RANGER-250 : Build a permission model with Ranger Admin portal Signed-off-by: Velmurugan Periasamy <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a263431a Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a263431a Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a263431a Branch: refs/heads/master Commit: a263431a5aed18a668fd93e6e3fa17341db64800 Parents: 0711abe Author: Gautam Borad <[email protected]> Authored: Tue Apr 7 11:23:24 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Tue Apr 7 09:50:39 2015 -0400 ---------------------------------------------------------------------- .../db/mysql/patches/013-permissionmodel.sql | 49 +++ .../java/org/apache/ranger/biz/UserMgr.java | 34 ++ .../java/org/apache/ranger/biz/XUserMgr.java | 349 +++++++++++++++++-- .../org/apache/ranger/biz/XUserMgrBase.java | 41 +++ .../org/apache/ranger/common/AppConstants.java | 15 +- .../apache/ranger/common/RangerCommonEnums.java | 8 + .../apache/ranger/common/RangerConstants.java | 308 ++++++++-------- .../ranger/credentialapi/CredentialReader.java | 2 +- .../apache/ranger/db/RangerDaoManagerBase.java | 31 +- .../apache/ranger/db/XXGroupPermissionDao.java | 86 +++++ .../org/apache/ranger/db/XXModuleDefDao.java | 101 ++++++ .../org/apache/ranger/db/XXPortalUserDao.java | 41 ++- .../apache/ranger/db/XXUserPermissionDao.java | 102 ++++++ .../apache/ranger/entity/XXGroupPermission.java | 144 ++++++++ .../org/apache/ranger/entity/XXModuleDef.java | 112 ++++++ .../apache/ranger/entity/XXUserPermission.java | 151 ++++++++ .../patch/PatchPersmissionModel_J10003.java | 50 +++ .../java/org/apache/ranger/rest/XUserREST.java | 200 ++++++++++- .../RangerSecurityContextFormationFilter.java | 277 ++++++++------- .../org/apache/ranger/service/UserService.java | 5 + .../ranger/service/XGroupPermissionService.java | 55 +++ .../service/XGroupPermissionServiceBase.java | 60 ++++ .../ranger/service/XModuleDefService.java | 99 ++++++ .../ranger/service/XModuleDefServiceBase.java | 78 +++++ .../ranger/service/XUserPermissionService.java | 57 +++ .../service/XUserPermissionServiceBase.java | 61 ++++ .../apache/ranger/view/VXGroupPermission.java | 129 +++++++ .../ranger/view/VXGroupPermissionList.java | 61 ++++ .../org/apache/ranger/view/VXModuleDef.java | 158 +++++++++ .../org/apache/ranger/view/VXModuleDefList.java | 62 ++++ .../org/apache/ranger/view/VXPortalUser.java | 29 ++ .../apache/ranger/view/VXUserPermission.java | 147 ++++++++ .../ranger/view/VXUserPermissionList.java | 61 ++++ .../resources/META-INF/jpa_named_queries.xml | 95 +++++ .../collection_bases/UserPermissionListBase.js | 64 ++++ .../collection_bases/VXModuleDefListBase.js | 64 ++++ .../scripts/collections/UserPermissionList.js | 34 ++ .../scripts/collections/VXModuleDefList.js | 34 ++ .../webapp/scripts/controllers/Controller.js | 58 ++- .../scripts/model_bases/UserPermissionBase.js | 59 ++++ .../scripts/model_bases/VXModuleDefBase.js | 59 ++++ .../webapp/scripts/models/UserPermission.js | 70 ++++ .../main/webapp/scripts/models/VXModuleDef.js | 70 ++++ .../src/main/webapp/scripts/modules/XALinks.js | 18 +- .../scripts/modules/globalize/message/en.js | 8 +- .../main/webapp/scripts/prelogin/XAPrelogin.js | 4 +- .../src/main/webapp/scripts/routers/Router.js | 7 +- .../src/main/webapp/scripts/utils/XAGlobals.js | 9 +- .../src/main/webapp/scripts/utils/XAUtils.js | 62 +++- .../views/permissions/ModulePermissionCreate.js | 199 +++++++++++ .../views/permissions/ModulePermissionForm.js | 274 +++++++++++++++ .../views/permissions/ModulePermsTableLayout.js | 245 +++++++++++++ security-admin/src/main/webapp/styles/xa.css | 5 +- .../webapp/templates/common/TopNav_tmpl.html | 15 +- .../main/webapp/templates/helpers/XAHelpers.js | 11 + .../ModulePermissionCreate_tmpl.html | 28 ++ .../permissions/ModulePermissionForm_tmpl.html | 61 ++++ .../ModulePermsTableLayout_tmpl.html | 27 ++ 58 files changed, 4402 insertions(+), 341 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/db/mysql/patches/013-permissionmodel.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/013-permissionmodel.sql b/security-admin/db/mysql/patches/013-permissionmodel.sql new file mode 100644 index 0000000..63376b4 --- /dev/null +++ b/security-admin/db/mysql/patches/013-permissionmodel.sql @@ -0,0 +1,49 @@ +DROP TABLE IF EXISTS `x_modules_master`; +CREATE TABLE `x_modules_master` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `create_time` datetime NULL DEFAULT NULL, + `update_time` datetime NULL DEFAULT NULL, + `added_by_id` bigint(20) NULL DEFAULT NULL, + `upd_by_id` bigint(20) NULL DEFAULT NULL, + `module` varchar(1024) NOT NULL, + `url` varchar(1024) NOT NULL, + PRIMARY KEY (`id`) +); + + +INSERT INTO `x_modules_master` VALUES (1,'2015-03-04 10:40:34','2015-03-09 15:26:45',1,1,'Policy Manager','/policymanager'),(2,'2015-03-04 10:41:51','2015-03-04 10:41:51',1,1,'Users/Groups','/users/usertab'),(3,'2015-03-04 10:42:19','2015-03-25 10:46:47',1,13,'Analytics','/reports/userAccess'),(4,'2015-03-04 10:42:45','2015-03-05 13:01:41',1,1,'Audit','/reports/audit/bigData'); + + +DROP TABLE IF EXISTS `x_user_module_perm`; + +CREATE TABLE `x_user_module_perm` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `user_id` bigint(20) NULL DEFAULT NULL, + `module_id` bigint(20) NULL DEFAULT NULL, + `create_time` datetime NULL DEFAULT NULL, + `update_time` datetime NULL DEFAULT NULL, + `added_by_id` bigint(20) NULL DEFAULT NULL, + `upd_by_id` bigint(20) NULL DEFAULT NULL, + `is_allowed` int(11) NOT NULL DEFAULT '1', + PRIMARY KEY (`id`), + KEY `x_user_module_perm_IDX_module_id` (`module_id`), + KEY `x_user_module_perm_FK_user_id` (`user_id`), + CONSTRAINT `x_user_module_perm_FK_module_id` FOREIGN KEY (`module_id`) REFERENCES `x_modules_master` (`id`) ON DELETE CASCADE ON UPDATE CASCADE, + CONSTRAINT `x_user_module_perm_FK_user_id` FOREIGN KEY (`user_id`) REFERENCES `x_portal_user` (`id`) ON DELETE CASCADE ON UPDATE CASCADE +) ; + +DROP TABLE IF EXISTS `x_group_module_perm`; + +CREATE TABLE `x_group_module_perm` ( + `id` bigint(20) NOT NULL AUTO_INCREMENT, + `group_id` bigint(20) NULL DEFAULT NULL, + `module_id` bigint(20) NULL DEFAULT NULL, + `create_time` datetime NULL DEFAULT NULL, + `update_time` datetime NULL DEFAULT NULL, + `added_by_id` bigint(20) NULL DEFAULT NULL, + `upd_by_id` bigint(20) NULL DEFAULT NULL, + `is_allowed` int(11) NOT NULL DEFAULT '1', + PRIMARY KEY (`id`), + KEY `x_group_module_perm_FK_group_id` (`group_id`), + KEY `x_group_module_perm_FK_module_id` (`module_id`) +) ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 2b2178b..f2c7e5a 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -41,15 +41,21 @@ import org.apache.ranger.common.SearchUtil; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXGroupPermission; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; import org.apache.ranger.entity.XXTrxLog; +import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XPortalUserService; +import org.apache.ranger.service.XUserPermissionService; +import org.apache.ranger.view.VXGroupPermission; import org.apache.ranger.view.VXPasswordChange; import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXPortalUserList; import org.apache.ranger.view.VXResponse; import org.apache.ranger.view.VXString; +import org.apache.ranger.view.VXUserPermission; import org.apache.velocity.Template; import org.apache.velocity.app.VelocityEngine; import org.springframework.beans.factory.annotation.Autowired; @@ -95,6 +101,12 @@ public class UserMgr { @Autowired XPortalUserService xPortalUserService; + @Autowired + XUserPermissionService xUserPermissionService; + + @Autowired + XGroupPermissionService xGroupPermissionService; + String publicRoles[] = new String[] { RangerConstants.ROLE_USER, RangerConstants.ROLE_OTHER }; @@ -587,6 +599,7 @@ public class UserMgr { userProfile.setLoginId(user.getLoginId()); userProfile.setStatus(user.getStatus()); userProfile.setUserRoleList(new ArrayList<String>()); + String emailAddress = user.getEmailAddress(); if (emailAddress != null && stringUtil.validateEmail(emailAddress)) { @@ -607,6 +620,25 @@ public class UserMgr { if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { userProfile.setId(user.getId()); + List<XXUserPermission> xUserPermissions=daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId()); + List<XXGroupPermission> xxGroupPermissions=daoManager.getXXGroupPermission().findbyVXPoratUserId(userProfile.getId()); + + List<VXGroupPermission> groupPermissions=new ArrayList<VXGroupPermission>(); + List<VXUserPermission> vxUserPermissions=new ArrayList<VXUserPermission>(); + for(XXGroupPermission xxGroupPermission:xxGroupPermissions) + { + VXGroupPermission groupPermission=xGroupPermissionService.populateViewBean(xxGroupPermission); + groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule()); + groupPermissions.add(groupPermission); + } + for(XXUserPermission