http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java index 7bd27c6..048d58c 100644 --- a/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java +++ b/security-admin/src/main/java/org/apache/ranger/security/web/filter/RangerSecurityContextFormationFilter.java @@ -1,135 +1,142 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package org.apache.ranger.security.web.filter; - -import java.io.IOException; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; - -import org.apache.log4j.Logger; -import org.apache.ranger.biz.SessionMgr; -import org.apache.ranger.common.GUIDUtil; -import org.apache.ranger.common.HTTPUtil; -import org.apache.ranger.common.PropertiesUtil; -import org.apache.ranger.common.RequestContext; -import org.apache.ranger.common.UserSessionBase; -import org.apache.ranger.entity.XXAuthSession; -import org.apache.ranger.security.context.RangerContextHolder; -import org.apache.ranger.security.context.RangerSecurityContext; -import org.apache.ranger.util.RestUtil; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.AnonymousAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.web.filter.GenericFilterBean; - -public class RangerSecurityContextFormationFilter extends GenericFilterBean { - - static Logger logger = Logger - .getLogger(RangerSecurityContextFormationFilter.class); - - public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT"; - public static final String USER_AGENT = "User-Agent"; - - @Autowired - SessionMgr sessionMgr; - - @Autowired - HTTPUtil httpUtil; - - String testIP = null; - - public RangerSecurityContextFormationFilter() { - testIP = PropertiesUtil.getProperty("xa.env.ip"); - } - - /* - * (non-Javadoc) - * - * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, - * javax.servlet.ServletResponse, javax.servlet.FilterChain) - */ - @Override - public void doFilter(ServletRequest request, ServletResponse response, - FilterChain chain) throws IOException, ServletException { - - try { - Authentication auth = SecurityContextHolder.getContext() - .getAuthentication(); - - if (auth instanceof AnonymousAuthenticationToken) { - // ignore - } else { - HttpServletRequest httpRequest = (HttpServletRequest) request; - HttpSession httpSession = httpRequest.getSession(false); - - // [1]get the context from session - RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); - int clientTimeOffset = 0; - if (context == null) { - context = new RangerSecurityContext(); - httpSession.setAttribute(AKA_SC_SESSION_KEY, context); - } - String userAgent = httpRequest.getHeader(USER_AGENT); - clientTimeOffset=RestUtil.getTimeOffset(httpRequest); - - // Get the request specific info - RequestContext requestContext = new RequestContext(); - String reqIP = testIP; - if (testIP == null) { - reqIP = httpRequest.getRemoteAddr(); - } - requestContext.setIpAddress(reqIP); - requestContext.setUserAgent(userAgent); - requestContext.setDeviceType(httpUtil - .getDeviceType(httpRequest)); - requestContext.setServerRequestId(GUIDUtil.genGUI()); - requestContext.setRequestURL(httpRequest.getRequestURI()); - - requestContext.setClientTimeOffsetInMinute(clientTimeOffset); - context.setRequestContext(requestContext); - - RangerContextHolder.setSecurityContext(context); - - UserSessionBase userSession = sessionMgr.processSuccessLogin( - XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); - - if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){ - userSession.setClientTimeOffsetInMinute(clientTimeOffset); - } - - context.setUserSession(userSession); - } - chain.doFilter(request, response); - - } finally { - // [4]remove context from thread-local - RangerContextHolder.resetSecurityContext(); - } - } -} +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + /** + * + */ +package org.apache.ranger.security.web.filter; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.ranger.biz.SessionMgr; +import org.apache.ranger.biz.XUserMgr; +import org.apache.ranger.common.GUIDUtil; +import org.apache.ranger.common.HTTPUtil; +import org.apache.ranger.common.PropertiesUtil; +import org.apache.ranger.common.RequestContext; +import org.apache.ranger.common.UserSessionBase; +import org.apache.ranger.entity.XXAuthSession; +import org.apache.ranger.security.context.RangerContextHolder; +import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.util.RestUtil; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.web.filter.GenericFilterBean; + +public class RangerSecurityContextFormationFilter extends GenericFilterBean { + + static Logger logger = Logger + .getLogger(RangerSecurityContextFormationFilter.class); + + public static final String AKA_SC_SESSION_KEY = "AKA_SECURITY_CONTEXT"; + public static final String USER_AGENT = "User-Agent"; + + @Autowired + SessionMgr sessionMgr; + + @Autowired + HTTPUtil httpUtil; + + @Autowired + XUserMgr xUserMgr; + + String testIP = null; + + public RangerSecurityContextFormationFilter() { + testIP = PropertiesUtil.getProperty("xa.env.ip"); + } + + /* + * (non-Javadoc) + * + * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, + * javax.servlet.ServletResponse, javax.servlet.FilterChain) + */ + @Override + public void doFilter(ServletRequest request, ServletResponse response, + FilterChain chain) throws IOException, ServletException { + + try { + Authentication auth = SecurityContextHolder.getContext() + .getAuthentication(); + + if (auth instanceof AnonymousAuthenticationToken) { + // ignore + } else { + HttpServletRequest httpRequest = (HttpServletRequest) request; + String httpMethod=httpRequest.getMethod(); + HttpSession httpSession = httpRequest.getSession(false); + + // [1]get the context from session + RangerSecurityContext context = (RangerSecurityContext) httpSession.getAttribute(AKA_SC_SESSION_KEY); + int clientTimeOffset = 0; + if (context == null) { + context = new RangerSecurityContext(); + httpSession.setAttribute(AKA_SC_SESSION_KEY, context); + } + String userAgent = httpRequest.getHeader(USER_AGENT); + clientTimeOffset=RestUtil.getTimeOffset(httpRequest); + + // Get the request specific info + RequestContext requestContext = new RequestContext(); + String reqIP = testIP; + if (testIP == null) { + reqIP = httpRequest.getRemoteAddr(); + } + requestContext.setIpAddress(reqIP); + requestContext.setUserAgent(userAgent); + requestContext.setDeviceType(httpUtil + .getDeviceType(httpRequest)); + requestContext.setServerRequestId(GUIDUtil.genGUI()); + requestContext.setRequestURL(httpRequest.getRequestURI()); + + requestContext.setClientTimeOffsetInMinute(clientTimeOffset); + context.setRequestContext(requestContext); + + RangerContextHolder.setSecurityContext(context); + + UserSessionBase userSession = sessionMgr.processSuccessLogin( + XXAuthSession.AUTH_TYPE_PASSWORD, userAgent); + + if(userSession!