This is an automated email from the ASF dual-hosted git repository.

abhay pushed a commit to branch ranger-2.0
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/ranger-2.0 by this push:
     new 06b4659  RANGER-2518: RANGER-2518: Allow service creator to delete the 
service
06b4659 is described below

commit 06b46597108132316ccfc9bf4af0805454e26aec
Author: Pradeep <[email protected]>
AuthorDate: Wed Jul 31 15:37:49 2019 -0700

    RANGER-2518: RANGER-2518: Allow service creator to delete the service
---
 .../java/org/apache/ranger/biz/RangerBizUtil.java  |  9 ++-
 .../java/org/apache/ranger/biz/ServiceDBStore.java |  2 +-
 .../java/org/apache/ranger/rest/ServiceREST.java   | 64 ++++++++++++----------
 .../apache/ranger/service/XResourceService.java    |  2 +-
 .../ranger/service/XUgsyncAuditInfoService.java    |  2 +-
 .../org/apache/ranger/rest/TestServiceREST.java    | 12 ++++
 6 files changed, 58 insertions(+), 33 deletions(-)

diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 0ad7df2..d49ea98 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -1339,13 +1339,17 @@ public class RangerBizUtil {
 
                if (!session.isKeyAdmin() && !session.isUserAdmin()) {
                        throw restErrorUtil.createRESTException(
-                                       "User is not allowed to update 
service-def, only Admin can create/update/delete " + objType,
+                                       "This user is not allowed this 
operation. Only users with Admin permission have access to this operation " + 
objType,
                                        MessageEnums.OPER_NO_PERMISSION);
                }
        }
 
        public void hasKMSPermissions(String objType, String implClassName) {
                UserSessionBase session = ContextUtil.getCurrentUserSession();
+               if (session == null) {
+                       throw restErrorUtil.createRESTException("UserSession 
cannot be null, only KeyAdmin can create/update/delete "
+                                       + objType, 
MessageEnums.OPER_NO_PERMISSION);
+               }
 
                if (session.isKeyAdmin() && 
!EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClassName)) {
                        throw restErrorUtil.createRESTException("KeyAdmin can 
create/update/delete only KMS " + objType,
@@ -1461,6 +1465,9 @@ public class RangerBizUtil {
 
        public boolean hasModuleAccess(String moduleName) {
                UserSessionBase currentUserSession = 
ContextUtil.getCurrentUserSession();
+               if(currentUserSession == null) {
+                       return false;
+               }
                if(!currentUserSession.isUserAdmin() && 
!currentUserSession.isAuditUserAdmin()) {
                        
if(!currentUserSession.getRangerUserPermission().getUserPermissions().contains(moduleName))
 {
                                return false;
diff --git 
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 8420233..ef22354 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -3981,7 +3981,7 @@ public class ServiceDBStore extends AbstractServiceStore {
        public void putMetaDataInfo(RangerExportPolicyList 
rangerExportPolicyList){
                Map<String, Object> metaDataInfo = new LinkedHashMap<String, 
Object>();
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
-               String userId = usb.getLoginId();
+               String userId = usb!=null ? usb.getLoginId() : null;
                