xUserPermission: xUserPermissions) + { + VXUserPermission vXUserPermission=xUserPermissionService.populateViewBean(xUserPermission); + vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule()); + vxUserPermissions.add(vXUserPermission); + } + userProfile.setGroupPermissions(groupPermissions); + userProfile.setUserPermList(vxUserPermissions); userProfile.setFirstName(user.getFirstName()); userProfile.setLastName(user.getLastName()); userProfile.setPublicScreenName(user.getPublicScreenName()); @@ -663,6 +695,7 @@ public class UserMgr { // Get total count first Query query = createUserSearchQuery(countQueryStr, null, searchCriteria); Long count = (Long) query.getSingleResult(); + int resultSize=Integer.parseInt(count.toString()); if (count == null || count.longValue() == 0) { return returnList; } @@ -725,6 +758,7 @@ public class UserMgr { objectList.add(userProfile); } + returnList.setResultSize(resultSize); returnList.setPageSize(query.getMaxResults()); returnList.setSortBy(sortBy); returnList.setSortType(querySortType); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 1051991..4804dc7 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -28,11 +28,19 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; - import org.apache.commons.collections.CollectionUtils; +import org.apache.ranger.common.ContextUtil; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.entity.XXModuleDef; +import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.service.XGroupPermissionService; +import org.apache.ranger.service.XModuleDefService; +import org.apache.ranger.service.XPortalUserService; +import org.apache.ranger.service.XUserPermissionService; +import org.apache.ranger.view.VXGroupPermission; +import org.apache.ranger.view.VXModuleDef; +import org.apache.ranger.view.VXUserPermission; import org.apache.log4j.Logger; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.PropertiesUtil; @@ -42,6 +50,7 @@ import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.db.XXGroupUserDao; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXPortalUserRole; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; import org.apache.ranger.service.XGroupService; @@ -62,6 +71,10 @@ public class XUserMgr extends XUserMgrBase { @Autowired XUserService xUserService; + + @Autowired + XGroupService xGroupService; + @Autowired RangerBizUtil msBizUtil; @@ -75,7 +88,17 @@ public class XUserMgr extends XUserMgrBase { RangerBizUtil xaBizUtil; @Autowired - XGroupService xGroupService; + XModuleDefService xModuleDefService; + + @Autowired + XUserPermissionService xUserPermissionService; + + @Autowired + XGroupPermissionService xGroupPermissionService; + + @Autowired + XPortalUserService xPortalUserService; + static final Logger logger = Logger.getLogger(XUserMgr.class); @@ -114,7 +137,7 @@ public class XUserMgr extends XUserMgrBase { // XXUser xUser = daoManager.getXXUser().getById(id); daoManager.getXXUser().remove(id); - //applicationCache.removeUserID(id); + // applicationCache.removeUserID(id); // Not Supported So Far // List<XXTrxLog> trxLogList = xUserService.getTransactionLog( // xUserService.populateViewBean(xUser), "delete"); @@ -149,13 +172,17 @@ public class XUserMgr extends XUserMgrBase { vXPortalUser.setFirstName(vXUser.getFirstName()); vXPortalUser.setLastName(vXUser.getLastName()); vXPortalUser.setEmailAddress(vXUser.getEmailAddress()); - vXPortalUser.setPublicScreenName(vXUser.getFirstName() +" "+ vXUser.getLastName()); + vXPortalUser.setPublicScreenName(vXUser.getFirstName() + " " + + vXUser.getLastName()); vXPortalUser.setPassword(actualPassword); vXPortalUser.setUserRoleList(vXUser.getUserRoleList()); vXPortalUser = userMgr.createDefaultAccountUser(vXPortalUser); + VXUser createdXUser = xUserService.createResource(vXUser); + + createdXUser.setPassword(actualPassword); List<XXTrxLog> trxLogList = xUserService.getTransactionLog( createdXUser, "create"); @@ -182,8 +209,97 @@ public class XUserMgr extends XUserMgrBase { // xaBizUtil.createTrxLog(trxLogList); + assignPermissionToUser(vXPortalUser,true); + return createdXUser; } + //Assigning Permission + @SuppressWarnings("unused") + private void assignPermissionToUser(VXPortalUser vXPortalUser,boolean isCreate) + { + HashMap<String, Long> moduleNameId=getModelNames(); + + + + + for(String role:vXPortalUser.getUserRoleList()) + { + + if(role.equals(RangerConstants.ROLE_USER)) + { + + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate); + } + else if(role.equals(RangerConstants.ROLE_SYS_ADMIN)) + { + + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_ANALYTICS),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_POLICY_MANAGER),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_AUDIT),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_KMS),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_PERMISSION),isCreate); + insertMappingXUserPermisson(vXPortalUser.getId(),moduleNameId.get(RangerConstants.MODULE_USER_GROUPS),isCreate); + } + + } + } + //Insert or Updating Mapping permissons depending upon roles + private void insertMappingXUserPermisson(Long userId,Long moduleId,boolean isCreate) + { + VXUserPermission vXuserPermission; + List<XXUserPermission> xuserPermissionList = daoManager + .getXXUserPermission().findByModuleIdAndUserId(userId, moduleId); + if(xuserPermissionList==null || xuserPermissionList.isEmpty()) + { + vXuserPermission=new VXUserPermission(); + vXuserPermission.setUserId(userId); + vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED); + vXuserPermission.setModuleId(moduleId); + try + { + xUserPermissionService.createResource(vXuserPermission); + } + catch(Exception e) + { + System.out.println(e); + } + } + else if(isCreate) + { + for(XXUserPermission xUserPermission:xuserPermissionList) + { + vXuserPermission=xUserPermissionService.populateViewBean(xUserPermission); + vXuserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED); + xUserPermissionService.updateResource(vXuserPermission); + } + } + + } + @SuppressWarnings("unused") + public HashMap<String, Long> getModelNames() + { + List<XXModuleDef> xxModuleDefs=daoManager.getXXModuleDef().findModuleNamesWithIds(); + if(xxModuleDefs.isEmpty() || xxModuleDefs!=null) + { + HashMap<String, Long> moduleNameId=new HashMap<String, Long>(); + try + { + + for(XXModuleDef xxModuleDef:xxModuleDefs) + { + moduleNameId.put(xxModuleDef.getModule(), xxModuleDef.getId()); + } + return moduleNameId; + } + catch(Exception e) + { + logger.error(e); + } + } + + return null; + } private VXGroupUser createXGroupUser(Long userId, Long groupId) { VXGroupUser vXGroupUser = new VXGroupUser(); @@ -200,12 +316,11 @@ public class XUserMgr extends XUserMgrBase { VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser .getName()); VXPortalUser vXPortalUser = new VXPortalUser(); - if(oldUserProfile!=null && oldUserProfile.getId()!=null){ + if (oldUserProfile != null && oldUserProfile.getId() != null) { vXPortalUser.setId(oldUserProfile.getId()); } // TODO : There is a possibility that old user may not exist. - - + vXPortalUser.setFirstName(vXUser.getFirstName()); vXPortalUser.setLastName(vXUser.getLastName()); vXPortalUser.setEmailAddress(vXUser.getEmailAddress()); @@ -225,15 +340,15 @@ public class XUserMgr extends XUserMgrBase { Collection<Long> groupIdList = vXUser.getGroupIdList(); XXPortalUser xXPortalUser = new XXPortalUser(); - xXPortalUser=userMgr.updateUserWithPass(vXPortalUser); + xXPortalUser = userMgr.updateUserWithPass(vXPortalUser); Collection<String> roleList = new ArrayList<String>(); - if(xXPortalUser!=null){ - roleList=userMgr.getRolesForUser(xXPortalUser); + if (xXPortalUser != null) { + roleList = userMgr.getRolesForUser(xXPortalUser); } - if(roleList==null || roleList.size()==0){ + if (roleList == null || roleList.size() == 0) { roleList.add(RangerConstants.ROLE_USER); - } - + } + // TODO I've to get the transaction log from here. // There is nothing to log anything in XXUser so far. vXUser = xUserService.updateResource(vXUser); @@ -313,34 +428,36 @@ public class XUserMgr extends XUserMgrBase { return vXUser; } - - public VXUserGroupInfo createXUserGroupFromMap(VXUserGroupInfo vXUserGroupInfo) { - + + public VXUserGroupInfo createXUserGroupFromMap( + VXUserGroupInfo vXUserGroupInfo) { + VXUserGroupInfo vxUGInfo = new VXUserGroupInfo(); - + VXUser vXUser = vXUserGroupInfo.getXuserInfo(); - + vXUser = xUserService.createXUserWithOutLogin(vXUser); - + vxUGInfo.setXuserInfo(vXUser); - + List<VXGroup> vxg = new ArrayList<VXGroup>(); - - for(VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()){ + + for (VXGroup vXGroup : vXUserGroupInfo.getXgroupInfo()) { VXGroup VvXGroup = xGroupService.createXGroupWithOutLogin(vXGroup); vxg.add(VvXGroup); VXGroupUser vXGroupUser = new VXGroupUser(); vXGroupUser.setUserId(vXUser.getId()); vXGroupUser.setName(VvXGroup.getName()); - vXGroupUser = xGroupUserService.createXGroupUserWithOutLogin(vXGroupUser); + vXGroupUser = xGroupUserService + .createXGroupUserWithOutLogin(vXGroupUser); } - + vxUGInfo.setXgroupInfo(vxg); - + return vxUGInfo; } - public VXUser createXUserWithOutLogin(VXUser vXUser) { + public VXUser createXUserWithOutLogin(VXUser vXUser) { return xUserService.createXUserWithOutLogin(vXUser); } @@ -534,4 +651,178 @@ public class XUserMgr extends XUserMgrBase { vObj = xGroupService.updateResource(vObj); } } + public void checkPermissionRoleByGivenUrls(String enteredURL,String method) + { + Long currentUserId=ContextUtil.getCurrentUserId(); + List<String> notPermittedUrls=daoManager.getXXModuleDef().findModuleURLOfPemittedModules(currentUserId); + if(notPermittedUrls!