ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From prad...@apache.org
Subject ranger git commit: RANGER-2273 : Allow service admin and delegated admin user to view list of users and groups though they have 'USER' role
Date Sat, 03 Nov 2018 14:38:27 GMT
Repository: ranger
Updated Branches:
  refs/heads/master ac1b1bdf3 -> 2b2cb2daf


RANGER-2273 : Allow service admin and delegated admin user to view list of users and groups
though they have 'USER' role


Project: http://git-wip-us.apache.org/repos/asf/ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/2b2cb2da
Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/2b2cb2da
Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/2b2cb2da

Branch: refs/heads/master
Commit: 2b2cb2daf710f1c6ff68f35e6fdef6b01495c7c2
Parents: ac1b1bd
Author: Nikhil P <npurbhe@hortonworks.com>
Authored: Thu Nov 1 19:12:20 2018 +0530
Committer: Pradeep <pradeep@apache.org>
Committed: Sat Nov 3 19:28:20 2018 +0530

----------------------------------------------------------------------
 .../org/apache/ranger/biz/ServiceDBStore.java   |  2 +-
 .../java/org/apache/ranger/biz/XUserMgr.java    | 95 ++++++++++++++++++++
 .../java/org/apache/ranger/rest/XUserREST.java  | 62 +++++++++++++
 .../ranger/security/context/RangerAPIList.java  |  2 +
 .../scripts/views/policies/PermissionList.js    | 12 +--
 .../scripts/views/reports/UserAccessLayout.js   | 12 +--
 6 files changed, 172 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index b40d4f0..f2d61d3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -4365,7 +4365,7 @@ public class ServiceDBStore extends AbstractServiceStore {
 		String svcAdminUsers = cfgSvcAdminUsers != null ? cfgSvcAdminUsers.getConfigvalue() : null;
 		if (svcAdminUsers != null) {
 			for (String svcAdminUser : svcAdminUsers.split(",")) {
-				if (userName.equals(svcAdminUser)) {
+				if (userName.equals(svcAdminUser.trim())) {
 					ret=true;
 					break;
 				}

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index febf221..ced600f 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -23,8 +23,10 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 
 import org.apache.commons.collections.CollectionUtils;
@@ -83,6 +85,7 @@ import org.springframework.transaction.annotation.Transactional;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.ranger.entity.XXPortalUserRole;
+import org.springframework.util.StringUtils;
 
 @Component
 public class XUserMgr extends XUserMgrBase {
@@ -1850,6 +1853,98 @@ public class XUserMgr extends XUserMgrBase {
 		return vXGroupList;
 	}
 
+	public VXGroupList lookupXGroups(SearchCriteria searchCriteria) {
+		VXGroupList ret = null;
+
+		try {
+			HashMap<String, Object> searchParams  = searchCriteria.getParamList();
+			String                  nameToLookFor = searchParams != null ? (String) searchParams.get("name")
: null;
+			VXGroup                 exactMatch    = null;
+
+			if (StringUtils.isEmpty(searchCriteria.getSortBy())) {
+				searchCriteria.setSortBy(nameToLookFor != null ? "name" : "id");
+			}
+
+			if(nameToLookFor != null) {
+				exactMatch = getGroupByGroupName(nameToLookFor);
+
+				for (Map.Entry<String, Object> entry : searchParams.entrySet()) {
+					if(exactMatch == null) {
+						break;
+					}
+
+					String paramName  = entry.getKey();
+					Object paramValue = entry.getValue();
+
+					switch (paramName.toLowerCase()) {
+						case "isvisible":
+							if (!Objects.equals(exactMatch.getIsVisible(), paramValue)) {
+								exactMatch = null;
+							}
+							break;
+
+						case "groupsource":
+							if (!Objects.equals(exactMatch.getGroupSource(), paramValue)) {
+								exactMatch = null;
+							}
+							break;
+
+						default:
+							// ignore
+							break;
+					}
+				}
+			}
+
+			VXGroupList searchResult = xGroupService.searchXGroups(searchCriteria);
+
+			if (exactMatch != null && exactMatch.getId() != null) {
+				List<VXGroup> groups = searchResult.getList();
+
+				if (!groups.isEmpty()) { // remove exactMatch from groups if it is present
+					boolean removed = false;
+
+					for (Iterator<VXGroup> iter = groups.iterator(); iter.hasNext(); ) {
+						VXGroup group = iter.next();
+
+						if (group != null && exactMatch.getId().equals(group.getId())) {
+							iter.remove();
+							removed = true;
+
+							break;
+						}
+					}
+
+					if (!removed) { // remove the last entry, if exactMatch was not removed above - to accomodate
for add() below
+						groups.remove(groups.size() - 1);
+					}
+				}
+
+				groups.add(0, exactMatch);
+
+				ret = new VXGroupList(groups);
+
+				ret.setStartIndex(searchCriteria.getStartIndex());
+				ret.setTotalCount(searchResult.getTotalCount());
+				ret.setPageSize(searchCriteria.getMaxRows());
+				ret.setSortBy(searchCriteria.getSortBy());
+				ret.setSortType(searchCriteria.getSortType());
+			} else {
+				ret = searchResult;
+			}
+		} catch (Exception e) {
+			logger.error("Error getting the exact match of group =>"+e);
+		}
+
+		if (ret != null && ret.getListSize() > 0 && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS))
{
+			for(VXGroup vXGroup : ret.getList()) {
+				getMaskedVXGroup(vXGroup);
+			}
+		}
+
+		return ret;
+	}
+
 	public Collection<String> getMaskedCollection(Collection<String> listunMasked){
         List<String> listMasked=new ArrayList<String>();
         if(listunMasked!=null) {