=null && userSession.getClientTimeOffsetInMinute()==0){ + userSession.setClientTimeOffsetInMinute(clientTimeOffset); + } + + context.setUserSession(userSession); + + xUserMgr.checkPermissionRoleByGivenUrls(httpRequest.getRequestURL().toString(),httpMethod); + } + chain.doFilter(request, response); + + } finally { + // [4]remove context from thread-local + RangerContextHolder.resetSecurityContext(); + } + } +}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/UserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/UserService.java b/security-admin/src/main/java/org/apache/ranger/service/UserService.java index 5fdca49..530244f 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/UserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/UserService.java @@ -32,9 +32,11 @@ import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; +import org.apache.ranger.entity.XXUserPermission; import org.apache.ranger.view.VXMessage; import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXResponse; +import org.apache.ranger.view.VXUserPermission; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Service; @@ -49,6 +51,9 @@ public class UserService extends UserServiceBase<XXPortalUser, VXPortalUser> { @Autowired RangerConfigUtil configUtil; + @Autowired + XUserPermissionService xUserPermissionService; + private static UserService instance = null; public UserService() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java new file mode 100644 index 0000000..670e264 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java @@ -0,0 +1,55 @@ +package org.apache.ranger.service; + +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.view.VXGroupPermission; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Service; + +@Service +@Scope("singleton") +public class XGroupPermissionService extends XGroupPermissionServiceBase<XXGroupPermission, VXGroupPermission>{ + + public static Long createdByUserId = 1L; + + @Autowired + RangerDaoManager rangerDaoManager; + + public XGroupPermissionService() { + searchFields.add(new SearchField("id", "obj.id", + SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); + + searchFields.add(new SearchField("groupPermissionList", "obj.groupId", + SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, + "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.groupId ")); + } + + @Override + protected void validateForCreate(VXGroupPermission vObj) { + + } + + @Override + protected void validateForUpdate(VXGroupPermission vObj, XXGroupPermission mObj) { + + } + + @Override + public VXGroupPermission populateViewBean(XXGroupPermission xObj) { + VXGroupPermission vObj = super.populateViewBean(xObj); + XXGroup xGroup = rangerDaoManager.getXXGroup().getById( + xObj.getGroupId()); + + if (xGroup == null) { + throw restErrorUtil.createRESTException(xGroup + " is Not Found", + MessageEnums.DATA_NOT_FOUND); + } + + vObj.setGroupName(xGroup.getName()); + return vObj; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java new file mode 100644 index 0000000..766d36c --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionServiceBase.java @@ -0,0 +1,60 @@ +package org.apache.ranger.service; + +import java.util.ArrayList; +import java.util.List; +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.view.VXGroupPermission; +import org.apache.ranger.view.VXGroupPermissionList; + +public abstract class XGroupPermissionServiceBase<T extends XXGroupPermission, V extends VXGroupPermission> + extends AbstractBaseResourceService<T, V> { + + public static final String NAME = "XGroupPermission"; + + public XGroupPermissionServiceBase() { + + } + + @SuppressWarnings("unchecked") + @Override + protected XXGroupPermission mapViewToEntityBean(VXGroupPermission vObj, + XXGroupPermission mObj, int OPERATION_CONTEXT) { + mObj.setGroupId(vObj.getGroupId()); + mObj.setModuleId(vObj.getModuleId()); + mObj.setIsAllowed(vObj.getIsAllowed()); + return mObj; + } + + @SuppressWarnings("unchecked") + @Override + protected VXGroupPermission mapEntityToViewBean(VXGroupPermission vObj, XXGroupPermission mObj) { + vObj.setGroupId(mObj.getGroupId()); + vObj.setModuleId(mObj.getModuleId()); + vObj.setIsAllowed(mObj.getIsAllowed()); + return vObj; + } + + /** + * @param searchCriteria + * @return + */ + public VXGroupPermissionList searchXGroupPermission(SearchCriteria searchCriteria) { + VXGroupPermissionList returnList = new VXGroupPermissionList(); + List<VXGroupPermission> vXGroupPermissions = new ArrayList<VXGroupPermission>(); + + @SuppressWarnings("unchecked") + List<XXGroupPermission> resultList = (List<XXGroupPermission>) searchResources( + searchCriteria, searchFields, sortFields, returnList); + + // Iterate over the result list and create the return list + for (XXGroupPermission gjXUser : resultList) { + @SuppressWarnings("unchecked") + VXGroupPermission vXGroupPermission = populateViewBean((T) gjXUser); + vXGroupPermissions.add(vXGroupPermission); + } + + returnList.setvXGroupPermission(vXGroupPermissions); + return returnList; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java new file mode 100644 index 0000000..705ba0c --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefService.java @@ -0,0 +1,99 @@ +package org.apache.ranger.service; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.ranger.common.RangerConstants; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.entity.XXModuleDef; +import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.view.VXGroupPermission; +import org.apache.ranger.view.VXModuleDef; +import org.apache.ranger.view.VXUserPermission; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Service; + +@Service +@Scope("singleton") +public class XModuleDefService extends + XModuleDefServiceBase<XXModuleDef, VXModuleDef> { + + public static Long createdByUserId = 1L; + + @Autowired + RangerDaoManager rangerDaoManager; + + @Autowired + XUserPermissionService xUserPermService; + + @Autowired + XGroupPermissionService xGrpPermService; + + public XModuleDefService(){ + searchFields.add(new SearchField("module", "obj.module", + SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.PARTIAL)); +searchFields + .add(new SearchField( + "userName", + "portalUser.loginId", + SearchField.DATA_TYPE.STRING, + SearchField.SEARCH_TYPE.PARTIAL, + " XXPortalUser portalUser, XXUserPermission userPermission", + "obj.id=userPermission.moduleId and portalUser.id=userPermission.userId and userPermission.isAllowed=" + + RangerConstants.IS_ALLOWED)); +searchFields + .add(new SearchField( + "groupName", + "group.name", + SearchField.DATA_TYPE.STRING, + SearchField.SEARCH_TYPE.PARTIAL, + "XXGroup group,XXGroupPermission groupModulePermission", + "obj.id=groupModulePermission.moduleId and groupModulePermission.groupId=group.id and groupModulePermission.isAllowed=")); +} + + @Override + protected void validateForCreate(VXModuleDef vObj) { + + } + + @Override + protected void validateForUpdate(VXModuleDef vObj, XXModuleDef mObj) { + + } + + @Override + public VXModuleDef populateViewBean(XXModuleDef xObj) { + + VXModuleDef vModuleDef = super.populateViewBean(xObj); + List<VXUserPermission> vXUserPermissionList = new ArrayList<VXUserPermission>(); + List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>(); + + List<XXUserPermission> xuserPermissionList = rangerDaoManager + .getXXUserPermission().findByModuleId(xObj.getId(), false); + List<XXGroupPermission> xgroupPermissionList = rangerDaoManager + .getXXGroupPermission().findByModuleId(xObj.getId(), false); + for (XXUserPermission xUserPerm : xuserPermissionList) { + + VXUserPermission vXUserPerm = xUserPermService + .populateViewBean(xUserPerm); + vXUserPermissionList.add(vXUserPerm); + + } + + for (XXGroupPermission xGrpPerm : xgroupPermissionList) { + + VXGroupPermission vXGrpPerm = xGrpPermService + .populateViewBean(xGrpPerm); + vXGroupPermissionList.add(vXGrpPerm); + + } + + vModuleDef.setUserPermList(vXUserPermissionList); + vModuleDef.setGroupPermList(vXGroupPermissionList); + return vModuleDef; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java new file mode 100644 index 0000000..6d07c07 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XModuleDefServiceBase.java @@ -0,0 +1,78 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.service; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXModuleDef; +import org.apache.ranger.view.VXModuleDef; +import org.apache.ranger.view.VXModuleDefList; + +public abstract class XModuleDefServiceBase<T extends XXModuleDef, V extends VXModuleDef> + extends AbstractBaseResourceService<T, V> { + + public static final String NAME = "XModuleDef"; + + public XModuleDefServiceBase() { + + } + + @SuppressWarnings("unchecked") + @Override + protected XXModuleDef mapViewToEntityBean(VXModuleDef vObj, XXModuleDef mObj, + int OPERATION_CONTEXT) { + mObj.setModule(vObj.getModule()); + mObj.setUrl(vObj.getUrl()); + return mObj; + } + + @SuppressWarnings("unchecked") + @Override + protected VXModuleDef mapEntityToViewBean(VXModuleDef vObj, XXModuleDef mObj) { + vObj.setModule(mObj.getModule()); + vObj.setUrl(mObj.getUrl()); + return vObj; + } + + /** + * @param searchCriteria + * @return + */ + public VXModuleDefList searchModuleDef(SearchCriteria searchCriteria) { + VXModuleDefList returnList = new VXModuleDefList(); + List<VXModuleDef> vXModuleDefList = new ArrayList<VXModuleDef>(); + + @SuppressWarnings("unchecked") + List<XXModuleDef> resultList = (List<XXModuleDef>)searchResources(searchCriteria, + searchFields, sortFields, returnList); + + // Iterate over the result list and create the return list + for (XXModuleDef gjXModuleDef : resultList) { + @SuppressWarnings("unchecked") + VXModuleDef vXModuleDef = populateViewBean((T)gjXModuleDef); + vXModuleDefList.add(vXModuleDef); + } + + returnList.setvXModuleDef(vXModuleDefList); + return returnList; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java new file mode 100644 index 0000000..92d6197 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java @@ -0,0 +1,57 @@ +package org.apache.ranger.service; + +import org.apache.ranger.common.MessageEnums; +import org.apache.ranger.common.SearchField; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXUser; +import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.view.VXUserPermission; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Service; +@Service +@Scope("singleton") +public class XUserPermissionService extends XUserPermissionServiceBase<XXUserPermission, VXUserPermission>{ + + public static Long createdByUserId = 1L; + + @Autowired + RangerDaoManager rangerDaoManager; + + public XUserPermissionService() { + searchFields.add(new SearchField("id", "obj.id", + SearchField.DATA_TYPE.STRING, SearchField.SEARCH_TYPE.FULL)); + + searchFields.add(new SearchField("userPermissionList", "obj.userId", + SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, + "XXModuleDef xXModuleDef", "xXModuleDef.id = obj.userId ")); + } + + @Override + protected void validateForCreate(VXUserPermission vObj) { + + } + + @Override + protected void validateForUpdate(VXUserPermission vObj, XXUserPermission mObj) { + + } + + @Override + public VXUserPermission populateViewBean(XXUserPermission xObj) { + VXUserPermission vObj = super.populateViewBean(xObj); + + XXPortalUser xUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId()); + if (xUser == null) { + xUser=rangerDaoManager.getXXPortalUser().findByXUserId(xObj.getUserId()); + if(xUser==null) + throw restErrorUtil.createRESTException(xUser + " is Not Found", + MessageEnums.DATA_NOT_FOUND); + } + + vObj.setUserName(xUser.getLoginId()); + return vObj; + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java new file mode 100644 index 0000000..54d0c0f --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java @@ -0,0 +1,61 @@ +package org.apache.ranger.service; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.view.VXUserPermission; +import org.apache.ranger.view.VXUserPermissionList; + +public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V extends VXUserPermission> + extends AbstractBaseResourceService<T, V> { + + public static final String NAME = "XUserPermission"; + + public XUserPermissionServiceBase() { + + } + + @SuppressWarnings("unchecked") + @Override + protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj, + XXUserPermission mObj, int OPERATION_CONTEXT) { + mObj.setUserId(vObj.getUserId()); + mObj.setModuleId(vObj.getModuleId()); + mObj.setIsAllowed(vObj.getIsAllowed()); + return mObj; + } + + @SuppressWarnings("unchecked") + @Override + protected VXUserPermission mapEntityToViewBean(VXUserPermission vObj, XXUserPermission mObj) { + vObj.setUserId(mObj.getUserId()); + vObj.setModuleId(mObj.getModuleId()); + vObj.setIsAllowed(mObj.getIsAllowed()); + return vObj; + } + + /** + * @param searchCriteria + * @return + */ + public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) { + VXUserPermissionList returnList = new VXUserPermissionList(); + List<VXUserPermission> vXUserPermissions = new ArrayList<VXUserPermission>(); + + @SuppressWarnings("unchecked") + List<XXUserPermission> resultList = (List<XXUserPermission>) searchResources( + searchCriteria, searchFields, sortFields, returnList); + + // Iterate over the result list and create the return list + for (XXUserPermission gjXUser : resultList) { + @SuppressWarnings("unchecked") + VXUserPermission vXUserPermission = populateViewBean((T) gjXUser); + vXUserPermissions.add(vXUserPermission); + } + + returnList.setvXModuleDef(vXUserPermissions); + return returnList; + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java new file mode 100644 index 0000000..fb54927 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermission.java @@ -0,0 +1,129 @@ +package org.apache.ranger.view; + +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement + +public class VXGroupPermission extends VXDataObject implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + + protected Long id; + protected Long groupId; + protected Long moduleId; + protected Integer isAllowed; + protected String moduleName; + + protected String groupName; + + public VXGroupPermission() { + // TODO Auto-generated constructor stub + } + + /** + * @return the id + */ + public Long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + + /** + * @return the groupId + */ + public Long getGroupId() { + return