=null ) + { + + boolean flag=false; + for(String notPermittedUrl:notPermittedUrls) + { + if(enteredURL.toLowerCase().contains(notPermittedUrl.toLowerCase())) + flag=true; + } + List<XXPortalUserRole> xPortalUserRoles=daoManager.getXXPortalUserRole().findByUserId(currentUserId); + for(XXPortalUserRole xPortalUserRole:xPortalUserRoles) + { + if(xPortalUserRole.getUserRole().equalsIgnoreCase(RangerConstants.ROLE_USER)&& !method.equalsIgnoreCase("GET")) + { + flag=true; + } + } + if(flag) + { + throw restErrorUtil.create403RESTException("Access Denied"); + } + } + } + public List<VXPortalUser> updateExistingUserExisting() + { + List<XXPortalUser> allPortalUser=daoManager.getXXPortalUser().findAllXPortalUser(); + List<VXPortalUser> vPortalUsers= new ArrayList<VXPortalUser>(); + for(XXPortalUser xPortalUser:allPortalUser) + { + VXPortalUser vPortalUser =xPortalUserService.populateViewBean(xPortalUser); + vPortalUsers.add(vPortalUser); + vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId())); + assignPermissionToUser(vPortalUser,false); + } + + return vPortalUsers; + + } + + // Module permissions + public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) { + return xModuleDefService.createResource(vXModuleDef); + } + + public VXModuleDef getXModuleDefPermission(Long id) { + return xModuleDefService.readResource(id); + } + + public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) { + List<VXGroupPermission> groupPermListNew = vXModuleDef + .getGroupPermList(); + List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList(); + + List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>(); + List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>(); + XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById( + vXModuleDef.getId()); + VXModuleDef vModuleDefPopulateOld = xModuleDefService + .populateViewBean(xModuleDef); + + List<XXGroupPermission> xgroupPermissionList = daoManager + .getXXGroupPermission().findByModuleId(vXModuleDef.getId(),true); + + for (XXGroupPermission xGrpPerm : xgroupPermissionList) { + VXGroupPermission vXGrpPerm = xGroupPermissionService + .populateViewBean(xGrpPerm); + groupPermListOld.add(vXGrpPerm); + } + vModuleDefPopulateOld.setGroupPermList(groupPermListOld); + + List<XXUserPermission> xuserPermissionList = daoManager + .getXXUserPermission().findByModuleId(vXModuleDef.getId(),true); + + for (XXUserPermission xUserPerm : xuserPermissionList) { + VXUserPermission vUserPerm = xUserPermissionService + .populateViewBean(xUserPerm); + userPermListOld.add(vUserPerm); + } + vModuleDefPopulateOld.setUserPermList(userPermListOld); + + if (groupPermListOld != null && groupPermListNew != null) { + for (VXGroupPermission newVXGroupPerm : groupPermListNew) { + + boolean isExist = false; + + for (VXGroupPermission oldVXGroupPerm : groupPermListOld) { + if (newVXGroupPerm.getModuleId().equals( + oldVXGroupPerm.getModuleId()) + && newVXGroupPerm.getGroupId().equals( + oldVXGroupPerm.getGroupId())) { + oldVXGroupPerm.setIsAllowed(newVXGroupPerm + .getIsAllowed()); + oldVXGroupPerm = xGroupPermissionService + .updateResource(oldVXGroupPerm); + isExist = true; + } + } + if (!isExist) { + newVXGroupPerm = xGroupPermissionService + .createResource(newVXGroupPerm); + } + } + } + + if (userPermListOld != null && userPermListNew != null) { + for (VXUserPermission newVXUserPerm : userPermListNew) { + + boolean isExist = false; + for (VXUserPermission oldVXUserPerm : userPermListOld) { + if (newVXUserPerm.getModuleId().equals( + oldVXUserPerm.getModuleId()) + && newVXUserPerm.getUserId().equals( + oldVXUserPerm.getUserId())) { + oldVXUserPerm + .setIsAllowed(newVXUserPerm.getIsAllowed()); + oldVXUserPerm = xUserPermissionService + .updateResource(oldVXUserPerm); + isExist = true; + } + } + if (!isExist) { + newVXUserPerm = xUserPermissionService + .createResource(newVXUserPerm); + + } + } + } + return xModuleDefService.updateResource(vXModuleDef); + } + + public void deleteXModuleDefPermission(Long id, boolean force) { + xModuleDefService.deleteResource(id); + } + + // User permission + public VXUserPermission createXUserPermission(VXUserPermission vXUserPermission) { + return xUserPermissionService.createResource(vXUserPermission); + } + + public VXUserPermission getXUserPermission(Long id) { + return xUserPermissionService.readResource(id); + } + + public VXUserPermission updateXUserPermission( + VXUserPermission vXUserPermission) { + + return xUserPermissionService.updateResource(vXUserPermission); + } + + public void deleteXUserPermission(Long id, boolean force) { + xUserPermissionService.deleteResource(id); + } + + // Group permission + public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) { + return xGroupPermissionService.createResource(vXGroupPermission); + } + + public VXGroupPermission getXGroupPermission(Long id) { + return xGroupPermissionService.readResource(id); + } + + public VXGroupPermission updateXGroupPermission(VXGroupPermission vXGroupPermission) { + return xGroupPermissionService.updateResource(vXGroupPermission); + } + + public void deleteXGroupPermission(Long id, boolean force) { + xGroupPermissionService.deleteResource(id); + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java index b20ce31..a89bf8d 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java @@ -24,9 +24,12 @@ import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.service.XAuditMapService; import org.apache.ranger.service.XGroupGroupService; +import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XGroupService; import org.apache.ranger.service.XGroupUserService; +import org.apache.ranger.service.XModuleDefService; import org.apache.ranger.service.XPermMapService; +import org.apache.ranger.service.XUserPermissionService; import org.apache.ranger.service.XUserService; import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXAuditMapList; @@ -34,13 +37,16 @@ import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXGroupGroup; import org.apache.ranger.view.VXGroupGroupList; import org.apache.ranger.view.VXGroupList; +import org.apache.ranger.view.VXGroupPermissionList; import org.apache.ranger.view.VXGroupUser; import org.apache.ranger.view.VXGroupUserList; import org.apache.ranger.view.VXLong; +import org.apache.ranger.view.VXModuleDefList; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserList; +import org.apache.ranger.view.VXUserPermissionList; import org.springframework.beans.factory.annotation.Autowired; public class XUserMgrBase { @@ -62,6 +68,15 @@ public class XUserMgrBase { @Autowired XPermMapService xPermMapService; + @ Autowired + XModuleDefService xModuleDefService; + + @ Autowired + XUserPermissionService xUserPermissionService; + + @ Autowired + XGroupPermissionService xGroupPermissionService; + @Autowired XAuditMapService xAuditMapService; public VXGroup getXGroup(Long id){ @@ -262,4 +277,30 @@ public class XUserMgrBase { xAuditMapService.searchFields); } + public VXModuleDefList searchXModuleDef(SearchCriteria searchCriteria) { + return xModuleDefService.searchModuleDef(searchCriteria); + } + + public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) { + return xUserPermissionService.searchXUserPermission(searchCriteria); + } + + public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) { + return xGroupPermissionService.searchXGroupPermission(searchCriteria); + } + + public VXLong getXModuleDefSearchCount(SearchCriteria searchCriteria) { + return xModuleDefService.getSearchCount(searchCriteria, + xModuleDefService.searchFields); + } + + public VXLong getXUserPermissionSearchCount(SearchCriteria searchCriteria) { + return xUserPermissionService.getSearchCount(searchCriteria, + xUserPermissionService.searchFields); + } + + public VXLong getXGroupPermissionSearchCount(SearchCriteria searchCriteria){ + return