Repository: ranger Updated Branches: refs/heads/master 6841f14d5 -> f1fb6315f
RANGER-1781 : RangerUI :Policy create/edit form should display only relevant accesses based on the user-selected resource. Signed-off-by: Mehul Parikh <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/ranger/commit/f1fb6315 Tree: http://git-wip-us.apache.org/repos/asf/ranger/tree/f1fb6315 Diff: http://git-wip-us.apache.org/repos/asf/ranger/diff/f1fb6315 Branch: refs/heads/master Commit: f1fb6315f0d4cbc1c32b93d7951fb99ea376c73a Parents: 6841f14 Author: ni3galave <[email protected]> Authored: Tue Dec 19 12:02:01 2017 +0530 Committer: Mehul Parikh <[email protected]> Committed: Wed Dec 20 17:43:22 2017 +0530 ---------------------------------------------------------------------- .../scripts/models/BackboneFormDataType.js | 21 +- .../main/webapp/scripts/modules/XAOverrides.js | 44 ++- .../src/main/webapp/scripts/utils/XAUtils.js | 13 +- .../scripts/views/policies/PermissionList.js | 273 +++++++++++++------ .../views/policies/RangerPolicyCreate.js | 3 + .../scripts/views/policies/RangerPolicyForm.js | 97 +++++-- security-admin/src/main/webapp/styles/xa.css | 3 + 7 files changed, 321 insertions(+), 133 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js index c4911af..5c06ad9 100644 --- a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js +++ b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js @@ -120,7 +120,7 @@ define(function(require) { formObj['resourceOpts'] = resourceOpts; } //same level resources check - var optionsAttrs = []; + var optionsAttrs = [] ,parentResource; if(!_.isUndefined(v.level)){ optionsAttrs = _.filter(config,function(field){ if(field.level == v.level && field.parent == v.parent){ @@ -128,15 +128,16 @@ define(function(require) { } }); } - //TODO - //if policyType is masking then check for supported resources -// if( XAUtils.isMaskingPolicy(form.model.get('policyType')) && optionsAttrs.length > 1 ){ -// var allResourceNames = _.map(optionsAttrs, function(m){ return m.name}); -// var rscNames = allResourceNames.splice(allResourceNames.indexOf(v.name), 1); -// if(_.intersection(allResourceNames, rscNames) != rscNames){ -// optionsAttrs = _.filter(optionsAttrs, function(m){ return $.inArray(m.name, allResourceNames) >= 0;}) -// } -// } + var resourceDef = _.findWhere(optionsAttrs,{'name':v.name}); + //for parent leftnode status + if(v.parent){ + parentResource = _.findWhere(config ,{'name':v.parent}); + } + //show only required resources in acccess policy in order to show their access types + if(!_.isUndefined(v.parent) && !_.isEmpty(v.parent) + && parentResource.isValidLeaf){ + optionsAttrs.unshift({'level':v.level, name:'none',label:'none'}); + } if(optionsAttrs.length > 1){ var optionsTitle = _.map(optionsAttrs,function(field){ return field.name;}); formObj['sameLevelOpts'] = optionsTitle; http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/modules/XAOverrides.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js index f340bee..82a84da 100644 --- a/security-admin/src/main/webapp/scripts/modules/XAOverrides.js +++ b/security-admin/src/main/webapp/scripts/modules/XAOverrides.js @@ -493,7 +493,7 @@ //(edit mode)set values for sameLevel if first option is not selected if(!_.isNull(this.value) && !_.isUndefined(this.value) && !_.isUndefined(this.value.resourceType)){ - var def = _.findWhere(this.form.rangerServiceDefModel.get('resources'), {'name': this.value.resourceType }); + var def = _.findWhere(XAUtil.policyTypeResources(this.form.rangerServiceDefModel , this.model.get('policyType')), {'name': this.value.resourceType}); this.recursiveSupport = def.recursiveSupported; this.excludeSupport = def.excludesSupported; } @@ -522,6 +522,7 @@ }, renderResource : function() { var that = this; + var Vent = require('modules/Vent'); if(!