groupId; + } + + /** + * @param groupId the groupId to set + */ + public void setGroupId(Long groupId) { + this.groupId = groupId; + } + + /** + * @return the groupName + */ + public String getGroupName() { + return groupName; + } + + /** + * @param groupName the groupName to set + */ + public void setGroupName(String groupName) { + this.groupName = groupName; + } + + /** + * @return the moduleId + */ + public Long getModuleId() { + return moduleId; + } + + /** + * @param moduleId the moduleId to set + */ + public void setModuleId(Long moduleId) { + this.moduleId = moduleId; + } + + /** + * @return the isAllowed + */ + public Integer getIsAllowed() { + return isAllowed; + } + + /** + * @param isAllowed the isAllowed to set + */ + public void setIsAllowed(Integer isAllowed) { + this.isAllowed = isAllowed; + } + + public String getModuleName() { + return moduleName; + } + + public void setModuleName(String moduleName) { + this.moduleName = moduleName; + } + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_RANGER_GROUP_PERMISSION; + } + + @Override + public String toString() { + + String str = "VXGroupPermission={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "groupId={" + groupId + "} "; + str += "moduleId={" + moduleId + "} "; + str += "isAllowed={" + isAllowed + "} "; + str += "moduleName={" + moduleName + "} "; + str += "}"; + + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java new file mode 100644 index 0000000..0a243ef --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXGroupPermissionList.java @@ -0,0 +1,61 @@ +package org.apache.ranger.view; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.view.VList; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) + +public class VXGroupPermissionList extends VList { + + private static final long serialVersionUID = 1L; + + List<VXGroupPermission> vXGroupPermission = new ArrayList<VXGroupPermission>(); + + public VXGroupPermissionList() { + super(); + } + + public VXGroupPermissionList(List<VXGroupPermission> objList) { + super(objList); + this.vXGroupPermission = objList; + } + + /** + * @return the vXGroupPermission + */ + public List<VXGroupPermission> getvXGroupPermission() { + return vXGroupPermission; + } + + /** + * @param vXGroupPermission the vXGroupPermission to set + */ + public void setvXGroupPermission(List<VXGroupPermission> vXGroupPermission) { + this.vXGroupPermission = vXGroupPermission; + } + + @Override + public int getListSize() { + if (vXGroupPermission != null) { + return vXGroupPermission.size(); + } + return 0; + } + + @Override + public List<VXGroupPermission> getList() { + return vXGroupPermission; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java new file mode 100644 index 0000000..e0b8157 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDef.java @@ -0,0 +1,158 @@ +package org.apache.ranger.view; + +import java.util.Date; +import java.util.List; + +import javax.xml.bind.annotation.XmlRootElement; +import org.apache.ranger.entity.XXGroupPermission; +import org.apache.ranger.entity.XXUserPermission; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility=Visibility.NONE, setterVisibility=Visibility.NONE, fieldVisibility=Visibility.ANY) +@JsonSerialize(include=JsonSerialize.Inclusion.NON_NULL ) +@JsonIgnoreProperties(ignoreUnknown=true) +@XmlRootElement + +public class VXModuleDef extends VXDataObject implements java.io.Serializable { + + private static final long serialVersionUID = 1L; + + protected Long id; + protected Date createTime; + protected Date updateTime; + protected Long addedById; + protected Long updatedById; + protected String module; + protected String url; + + protected List<VXUserPermission> userPermList; + protected List<VXGroupPermission> groupPermList; + + /** + * @return the userPermList + */ + public List<VXUserPermission> getUserPermList() { + return userPermList; + } + /** + * @param userPermList the userPermList to set + */ + public void setUserPermList(List<VXUserPermission> userPermList) { + this.userPermList = userPermList; + } + /** + * @return the groupPermList + */ + public List<VXGroupPermission> getGroupPermList() { + return groupPermList; + } + /** + * @param groupPermList the groupPermList to set + */ + public void setGroupPermList(List<VXGroupPermission> groupPermList) { + this.groupPermList = groupPermList; + } + /** + * @return the id + */ + public Long getId() { + return id; + } + /** + * @param id the id to set + */ + public void setId(Long id) { + this.id = id; + } + /** + * @return the createTime + */ + public Date getCreateTime() { + return createTime; + } + /** + * @param createTime the createTime to set + */ + public void setCreateTime(Date createTime) { + this.createTime = createTime; + } + /** + * @return the updateTime + */ + public Date getUpdateTime() { + return updateTime; + } + /** + * @param updateTime the updateTime to set + */ + public void setUpdateTime(Date updateTime) { + this.updateTime = updateTime; + } + /** + * @return the addedById + */ + public Long getAddedById() { + return addedById; + } + /** + * @param addedById the addedById to set + */ + public void setAddedById(Long addedById) { + this.addedById = addedById; + } + /** + * @return the updatedById + */ + public Long getUpdatedById() { + return updatedById; + } + /** + * @param updatedById the updatedById to set + */ + public void setUpdatedById(Long updatedById) { + this.updatedById = updatedById; + } + /** + * @return the module + */ + public String getModule() { + return module; + } + /** + * @param module the module to set + */ + public void setModule(String module) { + this.module = module; + } + /** + * @return the url + */ + public String getUrl() { + return url; + } + /** + * @param url the url to set + */ + public void setUrl(String url) { + this.url = url; + } + + @Override + public String toString() { + + String str = "VXModuleDef={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "createTime={" + createTime + "} "; + str += "updateTime={" + updateTime + "} "; + str += "addedById={" + addedById + "} "; + str += "updatedById={" + updatedById + "} "; + str += "module={" + module + "} "; + str += "url={" + url + "} "; + str += "}"; + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java new file mode 100644 index 0000000..747f2ea --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXModuleDefList.java @@ -0,0 +1,62 @@ +package org.apache.ranger.view; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.view.VList; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) + +public class VXModuleDefList extends VList { + + private static final long serialVersionUID = 1L; + + List<VXModuleDef> vXModuleDef = new ArrayList<VXModuleDef>(); + + public VXModuleDefList() { + super(); + } + + public VXModuleDefList(List<VXModuleDef> objList) { + super(objList); + this.vXModuleDef = objList; + } + + /** + * @return the vXModuleDef + */ + public List<VXModuleDef> getvXModuleDef() { + return vXModuleDef; + } + + /** + * @param vXModuleDef the vXModuleDef to set + */ + public void