType() == permission) {
-				// check whether permission is group permission and permission
-				// is enabled for group to which user belong
-				if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP
-						&& isGroupInList(permMap.getGroupId(), userGroups)) {
-					matchFound = true;
-				} // check whether permission is user permission and enabled to
-					// user
-				else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER
-						&& permMap.getUserId().equals(xUserId)) {
-					matchFound = true;
+				if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
+					// check whether permission is enabled for public group or a group to which user belongs
+					matchFound = isPublicGroupId(permMap.getGroupId()) || isGroupInList(permMap.getGroupId(),
userGroups);
+				} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
+					// check whether permission is enabled to user
+					matchFound = permMap.getUserId().equals(xUserId);
 				}
 			}
 			if (matchFound) {
@@ -1038,6 +1036,20 @@ public class XABizUtil {
 		}
 		return matchFound;
 	}
+	
+	public boolean isPublicGroupId(Long groupId) {
+		return groupId != null && groupId == getPublicGroupId();
+	}
+	
+	public Long getPublicGroupId() {
+		if(sGroupIdPublic == null) {
+			XXGroup xXGroupPublic = daoManager.getXXGroup().findByGroupName(XAConstants.GROUP_PUBLIC);
+
+			sGroupIdPublic = xXGroupPublic != null ? xXGroupPublic.getId() : null;
+		}
+
+		return sGroupIdPublic;
+	}
 
 	/**
 	 * returns true is given group id is in given group list


Mime
View raw message