From commits-return-4772-archive-asf-public=cust-asf.ponee.io@ranger.apache.org Thu Sep 27 10:25:11 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 53D54180675 for ; Thu, 27 Sep 2018 10:25:10 +0200 (CEST) Received: (qmail 33336 invoked by uid 500); 27 Sep 2018 08:25:09 -0000 Mailing-List: contact commits-help@ranger.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ranger.apache.org Delivered-To: mailing list commits@ranger.apache.org Received: (qmail 33306 invoked by uid 99); 27 Sep 2018 08:25:09 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Sep 2018 08:25:09 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id C44E5DFF32; Thu, 27 Sep 2018 08:25:08 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: mehul@apache.org To: commits@ranger.apache.org Date: Thu, 27 Sep 2018 08:25:09 -0000 Message-Id: <7ddc255284a6475aa9d2089c08d264e5@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [2/5] ranger git commit: RANGER-2218: Added validations for names duing service def updates RANGER-2218: Added validations for names duing service def updates Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/4fe45569 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/4fe45569 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/4fe45569 Branch: refs/heads/ranger-1.1 Commit: 4fe455699a8de3894c5bebc5d7b88d1fb93d97e3 Parents: 598a5de Author: Sailaja Polavarapu Authored: Wed Sep 26 15:06:26 2018 -0700 Committer: Mehul Parikh Committed: Thu Sep 27 12:29:57 2018 +0530 ---------------------------------------------------------------------- .../validation/RangerServiceDefValidator.java | 126 +++++++++++++++++-- .../TestRangerServiceDefValidator.java | 38 +++--- .../java/org/apache/ranger/biz/XUserMgr.java | 11 +- 3 files changed, 149 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/4fe45569/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java index d73210e..45821e8 100644 --- a/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/validation/RangerServiceDefValidator.java @@ -26,6 +26,7 @@ import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; +import java.util.HashMap; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; @@ -40,6 +41,7 @@ import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumElementDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; +import org.apache.ranger.plugin.model.RangerServiceDef.RangerDataMaskTypeDef; import org.apache.ranger.plugin.store.ServiceStore; import com.google.common.collect.ImmutableSet; @@ -137,8 +139,8 @@ public class RangerServiceDefValidator extends RangerValidator { Long id = serviceDef.getId(); valid = isValidServiceDefId(id, action, failures) && valid; valid = isValidServiceDefName(serviceDef.getName(), id, action, failures) && valid; - valid = isValidAccessTypes(serviceDef.getAccessTypes(), failures) && valid; - if (isValidResources(serviceDef, failures)) { + valid = isValidAccessTypes(serviceDef.getId(), serviceDef.getAccessTypes(), failures, action) && valid; + if (isValidResources(serviceDef, failures, action)) { // Semantic check of resource graph can only be done if resources are "syntactically" valid valid = isValidResourceGraph(serviceDef, failures) && valid; } else { @@ -151,7 +153,8 @@ public class RangerServiceDefValidator extends RangerValidator { } else { valid = false; } - valid = isValidPolicyConditions(serviceDef.getPolicyConditions(), failures) && valid; + valid = isValidPolicyConditions(serviceDef.getId(), serviceDef.getPolicyConditions(), failures, action) && valid; + valid = isValidDataMaskTypes(serviceDef.getId(), serviceDef.getDataMaskDef().getMaskTypes(), failures, action) && valid; } if(LOG.isDebugEnabled()) { @@ -238,7 +241,8 @@ public class RangerServiceDefValidator extends RangerValidator { return valid; } - boolean isValidAccessTypes(final List accessTypeDefs, final List failures) { + boolean isValidAccessTypes(final Long serviceDefId, final List accessTypeDefs, + final