Repository: incubator-ranger Updated Branches: refs/heads/stack ea89bb5f4 -> 81cfaef6d
RANGER-203: Policy implementation updated to support permissions & policy condition Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/81cfaef6 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/81cfaef6 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/81cfaef6 Branch: refs/heads/stack Commit: 81cfaef6d7c3e2a5c63c56e36dab0381788c08be Parents: ea89bb5 Author: Gautam Borad <[email protected]> Authored: Tue Jan 13 17:33:20 2015 -0800 Committer: Madhan Neethiraj <[email protected]> Committed: Tue Jan 13 17:33:20 2015 -0800 ---------------------------------------------------------------------- .../ranger/plugin/model/RangerServiceDef.java | 38 +- .../service-defs/ranger-servicedef-hbase.json | 8 +- .../service-defs/ranger-servicedef-hdfs.json | 2 - .../service-defs/ranger-servicedef-hive.json | 10 +- .../service-defs/ranger-servicedef-knox.json | 4 +- .../service-defs/ranger-servicedef-storm.json | 2 +- .../scripts/models/BackboneFormDataType.js | 23 +- .../scripts/modules/globalize/message/en.js | 5 +- .../src/main/webapp/scripts/utils/XAUtils.js | 78 +++- .../scripts/views/policies/GroupPermList.js | 378 ++++++++++--------- .../scripts/views/policies/RangerPolicyForm.js | 116 ++---- .../views/policies/RangerPolicyTableLayout.js | 2 +- .../scripts/views/policies/UserPermList.js | 34 +- security-admin/src/main/webapp/styles/xa.css | 11 +- .../templates/policies/GroupPermItem.html | 33 +- .../templates/policies/GroupPermList.html | 2 +- .../policies/RangerPolicyForm_tmpl.html | 11 +- .../webapp/templates/policies/UserPermItem.html | 12 +- 18 files changed, 416 insertions(+), 353 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java index e701762..f1fe7a8 100644 --- a/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java +++ b/plugin-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceDef.java @@ -635,7 +635,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** - * @param uiType the type to set + * @param type the type to set */ public void setSubType(String subType) { this.subType = subType; @@ -756,6 +756,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S private static final long serialVersionUID = 1L; private String name = null; + private String type = null; private Integer level = null; private String parent = null; private Boolean mandatory = null; @@ -766,7 +767,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S private String matcherOptions = null; private String label = null; private String description = null; - private String uiType = null; private String rbKeyLabel = null; private String rbKeyDescription = null; @@ -775,8 +775,9 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S this(null, null, null, null, null, null, null, null, null, null, null, null, null, null); } - public RangerResourceDef(String name, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String uiType, String rbKeyLabel, String rbKeyDescription) { + public RangerResourceDef(String name, String type, Integer level, String parent, Boolean mandatory, Boolean lookupSupported, Boolean recursiveSupported, Boolean excludesSupported, String matcher, String matcherOptions, String label, String description, String rbKeyLabel, String rbKeyDescription) { setName(name); + setType(type); setLevel(level); setParent(parent); setMandatory(mandatory); @@ -787,7 +788,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S setMatcher(matcherOptions); setLabel(label); setDescription(description); - setUIType(uiType); setRbKeyLabel(rbKeyLabel); setRbKeyDescription(rbKeyDescription); } @@ -807,6 +807,20 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** + * @return the type + */ + public String getType() { + return type; + } + + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** * @return the level */ public Integer getLevel() { @@ -947,20 +961,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S } /** - * @return the uiType - */ - public String getUIType() { - return uiType; - } - - /** - * @param uiType the uiType to set - */ - public void setUIType(String uiType) { - this.uiType = uiType; - } - - /** * @return the rbKeyLabel */ public String getRbKeyLabel() { @@ -1000,6 +1000,7 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S public StringBuilder toString(StringBuilder sb) { sb.append("RangerResourceDef={"); sb.append("name={").append(name).append("} "); + sb.append("type={").append(type).append("} "); sb.append("level={").append(level).append("} "); sb.append("parent={").append(parent).append("} "); sb.append("mandatory={").append(mandatory).append("} "); @@ -1010,7 +1011,6 @@ public class RangerServiceDef extends RangerBaseModelObject implements java.io.S sb.append("matcherOptions={").append(matcherOptions).append("} "); sb.append("label={").append(label).append("} "); sb.append("description={").append(description).append("} "); - sb.append("uiType={").append(uiType).append("} "); sb.append("rbKeyLabel={").append(rbKeyLabel).append("} "); sb.append("rbKeyDescription={").append(rbKeyDescription).append("} "); sb.append("}"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json index 20911c7..f9ead37 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hbase.json @@ -33,9 +33,9 @@ ], "resources": [ - {"name":"table","type":"select2","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"}, - {"name":"column-family","type":"select2","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"}, - {"name":"column","type":"select2","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"} + {"name":"table","type":"string","level":1,"parent":"","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Table","description":"HBase Table"}, + {"name":"column-family","type":"string","level":2,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column-family","description":"HBase Column-family"}, + {"name":"column","type":"string","level":3,"parent":"column-family","mandatory":true,"lookupSupported":false,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"HBase