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index b5c6e9c..1e8a093 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -19,6 +19,7 @@
 
  package org.apache.ranger.rest;
 
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 
@@ -386,6 +387,67 @@ public class XUserREST {
 	}
 
 	@GET
+	@Path("/lookup/users")
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_USERS_LOOKUP
+ "\")")
+	public VXStringList getUsersLookup(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xUserService.sortFields);
+		VXStringList ret = new VXStringList();
+		List<VXString> vXList = new ArrayList<>();
+		searchUtil.extractString(request, searchCriteria, "name", "User name",null);
+		searchUtil.extractInt(request, searchCriteria, "isVisible", "User Visibility");
+		try {
+			VXUserList vXUserList = xUserMgr.searchXUsers(searchCriteria);
+			VXString VXString = null;
+			for (VXUser vxUser : vXUserList.getList()) {
+				VXString = new VXString();
+				VXString.setValue(vxUser.getName());
+				vXList.add(VXString);
+			}
+			ret.setVXStrings(vXList);
+			ret.setPageSize(vXUserList.getPageSize());
+			ret.setTotalCount(vXUserList.getTotalCount());
+			ret.setSortType(vXUserList.getSortType());
+			ret.setSortBy(vXUserList.getSortBy());
+		}
+		catch(Throwable excp){
+			throw restErrorUtil.createRESTException(excp.getMessage());
+		}
+		return ret;
+	}
+
+	@GET
+	@Path("/lookup/groups")
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_GROUPS_LOOKUP
+ "\")")
+	public VXStringList getGroupsLookup(@Context HttpServletRequest request) {
+		VXStringList ret = new VXStringList();
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xGroupService.sortFields);
+		List<VXString> vXList = new ArrayList<>();
+		searchUtil.extractString(request, searchCriteria, "name", "group name", null);
+		searchUtil.extractInt(request, searchCriteria, "isVisible", "Group Visibility");
+		try {
+			VXGroupList vXGroupList = xUserMgr.lookupXGroups(searchCriteria);
+			for (VXGroup vxGroup : vXGroupList.getList()) {
+				VXString VXString = new VXString();
+				VXString.setValue(vxGroup.getName());
+				vXList.add(VXString);
+			}
+			ret.setVXStrings(vXList);
+			ret.setPageSize(vXGroupList.getPageSize());
+			ret.setTotalCount(vXGroupList.getTotalCount());
+			ret.setSortType(vXGroupList.getSortType());
+			ret.setSortBy(vXGroupList.getSortBy());
+		}
+		catch(Throwable excp){
+			throw restErrorUtil.createRESTException(excp.getMessage());
+		}
+		return ret;
+	}
+
+	@GET
 	@Path("/users/count")
 	@Produces({ "application/xml", "application/json" })
 	@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_X_USERS
+ "\")")