_.isNull(this.value) && !_.isEmpty(this.value)){ this.value.values = _.map(this.value.values, function(val){ return _.escape(val); }); this.$resource.val(this.value.values.toString()) @@ -552,6 +553,10 @@ renderToggles : function() { var XAUtil = require('utils/XAUtils'); var that = this, isExcludes = false, isRecursive = true; + if(this.resourcesAtSameLevel && this.sameLevelOpts[0] == "none" && _.isEmpty(this.value)){ + this.excludeSupport = false; + this.recursiveSupport = false; + } if(this.excludeSupport){ if(!_.isNull(this.value)){ this.value.isExcludes = _.isUndefined(this.value.isExcludes) ? false : this.value.isExcludes; @@ -588,16 +593,16 @@ } else { this.$recursiveSupport.hide(); } - }, renderSameLevelResource : function() { + var Vent = require('modules/Vent'); var that = this, dirtyFieldValue = null; - var XAUtil = require('utils/XAUtils'), localization = require('utils/XALangSupport');; + var XAUtil = require('utils/XAUtils'), localization = require('utils/XALangSupport'); if(!_.isUndefined(this.$resourceType) && this.$resourceType.length > 0){ if(!_.isNull(this.value) && !_.isEmpty(this.value)){ this.$resourceType.val(this.value.resourceType); } - this.$resourceType.on('change', function(e) { + this.$resourceType.on('change', function(e,onChangeResources) { if(!_.isUndefined(that.preserveResourceValues[e.currentTarget.value])){ var val = _.isEmpty(that.preserveResourceValues[e.currentTarget.value]) ? '' : that.preserveResourceValues[e.currentTarget.value].split(','); that.$resource.select2('val', val) @@ -609,21 +614,34 @@ that.value.isRecursive = false; that.$excludeSupport.trigger('toggleOn'); ($(e.currentTarget).addClass('dirtyField')) - //resource are shown if parent is selected or showned that.$el.parents('.control-group').attr('data-name', 'field-'+this.value); - that.formView.trigger('policyForm:parentChildHideShow',true); + //remove error class + that.$el.removeClass('error'); +// if noneFlag is true not trigger parentChildHideShow + if(!onChangeResources){ + that.formView.trigger('policyForm:parentChildHideShow',true, e.currentTarget.value , e); + } if(!_.isUndefined(this.value) && ( XAUtil.capitaliseFirstLetter(this.value) === XAEnums.ResourceType.RESOURCE_UDF.label) ){ XAUtil.alertPopup({ msg :localization.tt('msg.udfPolicyViolation') }); } - //set flags for newly selected resource and re-render - var def = _.findWhere(that.form.rangerServiceDefModel.get('resources'), {'name': this.value}); - that.recursiveSupport = def.recursiveSupported; - if(that.recursiveSupport) that.value.isRecursive = true; - that.excludeSupport = def.excludesSupported; - that.renderToggles(); - +// if value is "none" hide recursive/exclude toggles + if(this.value == "none"){ + that.recursiveSupport = false; + that.excludeSupport = false; + that.renderToggles(); + } + //set flags for newly selected resource and re-render + var def = _.findWhere(XAUtil.policyTypeResources(that.form.rangerServiceDefModel , that.model.get('policyType')), {'name': this.value}); + if(def){ + that.recursiveSupport = def.recursiveSupported; + if(that.recursiveSupport) that.value.isRecursive = true; + that.excludeSupport = def.excludesSupported; + that.renderToggles(); + } + //trigger resource event for showing respective access permissions + Vent.trigger('resourceType:change', changeType = 'resourceType', e.currentTarget.value, e.currentTarget.value, e); }); } }, http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 