List failures, final Action action) { if(LOG.isDebugEnabled()) { LOG.debug(String.format("==> RangerServiceDefValidator.isValidAccessTypes(%s, %s)", accessTypeDefs, failures)); } @@ -254,13 +258,32 @@ public class RangerServiceDefValidator extends RangerValidator { .build()); valid = false; } else { + Map existingAccessTypeIDNameMap = new HashMap<>(); + if (action == Action.UPDATE) { + List existingAccessTypes = this.getServiceDef(serviceDefId).getAccessTypes(); + for (RangerAccessTypeDef existingAccessType : existingAccessTypes) { + existingAccessTypeIDNameMap.put(existingAccessType.getItemId(), existingAccessType.getName()); + } + } + if(LOG.isDebugEnabled()) { + LOG.debug("accessType names from db = " + existingAccessTypeIDNameMap.values()); + } List defsWithImpliedGrants = new ArrayList<>(); Set accessNames = new HashSet<>(); Set ids = new HashSet<>(); for (RangerAccessTypeDef def : accessTypeDefs) { String name = def.getName(); + Long itemId = def.getItemId(); valid = isUnique(name, accessNames, "access type name", "access types", failures) && valid; valid = isUnique(def.getItemId(), ids, "access type itemId", "access types", failures) && valid; + if (action == Action.UPDATE) { + if (existingAccessTypeIDNameMap.get(itemId) != null && !existingAccessTypeIDNameMap.get(itemId).equals(name)) { + ValidationErrorCode error; + error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT; + failures.add((new ValidationFailureDetailsBuilder()).field("access type name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(String.format("changing %s[%s] in %s is not supported", "access type name", name, "access types")).build()); + valid = false; + } + } if (CollectionUtils.isNotEmpty(def.getImpliedGrants())) { defsWithImpliedGrants.add(def); } @@ -302,7 +325,8 @@ public class RangerServiceDefValidator extends RangerValidator { return valid; } - boolean isValidPolicyConditions(List policyConditions, List failures) { + boolean isValidPolicyConditions(Long serviceDefId, List policyConditions, + List failures, final Action action) { if(LOG.isDebugEnabled()) { LOG.debug(String.format("==> RangerServiceDefValidator.isValidPolicyConditions(%s, %s)", policyConditions, failures)); } @@ -311,12 +335,31 @@ public class RangerServiceDefValidator extends RangerValidator { if (CollectionUtils.isEmpty(policyConditions)) { LOG.debug("Configs collection was null/empty! ok"); } else { + Map existingPolicyCondIDNameMap = new HashMap<>(); + if (action == Action.UPDATE) { + List existingPolicyConditions = this.getServiceDef(serviceDefId).getPolicyConditions(); + for (RangerPolicyConditionDef existingPolicyCondition : existingPolicyConditions) { + existingPolicyCondIDNameMap.put(existingPolicyCondition.getItemId(), existingPolicyCondition.getName()); + } + } + if(LOG.isDebugEnabled()) { + LOG.debug("policy condition names from db = " + existingPolicyCondIDNameMap.values()); + } Set ids = new HashSet<>(); Set names = new HashSet<>(); for (RangerPolicyConditionDef conditionDef : policyConditions) { - valid = isUnique(conditionDef.getItemId(), ids, "policy condition def itemId", "policy condition defs", failures) && valid; + Long itemId = conditionDef.getItemId(); + valid = isUnique(itemId, ids, "policy condition def itemId", "policy condition defs", failures) && valid; String name = conditionDef.getName(); valid = isUnique(name, names, "policy condition def name", "policy condition defs", failures) && valid; + if (action == Action.UPDATE) { + if (existingPolicyCondIDNameMap.get(itemId) != null && !existingPolicyCondIDNameMap.get(itemId).equals(name)) { + ValidationErrorCode error; + error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT; + failures.add((new ValidationFailureDetailsBuilder()).field("policy condition def name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(String.format("changing %s[%s] in %s is not supported", "policy condition def name", name, "policy