This is an automated email from the ASF dual-hosted git repository. mehul pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5b23eff7d1ce5b4cbd0fa1b7ad4709f7e48cd10f Author: Dineshkumar Yadav <[email protected]> AuthorDate: Wed Apr 8 12:12:35 2020 +0530 RANGER-2772 : added functionality to marge role while using mergeIfExists parameter Signed-off-by: Mehul Parikh <[email protected]> --- .../java/org/apache/ranger/rest/ServiceREST.java | 4 ++-- .../org/apache/ranger/rest/ServiceRESTUtil.java | 22 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index 38b4982..82e67e6 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1687,12 +1687,12 @@ public class ServiceREST { } if (StringUtils.isNotBlank(zoneName)) { existingPolicy = getPolicyByNameAndZone(policy.getService(), policy.getName(), policy.getZoneName()); - if(existingPolicy==null) { + if (existingPolicy == null && policy.getGuid() != null) { existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), policy.getZoneName()); } } else { existingPolicy = getPolicyByName(policy.getService(), policy.getName()); - if(existingPolicy==null) { + if (existingPolicy == null && policy.getGuid() != null) { existingPolicy = getPolicyByGuid(policy.getGuid(), policy.getService(), null); } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java index d85028c..640d3c3 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceRESTUtil.java @@ -329,8 +329,8 @@ public class ServiceRESTUtil { // Split existing policyItems for users and groups extracted from appliedPolicyItem into userPolicyItems and groupPolicyItems splitExistingPolicyItems(existingPolicy, users, userPolicyItems, groups, groupPolicyItems, roles, rolePolicyItems); - // Apply policyItems of given type in appliedPolicy to policyItems extracted from existingPolicy - mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems); + // Apply policyItems of given type in appliedPlicy to policyItems extracted from existingPolicy + mergePolicyItems(appliedPolicyItems, policyItemType, userPolicyItems, groupPolicyItems, rolePolicyItems); // Add modified/new policyItems back to existing policy mergeProcessedPolicyItems(existingPolicy, userPolicyItems, groupPolicyItems, rolePolicyItems); compactPolicy(existingPolicy); @@ -422,7 +422,6 @@ public class ServiceRESTUtil { policyItem = splitAndGetConsolidatedPolicyItemForGroup(denyExceptionItems, group); value[POLICYITEM_TYPE.DENY_EXCEPTIONS.ordinal()] = policyItem; } - for (String role : roles) { RangerPolicy.RangerPolicyItem value[] = rolePolicyItems.get(role); if (value == null) { @@ -666,7 +665,8 @@ public class ServiceRESTUtil { static private void mergePolicyItems(List<RangerPolicy.RangerPolicyItem> appliedPolicyItems, POLICYITEM_TYPE policyItemType, Map<String, RangerPolicy.RangerPolicyItem[]> existingUserPolicyItems, - Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems) { + Map<String, RangerPolicy.RangerPolicyItem[]> existingGroupPolicyItems, + Map<String, RangerPolicy.RangerPolicyItem[]> existingRolePolicyItems ) { if (LOG.isDebugEnabled()) { LOG.debug("==> ServiceRESTUtil.mergePolicyItems()"); } @@ -696,6 +696,20 @@ public class ServiceRESTUtil { addPolicyItemForGroup(items, policyItemType.ordinal(), group, policyItem); } } + + for (RangerPolicy.RangerPolicyItem policyItem : appliedPolicyItems) { + List<String> roles = policyItem.getRoles(); + for (String role : roles) { + RangerPolicy.RangerPolicyItem[] items = existingRolePolicyItems.get(role); + if (items == null) { + // Should not get here + items = new RangerPolicy.RangerPolicyItem[4]; + existingRolePolicyItems.put(role, items); + } + addPolicyItemForRole(items, policyItemType.ordinal(), role, policyItem); + } + } + if (LOG.isDebugEnabled()) { LOG.debug("<== ServiceRESTUtil.mergePolicyItems()"); }