setvXModuleDef(List<VXModuleDef> vXModuleDef) { + this.vXModuleDef = vXModuleDef; + } + + @Override + public int getListSize() { + if (vXModuleDef != null) { + return vXModuleDef.size(); + } + return 0; + } + + @Override + public List<VXModuleDef> getList() { + return vXModuleDef; + } + +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java index a0c9ec8..b08d518 100644 --- a/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java +++ b/security-admin/src/main/java/org/apache/ranger/view/VXPortalUser.java @@ -20,6 +20,7 @@ package org.apache.ranger.view; import java.util.Collection; +import java.util.List; import javax.xml.bind.annotation.XmlRootElement; @@ -79,6 +80,9 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable { * List of roles for this user */ protected Collection<String> userRoleList; + protected Collection<Long> groupIdList; + protected List<VXUserPermission> userPermList; + protected List<VXGroupPermission> groupPermissions; /** * Default constructor. This will set all the attributes to default value. @@ -263,6 +267,31 @@ public class VXPortalUser extends VXDataObject implements java.io.Serializable { return AppConstants.CLASS_TYPE_USER_PROFILE; } + public Collection<Long> getGroupIdList() { + return groupIdList; + } + + public void setGroupIdList(Collection<Long> groupIdList) { + this.groupIdList = groupIdList; + } + + + public List<VXUserPermission> getUserPermList() { + return userPermList; + } + + public void setUserPermList(List<VXUserPermission> userPermList) { + this.userPermList = userPermList; + } + + public List<VXGroupPermission> getGroupPermissions() { + return groupPermissions; + } + + public void setGroupPermissions(List<VXGroupPermission> groupPermissions) { + this.groupPermissions = groupPermissions; + } + /** * This return the bean content in string format * @return formatedStr http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java new file mode 100644 index 0000000..591f516 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermission.java @@ -0,0 +1,147 @@ +package org.apache.ranger.view; + +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.AppConstants; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonIgnoreProperties; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@JsonIgnoreProperties(ignoreUnknown = true) +@XmlRootElement +public class VXUserPermission extends VXDataObject implements + java.io.Serializable { + + private static final long serialVersionUID = 1L; + + protected Long id; + protected Long userId; + protected Long moduleId; + protected Integer isAllowed; + protected String userName; + protected String moduleName; + protected String loginId; + + + + public VXUserPermission() { + // TODO Auto-generated constructor stub + } + + + /** + * @return the id + */ + public Long getId() { + return id; + } + + /** + * @param id + * the id to set + */ + public void setId(Long id) { + this.id = id; + } + + /** + * @return the userId + */ + public Long getUserId() { + return userId; + } + + /** + * @param userId + * the userId to set + */ + public void setUserId(Long userId) { + this.userId = userId; + } + + /** + * @return the moduleId + */ + public Long getModuleId() { + return moduleId; + } + + /** + * @param moduleId + * the moduleId to set + */ + public void setModuleId(Long moduleId) { + this.moduleId = moduleId; + } + + /** + * @return the isAllowed + */ + public Integer getIsAllowed() { + return isAllowed; + } + + /** + * @param isAllowed + * the isAllowed to set + */ + public void setIsAllowed(Integer isAllowed) { + this.isAllowed = isAllowed; + } + + /** + * @return the userName + */ + public String getUserName() { + return userName; + } + + /** + * @param userName the userName to set + */ + public void setUserName(String userName) { + this.userName = userName; + } + + public String getModuleName() { + return moduleName; + } + + public void setModuleName(String moduleName) { + this.moduleName = moduleName; + } + + public String getLoginId() { + return loginId; + } + + + public void setLoginId(String loginId) { + this.loginId = loginId; + } + + + @Override + public int getMyClassType() { + return AppConstants.CLASS_TYPE_RANGER_USER_PERMISSION; + } + + @Override + public String toString() { + + String str = "VXUserPermission={"; + str += super.toString(); + str += "id={" + id + "} "; + str += "userId={" + userId + "} "; + str += "moduleId={" + moduleId + "} "; + str += "isAllowed={" + isAllowed + "} "; + str += "moduleName={" + moduleName + "} "; + str += "loginId={" + loginId + "} "; + str += "}"; + + return str; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java new file mode 100644 index 0000000..075ce00 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/view/VXUserPermissionList.java @@ -0,0 +1,61 @@ +package org.apache.ranger.view; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.apache.ranger.common.view.VList; +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) + +public class VXUserPermissionList extends VList { + + private static final long serialVersionUID = 1L; + + List<VXUserPermission> vXUserPermission = new ArrayList<VXUserPermission>(); + + public VXUserPermissionList() { + super(); + } + + public VXUserPermissionList(List<VXUserPermission> objList) { + super(objList); + this.vXUserPermission = objList; + } + + /** + * @return the vXModuleDef + */ + public List<VXUserPermission> getvXModuleDef() { + return vXUserPermission; + } + + /** + * @param vXModuleDef the vXModuleDef to set + */ + public void setvXModuleDef(List<VXUserPermission> vXModuleDef) { + this.vXUserPermission = vXModuleDef; + } + + @Override + public int getListSize() { + if (vXUserPermission != null) { + return vXUserPermission.size(); + } + return 0; + } + + @Override + public List<VXUserPermission> getList() { + return vXUserPermission; + } +} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index b806dff..b94ef13 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -377,4 +377,99 @@ <query>select MAX(obj.objectId) from XXTrxLog obj where obj.objectClassType = :classType</query> </named-query> + <!-- XXUserPermission --> + <named-query name="XXUserPermission.findByUserPermissionId"> + <query>SELECT obj FROM XXUserPermission obj + WHERE obj.userId=:userId + </query> + </named-query> + <named-query name="XXUserPermission.findByUserPermissionIdAndIsAllowed"> + <query>SELECT obj FROM XXUserPermission obj + WHERE obj.userId=:userId AND Obj.isAllowed=:isAllowed + </query> + </named-query> + + <named-query name="XXUserPermission.findByModuleId"> + <query>SELECT obj FROM XXUserPermission obj + WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed + </query> + </named-query> + <named-query name="XXUserPermissionUpdates.findByModuleId"> + <query>SELECT obj FROM XXUserPermission obj + WHERE obj.moduleId=:moduleId + </query> + </named-query> + + <!