                metaDataInfo.put(HOSTNAME, LOCAL_HOSTNAME);
                metaDataInfo.put(USER_NAME, userId);
diff --git 
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index b06273c..348d072 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -798,40 +798,46 @@ public class ServiceREST {
                        }
                        RangerServiceValidator validator = 
validatorFactory.getServiceValidator(svcStore);
                        validator.validate(id, Action.DELETE);
-
-                       bizUtil.hasAdminPermissions("Services");
-
-                       // TODO: As of now we are allowing SYS_ADMIN to create 
all the
-                       // services including KMS
-
-                       XXService service = 
daoManager.getXXService().getById(id);
-                       if (service != null) {
-                               EmbeddedServiceDefsUtil embeddedServiceDefsUtil 
= EmbeddedServiceDefsUtil.instance();
-                               if 
(service.getType().equals(embeddedServiceDefsUtil.getTagServiceDefId())) {
-                                       List<XXService> referringServices = 
daoManager.getXXService().findByTagServiceId(id);
-                                       if 
(!CollectionUtils.isEmpty(referringServices)) {
-                                               Set<String> 
referringServiceNames = new HashSet<String>();
-                                               for (XXService xXService : 
referringServices) {
-                                                       
referringServiceNames.add(xXService.getName());
-                                                       if 
(referringServiceNames.size() >= 10) {
-                                                               break;
+                       UserSessionBase session = 
ContextUtil.getCurrentUserSession();
+                       if (session != null) {
+                               XXService service = 
daoManager.getXXService().getById(id);
+                               if (service != null) {
+                                       //if logged-in user is not the service 
creator then check admin priv.
+                                       if 
(!session.getUserId().equals(service.getAddedByUserId())) {
+                                               
bizUtil.hasAdminPermissions("Services");
+                                       }
+                                       EmbeddedServiceDefsUtil 
embeddedServiceDefsUtil = EmbeddedServiceDefsUtil.instance();
+                                       if 
(service.getType().equals(embeddedServiceDefsUtil.getTagServiceDefId())) {
+                                               List<XXService> 
referringServices = daoManager.getXXService().findByTagServiceId(id);
+                                               if 
(!CollectionUtils.isEmpty(referringServices)) {
+                                                       Set<String> 
referringServiceNames = new HashSet<String>();
+                                                       for (XXService 
xXService : referringServices) {
+                                                               
referringServiceNames.add(xXService.getName());
+                                                               if 
(referringServiceNames.size() >= 10) {
+                                                                       break;
+                                                               }
+                                                       }
+                                                       if 
(referringServices.size() <= 10) {
+                                                               throw 
restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is 
being referenced by " + referringServices.size() + " services: " + 
referringServiceNames, MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
+                                                       } else {
+                                                               throw 
restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is 
being referenced by " + referringServices.size() + " services: " + 
referringServiceNames + " and more..", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                                                        }
-                                               }
-                                               if (referringServices.size() <= 
10) {
-                                                       throw 
restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is 
being referenced by " + referringServices.size() + " services: " + 
referringServiceNames, MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
-                                               } else {
-                                                       throw 
restErrorUtil.createRESTException("Tag service '" + service.getName() + "' is 
being referenced by " + referringServices.size() + " services: " + 
referringServiceNames + " and more..", MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);
                                                }
                                        }
-                               }
-                               XXServiceDef xxServiceDef = 
daoManager.getXXServiceDef().getById(service.getType());
-                               bizUtil.hasKMSPermissions("Service", 
xxServiceDef.getImplclassname());
-                               bizUtil.blockAuditorRoleUser();
-                               
tagStore.deleteAllTagObjectsForService(service.getName());
+                                       XXServiceDef xxServiceDef = 
daoManager.getXXServiceDef().getById(service.getType());
+                                       if 
(!session.getUserId().equals(service.getAddedByUserId())) {
+                                               
bizUtil.hasKMSPermissions("Service", xxServiceDef.getImplclassname());
+                                               bizUtil.blockAuditorRoleUser();
+                                       }
+                                       
tagStore.deleteAllTagObjectsForService(service.getName());
 
-                               svcStore.deleteService(id);
+                                       svcStore.deleteService(id);
+                               } else {
+                                       LOG.error("Cannot retrieve service:[" + 
id + "] for deletion");
+                                       throw new Exception("deleteService(" + 
id + ") failed");
+                               }
                        } else {
-                               LOG.error("Cannot retrieve service:[" + id + "] 
for deletion");
+                               LOG.error("Cannot retrieve user session.");
                                throw new Exception("deleteService(" + id + ") 
failed");
                        }
                } catch(WebApplicationException excp) {
diff --git 
a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java 
b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
index 43a855e..57b20b7 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/service/XResourceService.java
@@ -357,7 +357,7 @@ public class XResourceService extends
                UserSessionBase currentUserSession = ContextUtil
                                .getCurrentUserSession();
                // If user is system admin
-               if (currentUserSession.isUserAdmin()) {
+               if (currentUserSession != null && 
currentUserSession.isUserAdmin()) {
                        returnList = super.searchXResources(searchCriteria);
                        
                } else {// need to be optimize
diff --git 
a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 
b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
index d613c70..7fa96fb 100644
--- 
a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
+++ 
b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
@@ -144,7 +144,7 @@ public class XUgsyncAuditInfoService extends 
XUgsyncAuditInfoServiceBase<XXUgsyn
 
        public VXUgsyncAuditInfo createUgsyncAuditInfo(VXUgsyncAuditInfo 
vxUgsyncAuditInfo) {
 
-               Long sessionId = 
ContextUtil.getCurrentUserSession().getSessionId();
+               Long sessionId = ContextUtil.getCurrentUserSession() != null ? 
ContextUtil.getCurrentUserSession().getSessionId() : null;
                if (sessionId != null) {
                        vxUgsyncAuditInfo.setSessionId("" + sessionId);
                }
diff --git 
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 34be7e9..a7e19bf 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -1817,6 +1817,18 @@ public class TestServiceREST {
                xService.setType(embeddedServiceDefsUtil.getTagServiceDefId());
                XXServiceDao xServiceDao = Mockito.mock(XXServiceDao.class);
 
+               String userLoginID = "testuser";
+               Long userId = 8L;
+               RangerSecurityContext context = new RangerSecurityContext();
+               context.setUserSession(new UserSessionBase());
+               RangerContextHolder.setSecurityContext(context);
+               UserSessionBase session = ContextUtil.getCurrentUserSession();
+               session.setUserAdmin(true);
+               XXPortalUser xXPortalUser = new XXPortalUser();
+               xXPortalUser.setLoginId(userLoginID);
+               xXPortalUser.setId(userId);
+               session.setXXPortalUser(xXPortalUser);
+
                
Mockito.when(validatorFactory.getServiceValidator(svcStore)).thenReturn(serviceValidator);
                Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
                
Mockito.when(xServiceDao.findByTagServiceId(Mockito.anyLong())).thenReturn(referringServices);

Reply via email to