90b41d8..8fa7fca 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -1341,6 +1341,17 @@ define(function(require) { }; XAUtils.isTagBasedDef = function(def){ return def.get('name') == XAEnums.ServiceType.SERVICE_TAG.label ? true : false; - } + }; + XAUtils.policyTypeResources = function(obj , policyType){ + if(XAUtils.isAccessPolicy(policyType)){ + return obj.get('resources'); + }else{ + if(XAUtils.isMaskingPolicy(policyType)){ + return obj.get('dataMaskDef').resources; + }else{ + return obj.get('rowFilterDef').resources; + } + } + } return XAUtils; }); \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js index df6a2be..73d5417 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js @@ -34,6 +34,7 @@ define(function(require) { var VXUser = require('models/VXUser'); var VXGroupList = require('collections/VXGroupList'); var VXUserList = require('collections/VXUserList'); + var Vent = require('modules/Vent'); require('bootstrap-editable'); require('esprima'); @@ -77,19 +78,19 @@ define(function(require) { }, initialize : function(options) { - _.extend(this, _.pick(options,'accessTypes','policyConditions','rangerServiceDefModel','rangerPolicyType')); + _.extend(this, _.pick(options,'accessTypes','policyConditions','rangerServiceDefModel','rangerPolicyType','rangerPolicyModel','storeResourceRef')); this.setupPermissionsAndConditions(); this.accessPermSetForTagMasking = false; + Vent.on('resourceType:change', this.renderPerms, this); }, onRender : function() { //To setup permissions for edit mode this.setupFormForEditMode(); //create select2 dropdown for groups and users - this.createDropDown(this.ui.selectGroups, true); - this.createDropDown(this.ui.selectUsers, false); + this.createDropDown(this.ui.selectGroups, true); + this.createDropDown(this.ui.selectUsers, false); //groups or users select2 dropdown change vent - this.dropDownChange(this.ui.selectGroups); this.dropDownChange(this.ui.selectUsers); //render permissions and policy conditions @@ -97,7 +98,9 @@ define(function(require) { this.renderPermsForTagBasedPolicies(); // if(XAUtil.isMaskingPolicy(this.rangerPolicyType)) this.renderMaskingTypesForTagBasedPolicies(); } else { - this.renderPerms(); +// To handle scenario : Access permission doesnt changes if we change resource before adding new policy item. + this.renderPerms(this.storeResourceRef.changeType, this.storeResourceRef.value, + this.storeResourceRef.resourceName, this.storeResourceRef.e ); if(XAUtil.isMaskingPolicy(this.rangerPolicyType)){ this.renderMaskingType(); } @@ -185,11 +188,11 @@ define(function(require) { createDropDown :function($select, typeGroup){ var that = this, tags = [], placeholder = (typeGroup) ? 'Select Group' : 'Select User', - searchUrl = (typeGroup) ? "service/xusers/groups" : "service/xusers/users"; + searchUrl = (typeGroup) ? "service/xusers/groups" : "service/xusers/users"; if(this.model.has('editMode') && !_.isEmpty($select.val())){ - var temp = this.model.attributes[ (typeGroup) ? 'groupName': 'userName']; + var temp = this.model.attributes[ (typeGroup) ? 'groupName': 'userName']; _.each(temp , function(name){ - tags.push( { 'id' : _.escape( name ), 'text' : _.escape( name ) } ); + tags.push( { 'id' : _.escape( name ), 'text' : _.escape( name ) } ); }); } $select.select2({ @@ -197,9 +200,9 @@ define(function(require) { placeholder : placeholder, width :'220px', tokenSeparators: [",", " "], - tags : true, + tags : true, initSelection : function (element, callback) { - callback(tags); + callback(tags); }, ajax: { url: searchUrl, @@ -213,9 +216,9 @@ define(function(require) { selectedVals = that.getSelectedValues($select, typeGroup); if(data.resultSize != "0"){ if(typeGroup){ - results = data.vXGroups.