-- XXUserPermission --> + <named-query name="XXGroupPermission.findByGroupPermissionId"> + <query>SELECT obj FROM XXGroupPermission obj + WHERE obj.groupId=:groupId + </query> + </named-query> + + <named-query name="XXGroupPermission.findByModuleId"> + <query>SELECT obj FROM XXGroupPermission obj + WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed + </query> + </named-query> + <named-query name="XXGroupPermissionUpdates.findByModuleId"> + <query>SELECT obj FROM XXGroupPermission obj + WHERE obj.moduleId=:moduleId AND Obj.isAllowed=:isAllowed + </query> + </named-query> + <named-query name="XXGroupPermissionUpdate.findByModuleId"> + <query>SELECT obj FROM XXGroupPermission obj + WHERE obj.moduleId=:moduleId + </query> + </named-query> + + <named-query name="XXUserPermission.findByModuleIdAndUserId"> + <query>SELECT XXUserPermObj + FROM XXUserPermission XXUserPermObj + WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId + </query> + </named-query> + <named-query name="XXModuleDef.findModuleNamesWithIds"> + <query>SELECT XXMObj + FROM XXModuleDef XXMObj + </query> +</named-query> +<named-query name="XXPortalUser.findByUserName"> + <query>SELECT Obj FROM XXPortalUser obj + WHERE obj.loginId=:loginId + </query> + </named-query> + + <named-query name="XXPortalUser.findByXUserId"> + <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser,XXUser xxUser + WHERE xxUser.id=:id and xxPortalUser.loginId=xxUser.name + </query> + </named-query> + + <named-query name="XXPortalUser.findAllXPortalUser"> + <query>SELECT xxPortalUser FROM XXPortalUser xxPortalUser + </query> +</named-query> + <!-- VXModuleDef --> + <named-query name="XXModuleDef.findByModuleId"> + <query>SELECT obj FROM XXModuleDef obj + WHERE obj.id=:id + </query> + </named-query> + + <named-query name="XXModuleDef.findByModuleName"> + <query>SELECT Obj FROM XXModuleDef obj + WHERE obj.module=:moduleName + </query> + </named-query> + + <named-query name="XXGroupPermission.findByVXPoratUserId"> + <query>SELECT distinct gmp FROM XXGroupUser xgu,XXUser xu,XXGroupPermission gmp, XXPortalUser xpu + WHERE xu.name=xpu.loginId and xu.id=xgu.userId and xgu.parentGroupId=gmp.groupId and xpu.id=:userId and gmp.isAllowed=:isAllowed + </query> +</named-query> + + + + </entity-mappings> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js new file mode 100644 index 0000000..597e589 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collection_bases/UserPermissionListBase.js @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseCollection = require('collections/XABaseCollection'); + var XAGlobals = require('utils/XAGlobals'); + var UserPermission = require('models/UserPermission'); + + var UserPermissionListBase = XABaseCollection.extend( + /** @lends UserPermissionListBase.prototype */ + { + url: XAGlobals.baseURL + 'permissions', + + model : UserPermission, + + /** + * UserPermissionListBase initialize method + * @augments XABaseCollection + * @constructs + */ + initialize : function() { + this.modelName = 'UserPermission'; + this.modelAttrName = 'UserPermissions'; + this.bindErrorEvents(); + }, + /** + * override the parseRecords of PageableCollection for our use + */ + parseRecords : function(resp, options){ + return resp; + } + },{ + // static class members + /** + * Table Cols to be passed to Backgrid + * UI has to use this as base and extend this. + * + */ + + tableCols : {} + + }); + + return UserPermissionListBase; +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js new file mode 100644 index 0000000..3ebee8f --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collection_bases/VXModuleDefListBase.js @@ -0,0 +1,64 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseCollection = require('collections/XABaseCollection'); + var XAGlobals = require('utils/XAGlobals'); + var VXModuleDef = require('models/VXModuleDef'); + + var VXModuleDefListBase = XABaseCollection.extend( + /** @lends VXModuleDefListBase.prototype */ + { + url: XAGlobals.baseURL + 'xusers/permission', + + model : VXModuleDef, + + /** + * VXModuleDefListBase initialize method + * @augments XABaseCollection + * @constructs + */ + initialize : function() { + this.modelName = 'VXModuleDef'; + this.modelAttrName = 'vXModuleDef'; + this.bindErrorEvents(); + }, + /** + * override the parseRecords of PageableCollection for our use + */ + /*parseRecords : function(resp, options){ + return resp; + }*/ + },{ + // static class members + /** + * Table Cols to be passed to Backgrid + * UI has to use this as base and extend this. + * + */ + + tableCols : {} + + }); + + return VXModuleDefListBase; +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js new file mode 100644 index 0000000..3218fe4 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collections/UserPermissionList.js @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var UserPermissionListBase = require('collection_bases/UserPermissionListBase'); + + var UserPermissionList = UserPermissionListBase.extend( + /** @lends UserPermissionList.prototype */ + { + },{ + // static class members + }); + + return UserPermissionList; +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js new file mode 100644 index 0000000..83225f6 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/collections/VXModuleDefList.js @@ -0,0 +1,34 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var VXModuleDefListBase = require('collection_bases/VXModuleDefListBase'); + + var VXModuleDefList = VXModuleDefListBase.extend( + /** @lends VXModuleDefList.prototype */ + { + },{ + // static class members + }); + + return VXModuleDefList; +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/controllers/Controller.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js index 34a0a94..e3a129e 100644 --- a/security-admin/src/main/webapp/scripts/controllers/Controller.js +++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js @@ -340,11 +340,67 @@ define(function(require) { })); }); }, + /************PERMISSIONS LISTING *****************************************/ + modulePermissionsAction :function(){ + MAppState.set({ 'currentTab' : XAGlobals.AppTabs.Permissions.value }); + var view = require('views/permissions/ModulePermsTableLayout'); + var ModulePermission = require('models/VXModuleDef'); + var ModulePermissionList = require('collections/VXModuleDefList'); + + var modulePermission = new ModulePermission(); + var modulePermissionList = new ModulePermissionList(); + + modulePermissionList.fetch({ + cache : false, + }); + App.rContent.show(new view({ + collection : modulePermissionList + })); + + }, + modulePermissionEditAction : function(moduleId){ + MAppState.set({ + 'currentTab' : XAGlobals.AppTabs.Permissions.value + }); + var view = require('views/permissions/ModulePermissionCreate'); + var ModulePermission = require('models/VXModuleDef'); + var ModulePermissionList = require('collections/VXModuleDefList'); + var modulePermission = new ModulePermission({id : moduleId}); + var that = this + modulePermission.collection = new ModulePermissionList(); + modulePermission.fetch({cache : true}).done(function(){ + App.rContent.show(new view({ + model : modulePermission, + groupList : that.groupList, + userList : that.userList + })); + }); + }, + postLoginDefaultView : function(){ + var