Column","description":"HBase Column"} ], "accessTypes": [ @@ -46,7 +46,5 @@ ], "policyConditions": [ - { - } ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json index 907b6d3..adf4a29 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hdfs.json @@ -55,7 +55,5 @@ ], "policyConditions": [ - { - } ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json index c18f0a0..81cf928 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-hive.json @@ -21,10 +21,10 @@ ], "resources": [ - {"name":"database","type":"select2","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, - {"name":"table","type":"select2","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, - {"name":"udf","type":"select2","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"}, - {"name":"column","type":"select2","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"} + {"name":"database","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Database","description":"Hive Database"}, + {"name":"table","type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Table","description":"Hive Table"}, + {"name":"udf","type":"string","level":2,"parent":"database","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive UDF","description":"Hive UDF"}, + {"name":"column","type":"string","level":3,"parent":"table","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Hive Column","description":"Hive Column"} ], "accessTypes": [ @@ -39,7 +39,5 @@ ], "policyConditions": [ - { - } ] } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json index d12b9c9..7ce09ff 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-knox.json @@ -20,8 +20,8 @@ ], "resources": [ - {"name":"topology","type":"select2","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"}, - {"name":"service","type":"select2","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"} + {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Topology","description":"Knox Topology"}, + {"name":"service","type":"string","level":2,"parent":"topology","mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Knox Service","description":"Knox Service"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json ---------------------------------------------------------------------- diff --git a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json index 5475dea..6a7d8bb 100644 --- a/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json +++ b/plugin-common/src/main/resources/service-defs/ranger-servicedef-storm.json @@ -20,7 +20,7 @@ ], "resources": [ - {"name":"topology","type":"select2","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"} + {"name":"topology","type":"string","level":1,"mandatory":true,"lookupSupported":true,"matcher":"org.apache.ranger.plugin.resourcematcher.RangerDefaultResourceMatcher","matcherOptions":"wildCard=true;ignoreCase=true","label":"Storm Topology","description":"Storm Topology"} ], "accessTypes": [ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js index 6a040af..7b02ef9 100644 --- a/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js +++ b/security-admin/src/main/webapp/scripts/models/BackboneFormDataType.js @@ -30,7 +30,19 @@ define(function(require) { if (v != null) { var formObj = {}; switch (v.type) { - case 'string':formObj.type = 'Text';break; + case 'string': + if(!_.isUndefined(v.lookupSupported) && v.lookupSupported ){ + formObj.type = 'Select2Remote'; + formObj.pluginAttr = form.getPlugginAttr(false), + formObj.editorAttrs = {'data-placeholder': v.label }, + formObj.options = function(callback, editor){ + callback(); + }, + formObj.onFocusOpen = true + }else{ + formObj.type = 'Text'; + } + break; case 'bool': formObj.type = 'Checkbox'; formObj.options = { y : 'Yes',n : 'No'}; @@ -41,15 +53,6 @@ define(function(require) { formObj.type = 'Select'; formObj.options = _.pluck(_.compact(enumObj.elements),'label'); break; - case 'select2' : - formObj.type = 'Select2Remote'; - formObj.pluginAttr = form.getPlugginAttr(false), - formObj.editorAttrs = {'data-placeholder': v.label }, - formObj.options = function(callback, editor){ - callback(); - }, - formObj.onFocusOpen = true - break; case 'path' : formObj.type = 'Text'; form.initilializePathPlugin = true; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index 85ae4b0..fa39365 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -206,7 +206,7 @@ define(function(require) { topologyName : 'Topology Name', serivceName : 'Service Name', ipAddress : 'IP Address', - + delegatedAdmin : 'Delegate Admin' }, btn : { add : 'Add', @@ -258,7 +258,8 @@ define(function(require) { searchForPolicy :"Search for your policy...", searchForYourUser :"Search for your users...", searchForYourGroup :"Search for your groups...", - access : 'Access' + access : 'Access', + policyCondition : 'Policy Condtions' }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 41ebe43..24850a7 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -305,6 +305,13 @@ define(function(require) { }); }; + XAUtils.filterResultByText = function(results , selectedVals){ + return _.filter(results,function(obj){ + if($.inArray(obj.text,selectedVals) < 0) + return obj; + + }); + }; XAUtils.scrollToField = function(field){ $("html, body").animate({ scrollTop: field.position().top-80 @@ -376,14 +383,18 @@ define(function(require) { if(!model.isNew()){ if(!_.isUndefined(model.get('policyItems'))){ var policyItems = model.get('policyItems'); - var groupPolicyItems = _.filter(policyItems,function(m){if(!_.isEmpty(m.groups)) return m;}); - _.each(groupPolicyItems,function(obj){ +// var groupPolicyItems = _.filter(policyItems,function(m){if(!_.isEmpty(m.groups)) return m;}); + _.each(policyItems,function(obj){ + var groupNames = null, userNames = null; + if(!_.isEmpty(obj.groups)) groupNames = obj.groups.join(','); + if(!