xGroupPermissionService.getSearchCount(searchCriteria, + xGroupPermissionService.searchFields); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java index b85f975..a5ecff7 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/AppConstants.java @@ -507,9 +507,22 @@ public class AppConstants extends RangerCommonEnums { public static final int CLASS_TYPE_XA_SERVICE_DEF = 1033; /** + * CLASS_TYPE_RANGER_MODULE_DEF is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_MODULE_DEF". + */ + public static final int CLASS_TYPE_RANGER_MODULE_DEF = 1034; + /** + * CLASS_TYPE_RANGER_USER_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_USER_PERMISSION". + */ + public static final int CLASS_TYPE_RANGER_USER_PERMISSION = 1035; + /** + * CLASS_TYPE_RANGER_GROUP_PERMISSION is an element of enum ClassTypes. Its value is "CLASS_TYPE_RANGER_GROUP_PERMISSION". + */ + public static final int CLASS_TYPE_RANGER_GROUP_PERMISSION = 1036; + + /** * Max value for enum ClassTypes_MAX */ - public static final int ClassTypes_MAX = 1033; + public static final int ClassTypes_MAX = 1036; /*************************************************************** * Enum values for Default SortOrder http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java index c02998d..701847f 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerCommonEnums.java @@ -27,6 +27,14 @@ public class RangerCommonEnums { /*************************************************************** + * Enum values for AllowedPermission + **************************************************************/ + /** + * IS_ALLOWED is an element of enum AllowedPermission. Its value is "IS_ALLOWED". + */ + public static final int IS_ALLOWED = 1; + + /*************************************************************** * Enum values for VisibilityStatus **************************************************************/ /** http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java index b09b21a..77b51db 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java @@ -17,153 +17,161 @@ * under the License. */ - /** - * - */ - -package org.apache.ranger.common; - -public class RangerConstants extends RangerCommonEnums { - - // Default Roles - public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN"; - public final static String ROLE_ADMIN = "ROLE_ADMIN"; - public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR"; - public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST"; - public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR"; - - public final static String ROLE_USER = "ROLE_USER"; - public final static String ROLE_ANON = "ROLE_ANON"; - public final static String ROLE_OTHER = "ROLE_OTHER"; - public final static String GROUP_PUBLIC = "public"; - // Action constants - public final static String ACTION_EDIT = "edit"; - public final static String ACTION_CHANGE = "change"; - public final static String ACTION_DELETE = "delete"; - public final static String ACTION_MARK_SPAM = "mark_spam"; - public final static String ACTION_RATE = "rate"; - public final static String ACTION_SELECT = "select"; - public final static String ACTION_UNSELECT = "unselect"; - public final static String ACTION_HIDE = "hide"; - public final static String ACTION_UNHIDE = "unhide"; - public final static String ACTION_SHARE = "share"; - public final static String ACTION_UNSHARE = "unshare"; - public final static String ACTION_BOOKMARK = "bookmark"; - public final static String ACTION_UNBOOKMARK = "unbookmark"; - - // Sendgrid email API constants - public static final String SENDGRID_API_USER = "api_user"; - public static final String SENDGRID_API_KEY = "api_key"; - public static final String SENDGRID_TO = "to"; - public static final String SENDGRID_TO_NAME = "toname"; - public static final String SENDGRID_SUBJECT = "subject"; - public static final String SENDGRID_TEXT = "text"; - public static final String SENDGRID_HTML = "html"; - public static final String SENDGRID_FROM_EMAIL = "from"; - public static final String SENDGRID_FROM_NAME = "fromname"; - public static final String SENDGRID_BCC = "bcc"; - public static final String SENDGRID_CC = "cc"; - public static final String SENDGRID_REPLY_TO = "replyto"; - - // User create validation errors - public enum ValidationUserProfile { - - NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr", - "Email address not provided"), INVALID_EMAIL_ADDR( - "xa.validation.userprofile.userprofile.invalid_email_addr", - "Invalid email address"), NO_FIRST_NAME( - "xa.validation.userprofile.userprofile.no_first_name", - "First name not provided"), INVALID_FIRST_NAME( - "xa.validation.userprofile.invalid_first_name", - "Invalid first name"), NO_LAST_NAME( - "xa.validation.userprofile.noemailaddr", - "Email address not provided"), INVALID_LAST_NAME( - "xa.validation.userprofile.noemailaddr", - "Email address not provided"), NO_PUBLIC_SCREEN_NAME( - "xa.validation.userprofile.noemailaddr", - "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME( - "xa.validation.userprofile.noemailaddr", - "Email address not provided"); - - String rbKey; - String message; - - ValidationUserProfile(String rbKey, String message) { - this.rbKey = rbKey; - this.message = message; - } - }; - - // these constants will be used in setting GjResponse object. - - public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>."; - public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0; - - public final static String USER_APPROVAL_MSG = "User is approved"; - public final static int USER_APPROVAL_STATUS_CODE = 1; - - public final static String USER_REJECTION_MSG = "User is rejected"; - public final static int USER_REJECTION_STATUS_CODE = 1; - - public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected"; - public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0; - - public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'"; - public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0; - - public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first."; - public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0; - - public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address"; - public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0; - - public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code"; - public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0; - - public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address"; - public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1; - - public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:"; - public final static String NO_ACTIVATION_ENTRY = "activation entry not found"; - - public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for"; - public final static int VALIDATION_INVALID_DATA_CODE = 0; - public static final String GROUP_MODERATORS = "GROUP_MODERATORS"; - - // public final static String EMAIL_WELCOME_MSG = - // "Welcome to iSchoolCircle"; - // public final static String EMAIL_LINK_WELCOME_MSG = - // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: "; - // public static final String EMAIL_EDIT_REJECTED_MSG = - // "Your changes not approved for public sharing."; - // public static final String EMAIL_APPROVAL_NEEDED_MSG = - // "New objects pending approval"; - // public static final String EMAIL_PWD_RESET_CODE_MSG = - // "iSchoolCircle - Password Reset"; - - public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request"; - - public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password"; - public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from"; - public static final int INITIAL_DOCUMENT_VERSION = 1; - - public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0; - public static final int EMAIL_TYPE_USER_CREATE = 1; - public static final int EMAIL_TYPE_USER_ACCT_ADD = 2; - public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3; - public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4; - public static final int EMAIL_TYPE_NOTE_CREATE = 5; - public static final int EMAIL_TYPE_TASK_CREATE = 6; - public static final int EMAIL_TYPE_USER_PASSWORD = 7; - public static final int EMAIL_TYPE_USER_ACTIVATION = 8; - public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9; - public static final int EMAIL_TYPE_USER_GRP_ADD = 10; - - public static enum RBAC_PERM { - ALLOW_NONE, - ALLOW_READ, - ALLOW_WRITE, - ALLOW_DELETE - } - -} + /** + * + */ + +package org.apache.ranger.common; + +public class RangerConstants extends RangerCommonEnums { + + // Default Roles + public final static String ROLE_SYS_ADMIN = "ROLE_SYS_ADMIN"; + public final static String ROLE_ADMIN = "ROLE_ADMIN"; + public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR"; + public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST"; + public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR"; + + public