SessionMgr = require('mgrs/SessionMgr'); + var XAGlobals = require('utils/XAGlobals'); + var XALinks = require('modules/XALinks'); + var vXPortalUser = SessionMgr.getUserProfile(); + var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName'); + if (_.contains(userModuleNames, 'Policy Manager')){ + location.hash = XALinks.get('ServiceManager').href; + }else if(_.contains(userModuleNames, 'Users/Groups')){ + location.hash = XALinks.get('Users').href; + }else if(_.contains(userModuleNames, 'Analytics')){ + location.hash = XALinks.get('UserAccessReport').href; + }else if(_.contains(userModuleNames, 'Audit')){ + location.hash = XALinks.get('AuditReport').href +'/bigData'; + }else if(SessionMgr.isSystemAdmin()){ + location.hash = XALinks.get('ModulePermissions').href; + }else{ + //If a user doesnot has access to any tab - taking user to by default Profile page. + location.hash = XALinks.get('UserProfile').href; + } + }, /**************** ERROR PAGE ******************************/ pageNotFoundAction : function() { var XAUtils = require('utils/XAUtils'); XAUtils.defaultErrorHandler(undefined, { 'status' : 404 }); }, - }); }); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js new file mode 100644 index 0000000..3751362 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/model_bases/UserPermissionBase.js @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseModel = require('models/XABaseModel'); + var XAGlobals = require('utils/XAGlobals'); + + var UserPermissionBase = XABaseModel.extend( + /** @lends UserPermissionBase.prototype */ + { + urlRoot: XAGlobals.baseURL + 'permissions', + + defaults: {}, + + serverSchema : { + "id" : { + "dataType" : "Long" + } + }, + + + idAttribute: 'id', + + /** + * UserPermissionBase initialize method + * @augments XABaseModel + * @constructs + */ + initialize: function() { + this.modelName = 'UserPermission'; + //this.bind("error", XAUtils.defaultErrorHandler); + this.bindErrorEvents(); + }, + }, { + // static class members + }); + + return UserPermissionBase; + +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js new file mode 100644 index 0000000..aed67af --- /dev/null +++ b/security-admin/src/main/webapp/scripts/model_bases/VXModuleDefBase.js @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var XABaseModel = require('models/XABaseModel'); + var XAGlobals = require('utils/XAGlobals'); + + var VXModuleDefBase = XABaseModel.extend( + /** @lends VXModuleDefBase.prototype */ + { + urlRoot: XAGlobals.baseURL + 'xusers/permission', + + defaults: {}, + + serverSchema : { + "id" : { + "dataType" : "Long" + } + }, + + + idAttribute: 'id', + + /** + * VXModuleDefBase initialize method + * @augments XABaseModel + * @constructs + */ + initialize: function() { + this.modelName = 'VXModuleDefBase'; + //this.bind("error", XAUtils.defaultErrorHandler); + this.bindErrorEvents(); + }, + }, { + // static class members + }); + + return VXModuleDefBase; + +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/UserPermission.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/UserPermission.js b/security-admin/src/main/webapp/scripts/models/UserPermission.js new file mode 100644 index 0000000..505abe7 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/models/UserPermission.js @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var UserPermissionBase = require('model_bases/UserPermissionBase'); + var XAUtils = require('utils/XAUtils'); + var XAEnums = require('utils/XAEnums'); + var localization= require('utils/XALangSupport'); + + var UserPermission = UserPermissionBase.extend( + /** @lends UserPermissionBase.prototype */ + { + /** + * UserPermissionBase initialize method + * @augments UserPermissionBase + * @constructs + */ + initialize: function() { + this.modelName = 'UserPermission'; + this.bindErrorEvents(); + }, + /** + * @function schema + * This method is meant to be used by UI, + * by default we will remove the unrequired attributes from serverSchema + */ + + schemaBase : function(){ + var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version", + "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem"); + + _.each(attrs, function(o){ + o.type = 'Hidden'; + }); + + // Overwrite your schema definition here + return _.extend(attrs,{}); + }, + + /** This models toString() */ + toString : function(){ + return this.get('name'); + } + + }, { + // static class members + }); + + return UserPermission; + +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/VXModuleDef.js b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js new file mode 100644 index 0000000..1a5edc8 --- /dev/null +++ b/security-admin/src/main/webapp/scripts/models/VXModuleDef.js @@ -0,0 +1,70 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + + +define(function(require){ + 'use strict'; + + var VXModuleDefBase = require('model_bases/VXModuleDefBase'); + var XAUtils = require('utils/XAUtils'); + var XAEnums = require('utils/XAEnums'); + var localization= require('utils/XALangSupport'); + + var VXModuleDef = VXModuleDefBase.extend( + /** @lends VXModuleDefBase.prototype */ + { + /** + * VXModuleDefBase initialize method + * @augments VXModuleDefBase + * @constructs + */ + initialize: function() { + this.modelName = 'VXModuleDef'; + this.bindErrorEvents(); + }, + /** + * @function schema + * This method is meant to be used by UI, + * by default we will remove the unrequired attributes from serverSchema + */ + + schemaBase : function(){ + var attrs = _.omit(this.serverSchema, 'id', 'createDate', 'updateDate', "version", + "createDate", "updateDate", "permList", "status", "updatedBy", "isSystem"); + + _.each(attrs, function(o){ + o.type = 'Hidden'; + }); + + // Overwrite your schema definition here + return _.extend(attrs,{}); + }, + + /** This models toString() */ + toString : function(){ + return this.get('name'); + } + + }, { + // static class members + }); + + return VXModuleDef; + +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/XALinks.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/XALinks.js b/security-admin/src/main/webapp/scripts/modules/XALinks.js index 00267b3..1c8ec93 100644 --- a/security-admin/src/main/webapp/scripts/modules/XALinks.js +++ b/security-admin/src/main/webapp/scripts/modules/XALinks.js @@ -267,7 +267,23 @@ define(function(require) { text : options.model.get('name') +' Policies', title: options.model.get('name') +' Policies' }; - } + }, + ModulePermissions :{ + href : '#!/permissions', + text : 'h.permissions', + title: 'h.permissions' + }, + ModulePermissionEdit : function(options){ + var href = "javascript:void(0);"; + if(_.has(options,'model')){ + href = '#!