_.isEmpty(obj.users)) userNames = obj.users.join(','); var m = new Backbone.Model({ -// groupId : groupIds.join(','), - groupName : obj.groups.join(','), -// ipAddress : values[0].ipAddress, + groupName : groupNames, + userName : userNames, + accesses : obj.accesses, + conditions : obj.conditions, + delegateAdmin: obj.delegateAdmin, editMode : true, - accesses : obj.accesses }); formInputColl.add(m); @@ -409,7 +420,8 @@ define(function(require) { userName : obj.users.join(','), // ipAddress : values[0].ipAddress, editMode : true, - accesses : obj.accesses + accesses : obj.accesses, + conditions : obj.conditions }); coll.add(m); @@ -643,5 +655,57 @@ define(function(require) { that.$(that.rForm.el).removeClass("policy-disabled"); } }; + XAUtils.customXEditableForPolicyCond = function(template) { +// $.fn.editable.defaults.mode = 'inline'; + var PolicyConditions = function (options) { + this.init('policyConditions', options, PolicyConditions.defaults); + }; + + //inherit from Abstract input + $.fn.editableutils.inherit(PolicyConditions, $.fn.editabletypes.abstractinput); + + $.extend(PolicyConditions.prototype, { + render: function() { + this.$input = this.$tpl.find('input'); + }, + + value2str: function(value) { + var str = ''; + if(value) { + for(var k in value) { + str = str + k + ':' + value[k] + ';'; + } + } + return str; + }, + + value2input: function(value) { + _.each(value, function(val,name){ + this.$input.filter('[name='+name+']').val(value[name]); + },this); + }, + + input2value: function() { + var obj={}; + _.each(this.$input,function(input){ + var name = input.name; + var val = this.$input.filter('[name="'+name+'"]').val() + obj[name] = val; + },this); + + return obj; + }, + activate: function() { + this.$input.first().focus() + }, + }); + + PolicyConditions.defaults = $.extend({}, $.fn.editabletypes.abstractinput.defaults, { + tpl: template, + + inputclass: '' + }); + $.fn.editabletypes.policyConditions = PolicyConditions; + }; return XAUtils; }); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/views/policies/GroupPermList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/GroupPermList.js b/security-admin/src/main/webapp/scripts/views/policies/GroupPermList.js index 2f15b58..3fe0a6e 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/GroupPermList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/GroupPermList.js @@ -37,128 +37,150 @@ define(function(require) { tagName : 'tr', templateHelpers : function(){ - return { - permissions : this.accessTypes,//this.getPerms(), - policyKnox : this.policyType == XAEnums.ServiceType.Service_KNOX.value ? true :false, -// policyStorm : this.policyType == XAEnums.ServiceType.Service_STORM.value ? true :false, + permissions : this.accessTypes, + policyConditions: this.policyConditions, isModelNew : !this.model.has('editMode'), - stormPerms : this.stormPermsIds.length == 14 ? _.union(this.stormPermsIds,[-1]) : this.stormPermsIds - + perms : this.permsIds.length == 14 ? _.union(this.permsIds,[-1]) : this.permsIds, }; }, ui : { selectGroups : '[data-js="selectGroups"]', - inputIPAddress : '[data-js="ipAddress"]', - tags : '[class=tags]' + selectUsers : '[data-js="selectUsers"]', + addPerms : 'a[data-js="permissions"]', + conditionsTags : '[class=tags1]', + delegatedAdmin : 'input[data-js="delegatedAdmin"]' }, events : { 'click [data-action="delete"]' : 'evDelete', 'click td' : 'evClickTD', 'change [data-js="selectGroups"]': 'evSelectGroup', - 'change [data-js="ipAddress"]' : 'evIPAddress' + 'change [data-js="selectUsers"]': 'evSelectUser', + 'change input[class="policy-conditions"]' : 'policyCondtionChange' }, initialize : function(options) { - _.extend(this, _.pick(options, 'groupList','policyType','accessTypes')); - //this.subjectList = this.mStudent.getSubjectList(); - this.stormPermsIds = []; - if(this.policyType == XAEnums.AssetType.ASSET_STORM.value){ - if(this.model.has('editMode') && this.model.get('editMode')){ - this.stormPermsIds = _.map(this.model.get('_vPermList'), function(p){ - if(XAEnums.XAPermType.XA_PERM_TYPE_ADMIN.value != p.permType) - return p.permType; - }); - } - } + _.extend(this, _.pick(options, 'groupList','policyType','accessTypes','policyConditions','userList')); + this.setupPermissionsAndConditions(); }, onRender : function() { - var that = this; + this.setupFormForEditMode(); + + this.createDropDown(this.ui.selectGroups, this.groupList, true); + this.createDropDown(this.ui.selectUsers, this.userList, false); + this.dropDownChange(this.ui.selectGroups); + this.dropDownChange(this.ui.selectUsers); + + this.renderPerms(); + this.renderPolicyCondtion(); + }, + setupFormForEditMode : function() { this.accessItems = _.map(this.accessTypes, function(perm){ if(!_.isUndefined(perm)) return {'type':perm.label,isAllowed : false} }); - - if(!_.isUndefined(this.model.get('groupName'))){ - this.ui.selectGroups.val(this.model.get('groupName').split(',')); - } - if(!_.isUndefined(this.model.get('ipAddress'))){ - this.ui.inputIPAddress.val(this.model.get('ipAddress').toString()); - } if(this.model.has('editMode') && this.model.get('editMode')){ + if(!_.isUndefined(this.model.get('groupName')) && !_.isNull(this.model.get('groupName'))){ + this.ui.selectGroups.val(this.model.get('groupName').split(',')); + } + if(!_.isUndefined(this.model.get('userName')) && !_.isNull(this.model.get('userName'))){ + this.ui.selectUsers.val(this.model.get('userName').split(',')); + } + + if(!_.isUndefined(this.model.get('conditions'))){ + _.each(this.model.get('conditions'), function(obj){ + this.$el.find('input[data-js="'+obj.type+'"]').val(obj.value.toString()) + },this); + } _.each(this.model.get('accesses'), function(p){ if(p.isAllowed){ this.$el.find('input[data-name="' + p.type + '"]').attr('checked', 'checked'); _.each(this.accessItems,function(obj){ if(obj.type == p.type) obj.isAllowed=true;}) } },this); + + if(!