This is an automated email from the ASF dual-hosted git repository.

pradeepagrawal8184 pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new bfa621a25 RANGER-5624: Fix inconsistent updatedBy masking in groupName 
API (#993)
bfa621a25 is described below

commit bfa621a251395a5a540ea992cb2b5ac5a5a9f9b2
Author: KRISHNA CHAITANYA MUTTEVI 
<[email protected]>
AuthorDate: Tue Jul 7 12:28:59 2026 +0530

    RANGER-5624: Fix inconsistent updatedBy masking in groupName API (#993)
---
 .../java/org/apache/ranger/rest/XUserREST.java     | 27 ++-----------------
 .../java/org/apache/ranger/rest/TestXUserREST.java | 30 +++-------------------
 2 files changed, 6 insertions(+), 51 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index 00d1e66fb..ced8b4227 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -38,7 +38,6 @@
 import org.apache.ranger.common.annotation.RangerAnnotationClassName;
 import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
 import org.apache.ranger.db.RangerDaoManager;
-import org.apache.ranger.entity.XXGroup;
 import org.apache.ranger.entity.XXService;
 import org.apache.ranger.entity.XXServiceDef;
 import org.apache.ranger.plugin.model.RangerPluginInfo;
@@ -855,30 +854,8 @@ public VXUser getXUserByUserName(@Context 
HttpServletRequest request, @PathParam
     @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + 
RangerAPIList.GET_X_GROUP_BY_GROUP_NAME + "\")")
     public VXGroup getXGroupByGroupName(@Context HttpServletRequest request, 
@PathParam("groupName") String groupName) {
         VXGroup         vXGroup     = 
xGroupService.getGroupByGroupName(groupName);
-        UserSessionBase userSession = ContextUtil.getCurrentUserSession();
-
-        // Plain ROLE_USER may only fetch groups they belong to; not config 
super-users.
-        if (userSession != null && userSession.getLoginId() != null && 
userSession.isSingleRoleUserSession()) {
-            VXUser  loggedInVXUser = 
xUserService.getXUserByUserName(userSession.getLoginId());
-            boolean isMatch        = false;
-
-            if (loggedInVXUser != null && vXGroup != null) {
-                List<XXGroup> userGroups = 
xGroupService.getGroupsByUserId(loggedInVXUser.getId());
-
-                for (XXGroup xXGroup : userGroups) {
-                    if (xXGroup != null && 
StringUtils.equals(xXGroup.getName(), vXGroup.getName())) {
-                        isMatch = true;
-                        break;
-                    }
-                }
-            }
-
-            if (!isMatch) {
-                vXGroup = null;
-            }
-        }
-
-        return vXGroup;
+        Long id = vXGroup.getId();
+        return xUserMgr.getXGroup(id);
     }
 
     @DELETE
diff --git 
a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
index 8f269fffd..26925bf62 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
@@ -693,18 +693,15 @@ public void test62getXUserByUserName() {
 
     @Test
     public void test63getXGroupByGroupName() {
-        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
-
         VXGroup compareTestVXGroup = createVXGroup();
-
         
Mockito.when(xGroupService.getGroupByGroupName(compareTestVXGroup.getName())).thenReturn(compareTestVXGroup);
-
+        
Mockito.when(xUserMgr.getXGroup(compareTestVXGroup.getId())).thenReturn(compareTestVXGroup);
         VXGroup retVxGroup = xUserRest.getXGroupByGroupName(request, 
compareTestVXGroup.getName());
-
         Assertions.assertNotNull(retVxGroup);
-        Assertions.assertEquals(compareTestVXGroup.getClass(), 
compareTestVXGroup.getClass());
-        Assertions.assertEquals(compareTestVXGroup.getId(), 
compareTestVXGroup.getId());
+        Assertions.assertEquals(compareTestVXGroup.getId(), 
retVxGroup.getId());
+        Assertions.assertEquals(compareTestVXGroup.getName(), 
retVxGroup.getName());
         
Mockito.verify(xGroupService).getGroupByGroupName(compareTestVXGroup.getName());
+        Mockito.verify(xUserMgr).getXGroup(compareTestVXGroup.getId());
     }
 
     @Test
@@ -2345,25 +2342,6 @@ public void 
test159getXGroupUsersByGroupNameWithNullResult() {
         Mockito.verify(xUserMgr).getXGroupUserFromMap(groupName);
     }
 
-    @Test
-    public void test160getXGroupByGroupNameWithNullUser() {
-        HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
-        String groupName = "testGroup";
-        VXGroup vXGroup = createVXGroup();
-        vXGroup.setName(groupName);
-
-        RangerSecurityContext context = new RangerSecurityContext();
-        context.setUserSession(null);
-        RangerContextHolder.setSecurityContext(context);
-
-        
Mockito.when(xGroupService.getGroupByGroupName(groupName)).thenReturn(vXGroup);
-
-        VXGroup result = xUserRest.getXGroupByGroupName(request, groupName);
-
-        Assertions.assertEquals(vXGroup, result);
-        Mockito.verify(xGroupService).getGroupByGroupName(groupName);
-    }
-
     @Test
     public void test161getXUserByUserNameWithNullResult() {
         HttpServletRequest request = Mockito.mock(HttpServletRequest.class);

Reply via email to