/permissions/'+options.model.id+"/edit"; + } + return { + href : href, + text : options.model.get('module'), + title: options.model.get('module') + }; + }, }; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index 843d70c..fa475b3 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -204,6 +204,7 @@ define(function(require) { groupSource : 'Group Source', policyName : 'Policy Name', allow : 'Allow', + allowAccess : 'Allow Access', selectTopologyName : 'Select Topology Name', selectServiceName : 'Select Service Name', topologyName : 'Topology Name', @@ -212,7 +213,8 @@ define(function(require) { ipAddress : 'IP Address', isVisible : 'Visible', delegatedAdmin : 'Delegate Admin', - policyId : 'Policy ID' + policyId : 'Policy ID', + moduleName : 'Module Name' }, btn : { add : 'Add', @@ -267,10 +269,12 @@ define(function(require) { searchForYourLoginSession :"Search for your login sessions...", searchForYourAgent :"Search for your plugins...", searchForPolicy :"Search for your policy...", + searchForPermissions :"Search for permissions...", searchForYourUser :"Search for your users...", searchForYourGroup :"Search for your groups...", access : 'Access', - policyCondition : 'Policy Condtions' + policyCondition : 'Policy Condtions', + permissions : 'Permissions' }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js index 752a7fc..530babf 100644 --- a/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js +++ b/security-admin/src/main/webapp/scripts/prelogin/XAPrelogin.js @@ -74,7 +74,7 @@ function doLogin() { if(location.hash.length > 2) window.location.replace('index.html'+location.hash); else - window.location.replace('index.html'+'#!/policymanager'); + window.location.replace('index.html'); }, error : function(jqXHR, textStatus, err ) { $('#signIn').removeAttr('disabled'); @@ -124,4 +124,4 @@ $(function() { $(e.target).parent().removeClass('error'); } }); -}); \ No newline at end of file +}); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/routers/Router.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/routers/Router.js b/security-admin/src/main/webapp/scripts/routers/Router.js index d4b047c..61377ee 100644 --- a/security-admin/src/main/webapp/scripts/routers/Router.js +++ b/security-admin/src/main/webapp/scripts/routers/Router.js @@ -30,7 +30,7 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){ return Backbone.Marionette.AppRouter.extend({ /** Backbone routes hash */ appRoutes: { - "" : "serviceManagerAction",//"dashboardAction", + "" : "postLoginDefaultView",//"dashboardAction", "!/policymanager" : "serviceManagerAction", /****** Analytics Report related **********************/ @@ -57,7 +57,10 @@ function(Backbone, Marionette, localization, MAppState, XAUtil){ "!/service/:serviceId/policies" : "policyManageAction", "!/service/:serviceId/policies/create" : "RangerPolicyCreateAction", "!/service/:serviceId/policies/:id/edit": "RangerPolicyEditAction", - + + /************PERMISSIONS VIEWS *****************************************/ + "!/permissions": "modulePermissionsAction", + "!/permissions/:id/edit" : "modulePermissionEditAction", /*************** ERROR PAGE ****************************************/ "*actions" : "pageNotFoundAction" http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js index a3dbe9b..6805ffd 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAGlobals.js +++ b/security-admin/src/main/webapp/scripts/utils/XAGlobals.js @@ -51,7 +51,8 @@ define(function(require){ Assets : { value:6, valStr: 'Assets'}, Analytics : { value:7, valStr: 'Analytics'}, Audit : { value:8, valStr: 'Analytics'}, - None : { value:9, valStr: 'None'} + Permissions : { value:9, valStr:'Permissions'}, + None : { value:10, valStr: 'None'} }; XAGlobals.BooleanValue = { @@ -65,5 +66,11 @@ define(function(require){ XAGlobals.DenyControllerActions = ['userManagerAction','userCreateAction','userEditAction','groupCreateAction', 'groupEditAction','auditReportAction','loginSessionDetail','serviceCreateAction','serviceEditAction']; + XAGlobals.ListOfModuleActions = { + 'Policy Manager':['serviceManagerAction','serviceCreateAction','serviceEditAction', 'policyManageAction','RangerPolicyCreateAction','RangerPolicyEditAction'], + 'Users/Groups' : ['userManagerAction','userCreateAction','userEditAction','groupCreateAction','groupEditAction'], + 'Analytics' : ['userAccessReportAction'], + 'Audit' : ['auditReportAction','loginSessionDetail'] + }; return XAGlobals; }); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a263431a/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index 1bcb4b3..9b184e5 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -409,7 +409,39 @@ define(function(require) { return newGroupArr.length ? newGroupArr.join(' ') : '--'; }; - + + XAUtils.showGroupsOrUsers = function(rawValue, model, userOrGroups){ + var showMoreLess = false, objArr = []; + if(!_.isArray(rawValue) && rawValue.length == 0) + return '--'; + if(userOrGroups == 'groups'){ + _.each(rawValue,function(perm){ + objArr = _.union(objArr, perm.groupName) + }); + }else if(userOrGroups == 'users'){ + _.each(rawValue,function(perm){ + objArr = _.union(objArr, perm.userName) + }); + } + + var newObjArr = _.map(objArr, function(name, i){ + if(i >= 4){ + return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;">' + name + '</span>'; + }else if(i == 3 && objArr.length > 4){ + showMoreLess = true; + return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>'; + }else{ + return '<span class="label label-info" policy-'+userOrGroups+'-id="'+model.id+'">' + name + '</span>'; + } + }); + if(showMoreLess){ + newObjArr.push('<span class="pull-left"><a href="javascript:void(0);" data-id="showMore" class="" policy-'+userOrGroups+'-id="'+model.id+'"><code style=""> + More..</code></a></span><span class="pull-left" ><a href="javascript:void(0);" data-id="showLess" class="" policy-'+userOrGroups+'-id="'+model.id+'" style="display:none;"><code> - Less..</code></a></span>'); + } + return newObjArr.length ? newObjArr.join(' ') : '--'; + + }; + + XAUtils.defaultErrorHandler = function(model, error) { var App = require('App'); var vError = require('views/common/ErrorView'); @@ -795,14 +827,28 @@ define(function(require) { var SessionMgr = require('mgrs/SessionMgr'); var XAGlobals = require('utils/XAGlobals'); var that = this; - if(!SessionMgr.isSystemAdmin()){ - _.each(XAGlobals.DenyControllerActions, function(routeMethodName) { - if(!_.isUndefined(controller[routeMethodName])){ - controller[routeMethodName] = function(){ - that.defaultErrorHandler(undefined, {'status':401}); - }; - } + var vXPortalUser = SessionMgr.getUserProfile(); + var denyControllerActions= []; + var userModuleNames = _.pluck(vXPortalUser.get('userPermList'),'moduleName'); + var groupModuleNames = _.pluck(vXPortalUser.get('groupPermissions'), 'moduleName'); + var moduleNames = _.union(userModuleNames,groupModuleNames); + var denyModulesObj = _.omit(XAGlobals.ListOfModuleActions, moduleNames); + if(!_.isEmpty(denyModulesObj)){ + _.each(denyModulesObj, function(deniedModule){ + denyControllerActions.push(_.values(deniedModule)); }); + denyControllerActions = _.flatten(denyControllerActions); + } + + if(!_.isEmpty(denyControllerActions)){ + _.each(denyControllerActions, function(routeMethodName) { + if(!_.isUndefined(controller[routeMethodName])){ + controller[routeMethodName] = function(){ + that.defaultErrorHandler(undefined, {'status':401}); + }; + } + }); + } return controller; };