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
index 4a6a769..1e38ef1 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/context/RangerAPIList.java
@@ -150,6 +150,8 @@ public class RangerAPIList {
 	public static final String MODIFY_USER_VISIBILITY = "XUserREST.modifyUserVisibility";
 	public static final String DELETE_X_USER = "XUserREST.deleteXUser";
 	public static final String SEARCH_X_USERS = "XUserREST.searchXUsers";
+	public static final String GET_USERS_LOOKUP = "XUserREST.getUsersLookup";
+	public static final String GET_GROUPS_LOOKUP = "XUserREST.getGroupsLookup";
 	public static final String COUNT_X_USERS = "XUserREST.countXUsers";
 	public static final String GET_X_GROUP_USER = "XUserREST.getXGroupUser";
 	public static final String CREATE_X_GROUP_USER = "XUserREST.createXGroupUser";

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
index 2b996b0..0c3824b 100644
--- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
+++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js
@@ -192,10 +192,10 @@ define(function(require) {
 				}
 			});
 		},
-                createDropDown :function($select, typeGroup){
-                        var that = this, tags = [],
+		createDropDown :function($select, typeGroup){
+			var that = this, tags = [],
 			placeholder = (typeGroup) ? 'Select Group' : 'Select User',
-					searchUrl   = (typeGroup) ? "service/xusers/groups" : "service/xusers/users";
+					searchUrl   = (typeGroup) ? "service/xusers/lookup/groups" : "service/xusers/lookup/users";
 			if(this.model.has('editMode') && !_.isEmpty($select.val())){
 				var temp = this.model.attributes[ (typeGroup) ? 'groupName': 'userName'];
 				_.each(temp , function(name){
@@ -221,11 +221,11 @@ define(function(require) {
 						var results = [] , selectedVals = [];
 						//Get selected values of groups/users dropdown
 						selectedVals = that.getSelectedValues($select, typeGroup);
-						if(data.resultSize != "0"){
+						if(data.totalCount != "0"){
 							if(typeGroup){
-								results = data.vXGroups.map(function(m, i){	return {id : _.escape(m.name), text:
_.escape(m.name) };	});
+								results = data.vXStrings.map(function(m){	return {id : _.escape(m.value), text: _.escape(m.value)
};	});
 							} else {
-								results = data.vXUsers.map(function(m, i){	return {id : _.escape(m.name), text: _.escape(m.name)
};	});
+								results = data.vXStrings.map(function(m){	return {id : _.escape(m.value), text: _.escape(m.value)
};	});
 							}
 							if(!_.isEmpty(selectedVals)){
 								results = XAUtil.filterResultByText(results, selectedVals);

http://git-wip-us.apache.org/repos/asf/ranger/blob/2b2cb2da/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
----------------------------------------------------------------------
diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
index d5bad70..f0e5c1d 100644
--- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
+++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js
@@ -662,7 +662,7 @@ define(function(require) {'use strict';
 					callback(data);
 				},
 				ajax: { 
-					url: "service/xusers/groups",
+					url: "service/xusers/lookup/groups",
 					dataType: 'json',
 					data: function (term, page) {
 						return {name : term};
@@ -671,8 +671,8 @@ define(function(require) {'use strict';
 						var results = [],selectedVals = [];
 						if(!_.isEmpty(that.ui.userGroup.val()))
 							selectedVals = that.ui.userGroup.val().split(',');
-						if(data.resultSize != "0"){
-							results = data.vXGroups.map(function(m, i){	return {id : m.name, text: _.escape(m.name)
};	});
+						if(data.totalCount != "0"){
+							results = data.vXStrings.map(function(m){	return {id : m.value, text: _.escape(m.value)
};	});
 							if(!_.isEmpty(selectedVals))
 								results = XAUtil.filterResultByIds(results, selectedVals);
 							return {results : results};
@@ -716,7 +716,7 @@ define(function(require) {'use strict';
 					callback(data);
 				},
 				ajax: { 
-					url: "service/xusers/users",
+					url: "service/xusers/lookup/users",
 					dataType: 'json',
 					data: function (term, page) {
 						return {name : term};
@@ -725,8 +725,8 @@ define(function(require) {'use strict';
 						var results = [],selectedVals=[];
 						if(!_.isEmpty(that.ui.userName.select2('val')))
 							selectedVals = that.ui.userName.select2('val');
-						if(data.resultSize != "0"){
-							results = data.vXUsers.map(function(m, i){	return {id : m.name, text: _.escape(m.name)
};	});
+						if(data.totalCount != "0"){
+							results = data.vXStrings.map(function(m){	return {id : m.value, text: _.escape(m.value)
};	});
 							if(!_.isEmpty(selectedVals))
 								results = XAUtil.filterResultByIds(results, selectedVals);
 							return {results : results};


Mime
View raw message