_.isUndefined(this.model.get('delegateAdmin')) && this.model.get('delegateAdmin')){ + this.ui.delegatedAdmin.attr('checked', 'checked'); + } } - this.createGroupDropDown(); - this.groupDropDownChange(); - if(this.policyType == XAEnums.AssetType.ASSET_STORM.value){ - this.renderStormPerms(); + }, + setupPermissionsAndConditions : function() { + var that = this; + this.permsIds = [], this.conditions = {}; + //Set Permissions obj + if( this.model.has('editMode') && this.model.get('editMode')){ + _.each(this.model.get('accesses'), function(p){ + if(p.isAllowed){ + var access = _.find(that.accessTypes,function(obj){if(obj.label == p.type) return obj}); + this.permsIds.push(access.name); + } + + }, this); + //Set PolicyCondtion Obj to show in edit mode + _.each(this.model.get('conditions'), function(p){ + this.conditions[p.type] = p.value; + }, this); } }, - groupDropDownChange : function(){ + dropDownChange : function($select){ var that = this; - this.ui.selectGroups.on('change',function(e){ + $select.on('change',function(e){ // console.log(e.currentTarget.value); + var name = ($(e.currentTarget).attr('data-js') == that.ui.selectGroups.attr('data-js')) ? 'group': 'user'; that.checkDirtyFieldForDropDown(e); - var duplicateGroupName = false; that.toggleAddButton(e); if(e.removed != undefined){ - var gIdArr = [],gNameArr = []; - gIdArr = _.without(that.model.get('groupId').split(','), e.removed.id); - if(that.model.get('groupName') != undefined) - gNameArr = _.without(that.model.get('groupName').split(','), e.removed.text); - if(!_.isEmpty(gIdArr)){ - that.model.set('groupId',gIdArr.join(',')); - that.model.set('groupName',gNameArr.join(',')); + var gNameArr = []; + if(that.model.get(name+'Name') != undefined) + gNameArr = _.without(that.model.get(name+'Name').split(','), e.removed.text); + if(!_.isEmpty(gNameArr)){ + that.model.set(name+'Name',gNameArr.join(',')); }else{ - that.model.unset('groupId'); - that.model.unset('groupName'); + that.model.unset(name+'Name'); } return; } if(!_.isUndefined(e.added)){ - that.model.set('groupId', e.currentTarget.value); - var groupNameList = _.map($(e.currentTarget).select2("data"), function(obj){return obj.text}); - that.model.set('groupName',groupNameList.toString()) + var nameList = _.map($(e.currentTarget).select2("data"), function(obj){return obj.text}); + that.model.set(name+'Name',nameList.toString()); } }); }, - createGroupDropDown :function(){ + createDropDown :function($select, list, typeGroup){ var that = this; - if(this.model.has('editMode') && !_.isEmpty(this.ui.selectGroups.val())){ - var temp = this.ui.selectGroups.val().split(","); + var placeholder = (typeGroup) ? 'Select Group' : 'Select User'; + var url = (typeGroup) ? "service/xusers/groups" : "service/xusers/users"; + if(this.model.has('editMode') && !_.isEmpty($select.val())){ + var temp = $select.val().split(","); _.each(temp , function(name){ - if(_.isUndefined(that.groupList.where({ name : name}))){ - var group = new VXGroup({name: name}); - group.fetch({async:false}).done(function(){ - that.groupList.add(group); + if(_.isUndefined(list.where({ name : name}))){ + var model; + model = typeGroup ? new VXGroup({name: name}) : new VXUser({name: name}); + model.fetch({async:false}).done(function(){ + list.add(model); }); } }); } - this.groupArr = this.groupList.map(function(m){ + var tags = list.map(function(m){ return { id : m.id+"" , text : m.get('name')}; }); - this.ui.selectGroups.select2({ + $select.select2({ closeOnSelect : true, - placeholder : 'Select Group', + placeholder : placeholder, // maximumSelectionSize : 1, width :'220px', tokenSeparators: [",", " "], - tags : this.groupArr, + tags : tags, initSelection : function (element, callback) { var data = []; - console.log(that.groupList); + console.log(list); $(element.val().split(",")).each(function () { - var obj = _.findWhere(that.groupArr,{text:this}); + var obj = _.findWhere(tags,{text:this}); data.push({id: obj.id, text: this}) }); callback(data); @@ -174,7 +196,7 @@ define(function(require) { }*/ }, ajax: { - url: "service/xusers/groups", + url: url, dataType: 'json', data: function (term, page) { return {name : term}; @@ -183,13 +205,15 @@ define(function(require) { var results = [] , selectedVals = []; /*if(!_.isEmpty(that.ui.selectGroups.select2('val'))) selectedVals = that.ui.selectGroups.select2('val');*/ - selectedVals = that.getGroupSelectdValues(); + selectedVals = that.getGroupSelectdValues($select, typeGroup); if(data.resultSize != "0"){ //if(data.vXGroups.length > 1){ - - results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + if(typeGroup) + results = data.vXGroups.map(function(m, i){ return {id : m.id+"", text: m.name}; }); + else + results = data.vXUsers.map(function(m, i){ return {id : m.id+"", text: m.name}; }); if(!_.isEmpty(selectedVals)) - results = XAUtil.filterResultByIds(results, selectedVals); + results = XAUtil.filterResultByText(results, selectedVals); // console.log(results.length); return {results : results}; //} @@ -210,15 +234,105 @@ define(function(require) { } }).on('select2-focus', XAUtil.select2Focus); }, - getGroupSelectdValues : function(){ + renderPerms :function(){ + var that = this; +// var permArr = _.pick(XAEnums.XAPermType, XAUtil.getStormActions(this.policyType)); + this.perms = _.map(this.accessTypes,function(m){return {text:m.label, value:m.name};}); + this.perms.push({'value' : -1, 'text' : 'Select/Deselect All'}); + this.ui.addPerms.editable({ + emptytext : 'Add Permissions', + source: this.perms, + value : this.permsIds, + display: function(values,srcData) { + if(_.isNull(values) || _.isEmpty(values)){ + $(this).empty(); + that.model.unset('accesses'); + return; + } + if(_.contains(values,"-1")){ + values = _.without(values,"-1") + } +// that.checkDirtyFieldForGroup(values); + var permTypeArr = []; + var valArr = _.map(values, function(id){ + if(!_.isUndefined(id)){ + var obj = _.findWhere(srcData,{'value' : id}); + permTypeArr.push({permType : obj.value}); + return "<span class='label label-inverse'>" + obj.text + "</span>"; + } + }); + var perms = [] + if(that.model.has('accesses')){ + perms = that.model.get('accesses'); + } + _.each(that.accessTypes, function(obj) { + if(_.contains(values, obj.name)){ + var type = obj.label + _.each(that.accessItems, function(item){ if(item.type == type) item.isAllowed = true }); + } + }); + // Save data to model + + if(!