final static String ROLE_USER = "ROLE_USER"; + public final static String ROLE_ANON = "ROLE_ANON"; + public final static String ROLE_OTHER = "ROLE_OTHER"; + public final static String GROUP_PUBLIC = "public"; + // Action constants + public final static String ACTION_EDIT = "edit"; + public final static String ACTION_CHANGE = "change"; + public final static String ACTION_DELETE = "delete"; + public final static String ACTION_MARK_SPAM = "mark_spam"; + public final static String ACTION_RATE = "rate"; + public final static String ACTION_SELECT = "select"; + public final static String ACTION_UNSELECT = "unselect"; + public final static String ACTION_HIDE = "hide"; + public final static String ACTION_UNHIDE = "unhide"; + public final static String ACTION_SHARE = "share"; + public final static String ACTION_UNSHARE = "unshare"; + public final static String ACTION_BOOKMARK = "bookmark"; + public final static String ACTION_UNBOOKMARK = "unbookmark"; + + // Sendgrid email API constants + public static final String SENDGRID_API_USER = "api_user"; + public static final String SENDGRID_API_KEY = "api_key"; + public static final String SENDGRID_TO = "to"; + public static final String SENDGRID_TO_NAME = "toname"; + public static final String SENDGRID_SUBJECT = "subject"; + public static final String SENDGRID_TEXT = "text"; + public static final String SENDGRID_HTML = "html"; + public static final String SENDGRID_FROM_EMAIL = "from"; + public static final String SENDGRID_FROM_NAME = "fromname"; + public static final String SENDGRID_BCC = "bcc"; + public static final String SENDGRID_CC = "cc"; + public static final String SENDGRID_REPLY_TO = "replyto"; + + //Permission Names + public static final String MODULE_POLICY_MANAGER="Policy Manager"; + public static final String MODULE_USER_GROUPS="Users/Groups"; + public static final String MODULE_ANALYTICS="Analytics"; + public static final String MODULE_AUDIT="Audit"; + public static final String MODULE_PERMISSION="Permissions"; + public static final String MODULE_KMS="KMS"; + + // User create validation errors + public enum ValidationUserProfile { + + NO_EMAIL_ADDR("xa.validation.userprofile.no_email_addr", + "Email address not provided"), INVALID_EMAIL_ADDR( + "xa.validation.userprofile.userprofile.invalid_email_addr", + "Invalid email address"), NO_FIRST_NAME( + "xa.validation.userprofile.userprofile.no_first_name", + "First name not provided"), INVALID_FIRST_NAME( + "xa.validation.userprofile.invalid_first_name", + "Invalid first name"), NO_LAST_NAME( + "xa.validation.userprofile.noemailaddr", + "Email address not provided"), INVALID_LAST_NAME( + "xa.validation.userprofile.noemailaddr", + "Email address not provided"), NO_PUBLIC_SCREEN_NAME( + "xa.validation.userprofile.noemailaddr", + "Email address not provided"), INVALID_PUBLIC_SCREEN_NAME( + "xa.validation.userprofile.noemailaddr", + "Email address not provided"); + + String rbKey; + String message; + + ValidationUserProfile(String rbKey, String message) { + this.rbKey = rbKey; + this.message = message; + } + }; + + // these constants will be used in setting GjResponse object. + + public final static String USER_PENDING_APPROVAL_MSG = "User is yet not reviewed by Administrator. Please contact at <number>."; + public final static int USER_PENDING_APPROVAL_STATUS_CODE = 0; + + public final static String USER_APPROVAL_MSG = "User is approved"; + public final static int USER_APPROVAL_STATUS_CODE = 1; + + public final static String USER_REJECTION_MSG = "User is rejected"; + public final static int USER_REJECTION_STATUS_CODE = 1; + + public final static String USER_STATUS_ALREADY_CHANGED_MSG = "Can not change user status. it is either already activated/approved/rejected"; + public final static int USER_STATUS_ALREADY_CHANGED_STATUS_CODE = 0; + + public final static String USER_ALREADY_ACTIVATED_MSG = "Your account is already activated. If you have forgotten your password, then from the login page, select 'Forgot Password'"; + public final static int USER_ALREADY_ACTIVATED_STATUS_CODE = 0; + + public final static String USER_STATUS_NOT_ACTIVE_MSG = "User is not in active status. Please activate your account first."; + public final static int USER_STATUS_NOT_ACTIVE_STATUS_CODE = 0; + + public final static String INVALID_EMAIL_ADDRESS_MSG = "Invalid email address"; + public final static int INVALID_EMAIL_ADDRESS_STATUS_CODE = 0; + + public final static String WRONG_ACTIVATION_CODE_MSG = "Wrong activation code"; + public final static int WRONG_ACTIVATION_CODE_STATUS_CODE = 0; + + public final static String VALID_EMAIL_ADDRESS_MSG = "Valid email address"; + public final static int VALID_EMAIL_ADDRESS_STATUS_CODE = 1; + + public final static String NO_ACTIVATION_RECORD_FOR_USER_ERR_MSG = "No activation record found for user:"; + public final static String NO_ACTIVATION_ENTRY = "activation entry not found"; + + public final static String VALIDATION_INVALID_DATA_DESC = "Invalid value for"; + public final static int VALIDATION_INVALID_DATA_CODE = 0; + public static final String GROUP_MODERATORS = "GROUP_MODERATORS"; + + // public final static String EMAIL_WELCOME_MSG = + // "Welcome to iSchoolCircle"; + // public final static String EMAIL_LINK_WELCOME_MSG = + // "Welcome to iSchoolCircle ! Please verify your account by clicking on the link below: "; + // public static final String EMAIL_EDIT_REJECTED_MSG = + // "Your changes not approved for public sharing."; + // public static final String EMAIL_APPROVAL_NEEDED_MSG = + // "New objects pending approval"; + // public static final String EMAIL_PWD_RESET_CODE_MSG = + // "iSchoolCircle - Password Reset"; + + public final static String PWD_RESET_FAILED_MSG = "Invalid password reset request"; + + public final static String INVALID_NEW_PASSWORD_MSG = "Invalid new password"; + public static final String EMAIL_NEW_FEEDBACK_RECEIVED = "New feedback from"; + public static final int INITIAL_DOCUMENT_VERSION = 1; + + public static final int EMAIL_TYPE_ACCOUNT_CREATE = 0; + public static final int EMAIL_TYPE_USER_CREATE = 1; + public static final int EMAIL_TYPE_USER_ACCT_ADD = 2; + public static final int EMAIL_TYPE_DOCUMENT_CREATE = 3; + public static final int EMAIL_TYPE_DISCUSSION_CREATE = 4; + public static final int EMAIL_TYPE_NOTE_CREATE = 5; + public static final int EMAIL_TYPE_TASK_CREATE = 6; + public static final int EMAIL_TYPE_USER_PASSWORD = 7; + public static final int EMAIL_TYPE_USER_ACTIVATION = 8; + public static final int EMAIL_TYPE_USER_ROLE_UPDATED = 9; + public static final int EMAIL_TYPE_USER_GRP_ADD = 10; + + public static enum RBAC_PERM { + ALLOW_NONE, + ALLOW_READ, + ALLOW_WRITE, + ALLOW_DELETE + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java index 920c12d..5d536ac 100644 --- a/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java +++ b/security-admin/src/main/java/org/apache/ranger/credentialapi/CredentialReader.java @@ -31,7 +31,7 @@ public class CredentialReader { public static String getDecryptedString(String CrendentialProviderPath,String alias) { String credential=null; try{ - if(CrendentialProviderPath==null || alias==null){ + if(CrendentialProviderPath==null || alias==null||CrendentialProviderPath.trim().isEmpty()||alias.trim().isEmpty()){ return null; } char[] pass = null; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java index 962eb02..2dd0797 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java +++ b/security-admin/src/main/java/org/apache/ranger/db/RangerDaoManagerBase.java @@ -143,7 +143,15 @@ public abstract class RangerDaoManagerBase { if (classType == AppConstants.CLASS_TYPE_XA_DATA_HIST) { return getXXDataHist(); } - + if (classType == AppConstants.CLASS_TYPE_RANGER_MODULE_DEF) { + return getXXModuleDef(); + } + if (classType == AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION) { + return getXXUserPermission(); + } + if (classType == AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION) { + return getXXUserPermission(); + } logger.error("No DaoManager found for classType=" + classType, new Throwable()); return null; @@ -255,6 +263,15 @@ public abstract class RangerDaoManagerBase { if (className.equals("XXDataHist")) { return getXXDataHist(); } + if (className.equals("XXModuleDef")) { + return getXXModuleDef(); + } + if (className.equals("XXUserPermission")) { + return getXXUserPermission(); + } + if (className.equals("XXGroupPermission")) { + return getXXGroupPermission(); + } logger.error("No DaoManager found for className=" + className, new Throwable()); return null; @@ -407,5 +424,17 @@ public abstract class RangerDaoManagerBase { return new XXDataHistDao(this); } + public XXModuleDefDao getXXModuleDef(){ + return new XXModuleDefDao(this); + } + + public XXUserPermissionDao getXXUserPermission(){ + return new XXUserPermissionDao(this); + } + + public XXGroupPermissionDao getXXGroupPermission(){ + return new XXGroupPermissionDao(this); + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java new file mode 100644 index 0000000..1be3148 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java @@ -0,0 +1,86 @@ +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.log4j.Logger; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.entity.XXUserPermission; + +public class XXGroupPermissionDao extends BaseDao<XXGroupPermission> { + + static final Logger logger = Logger.getLogger(XXGroupPermissionDao.class); + + public XXGroupPermissionDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXGroupPermission> findByModuleId(Long moduleId, + boolean isUpdate) { + if (moduleId != null) { + try { + if (isUpdate) { + return getEntityManager() + .createNamedQuery( + "XXGroupPermissionUpdate.findByModuleId", + XXGroupPermission.class) + .setParameter("moduleId", moduleId).getResultList(); + } + return getEntityManager() + .createNamedQuery( + "XXGroupPermissionUpdates.findByModuleId", + XXGroupPermission.class) + .setParameter("moduleId", moduleId) + .