This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 5797bb9541c1bfa84fbfd9bd19dbd635c4928b6f Author: rujia1019 <[email protected]> AuthorDate: Tue Dec 29 20:21:26 2020 +0800 RANGER-3135: optimze log print for querying roles Signed-off-by: pradeep <[email protected]> --- .../main/java/org/apache/ranger/rest/RoleREST.java | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 86cda07..20db16d 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -280,6 +280,9 @@ public class RoleREST { if (ret == null) { throw restErrorUtil.createRESTException("User doesn't have permissions to get details for " + roleName); } + if (ret.getName() == null) { + throw restErrorUtil.createRESTException("Role with name: " + roleName + " does not exist"); + } } catch(WebApplicationException excp) { throw excp; @@ -931,16 +934,17 @@ public class RoleREST { effectiveUser = loggedInUser; } try { - if (!bizUtil.isUserRangerAdmin(effectiveUser)) { - existingRole = roleStore.getRole(roleName); - ensureRoleAccess(effectiveUser, userGroups, existingRole); - - } else { - existingRole = roleStore.getRole(roleName); + existingRole = roleStore.getRole(roleName); + if (!ensureRoleAccess(effectiveUser, userGroups, existingRole)) { + LOG.error("User does not have permission for this operation"); + return null; } } catch (Exception ex) { - LOG.error(ex.getMessage()); - return null; + if (bizUtil.isUserRangerAdmin(effectiveUser)) { + return new RangerRole(); + } else { + return null; + } } return existingRole;