_.isEmpty(that.accessItems)) + that.model.set('accesses', that.accessItems); + + $(this).html(valArr.join(" ")); + }, + }).on('click', function(e) { + e.stopPropagation(); + e.preventDefault(); + that.$('input[type="checkbox"][value="-1"]').click(function(e){ + var checkboxlist =$(this).closest('.editable-checklist').find('input[type="checkbox"][value!=-1]') + $(this).is(':checked') ? checkboxlist.prop('checked',true) : checkboxlist.prop('checked',false); + + }); + }); + + }, + renderPolicyCondtion : function() { + var that = this; + if(this.policyConditions.length > 0){ + var tmpl = _.map(this.policyConditions,function(obj){ + return '<div class="editable-address margin-bottom-5"><label style="display:block !important;"><span>'+obj.label+' : </span></label><input type="text" name="'+obj.name+'" ></div>' + }); + XAUtil.customXEditableForPolicyCond(tmpl.join('')); + this.$('#policyConditions').editable({ + emptytext : 'Add Conditions', + value : this.conditions, + display: function(value) { + var continue_ = false, i = 0; + if(!value) { + $(this).empty(); + return; + } // End if + _.each(value, function(val, name){ if(!_.isEmpty(val)) continue_ = true; }); + if(continue_){ + var html = _.map(value, function(val,name) { + var label = (i%2 == 0) ? 'label label-inverse' : 'label'; + i++; + return _.isEmpty(val) ? '' : '<span class="'+label+'">'+name+' : '+ val + '</span>'; + }); + var cond = _.map(value, function(val, name) {return {'type' : name, 'value' :val};}); + that.model.set('conditions', cond); + $(this).html(html); + }else{ + that.model.unset('conditions'); + $(this).empty(); + } + } // End display option + }); // End editable() + } + }, + getGroupSelectdValues : function($select, typeGroup){ var vals = [],selectedVals = []; + var name = typeGroup ? 'group' : 'user'; this.collection.each(function(m){ - if(!_.isUndefined(m.get('groupId'))){ - vals.push.apply(vals, m.get('groupId').split(',')); + if(!_.isUndefined(m.get(name+'Name')) && !_.isNull(m.get(name+'Name'))){ + vals.push.apply(vals, m.get(name+'Name').split(',')); } }); - if(!_.isEmpty(this.ui.selectGroups.select2('val'))) - selectedVals = this.ui.selectGroups.select2('val'); + if(!_.isEmpty($select.select2('val'))) + selectedVals = $select.select2('val'); vals.push.apply(vals , selectedVals); vals = $.unique(vals); return vals; @@ -229,40 +343,11 @@ define(function(require) { this.toggleAddButton(); }, evClickTD : function(e){ - var that = this; - var $el = $(e.currentTarget),permList =[],perms =[]; - if($(e.toElement).is('td')){ - var $checkbox = $el.find('input'); - $checkbox.is(':checked') ? $checkbox.prop('checked',false) : $checkbox.prop('checked',true); - } - var curPerm = $el.find('input').data('id'); - var curPermName = $el.find('input').data('name'); - if(!_.isUndefined(curPermName)){ - var perms = []; - if(this.model.has('accesses')){ - if(_.isArray(this.model.get('accesses'))) - perms = this.model.get('accesses'); - else - perms.push(this.model.get('accesses')); - } - if($el.find('input[type="checkbox"]').is(':checked')){ - _.each(that.accessItems, function(obj){ if(obj.type == curPermName) obj.isAllowed = true }); - - /*if(curPermName == XAEnums.XAPermType.XA_PERM_TYPE_ADMIN.value){ - $el.parent().find('input[type="checkbox"]:not(:checked)[data-name!="'+curPermName+'"]').map(function(){ - _.each(that.accessItems, function(obj){ if(obj.type == $(this).data('name')) obj.isAllowed = true }, this); - }); - $el.parent().find('input[type="checkbox"]').prop('checked',true); - }*/ - } else { - _.each(that.accessItems, function(obj){ if(obj.type == curPermName ) obj.isAllowed = false }, this); - } - -// this.checkDirtyFieldForCheckBox(perms); - if(!_.isEmpty(that.accessItems)) - this.model.set('accesses', that.accessItems); - else - this.model.unset('accesses'); + var $el = $(e.currentTarget); + //Set Delegated Admin value + if(!_.isUndefined($el.find('input').data('js'))){ + this.model.set('delegateAdmin',$el.find('input').is(':checked')) + return; } }, checkDirtyFieldForCheckBox : function(perms){ @@ -289,60 +374,17 @@ define(function(require) { $('[data-action="addGroup"]').show(); } }, - evIPAddress :function(e){ - if(!_.isEmpty($(e.currentTarget).val())) - this.model.set('ipAddress',$(e.currentTarget).val().split(',')); - else - this.model.unset('ipAddress'); - }, - renderStormPerms :function(){ - var that = this; - var permArr = _.pick(XAEnums.XAPermType, XAUtil.getStormActions(this.policyType)); - this.stormPerms = _.map(permArr,function(m){return {text:m.label, value:m.value};}); - this.stormPerms.push({'value' : -1, 'text' : 'Select/Deselect All'}); - this.ui.tags.editable({ - placement: 'right', -// emptytext : 'Please select', - source: this.stormPerms, - display: function(idList,srcData) { - if(_.isEmpty(idList.toString())){ - $(this).html(''); - return; - } - if(!_.isArray(idList)) - idList = [idList]; -// that.checkDirtyFieldForGroup(values); - var permTypeArr = []; - var valArr = _.map(idList, function(id){ - if(!(parseInt(id) <= 0) && (!_.isNaN(parseInt(id)))){ - var obj = _.findWhere(srcData,{'value' : parseInt(id)}); - permTypeArr.push({permType : obj.value}); - return "<span class='label label-inverse'>" + obj.text + "</span>"; - } - }); - - if(that.model.has('_vPermList')){ - var adminPerm = _.where(that.model.get('_vPermList'),{'permType': XAEnums.XAPermType.XA_PERM_TYPE_ADMIN.value }); - permTypeArr = _.isEmpty(adminPerm) ? permTypeArr : _.union(permTypeArr,adminPerm); - } - that.model.set('_vPermList', permTypeArr); -// if(!_.isEmpty(perms)) -// that.model.set('_vPermList', perms); -// that.model.set('_vPermList', permTypeArr); - $(this).html(valArr.join(" ")); - }, - }); - this.