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourcegropuIdId not provided."); + return new ArrayList<XXGroupPermission>(); + } + return null; + } + + public List<XXGroupPermission> findByGroupPermissionId(Long groupId) { + if (groupId != null) { + try { + return getEntityManager() + .createNamedQuery( + "XXGroupPermission.findByGroupPermissionId", + XXGroupPermission.class) + .setParameter("groupId", groupId).getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourcegropuIdId not provided."); + return new ArrayList<XXGroupPermission>(); + } + return null; + } + public List<XXGroupPermission> findbyVXPoratUserId(Long userId) { + if (userId != null) { + try { + return getEntityManager() + .createNamedQuery( + "XXGroupPermission.findByVXPoratUserId", + XXGroupPermission.class) + .setParameter("userId", userId) + .setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourcegropuIdId not provided."); + return new ArrayList<XXGroupPermission>(); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java new file mode 100644 index 0000000..85cc41b --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXModuleDefDao.java @@ -0,0 +1,101 @@ +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.log4j.Logger; +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXModuleDef; + +public class XXModuleDefDao extends BaseDao<XXModuleDef>{ + + static final Logger logger = Logger.getLogger(XXModuleDefDao.class); + + public XXModuleDefDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public XXModuleDef findByModuleName(String moduleName){ + if (moduleName == null) { + return null; + } + try { + + return (XXModuleDef) getEntityManager() + .createNamedQuery("XXModuleDef.findByModuleName") + .setParameter("moduleName", moduleName) + .getSingleResult(); + } catch (Exception e) { + + } + return null; + } + + + public XXModuleDef findByModuleId(Long id) { + if(id == null) { + return new XXModuleDef(); + } + try { + List<XXModuleDef> xxModuelDefs=getEntityManager() + .createNamedQuery("XXModuleDef.findByModuleId", tClass) + .setParameter("id", id).getResultList(); + return xxModuelDefs.get(0); + } catch (NoResultException e) { + return new XXModuleDef(); + } + } + @SuppressWarnings("unchecked") + public List<XXModuleDef> findModuleNamesWithIds() { + try { + return getEntityManager() + .createNamedQuery("XXModuleDef.findModuleNamesWithIds") + .getResultList(); + } catch (NoResultException e) { + return null; + } + } + + @SuppressWarnings("unchecked") + public List<String> findModuleURLOfPemittedModules(Long userId) { + try { + + String query="select"; + query+=" url"; + query+=" FROM"; + query+=" x_modules_master"; + query+=" WHERE"; + query+=" url NOT IN (SELECT "; + query+=" moduleMaster.url"; + query+=" FROM"; + query+=" x_modules_master moduleMaster,"; + query+=" x_user_module_perm userModulePermission"; + query+=" WHERE"; + query+=" moduleMaster.id = userModulePermission.module_id"; + query+=" AND userModulePermission.user_id = "+userId+")"; + query+=" AND "; + query+=" id NOT IN (SELECT DISTINCT"; + query+=" gmp.module_id"; + query+=" FROM"; + query+=" x_group_users xgu,"; + query+=" x_user xu,"; + query+=" x_group_module_perm gmp,"; + query+=" x_portal_user xpu"; + query+=" WHERE"; + query+=" xu.user_name = xpu.login_id"; + query+=" AND xu.id = xgu.user_id"; + query+=" AND xgu.p_group_id = gmp.group_id"; + query+=" AND xpu.id = "+userId+")"; + + return getEntityManager() + .createNativeQuery(query) + .getResultList(); + + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java index 9069f29..d3467f8 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java @@ -17,13 +17,13 @@ * under the License. */ - package org.apache.ranger.db; - +package org.apache.ranger.db; import java.util.List; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXPortalUserRole; public class XXPortalUserDao extends BaseDao<XXPortalUser> { @@ -76,4 +76,41 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> { .getResultList(); } + + public XXPortalUser findByXUserId(Long id) { + + List resultList = getEntityManager() + .createNamedQuery("XXPortalUser.findByXUserId") + .setParameter("id", id).getResultList(); + if (resultList.size() != 0) { + return (XXPortalUser) resultList.get(0); + } + return null; + } + + @SuppressWarnings("unchecked") + public List<XXPortalUser> findAllXPortalUser() { + + try { + return getEntityManager().createNamedQuery( + "XXPortalUser.findAllXPortalUser").getResultList(); + + } catch (Exception e) { + return null; + } + + } + @SuppressWarnings("unchecked") + public List<String> findXPortalUserRolebyXPortalUserId(Long userId) + { + try { + return getEntityManager() + .createNativeQuery("select user_role from x_portal_user_role where user_id="+userId+"") + .getResultList(); + + } catch (Exception e) { + return null; + } + + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java new file mode 100644 index 0000000..1147edb --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java @@ -0,0 +1,102 @@ +package org.apache.ranger.db; + +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + +import org.apache.log4j.Logger; +import org.apache.ranger.common.RangerCommonEnums; +import org.apache.ranger.common.db.BaseDao; +import org.apache.ranger.entity.XXGroupUser; +import org.apache.ranger.entity.XXUserPermission; + +public class XXUserPermissionDao extends BaseDao<XXUserPermission>{ + + static final Logger logger = Logger.getLogger(XXUserPermissionDao.class); + + public XXUserPermissionDao(RangerDaoManagerBase daoManager) { + super(daoManager); + } + + public List<XXUserPermission> findByModuleId(Long moduleId,boolean isUpdate) { + if (moduleId != null) { + try { + + if(isUpdate) + { + return getEntityManager() + .createNamedQuery("XXUserPermissionUpdates.findByModuleId", XXUserPermission.class) + .setParameter("moduleId", moduleId) + .getResultList(); + } + return getEntityManager() + .createNamedQuery("XXUserPermission.findByModuleId", XXUserPermission.class) + .setParameter("moduleId", moduleId) + .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourceUserId not provided."); + return new ArrayList<XXUserPermission>(); + } + return null; + } + + @SuppressWarnings("unchecked") + public List<XXUserPermission> findByUserPermissionIdAndIsAllowed(Long userId) { + if (userId != null) { + try { + return getEntityManager() + .createNamedQuery("XXUserPermission.findByUserPermissionIdAndIsAllowed") + .setParameter("userId", userId) + .setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourceUserId not provided."); + return new ArrayList<XXUserPermission>(); + } + return null; + } + + + public List<XXUserPermission> findByUserPermissionId(Long userId) { + if (userId != null) { + try { + return getEntityManager() + .createNamedQuery("XXUserPermission.findByUserPermissionId", XXUserPermission.class) + .setParameter("userId", userId) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourceUserId not provided."); + return new ArrayList<XXUserPermission>(); + } + return null; + } + + public List<XXUserPermission> findByModuleIdAndUserId(Long userId,Long moduleId) { + if (userId != null) { + try { + return getEntityManager() + .createNamedQuery("XXUserPermission.findByModuleIdAndUserId", XXUserPermission.class) + .setParameter("userId", userId) + .setParameter("moduleId", moduleId) + .getResultList(); + } catch (NoResultException e) { + logger.debug(e.getMessage()); + } + } else { + logger.debug("ResourceUserId not provided."); + return new ArrayList<XXUserPermission>(); + } + return null; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java new file mode 100644 index 