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; }); + results = data.vXGroups.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; }); } else { - results = data.vXUsers.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; }); + results = data.vXUsers.map(function(m, i){ return {id : _.escape(m.name), text: _.escape(m.name) }; }); } if(!_.isEmpty(selectedVals)){ results = XAUtil.filterResultByText(results, selectedVals); @@ -223,14 +226,14 @@ define(function(require) { return {results : results}; } return {results : results}; - }, - transport: function (options) { - $.ajax(options).error(function(respones) { - XAUtil.defaultErrorHandler('error',respones); - this.success({ - resultSize : 0 - }); - }); + }, + transport: function (options) { + $.ajax(options).error(function(respones) { + XAUtil.defaultErrorHandler('error',respones); + this.success({ + resultSize : 0 + }); + }); } }, formatResult : function(result){ @@ -244,69 +247,175 @@ define(function(require) { } }).on('select2-focus', XAUtil.select2Focus); }, - renderPerms :function(){ - var that = this; - this.perms = _.map(this.accessTypes,function(m){return {text:m.label, value:m.name};}); + renderPerms :function(changeType, value, resourceName, e){ + var that = this , accessTypeByResource = this.accessTypes; + this.storeResourceRef.changeType = changeType; + this.storeResourceRef.value = value; + this.storeResourceRef.resourceName = resourceName; + this.storeResourceRef.e = e; + //get permissions by resource only for access policy + accessTypeByResource = this.getAccessPermissionForSelectedResource(changeType, value, resourceName, e); + //reset permissions on resource change + if(this.permsIds.length > 0 && !_.isUndefined(changeType) && !_.isUndefined(resourceName)){ + this.permsIds = []; + } + this.perms = _.map(accessTypeByResource , function(m){return {text : m.label, value : m.name};}); if(this.perms.length > 1){ this.perms.push({'value' : -1, 'text' : 'Select/Deselect All'}); } - //create x-editable for permissions - this.ui.addPerms.editable({ - emptytext : 'Add Permissions', - source: this.perms, - value : this.permsIds, - display: function(values,srcData) { - if(_.isNull(values) || _.isEmpty(values) || (_.contains(values,"-1") && values.length == 1)){ - $(this).empty(); - that.model.unset('accesses'); - that.ui.addPermissionsSpan.find('i').attr('class', 'icon-plus'); - that.ui.addPermissionsSpan.attr('title','add'); - return; - } - if(_.contains(values,"-1")){ - values = _.without(values,"-1") - - } -// that.checkDirtyFieldForGroup(values); - - var permTypeArr = []; - var valArr = _.map(values, function(id){ - if(!_.isUndefined(id)){ - var obj = _.findWhere(srcData,{'value' : id}); - permTypeArr.push({permType : obj.value}); - return "<span class='label label-info'>" + obj.text + "</span>"; + //if policy items not present. its skip that items and move forward + if(_.isObject(this.ui.addPerms)){ + this.ui.addPerms.editable("destroy"); + //create x-editable for permissions + this.ui.addPerms.editable({ + emptytext : 'Add Permissions', + source: this.perms, + value : this.permsIds, + display: function(values,srcData) { + if(_.isNull(values) || _.isEmpty(values) || (_.contains(values,"-1") && values.length == 1)){ + $(this).empty(); + that.model.unset('accesses'); + that.ui.addPermissionsSpan.find('i').attr('class', 'icon-plus'); + that.ui.addPermissionsSpan.attr('title','add'); + return; } - }); - var perms = [] - if(that.model.has('accesses')){ - perms = that.model.get('accesses'); - } - - var items=[]; - _.each(that.accessItems, function(item){ - if($.inArray( item.type, values) >= 0){ - item.isAllowed = true; - items.push(item) ; + if(_.contains(values,"-1")){ + values = _.without(values,"-1") } - },this); - // Save form data to model - that.model.set('accesses', items); - - $(this).html(valArr.join(" ")); - that.ui.addPermissionsSpan.find('i').attr('class', 'icon-pencil'); - that.ui.addPermissionsSpan.attr('title','edit'); - }, - }).on('click', function(e) { - e.stopPropagation(); - e.preventDefault(); - that.clickOnPermissions(that); - }); - that.ui.addPermissionsSpan.click(function(e) { - e.stopPropagation(); + //that.checkDirtyFieldForGroup(values); + var permTypeArr = []; + var valArr = _.map(values, function(id){ + if(!_.isUndefined(id)){ + var obj = _.findWhere(that.rangerServiceDefModel.attributes.accessTypes,{'name' : id}); + permTypeArr.push({permType : obj.value}); + return "<span class='label label-info'>" + obj.label + "</span>"; + } + }); + var perms = [] + if(that.model.has('accesses')){ + perms = that.model.get('accesses'); + } + var items=[]; + _.each(that.accessItems, function(item){ + if($.inArray( item.type, values) >= 0){ + item.isAllowed = true; + items.push(item) ; + } + },this); + // Save form data to model + that.model.set('accesses', items); + $(this).html(valArr.join(" ")); + that.ui.addPermissionsSpan.find('i').attr('class', 'icon-pencil'); + that.ui.addPermissionsSpan.attr('title','edit'); + }, + }).on('click', function(e) { + e.stopPropagation(); + e.preventDefault(); + that.clickOnPermissions(that); + }); + that.ui.addPermissionsSpan.click(function(e) { + e.stopImmediatePropagation(); that.$('a[data-js="permissions"]').editable('toggle'); that.clickOnPermissions(that); + }); + } + }, + getAccessPermissionForSelectedResource : function(changeType, value, resourceName, e){ + var resourceDef = _.sortBy(XAUtil.policyTypeResources(this.rangerServiceDefModel , this.rangerPolicyType), function(m){ return m.itemId }), + policyResources = this.rangerPolicyModel.get('resources'), + accessTypeByResource = this.accessTypes, + resourceByLevelObj = _.groupBy(resourceDef, function(m){ + return ( _.isUndefined(m.parent) || m.parent == "" ) ? 'parent' : 'child'; + }); + var parentResources = resourceByLevelObj['parent']; + //find resource child resource edit form opens + if(!_.isUndefined(policyResources) && _.isUndefined(changeType)){ + var parentFound = false, parentName = undefined, resourceNames = _.keys(policyResources); + // if one resource is selected that means which is parent one else find + if(resourceNames.length == 1){ + resourceName = resourceNames[0]; + }else{ + _.each(resourceNames, function(m){ + var parentDef = _.findWhere(resourceByLevelObj['parent'], {'name': m}); + if(parentDef){ + parentFound = true; + parentName = m; + } + }); + for(var i=0;i< resourceDef.length ;i++){ + if($.inArray(resourceDef[i]['name'], resourceNames) >= 0) + if(resourceDef[i]['parent'] == parentName && resourceDef[i]['accessTypeRestrictions']){ + parentName = resourceDef[i]['name']; + i = 0; + } + } + resourceName = parentName; + } + var allowAccessName = _.findWhere(resourceDef, {'name': resourceName}).accessTypeRestrictions; + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return _.contains(allowAccessName , m.name)}); + } + if(!resourceName){ + resourceName = parentResources[0].name; + } + if(resourceName == 'none'){ + resourceName = $(e.currentTarget).parents('div[data-name="field-none"]').attr('parent'); + } + var parentResourceDef = _.findWhere(resourceByLevelObj['parent'], {'name':resourceName }); + if(!