$('[id^="tags-edit-"]').click(function(e) { - e.stopPropagation(); - e.preventDefault(); - that.$('#' + $(this).data('editable') ).editable('toggle'); - that.$('input[type="checkbox"][value="-1"]').click(function(e){ - var checkboxlist =$(this).closest('.editable-checklist').find('input[type="checkbox"][value!=-1]') - $(this).is(':checked') ? checkboxlist.prop('checked',true) : checkboxlist.prop('checked',false); - - }); - }); - + policyCondtionChange :function(e){ + if(!_.isEmpty($(e.currentTarget).val()) && !_.isEmpty(this.policyConditions)){ + var policyCond = { 'type' : $(e.currentTarget).attr('data-js'), 'value' : $(e.currentTarget).val() } ; + var conditions = []; + if(this.model.has('conditions')){ + conditions = this.model.get('conditions') + } + conditions.push(policyCond); + this.model.set('conditions',conditions); + } + }, checkDirtyFieldForDropDown : function(e){ //that.model.has('groupId') @@ -351,10 +393,6 @@ define(function(require) { groupIdList = this.model.get('groupId').split(','); XAUtil.checkDirtyField(groupIdList, e.val, $(e.currentTarget)); }, - getPerms : function(){ - var permList = _.map(this.accessTypes,function(type){ return type.label}); - return _.map(permList, function(perm){ return _.findWhere(XAEnums.XAPermType,{label:perm})}) - } }); @@ -380,15 +418,17 @@ define(function(require) { return { 'collection' : this.collection, 'groupList' : this.groupList, + 'userList' : this.userList, 'policyType' : this.policyType, - 'accessTypes' : this.accessTypes + 'accessTypes' : this.accessTypes, + 'policyConditions' : this.rangerServiceDefModel.get('policyConditions') }; }, events : { 'click [data-action="addGroup"]' : 'addNew' }, initialize : function(options) { - _.extend(this, _.pick(options, 'groupList','policyType','accessTypes','rangerServiceDefModel')); + _.extend(this, _.pick(options, 'groupList','policyType','accessTypes','rangerServiceDefModel','userList')); //this.hiveGroupPerm = _.has(options,'hiveGroupPerm') ? true : false; this.listenTo(this.groupList, 'sync', this.render, this); if(this.collection.length == 0) @@ -419,12 +459,14 @@ define(function(require) { this.$('button[data-action="addGroup"]').show(); }, getPermHeaders : function(){ - var permList = _.map(this.accessTypes,function(type){ return type.label}); + var permList = [];//_.map(this.accessTypes,function(type){ return type.label}); + + permList.unshift(localization.tt('lbl.delegatedAdmin')); + permList.unshift(localization.tt('lbl.permissions')); if(!_.isEmpty(this.rangerServiceDefModel.get('policyConditions'))){ - _.each(this.rangerServiceDefModel.get('policyConditions'), function(cond){ - if(!_.isNull(cond) && !_.isNull(cond.label)) permList.unshift(cond.label); - }); + permList.unshift(localization.tt('h.policyCondition')); } + permList.unshift(localization.tt('lbl.selectUser')); permList.unshift(localization.tt('lbl.selectGroup')); permList.push(""); return permList; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js index f0cb86b..7d35d01 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js @@ -74,20 +74,7 @@ define(function(require){ this.permMapList = this.model.isNew() ? new VXPermMapList() : this.model.get('permMapList'); this.auditList = this.model.isNew() ? new VXAuditMapList() : this.model.get('auditList'); - //this.userList.fetch(); - - - /*If the model passed to the fn is new return an empty collection - * otherwise return a collection that has models like - * { - * groupId : 5, - * permissionList : [4,3] - * } - * The formInputList will be passed to the forminputitemlist view. - */ - this.formInputList = XAUtil.makeCollForGroupPermission(this.model); - this.userPermInputList = XAUtil.makeCollForUserPermission(this.model); }, /** all events binding here */ @@ -126,16 +113,9 @@ define(function(require){ this.initializePathPlugins(); } this.renderCustomFields(); - /* if(!this.model.isNew()){ + if(!this.model.isNew()){ this.setUpSwitches(); } - if(this.model.isNew() && this.fields._vAuditListToggle.editor.getValue() == 1){ - this.model.set('auditList', new VXAuditMapList(new VXAuditMap({ - 'auditType' : XAEnums.XAAuditType.XA_AUDIT_TYPE_ALL.value,//fieldEditor.getValue()// - 'resourceId' :this.model.get('id') - - }))); - }*/ this.$el.find('.field-isEnabled').find('.control-label').remove(); }, evAuditChange : function(form, fieldEditor){ @@ -154,27 +134,22 @@ define(function(require){ }, setUpSwitches :function(){ var that = this; - var encryptStatus = false,auditStatus = false,recursiveStatus = false; - auditStatus = this.model.has('auditList') ? true : false; - this.fields._vAuditListToggle.editor.setValue(auditStatus); - - _.each(_.toArray(XAEnums.BooleanValue),function(m){ - if(parseInt(that.model.get('isEncrypt')) == m.value) - encryptStatus = (m.label == XAEnums.BooleanValue.BOOL_TRUE.label) ? true : false; - if(parseInt(that.model.get('isRecursive')) == m.value) - recursiveStatus = (m.label == XAEnums.BooleanValue.BOOL_TRUE.label) ? true : false; - }); - this.fields.isEncrypt.editor.setValue(encryptStatus); - this.fields.isRecursive.editor.setValue(recursiveStatus); - if(parseInt(this.model.get('resourceStatus')) != XAEnums.BooleanValue.BOOL_TRUE.value) - this.fields.resourceStatus.editor.setValue(false); + this.fields.isAuditEnabled.editor.setValue(this.model.get('isAuditEnabled')); + this.fields.isEnabled.editor.setValue(this.model.get('isEnabled')); }, /** all custom field rendering */ renderCustomFields: function(){ var that = this; var accessType = this.rangerServiceDefModel.get('accessTypes').filter(function(val) { return val !== null; }); - this.groupList = new VXGroupList(); + this.userList = new VXUserList(); var params = {sortBy : 'name'}; + this.userList.setPageSize(100,{fetch:false}); + this.userList.fetch({ + cache :true, + data: params, + async : false + }); + this.groupList = new VXGroupList(); this.groupList.setPageSize(100,{fetch:false}); this.groupList.fetch({ cache :true, @@ -183,29 +158,13 @@ define(function(require){ that.