condition defs")).build()); + valid = false; + } + } if (StringUtils.isBlank(conditionDef.getEvaluator())) { ValidationErrorCode error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_POLICY_CONDITION_NULL_EVALUATOR; failures.add(new ValidationFailureDetailsBuilder() @@ -452,7 +495,7 @@ public class RangerServiceDefValidator extends RangerValidator { return valid; } - boolean isValidResources(RangerServiceDef serviceDef, List failures) { + boolean isValidResources(RangerServiceDef serviceDef, List failures, final Action action) { if(LOG.isDebugEnabled()) { LOG.debug(String.format("==> RangerServiceDefValidator.isValidResources(%s, %s)", serviceDef, failures)); } @@ -469,6 +512,17 @@ public class RangerServiceDefValidator extends RangerValidator { .build()); valid = false; } else { + Map existingResourceIDNameMap = new HashMap<>(); + if (action == Action.UPDATE) { + List existingResources = this.getServiceDef(serviceDef.getId()).getResources(); + for (RangerResourceDef existingResource : existingResources) { + existingResourceIDNameMap.put(existingResource.getItemId(), existingResource.getName()); + } + } + if(LOG.isDebugEnabled()) { + LOG.debug("resource names from db = " + existingResourceIDNameMap.values()); + } + Set names = new HashSet(resources.size()); Set ids = new HashSet(resources.size()); for (RangerResourceDef resource : resources) { @@ -477,8 +531,18 @@ public class RangerServiceDefValidator extends RangerValidator { /* * While id is the natural key, name is a surrogate key. At several places code expects resource name to be unique within a service. */ - valid = isUnique(resource.getName(), names, "resource name", "resources", failures) && valid; - valid = isUnique(resource.getItemId(), ids, "resource itemId", "resources", failures) && valid; + String name = resource.getName(); + Long itemId = resource.getItemId(); + valid = isUnique(name, names, "resource name", "resources", failures) && valid; + valid = isUnique(itemId, ids, "resource itemId", "resources", failures) && valid; + if (action == Action.UPDATE) { + if (existingResourceIDNameMap.get(itemId) != null && !existingResourceIDNameMap.get(itemId).equals(name)) { + ValidationErrorCode error; + error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT; + failures.add((new ValidationFailureDetailsBuilder()).field("resource name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(String.format("changing %s[%s] in %s is not supported", "resource name", name, "resources")).build()); + valid = false; + } + } } } @@ -640,4 +704,48 @@ public class RangerServiceDefValidator extends RangerValidator { } return valid; } + + boolean isValidDataMaskTypes(Long serviceDefId, List dataMaskTypes, List failures, final Action action) { + if(LOG.isDebugEnabled()) { + LOG.debug(String.format("==> RangerServiceDefValidator.isValidDataMaskTypes(%s, %s)", dataMaskTypes, failures)); + } + boolean valid = true; + + if (CollectionUtils.isEmpty(dataMaskTypes)) { + LOG.debug("Configs collection was null/empty! ok"); + } else { + Map existingDataMaskTypeIDNameMap = new HashMap<>(); + if (action == Action.UPDATE) { + List existingDataMaskTypes = this.getServiceDef(serviceDefId).getDataMaskDef().getMaskTypes(); + for (RangerDataMaskTypeDef existingDataMaskType : existingDataMaskTypes) { + existingDataMaskTypeIDNameMap.put(existingDataMaskType.getItemId(), existingDataMaskType.getName()); + } + } + if(LOG.isDebugEnabled()) { + LOG.debug("data mask type names from db = " + existingDataMaskTypeIDNameMap.values()); + } + + Set ids = new HashSet(); + Set names = new HashSet(); + for (RangerDataMaskTypeDef dataMaskType : dataMaskTypes) { + String name = dataMaskType.getName(); + Long itemId = dataMaskType.getItemId(); + valid = isUnique(itemId, ids, "data mask type def itemId", "data mask type defs", failures) && valid; + valid = isUnique(name, names, "data mask type def name", "data mask type defs", failures) && valid; + if (action == Action.UPDATE) { + if (existingDataMaskTypeIDNameMap.get(itemId) != null && !existingDataMaskTypeIDNameMap.get(itemId).equals(name)) { + ValidationErrorCode error; + error = ValidationErrorCode.SERVICE_DEF_VALIDATION_ERR_SERVICE_DEF_NAME_CONFICT; + failures.add((new ValidationFailureDetailsBuilder()).field("data mask type def name").isSemanticallyIncorrect().errorCode(error.getErrorCode()).becauseOf(String.format("changing %s[%s] in %s is not supported", "data mask type def name", name, "data mask type defs")).build()); + valid = false; + } + } + } + } + + if(LOG.isDebugEnabled()) { + LOG.debug(String.format("<== RangerServiceDefValidator.isValidDataMaskTypes(%s, %s): %s", dataMaskTypes, failures, valid)); + } + return valid; + } } http://git-wip-us.apache.org/repos/asf/ranger/blob/4fe45569/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java ---------------------------------------------------------------------- diff --git a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java index decf07c..f4e29c7 100644 --- a/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java +++ b/agents-common/src/test/java/org/apache/ranger/plugin/model/validation/TestRangerServiceDefValidator.java @@ -211,46 +211,50 @@ public class TestRangerServiceDefValidator { @Test public final void test_isValidAccessTypes_happyPath() { + long id = 7; + when(_serviceDef.getId()).thenReturn(id); List input = _utils.createAccessTypeDefs(accessTypes_good); - assertTrue(_validator.isValidAccessTypes(input, _failures)); + assertTrue(_validator.isValidAccessTypes(id, input, _failures, Action.CREATE)); assertTrue(_failures.isEmpty()); } @Test public final void test_isValidAccessTypes_failures() { + long id = 7; + when(_serviceDef.getId()).thenReturn(id); // null or empty access type defs List accessTypeDefs = null; - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "access types"); accessTypeDefs = new ArrayList<>(); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "access types"); // null/empty access types accessTypeDefs = _utils.createAccessTypeDefs(new String[] { null, "", " " }); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "access type name"); // duplicate access types accessTypeDefs = _utils.createAccessTypeDefs(new String[] { "read", "write", "execute", "read" } ); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForSemanticError(_failures, "access type name", "read"); // duplicate access types - case-insensitive accessTypeDefs = _utils.createAccessTypeDefs(new String[] { "read", "write", "execute", "READ" } ); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForSemanticError(_failures, "access type name", "READ"); // unknown access type in implied grants list accessTypeDefs = _utils.createAccessTypeDefs(accessTypes_bad_unknownType); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForSemanticError(_failures, "implied grants", "execute"); _utils.checkFailureForSemanticError(_failures, "access type itemId", "1"); // id 1 is duplicated // access type with implied grant referring to itself accessTypeDefs = _utils.createAccessTypeDefs(accessTypes_bad_selfReference); - _failures.clear(); assertFalse(_validator.isValidAccessTypes(accessTypeDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidAccessTypes(id, accessTypeDefs, _failures, Action.CREATE)); _utils.checkFailureForSemanticError(_failures, "implied grants", "admin"); } @@ -403,23 +407,23 @@ public class TestRangerServiceDefValidator { public final void test_isValidResources() { // null/empty resources are an error when(_serviceDef.getResources()).thenReturn(null); - _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures)); + _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "resources"); List resources = new