This is an automated email from the ASF dual-hosted git repository.
mehul pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new 1c488dc RANGER-2674 : Allow service admins to manage tag policies
1c488dc is described below
commit 1c488dc64acfa850da2426c3ed5ffc03397f224c
Author: Dhaval B. Shah <[email protected]>
AuthorDate: Fri Dec 20 18:51:09 2019 +0530
RANGER-2674 : Allow service admins to manage tag policies
Signed-off-by: Mehul Parikh <[email protected]>
---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 47 +++++++++++++++++++++-
1 file changed, 46 insertions(+), 1 deletion(-)
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index 4158900..ccda6ab 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -122,6 +122,7 @@ import org.apache.ranger.entity.XXPolicyLabelMap;
import org.apache.ranger.entity.XXPolicyRefAccessType;
import org.apache.ranger.entity.XXPolicyRefCondition;
import org.apache.ranger.entity.XXPolicyRefResource;
+import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXResourceDef;
import org.apache.ranger.entity.XXSecurityZone;
import org.apache.ranger.entity.XXService;
@@ -190,6 +191,7 @@ import org.apache.ranger.view.VXMetricServiceCount;
import org.apache.ranger.view.VXMetricServiceNameCount;
import org.apache.ranger.view.VXMetricUserGroupCount;
import org.apache.ranger.view.VXPolicyLabelList;
+import org.apache.ranger.view.VXPortalUser;
import org.apache.ranger.view.VXResponse;
import org.apache.ranger.view.VXString;
import org.apache.ranger.view.VXUser;
@@ -331,6 +333,9 @@ public class ServiceDBStore extends AbstractServiceStore {
@Autowired
RangerRoleService roleService;
+ @Autowired
+ UserMgr userMgr;
+
private static volatile boolean legacyServiceDefsInitDone = false;
private Boolean populateExistingBaseFields = false;
@@ -1529,7 +1534,6 @@ public class ServiceDBStore extends AbstractServiceStore {
configValue = paddedEncryptedPwd;
}
}
-
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap =
rangerAuditFields.populateAuditFields(xConfMap, xCreatedService);
xConfMap.setServiceId(xCreatedService.getId());
@@ -1540,6 +1544,7 @@ public class ServiceDBStore extends AbstractServiceStore {
xConfMap.setConfigvalue(configValue);
xConfMap = xConfMapDao.create(xConfMap);
}
+ updateTabPermissions(service.getType(), validConfigs);
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
@@ -1740,6 +1745,7 @@ public class ServiceDBStore extends AbstractServiceStore {
xConfMap.setConfigvalue(configValue);
xConfMapDao.create(xConfMap);
}
+ updateTabPermissions(service.getType(), validConfigs);
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
@@ -1800,6 +1806,45 @@ public class ServiceDBStore extends AbstractServiceStore
{
bizUtil.createTrxLog(trxLogList);
}
+ private void updateTabPermissions(String svcType, Map<String, String>
svcConfig) {
+ if (StringUtils.equalsIgnoreCase(svcType,
EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
+ String svcAdminUsers =
svcConfig.get(SERVICE_ADMIN_USERS);
+ if (StringUtils.isNotEmpty(svcAdminUsers)) {
+ for (String user : svcAdminUsers.split(",")) {
+
validateUserAndProvideTabTagBasedPolicyPermission(user.trim());
+ }
+ }
+ }
+
+ }
+
+ private void validateUserAndProvideTabTagBasedPolicyPermission(String
username){
+ XXPortalUser xxPortalUser =
daoMgr.getXXPortalUser().findByLoginId(username);
+ if (xxPortalUser == null) {
+ throw restErrorUtil
+ .createRESTException(
+ "Username : "
+ +
username
+ + "
does not exist. Please provide valid user as service admin for tag service .",
+
MessageEnums.ERROR_CREATING_OBJECT);
+ } else {
+ VXPortalUser vXPortalUser = userMgr
+
.mapXXPortalUserToVXPortalUserForDefaultAccount(xxPortalUser);
+ if
(CollectionUtils.isNotEmpty(vXPortalUser.getUserRoleList())
+ &&
vXPortalUser.getUserRoleList().size() == 1) {
+ for (String userRole :
vXPortalUser.getUserRoleList()) {
+ if
(userRole.equals(RangerConstants.ROLE_USER)) {
+ HashMap<String, Long>
moduleNameId = xUserMgr
+
.getAllModuleNameAndIdMap();
+
xUserMgr.createOrUpdateUserPermisson(
+ vXPortalUser,
+
moduleNameId.get(RangerConstants.MODULE_TAG_BASED_POLICIES),true);
+ }
+ }
+ }
+ }
+ }
+
private void restrictIfZoneService(RangerService service)
{
String serviceName = service.getName();