$('[data-customfields="groupPerms"]').html(new GroupPermList({ collection : that.formInputList, groupList : that.groupList, + userList : that.userList, model : that.model, -// policyType : policyType, - accessTypes : accessType, - rangerServiceDefModel : that.rangerServiceDefModel - }).render().el); - }); - - this.userList = new VXUserList(); - var params = {sortBy : 'name'}; - this.userList.setPageSize(100,{fetch:false}); - this.userList.fetch({ - cache :true, - data: params - }).done(function(){ - that.$('[data-customfields="userPerms"]').html(new UserPermList({ - collection : that.userPermInputList, - model : that.model, - userList : that.userList, -// policyType : policyType, accessTypes : accessType, rangerServiceDefModel : that.rangerServiceDefModel }).render().el); }); + }, beforeSave : function(){ @@ -229,39 +188,44 @@ define(function(require){ var RangerPolicyItem = Backbone.Collection.extend(); var policyItemList = new RangerPolicyItem(); - this.formInputList.each(function(m){ - if(!_.isUndefined(m.get('groupName'))){ + policyItemList = this.setPermissionsToColl(this.formInputList, policyItemList); + this.model.set('policyItems', policyItemList) + + //Unset attrs which are not needed + _.each(this.model.attributes.resources,function(obj,key){ + this.model.unset(key, obj.values.toString()) + },this) + + }, + setPermissionsToColl : function(list, policyItemList) { + list.each(function(m){ + if(!_.isUndefined(m.get('groupName')) || !_.isUndefined(m.get("userName"))){ //groupName or userName var RangerPolicyItem=Backbone.Model.extend() var policyItem = new RangerPolicyItem(); - policyItem.set('groups',m.get('groupName').split(',')) + if(!_.isUndefined(m.get('groupName')) && !_.isNull(m.get('groupName'))){ + policyItem.set("groups",m.get("groupName").split(',')); + } + if(!_.isUndefined(m.get('userName')) && !_.isNull(m.get('userName'))){ + policyItem.set("users",m.get("userName").split(',')); + } + if(!_.isUndefined(m.get('delegateAdmin'))){ + policyItem.set("delegateAdmin",m.get("delegateAdmin")); + } var RangerPolicyItemAccessList = Backbone.Collection.extend(); var rangerPlcItemAccessList = new RangerPolicyItemAccessList(m.get('accesses')); policyItem.set('accesses', rangerPlcItemAccessList) - policyItemList.add(policyItem) - - } - }, this); - this.userPermInputList.each(function(m){ - if(!_.isUndefined(m.get('userName'))){ - var RangerPolicyItem=Backbone.Model.extend() - var policyItem = new RangerPolicyItem(); - policyItem.set('users',m.get('userName').split(',')) - var RangerPolicyItemAccessList = Backbone.Collection.extend(); - var rangerPlcItemAccessList = new RangerPolicyItemAccessList(m.get('accesses')); - policyItem.set('accesses', rangerPlcItemAccessList) + if(!_.isUndefined(m.get('conditions'))){ + var RangerPolicyItemConditionList = Backbone.Collection.extend(); + var rPolicyItemCondList = new RangerPolicyItemConditionList(m.get('conditions')) + policyItem.set('conditions', rPolicyItemCondList) + } policyItemList.add(policyItem) } }, this); - this.model.set('policyItems', policyItemList) - - //Unset attrs which are not needed - _.each(this.model.attributes.resources,function(obj,key){ - this.model.unset(key, obj.values.toString()) - },this) - + return policyItemList; }, /** all post render plugin initialization */ initializePathPlugins: function(){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js index 2f4ab67..74e393e 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js @@ -328,7 +328,7 @@ define(function(require){ if(!_.isUndefined(obj) && !_.isNull(obj)) cols[obj.name]={ cell : "html", - label : localization.tt("lbl."+obj.name), + label : obj.name, editable: false, sortable : false, formatter: _.extend({}, Backgrid.CellFormatter.prototype, { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/scripts/views/policies/UserPermList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/UserPermList.js b/security-admin/src/main/webapp/scripts/views/policies/UserPermList.js index fe51116..6f2e578 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/UserPermList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/UserPermList.js @@ -39,7 +39,7 @@ define(function(require) { return { permissions : this.accessTypes, - policyKnox : this.policyType == XAEnums.ServiceType.Service_KNOX.value ? true :false, + policyConditions: this.policyConditions, // policyStorm : this.policyType == XAEnums.ServiceType.Service_STORM.value ? true :false, isModelNew : !this.model.has('editMode'), stormPerms : this.stormPermsIds.length == 14 ? _.union(this.stormPermsIds,[-1]) : this.stormPermsIds @@ -47,18 +47,17 @@ define(function(require) { }, ui : { selectUsers : '[data-js="selectUsers"]', - inputIPAddress : '[data-js="ipAddress"]', tags : '[class=tags]' }, events : { 'click [data-action="delete"]' : 'evDelete', 'click td' : 'evClickTD', 'change [data-js="selectUsers"]': 'evSelectUser', - 'change [data-js="ipAddress"]' : 'evIPAddress' + 'change input[class="policy-conditions"]' : 'policyCondtionChange' }, initialize : function(options) { - _.extend(this, _.pick(options, 'userList','policyType','accessTypes')); + _.extend(this, _.pick(options, 'userList','policyType','accessTypes','policyConditions')); //this.subjectList = this.mStudent.getSubjectList(); this.stormPermsIds = []; if(this.policyType == XAEnums.AssetType.ASSET_STORM.value){ @@ -82,8 +81,11 @@ define(function(require) { if(this.model.get('userName') != undefined){ this.ui.selectUsers.val(this.model.get('userName').split(',')); } - if(!_.isUndefined(this.model.get('ipAddress'))){ - this.ui.inputIPAddress.val(this.model.get('ipAddress').toString()); + if(!_.isUndefined(this.model.get('conditions'))){ + _.each(this.model.get('conditions'), function(obj){ + console.log(obj) + this.$el.find('input[data-js="'+obj.type+'"]').val(obj.value.toString()) + },this); } if(this.model.has('editMode') && this.model.get('editMode')){ @@ -300,11 +302,16 @@ define(function(require) { vals = $.unique(vals); return vals; }, - evIPAddress :function(e){ - if(!