ArrayList<>(); when(_serviceDef.getResources()).thenReturn(resources); - _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures)); + _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "resources"); resources.addAll(_utils.createResourceDefsWithIds(invalidResources)); - _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures)); + _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "resource name"); _utils.checkFailureForMissingValue(_failures, "resource itemId"); _utils.checkFailureForSemanticError(_failures, "resource itemId", "1"); // id 1 is duplicate _utils.checkFailureForSemanticError(_failures, "resource name", "DataBase"); resources.clear(); resources.addAll(_utils.createResourceDefsWithIds(mixedCaseResources)); - _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures)); + _failures.clear(); assertFalse(_validator.isValidResources(_serviceDef, _failures, Action.CREATE)); _utils.checkFailure(_failures, null, null, null, "DBase",null); _utils.checkFailure(_failures, null, null, null, "TABLE",null); _utils.checkFailure(_failures, null, null, null, "Column",null); @@ -499,7 +503,7 @@ public class TestRangerServiceDefValidator { }; List resources = _utils.createResourceDefsWithIds(data); when(_serviceDef.getResources()).thenReturn(resources); - assertTrue(_validator.isValidResources(_serviceDef, _failures)); + assertTrue(_validator.isValidResources(_serviceDef, _failures, Action.CREATE)); assertTrue(_failures.isEmpty()); } @@ -533,11 +537,13 @@ public class TestRangerServiceDefValidator { @Test public final void test_isValidPolicyConditions() { + long id = 7; + when(_serviceDef.getId()).thenReturn(id); // null/empty policy conditions are ok - assertTrue(_validator.isValidPolicyConditions(null, _failures)); + assertTrue(_validator.isValidPolicyConditions(id,null, _failures, Action.CREATE)); assertTrue(_failures.isEmpty()); List conditionDefs = new ArrayList<>(); - assertTrue(_validator.isValidPolicyConditions(conditionDefs, _failures)); + assertTrue(_validator.isValidPolicyConditions(id, conditionDefs, _failures, Action.CREATE)); assertTrue(_failures.isEmpty()); Object[][] policyCondition_data = { @@ -549,7 +555,7 @@ public class TestRangerServiceDefValidator { }; conditionDefs.addAll(_utils.createPolicyConditionDefs(policyCondition_data)); - _failures.clear(); assertFalse(_validator.isValidPolicyConditions(conditionDefs, _failures)); + _failures.clear(); assertFalse(_validator.isValidPolicyConditions(id, conditionDefs, _failures, Action.CREATE)); _utils.checkFailureForMissingValue(_failures, "policy condition def itemId"); _utils.checkFailureForMissingValue(_failures, "policy condition def name"); _utils.checkFailureForMissingValue(_failures, "policy condition def evaluator"); http://git-wip-us.apache.org/repos/asf/ranger/blob/4fe45569/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index b1ea280..23b3fe4 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -347,11 +347,15 @@ public class XUserMgr extends XUserMgrBase { xaBizUtil.blockAuditorRoleUser(); VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser .getName()); + if (oldUserProfile == null) { + throw restErrorUtil.createRESTException( + "user " + vXUser.getName() + " does not exist.", + MessageEnums.INVALID_INPUT_DATA); + } VXPortalUser vXPortalUser = new VXPortalUser(); if (oldUserProfile != null && oldUserProfile.getId() != null) { vXPortalUser.setId(oldUserProfile.getId()); } - // TODO : There is a possibility that old user may not exist. vXPortalUser.setFirstName(vXUser.getFirstName()); if("null".equalsIgnoreCase(vXPortalUser.getFirstName())){ @@ -855,6 +859,11 @@ public class XUserMgr extends XUserMgrBase { checkAdminAccess(); xaBizUtil.blockAuditorRoleUser(); XXGroup xGroup = daoManager.getXXGroup().getById(vXGroup.getId()); + if (vXGroup != null && xGroup != null && !vXGroup.getName().equals(xGroup.getName())) { + throw restErrorUtil.createRESTException( + "group name updates are not allowed.", + MessageEnums.INVALID_INPUT_DATA); + } List trxLogList = xGroupService.getTransactionLog(vXGroup, xGroup, "update"); xaBizUtil.createTrxLog(trxLogList);