_.isUndefined(parentResourceDef)){ + if(_.isArray(parentResourceDef)){ + var foundParent = false, parentName = ''; + for(var i=0;i<resourceDef.length;i++){ + if(resourceDef[i].parent == "" && !foundParent){ + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return $.inArray(m.name, resourceDef[i].accessTypeRestrictions)}); + foundParent = true; + parentName = resourceDef[i]['name']; + } + } + }else{ + //On Parent change + if(parentResourceDef.isValidLeaf){ + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return _.contains(parentResourceDef.accessTypeRestrictions , m.name)}); + }else{ + var childResourceDef = this.childRscDef(resourceByLevelObj['child'] , resourceName); + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return _.contains(childResourceDef.accessTypeRestrictions , m.name)}); + } + } + }else{ + if(changeType == 'resourceType'){ + var def = _.findWhere(resourceDef, {'name': resourceName}); + if(def.isValidLeaf){ + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return _.contains(def.accessTypeRestrictions , m.name)}); + }else{ + var childResourceDef = this.childRscDef(resourceByLevelObj['child'] , resourceName); + accessTypeByResource = _.filter(accessTypeByResource, function(m){ return _.contains(childResourceDef.accessTypeRestrictions , m.name)}); + } + } + } + if(_.isEmpty(accessTypeByResource)){ + accessTypeByResource = this.accessTypes; + } + return accessTypeByResource; + }, + //if parent isValidLeaf is false than check child isvalidLeaf + childRscDef:function(resChild , rscName){ + var childResourcs = _.filter(resChild, function(m){ + return m.parent == rscName }); - + var rscDef , someVal; + someVal = _.some(childResourcs,function(obj){ +// help of this we separate specified(selected) child resource from all childResourcs + var $html = $('[data-name="field-'+obj.name+'"]'); + if($html.length > 0){ + rscName = obj.name; + rscDef = obj; + return true; + } + }); + if(!someVal){ + rscDef = childResourcs[0]; + rscName = childResourcs[0].name; + } + return ((rscDef.isValidLeaf) ? _.findWhere(resChild, {'name':rscName }) : this.childRscDef(resChild , rscName)) }, renderPermsForTagBasedPolicies :function(){ var that = this; @@ -772,8 +881,6 @@ define(function(require) { }); - - return Backbone.Marionette.CompositeView.extend({ _msvName : 'PermissionItemList', template : require('hbs!tmpl/policies/PermissionList'), @@ -798,16 +905,20 @@ define(function(require) { 'accessTypes' : this.accessTypes, 'policyConditions' : this.rangerServiceDefModel.get('policyConditions'), 'rangerServiceDefModel' : this.rangerServiceDefModel, - 'rangerPolicyType' : this.rangerPolicyType + 'rangerPolicyType' : this.rangerPolicyType, + 'storeResourceRef' : this.storeResourceRef, + 'rangerPolicyModel' : this.model, }; }, events : { 'click [data-action="addGroup"]' : 'addNew' }, initialize : function(options) { - _.extend(this, _.pick(options, 'accessTypes','rangerServiceDefModel', 'headerTitle','rangerPolicyType')); - if(this.collection.length == 0) - this.collection.add(new Backbone.Model()); + _.extend(this, _.pick(options, 'accessTypes','rangerServiceDefModel', 'headerTitle','rangerPolicyType')); + if(this.collection.length == 0){ + this.collection.add(new Backbone.Model()) + } + this.storeResourceRef = {}; }, onRender : function(){ this.makePolicyItemSortable(); http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js index 1475dd9..4b15ab7 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyCreate.js @@ -35,6 +35,7 @@ define(function(require){ var RangerPolicycreateTmpl = require('hbs!tmpl/policies/RangerPolicyCreate_tmpl'); var RangerPolicyForm = require('views/policies/RangerPolicyForm'); var RangerServiceDef = require('models/RangerServiceDef'); + var Vent = require('modules/Vent'); var RangerPolicyCreate = Backbone.Marionette.Layout.extend( /** @lends RangerPolicyCreate */ @@ -286,6 +287,8 @@ define(function(require){ /** on close */ onClose: function(){ XAUtil.allowNavigation(); +// clear Vent + Vent._events['resourceType:change']=[]; } }); return RangerPolicyCreate; http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js index 443ecc8..542147f 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js @@ -205,16 +205,27 @@ define(function(require){ if(XAUtil.isMaskingPolicy(this.model.get('policyType')) && XAUtil.isRenderMasking(this.rangerServiceDefModel.get('dataMaskDef'))){ if(!_.isEmpty(this.rangerServiceDefModel.get('dataMaskDef').resources)){ resourceDefList = this.rangerServiceDefModel.get('dataMaskDef').resources; - }else{ - resourceDefList = this.rangerServiceDefModel.get('resources'); + } + } + if(XAUtil.isRowFilterPolicy(this.model.get('policyType')) && XAUtil.isRenderRowFilter(this.rangerServiceDefModel.get('rowFilterDef'))){ + if(!_.isEmpty(this.rangerServiceDefModel.get('rowFilterDef').resources)){ + resourceDefList = this.rangerServiceDefModel.get('rowFilterDef').resources; } } _.each(this.model.get('resources'),function(obj,key){ var resourceDef = _.findWhere(resourceDefList,{'name':key}), - sameLevelResourceDef = []; - if(this.model.get('policyType') == XAEnums.RangerPolicyType.RANGER_ACCESS_POLICY_TYPE.value){ - sameLevelResourceDef = _.where(resourceDefList, {'level': resourceDef.level}); - } + sameLevelResourceDef = [], parentResource ; + sameLevelResourceDef = _.where(resourceDefList, {'level': resourceDef.level}); + //for parent leftnode status + if(resourceDef.parent){ + parentResource = _.findWhere(resourceDefList ,{'name':resourceDef.parent}); + } + if(sameLevelResourceDef.length == 1 && !_.isUndefined(sameLevelResourceDef[0].parent) + && !_.isEmpty(sameLevelResourceDef[0].parent) + && parentResource.isValidLeaf){ +// optionsAttrs.unshift({'level':v.level, name:'none',label:'none'}); + sameLevelResourceDef.push({'level':sameLevelResourceDef[0].level, name:'none',label:'none'}); + } if(sameLevelResourceDef.length > 1){ obj['resourceType'] = key; this.model.set('sameLevel'+resourceDef.level, obj) @@ -290,7 +301,7 @@ define(function(require){ } }, - renderParentChildHideShow : function(onChangeOfSameLevelType) { + renderParentChildHideShow : function(onChangeOfSameLevelType, val, e) { var formDiv = this.$el.find('.policy-form'); if(!this.model.isNew() && !onChangeOfSameLevelType){ _.each(this.selectedResourceTypes, function(val, sameLevelName) { @@ -301,14 +312,39 @@ define(function(require){ } //hide form fields if it's parent is hidden var resources = formDiv.find('.control-group'); - _.each(resources, function(rsrc){ - var parent = $(rsrc).attr('parent') + _.each(resources, function(rsrc , key ){ + var parent = $(rsrc).attr('parent'); + var label = $(rsrc).find('label').html(); + $(rsrc).removeClass('error'); +// remove validation and Required msg + $(rsrc).find('.help-inline').empty(); + $(rsrc).find('.help-block').empty(); if( !