_.isEmpty($(e.currentTarget).val())) - this.model.set('ipAddress',$(e.currentTarget).val().split(',')); - else - this.model.unset('ipAddress'); + policyCondtionChange :function(e){ + if(!_.isEmpty($(e.currentTarget).val()) && !_.isEmpty(this.policyConditions)){ + var policyCond = { 'type' : $(e.currentTarget).attr('data-js'), 'value' : $(e.currentTarget).val() } ; + var conditions = []; + if(this.model.has('conditions')){ + conditions = this.model.get('conditions') + } + conditions.push(policyCond); + this.model.set('conditions',conditions); + } }, renderStormPerms :function(){ var that = this; @@ -378,7 +385,8 @@ define(function(require) { 'collection' : this.collection, 'userList' : this.userList, 'policyType' : this.policyType, - 'accessTypes' : this.accessTypes + 'accessTypes' : this.accessTypes, + 'policyConditions' : this.rangerServiceDefModel.get('policyConditions') }; }, events : { @@ -422,7 +430,7 @@ define(function(require) { if(!_.isNull(cond) && !_.isNull(cond.label)) permList.unshift(cond.label); }); } - permList.unshift(localization.tt('lbl.selectGroup')); + permList.unshift(localization.tt('lbl.selectUser')); permList.push(""); return permList; }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/styles/xa.css ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css index d339b6b..55f3a6a 100644 --- a/security-admin/src/main/webapp/styles/xa.css +++ b/security-admin/src/main/webapp/styles/xa.css @@ -491,7 +491,7 @@ body { .table-permission { float: left; - width: 45% + width: 90% } /* toggle */ @@ -1693,3 +1693,12 @@ margin-bottom: 0 !important; .policy-form .field-database,.policy-form .field-table, .policy-form .field-path, .policy-form .field-topology{ clear: both; } +.margin-bottom-5{ +margin-bottom: 5px; +} + +.popover-content { + overflow-y: auto; + padding-right: 25px; + max-height: 250px; +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/templates/policies/GroupPermItem.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/GroupPermItem.html b/security-admin/src/main/webapp/templates/policies/GroupPermItem.html index a53f7b6..fd1de81 100644 --- a/security-admin/src/main/webapp/templates/policies/GroupPermItem.html +++ b/security-admin/src/main/webapp/templates/policies/GroupPermItem.html @@ -17,35 +17,20 @@ <td> <input type="text" data-js="selectGroups" /> </td> - -{{#if policyKnox}} <td> - <input type="text" data-js="ipAddress" placeholder="Enter IP address"/> + <input type="text" data-js="selectUsers" /> +</td> +{{#if policyConditions}} +<td> + <a href="#" id="policyConditions" data-type="policyConditions" data-original-title="Policy Conditions" ></a> </td> {{/if}} - -{{#if policyStorm}} <td> - <span class="tags" id="tags-editable-1" data-toggle="manual" data-type="checklist" - data-value="{{stormPerms}}" data-original-title="Select Actions"> - </span> - <a href="#" id="tags-edit-1" data-editable="tags-editable-1" class="" style="margin-left:10px;"> - {{#if isModelNew}} - <i class="icon-plus" title="Add"></i> - {{else}} - <i class="icon-pencil" title="Edit"></i> - {{/if}} - </a> + <a href="#" data-js="permissions" data-type="checklist" data-title="Select permissions"></a> </td> -{{/if}} -{{#each permissions}} - <td style="cursor:pointer;"> - <input data-name="{{./this.label}}" type="checkbox"> - </td> -{{/each}} - - - +<td> + <input data-js="delegatedAdmin" type="checkbox"> +</td> <td> <button type="button" class="btn btn-small btn-danger " data-action="delete"> <i class="icon-remove"></i> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/templates/policies/GroupPermList.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/GroupPermList.html b/security-admin/src/main/webapp/templates/policies/GroupPermList.html index ff40e5b..070b908 100644 --- a/security-admin/src/main/webapp/templates/policies/GroupPermList.html +++ b/security-admin/src/main/webapp/templates/policies/GroupPermList.html @@ -15,7 +15,7 @@ limitations under the License. --}} <div class="control-group"> - <label class="control-label">{{tt 'lbl.groupPermissions'}}</label> + <label class="control-label">{{tt 'lbl.permissions'}}</label> <div class="controls"> <table class="table-permission table-condensed"> <thead> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html index 6f6d737..157e9e1 100644 --- a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html +++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html @@ -39,21 +39,12 @@ </p> <div class="" data-customfields="groupPerms"> <div class="control-group"> - <label class="control-label">{{tt 'lbl.groupPermissions'}}</label> + <label class="control-label">{{tt 'lbl.permissions'}}</label> <div class="controls"> <img src="images/loading.gif" style=" margin-left: 4%; margin-top: 1%;" /> </div> </div> </div> - <div class="" data-customfields="userPerms"> - <div class="control-group"> - <label class="control-label">{{tt 'lbl.userPermissions'}}</label> - <div class="controls"> - <img src="images/loading.gif" style=" margin-left: 4%; margin-top: 1%;" /> - </div> - </div> - </div> - <!-- <div class="" data-fields="description"></div> --> </fieldset> </form> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/81cfaef6/security-admin/src/main/webapp/templates/policies/UserPermItem.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/UserPermItem.html b/security-admin/src/main/webapp/templates/policies/UserPermItem.html index b7bbad4..09304f4 100644 --- a/security-admin/src/main/webapp/templates/policies/UserPermItem.html +++ b/security-admin/src/main/webapp/templates/policies/UserPermItem.html @@ -17,11 +17,13 @@ <td> <input type="text" data-js="selectUsers" /> </td> -{{#if policyKnox}} -<td> - <input type="text" data-js="ipAddress" placeholder="Enter IP address"/> -</td> -{{/if}} +{{#each policyConditions}} + {{#if this.name}} + <td> + <input type="text" data-js="{{this.name}}" placeholder="{{this.label}}" class="policy-conditions"/> + </td> + {{/if}} +{{/each}} {{#if policyStorm}} <td>