0000000..f9190b8 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXGroupPermission.java @@ -0,0 +1,144 @@ +package org.apache.ranger.entity; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.SequenceGenerator; +import javax.persistence.Table; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.RangerCommonEnums; + +@Entity +@Table(name="x_group_module_perm") +@XmlRootElement + +public class XXGroupPermission extends XXDBBase implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + + @Id + @SequenceGenerator(name="X_GROUP_MODULE_PERM_SEQ",sequenceName="X_GROUP_MODULE_PERM_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="X_GROUP_MODULE_PERM_SEQ") + @Column(name="ID") + protected Long id; + + @Column(name="GROUP_ID" , nullable=false) + protected Long groupId; + + @Column(name="MODULE_ID" , nullable=false) + protected Long moduleId; + + @Column(name="IS_ALLOWED" , nullable=false) + protected Integer isAllowed; + + public XXGroupPermission() { + isAllowed = RangerCommonEnums.STATUS_ENABLED; + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + + /** + * @return the groupId + */ + public Long getGroupId() { + return groupId; + } + /** + * @param groupId the groupId to set + */ + public void setGroupId(Long groupId) { + this.groupId = groupId; + } + + /** + * @return the moduleId + */ + public Long getModuleId() { + return moduleId; + } + /** + * @param moduleId the moduleId to set + */ + public void setModuleId(Long moduleId) { + this.moduleId = moduleId; + } + + /** + * @return the isAllowed + */ + public Integer getIsAllowed() { + return isAllowed; + } + /** + * @param isAllowed the isAllowed to set + */ + public void setIsAllowed(Integer isAllowed) { + this.isAllowed = isAllowed; + } + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (!super.equals(obj)) + return false; + if (getClass() != obj.getClass()) + return false; + XXGroupPermission other = (XXGroupPermission) obj; + if (groupId == null) { + if (other.groupId != null) + return false; + } else if (!groupId.equals(other.groupId)) + return false; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (isAllowed == null) { + if (other.isAllowed != null) + return false; + } else if (!isAllowed.equals(other.isAllowed)) + return false; + if (moduleId == null) { + if (other.moduleId != null) + return false; + } else if (!moduleId.equals(other.moduleId)) + return false; + return true; + } + + @Override + public String toString() { + + String str = "XXGroupPermission={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "groupId={" + groupId + "} "; + str += "moduleId={" + moduleId + "} "; + str += "isAllowed={" + isAllowed + "} "; + str += "}"; + + return str; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java new file mode 100644 index 0000000..4a6645c --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXModuleDef.java @@ -0,0 +1,112 @@ +package org.apache.ranger.entity; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.SequenceGenerator; +import javax.persistence.Table; +import javax.xml.bind.annotation.XmlRootElement; +import org.apache.ranger.common.AppConstants; + +@Entity +@Table(name="x_modules_master") +@XmlRootElement +public class XXModuleDef extends XXDBBase implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + + @Id + @SequenceGenerator(name="X_MODULES_MASTER_SEQ",sequenceName="X_MODULES_MASTER_SEQ",allocationSize=1) + @GeneratedValue(strategy=GenerationType.AUTO,generator="X_MODULES_MASTER_SEQ") + @Column(name="ID") + protected Long id; + + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + + @Column(name="MODULE" , nullable=false) + protected String module; + /** + * @return the module + */ + public String getModule() { + return module; + } + /** + * @param module the module to set + */ + public void setModule(String module) { + this.module = module; + } + + @Column(name="URL" , nullable=false) + protected String url; + /** + * @return the url + */ + public String getUrl() { + return url; + } + /** + * @param url the url to set + */ + public void setUrl(String url) { + this.url = url; + } + + @Override + public int getMyClassType( ) { + return AppConstants.CLASS_TYPE_RANGER_MODULE_DEF; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (!super.equals(obj)) + return false; + if (getClass() != obj.getClass()) + return false; + XXModuleDef other = (XXModuleDef) obj; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (module == null) { + if (other.module != null) + return false; + } else if (!module.equals(other.module)) + return false; + if (url == null) { + if (other.url != null) + return false; + } else if (!url.equals(other.url)) + return false; + return true; + } + + @Override + public String toString() { + String str = "XXModuleDef={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "module={" + module + "} "; + str += "url={" + url + "} "; + str += "}"; + return str; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java new file mode 100644 index 0000000..cf33a18 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/XXUserPermission.java @@ -0,0 +1,151 @@ +package org.apache.ranger.entity; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.SequenceGenerator; +import javax.persistence.Table; +import javax.xml.bind.annotation.XmlRootElement; +import org.apache.ranger.common.AppConstants; +import org.apache.ranger.common.RangerCommonEnums; +import com.sun.research.ws.wadl.Application; + +@Entity +@Table(name = "x_user_module_perm") +@XmlRootElement +public class XXUserPermission extends XXDBBase implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + + @Id + @SequenceGenerator(name = "X_USER_MODULE_PERM_SEQ", sequenceName = "X_USER_MODULE_PERM_SEQ", allocationSize = 1) + @GeneratedValue(strategy = GenerationType.AUTO, generator = "X_USER_MODULE_PERM_SEQ") + @Column(name = "ID") + protected Long id; + + @Column(name = "USER_ID", nullable = false) + protected Long userId; + + @Column(name = "MODULE_ID", nullable = false) + protected Long moduleId; + + @Column(name = "IS_ALLOWED", nullable = false) + protected Integer isAllowed; + + public XXUserPermission(){ + isAllowed = RangerCommonEnums.IS_ALLOWED; + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + + /** + * @param id + * the id to set + */ + public void setId(Long id) { + this.id = id; + } + + /** + * @return the userId + */ + public Long getUserId() { + return userId; + } + + /** + * @param userId + * the userId to set + */ + public void setUserId(Long userId) { + this.userId = userId; + } + + /** + * @return the moduleId + */ + public Long getModuleId() { + return moduleId; + } + + /** + * @param moduleId + * the moduleId to set + */ + public void setModuleId(Long moduleId) { + this.moduleId = moduleId; + } + + /** + * @return the isAllowed + */ + public Integer getIsAllowed() { + return isAllowed; + } + + /** + * @param isAllowed + * the isAllowed to set + */ + public void setIsAllowed(Integer isAllowed) { + this.isAllowed = isAllowed; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) + return true; + if (!super.equals(obj)) + return false; + if (getClass() != obj.getClass()) + return false; + XXUserPermission other = (XXUserPermission) obj; + if (id == null) { + if (other.id != null) + return false; + } else if (!id.equals(other.id)) + return false; + if (isAllowed == null) { + if (other.isAllowed != null) + return false; + } else if (!isAllowed.equals(other.isAllowed)) + return false; + if (moduleId == null) { + if (other.moduleId != null) + return false; + } else if (!moduleId.equals(other.moduleId)) + return false; + if (userId == null) { + if (other.userId != null) + return false; + } else if (!userId.equals(other.userId)) + return false; + return true; + } + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION; + } + + @Override + public String toString() { + + String str = "VXUserPermission={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "userId={" + userId + "} "; + str += "moduleId={" + moduleId + "} "; + str += "isAllowed={" + isAllowed + "} "; + str += "}"; + + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java new file mode 100644 index 0000000..7a11656 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java @@ -0,0 +1,50 @@ +package org.apache.ranger.patch; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.XUserMgr; +import org.apache.ranger.util.CLIUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +@Component +public class PatchPersmissionModel_J10003 extends BaseLoader { + private static Logger logger = Logger.getLogger(PatchPersmissionModel_J10003.class); + + @Autowired + XUserMgr xUserMgr; + + public static void main(String[] args) { + logger.info("main()"); + try { + PatchPersmissionModel_J10003 loader = (PatchPersmissionModel_J10003) CLIUtil.getBean(PatchPersmissionModel_J10003.class); + loader.init(); + while (loader.isMoreToProcess()) { + loader.load(); + } + logger.info("Load complete. Exiting!!!"); + System.exit(0); + } catch (Exception e) { + logger.error("Error loading", e); + System.exit(1); + } + } + + @Override + public void init() throws Exception { + // Do Nothing + } + + @Override + public void execLoad() { + logger.info("==> PermissionPatch.execLoad()"); + try { + xUserMgr.updateExistingUserExisting(); + } catch (Exception e) { + logger.error("Error whille migrating data.", e); + } + logger.info("<== PermissionPatch.execLoad()"); + } + + @Override + public void printStats() { + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index beb4829..8f417bc 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -45,9 +45,12 @@ import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.service.AuthSessionService; import org.apache.ranger.service.XAuditMapService; import org.apache.ranger.service.XGroupGroupService; +import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XGroupService; import org.apache.ranger.service.XGroupUserService; +import org.apache.ranger.service.XModuleDefService; import org.apache.ranger.service.XPermMapService; +import org.apache.ranger.service.XUserPermissionService; import org.apache.ranger.service.XUserService; import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXAuditMapList; @@ -57,14 +60,21 @@ import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXGroupGroup; import org.apache.ranger.view.VXGroupGroupList; import org.apache.ranger.view.VXGroupList; +import org.apache.ranger.view.VXGroupPermission; +import org.apache.ranger.view.VXGroupPermissionList; import org.apache.ranger.view.VXGroupUser; import org.apache.ranger.view.VXGroupUserList; import org.apache.ranger.view.VXLong; +import org.apache.ranger.view.VXModuleDef; +import org.apache.ranger.view.VXModuleDefList; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; +import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserGroupInfo; import org.apache.ranger.view.VXUserList; +import org.apache.ranger.view.VXUserPermission; +import org.apache.ranger.view.VXUserPermissionList; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.security.access.prepost.PreAuthorize; @@ -72,6 +82,7 @@ import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Propagation; import org.springframework.transaction.annotation.Transactional; + @Path("xusers") @Component @Scope("request") @@ -90,6 +101,15 @@ public class XUserREST { XGroupService xGroupService; @Autowired + XModuleDefService xModuleDefService; + + @Autowired + XUserPermissionService xUserPermissionService; + + @Autowired + XGroupPermissionService xGroupPermissionService; + + @Autowired XUserService xUserService; @Autowired @@ -115,7 +135,7 @@ public class XUserREST { @Autowired AuthSessionService authSessionService; - + // Handle XGroup @GET @Path("/groups/{id}") @@ -635,4 +655,182 @@ public class XUserREST { return sessionMgr.getAuthSessionBySessionId(authSessionId); } + // Handle module permissions + @POST + @Path("/permission") + @Produces({ "application/xml", "application/json" }) + public VXModuleDef createXModuleDefPermission(VXModuleDef vXModuleDef) { + return xUserMgr.createXModuleDefPermission(vXModuleDef); + } + + @GET + @Path("/permission/{id}") + @Produces({ "application/xml", "application/json" }) + public VXModuleDef getXModuleDefPermission(@PathParam("id") Long id) { + return xUserMgr.getXModuleDefPermission(id); + } + + @PUT + @Path("/permission/{id}") + @Produces({ "application/xml", "application/json" }) + public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) { + return xUserMgr.updateXModuleDefPermission(vXModuleDef); + } + + @DELETE + @Path("/permission/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteXModuleDefPermission(@PathParam("id") Long id, + @Context HttpServletRequest request) { + boolean force = true; + xUserMgr.deleteXModuleDefPermission(id, force); + } + + @GET + @Path("/permission") + @Produces({ "application/xml", "application/json" }) + public VXModuleDefList searchXModuleDef(@Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xModuleDefService.sortFields); + + searchUtil.extractString(request, searchCriteria, "module", + "modulename", null); + + searchUtil.extractString(request, searchCriteria, "moduleDefList", + "id", null); + searchUtil.extractString(request, searchCriteria, "userName", + "userName", null); + searchUtil.extractString(request, searchCriteria, "groupName", + "groupName", null); + + return xUserMgr.searchXModuleDef(searchCriteria); + } + + @GET + @Path("/permission/count") + @Produces({ "application/xml", "application/json" }) + public VXLong countXModuleDef(@Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xModuleDefService.sortFields); + return xUserMgr.getXModuleDefSearchCount(searchCriteria); + } + + // Handle user permissions + @POST + @Path("/permission/user") + @Produces({ "application/xml", "application/json" }) + public VXUserPermission createXUserPermission( + VXUserPermission vXUserPermission) { + return xUserMgr.createXUserPermission(vXUserPermission); + } + + @GET + @Path("/permission/user/{id}") + @Produces({ "application/xml", "application/json" }) + public VXUserPermission getXUserPermission(@PathParam("id") Long id) { + return xUserMgr.getXUserPermission(id); + } + + @PUT + @Path("/permission/user/{id}") + @Produces({ "application/xml", "application/json" }) + public VXUserPermission updateXUserPermission( + VXUserPermission vXUserPermission) { + return xUserMgr.updateXUserPermission(vXUserPermission); + } + + @DELETE + @Path("/permission/user/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteXUserPermission(@PathParam("id") Long id, + @Context HttpServletRequest request) { + boolean force = true; + xUserMgr.deleteXUserPermission(id, force); + } + + @GET + @Path("/permission/user") + @Produces({ "application/xml", "application/json" }) + public VXUserPermissionList searchXUserPermission( + @Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xUserPermissionService.sortFields); + searchUtil.extractString(request, searchCriteria, "id", "id", + StringUtil.VALIDATION_NAME); + + searchUtil.extractString(request, searchCriteria, "userPermissionList", + "userId", StringUtil.VALIDATION_NAME); + return xUserMgr.searchXUserPermission(searchCriteria); + } + + @GET + @Path("/permission/user/count") + @Produces({ "application/xml", "application/json" }) + public VXLong countXUserPermission(@Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xUserPermissionService.sortFields); + return xUserMgr.getXUserPermissionSearchCount(searchCriteria); + } + + // Handle group permissions + @POST + @Path("/permission/group") + @Produces({ "application/xml", "application/json" }) + public VXGroupPermission createXGroupPermission( + VXGroupPermission vXGroupPermission) { + return xUserMgr.createXGroupPermission(vXGroupPermission); + } + + @GET + @Path("/permission/group/{id}") + @Produces({ "application/xml", "application/json" }) + public VXGroupPermission getXGroupPermission(@PathParam("id") Long id) { + return xUserMgr.getXGroupPermission(id); + } + + @PUT + @Path("/permission/group/{id}") + @Produces({ "application/xml", "application/json" }) + public VXGroupPermission updateXGroupPermission( + VXGroupPermission vXGroupPermission) { + return xUserMgr.updateXGroupPermission(vXGroupPermission); + } + + @DELETE + @Path("/permission/group/{id}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") + public void deleteXGroupPermission(@PathParam("id") Long id, + @Context HttpServletRequest request) { + boolean force = true; + xUserMgr.deleteXGroupPermission(id, force); + } + + @GET + @Path("/permission/group") + @Produces({ "application/xml", "application/json" }) + public VXGroupPermissionList searchXGroupPermission( + @Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xGroupPermissionService.sortFields); + searchUtil.extractString(request, searchCriteria, "id", "id", + StringUtil.VALIDATION_NAME); + searchUtil.extractString(request, searchCriteria, + "groupPermissionList", "groupId", StringUtil.VALIDATION_NAME); + return xUserMgr.searchXGroupPermission(searchCriteria); + } + + @GET + @Path("/permission/group/count") + @Produces({ "application/xml", "application/json" }) + public VXLong countXGroupPermission(@Context HttpServletRequest request) { + SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( + request, xGroupPermissionService.sortFields); + return xUserMgr.getXGroupPermissionSearchCount(searchCriteria); + } + @GET + @Path("/permission/existingusers/update") + @Produces({ "application/xml", "application/json" }) + public List<VXPortalUser> existingusersupdate(@Context HttpServletRequest request) { + return xUserMgr.updateExistingUserExisting(); + } }