_.isUndefined(parent) && ! _.isEmpty(parent)){ - var selector = "div[data-name='field-"+parent+"']" - if(formDiv.find(selector).length > 0 && !formDiv.find(selector).hasClass('hideResource')){ - $(rsrc).removeClass('hideResource'); - }else{ - $(rsrc).addClass('hideResource'); + var selector = "div[data-name='field-"+parent+"']"; + var kclass = formDiv.find(selector).attr('class'); + var label = $(rsrc).find('label').html(); + if(_.isUndefined(kclass) || (kclass.indexOf("field-sameLevel") >= 0 + && formDiv.find(selector).find('select').val() != parent) + || formDiv.find(selector).hasClass('hideResource')){ + $(rsrc).addClass('hideResource'); + $(rsrc).removeClass('error'); +// reset input field to "none" if it is hide + var resorceFieldName = _.pick(this.schema ,this.selectedFields[key]); + if(resorceFieldName[this.selectedFields[key]].sameLevelOpts && _.contains(resorceFieldName[this.selectedFields[key]].sameLevelOpts , 'none') + && formDiv.find(selector).find('select').val() != 'none' && onChangeOfSameLevelType){ +// change trigger and set value to none + $(rsrc).find('select').val("none").trigger('change',"onChangeResources"); + } + }else{ + if($(rsrc).find('select').val() == 'none'){ + $(rsrc).find('input[data-js="resource"]').select2('disable'); + $(rsrc).removeClass('error'); + $(rsrc).find('label').html(label.split('*').join('')); + }else{ + $(rsrc).find('input[data-js="resource"]').select2('enable'); + $(rsrc).find('label').html(label.slice(-1) == '*' ? label : label +"*"); + } + $(rsrc).removeClass('hideResource'); } } },this); @@ -329,26 +365,31 @@ define(function(require){ field.$el.find('.help-inline').empty(); } }else{ - if(!_.isUndefined(this.defaultValidator[key])){ - field.editor.validators = this.defaultValidator[key]; - if($.inArray('required',field.editor.validators) >= 0){ - var label = field.$el.find('label').html(); - field.$el.find('label').html(label+"*"); + if(field.$el.find('select').val() == 'none'){ + field.editor.validators=[]; + this.defaultValidator[key] = field.editor.validators; + field.$el.removeClass('error'); + field.$el.find('.help-inline').empty(); + }else{ + if(!_.isUndefined(this.defaultValidator[key])){ + field.editor.validators.push('required'); + if($.inArray('required',field.editor.validators) >= 0){ + var label = field.$el.find('label').html(); + field.$el.find('label').html(label.slice(-1) == '*' ? label : label +"*"); + } } } } }, this); }, beforeSave : function(){ - var that = this, resources = []; - - var resources = {}; + var that = this, resources = {}; //set sameLevel fieldAttr value with resource name _.each(this.model.attributes, function(val, key) { - if(key.indexOf("sameLevel") >= 0 && !_.isNull(val)){ - this.model.set(val.resourceType,val); - that.model.unset(key); - } + if(key.indexOf("sameLevel") >= 0 && !_.isNull(val)){ + this.model.set(val.resourceType,val); + that.model.unset(key); + } },this); //To set resource values //Check for masking policies @@ -369,7 +410,7 @@ define(function(require){ var rPolicyResource = new RangerPolicyResource(); //single value support // if(! XAUtil.isSinglevValueInput(obj) ){ - if(!_.isUndefined(tmpObj) && _.isObject(tmpObj)){ + if(!_.isUndefined(tmpObj) && _.isObject(tmpObj) && !_.isEmpty(tmpObj.resource)){ rPolicyResource.set('values',tmpObj.resource.split(',')); if(!_.isUndefined(tmpObj.isRecursive)){ rPolicyResource.set('isRecursive', tmpObj.isRecursive) @@ -727,7 +768,7 @@ define(function(require){ } } return this.rangerServiceDefModel.get('resources'); - } + }, }); return RangerPolicyForm; http://git-wip-us.apache.org/repos/asf/ranger/blob/f1fb6315/security-admin/src/main/webapp/styles/xa.css ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css index 22eedf6..4fb0d6e 100644 --- a/security-admin/src/main/webapp/styles/xa.css +++ b/security-admin/src/main/webapp/styles/xa.css @@ -2226,3 +2226,6 @@ td.subgrid-custom-cell{ text-overflow: ellipsis; max-width: 95%; } +.control-group.error .select2-choices{ + border-color: #b85355; +}
