Repository: incubator-ranger Updated Branches: refs/heads/master 7dea10875 -> cafe86970
RANGER-429 : Add new role (KEY_ADMIN) for KMS permissions in Ranger Admin Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/cafe8697 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/cafe8697 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/cafe8697 Branch: refs/heads/master Commit: cafe869708244c3334259f5c297e32e8a772204d Parents: 7dea108 Author: Gautam Borad <[email protected]> Authored: Mon Apr 27 22:18:35 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Mon Apr 27 16:07:39 2015 -0400 ---------------------------------------------------------------------- .../db/mysql/patches/014-createkeyadmin.sql | 47 +++++++++++++ .../db/oracle/patches/014-createkeyadmin.sql | 73 ++++++++++++++++++++ .../db/postgres/xa_core_db_postgres.sql | 4 ++ .../db/sqlserver/xa_core_db_sqlserver.sql | 6 ++ .../java/org/apache/ranger/biz/UserMgr.java | 1 + .../java/org/apache/ranger/biz/XUserMgr.java | 36 +++++++++- .../apache/ranger/common/RangerConstants.java | 2 +- .../java/org/apache/ranger/rest/XUserREST.java | 9 ++- .../org/apache/ranger/service/XUserService.java | 4 ++ .../src/main/resources/xa_default.properties | 2 +- .../scripts/collection_bases/VXUserListBase.js | 12 ++++ .../src/main/webapp/scripts/mgrs/SessionMgr.js | 4 +- .../src/main/webapp/scripts/models/VXUser.js | 13 ++++ .../scripts/modules/globalize/message/en.js | 3 +- .../src/main/webapp/scripts/utils/XAEnums.js | 3 +- .../views/reports/OperationDiffDetail.js | 4 ++ .../scripts/views/user/UserProfileForm.js | 4 ++ .../main/webapp/scripts/views/users/UserForm.js | 4 ++ .../scripts/views/users/UserTableLayout.js | 63 ++++++++++++++++- .../templates/users/UserTableLayout_tmpl.html | 12 +++- 20 files changed, 294 insertions(+), 12 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/db/mysql/patches/014-createkeyadmin.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/mysql/patches/014-createkeyadmin.sql b/security-admin/db/mysql/patches/014-createkeyadmin.sql new file mode 100644 index 0000000..99a3036 --- /dev/null +++ b/security-admin/db/mysql/patches/014-createkeyadmin.sql @@ -0,0 +1,47 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +drop procedure if exists create_key_admin; + +delimiter ;; +create procedure create_key_admin() begin +DECLARE loginID varchar(1024); + /* check tables exist or not */ + if exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_portal_user') then + if exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_portal_user_role') then + if exists (select * from information_schema.columns where table_schema=database() and table_name = 'x_user') then + /* check record for login id keyadmin exist or not */ + if not exists (select * from x_user where user_name = 'admin') then + INSERT INTO x_user(create_time,update_time,added_by_id,upd_by_id,user_name,descr,status) values (UTC_TIMESTAMP(), UTC_TIMESTAMP(),NULL,NULL,'admin','Administrator',0); + end if; + if not exists (select * from x_portal_user where login_id = 'keyadmin') then + INSERT INTO x_portal_user(create_time,update_time,added_by_id,upd_by_id,first_name,last_name,pub_scr_name,login_id,password,email,status,user_src,notes) VALUES (UTC_TIMESTAMP(),UTC_TIMESTAMP(),NULL,NULL,'keyadmin','','keyadmin','keyadmin','a05f34d2dce2b4688fa82e82a89ba958','keyadmin',1,0,NULL); + end if; + set loginID = (select id from x_portal_user where login_id = 'keyadmin'); + if not exists (select * from x_portal_user_role where user_id =loginID ) then + INSERT INTO x_portal_user_role(create_time,update_time,added_by_id,upd_by_id,user_id,user_role,status) VALUES (UTC_TIMESTAMP(),UTC_TIMESTAMP(),NULL,NULL,loginID,'ROLE_KEY_ADMIN',1); + end if; + if not exists (select * from x_user where user_name = 'keyadmin') then + INSERT INTO x_user(create_time,update_time,added_by_id,upd_by_id,user_name,descr,status) values (UTC_TIMESTAMP(), UTC_TIMESTAMP(),NULL,NULL,'keyadmin','keyadmin',0); + end if; + end if; + end if; + end if; +end;; + +delimiter ; +call create_key_admin(); + +drop procedure if exists create_key_admin; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/db/oracle/patches/014-createkeyadmin.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/oracle/patches/014-createkeyadmin.sql b/security-admin/db/oracle/patches/014-createkeyadmin.sql new file mode 100644 index 0000000..92d4b21 --- /dev/null +++ b/security-admin/db/oracle/patches/014-createkeyadmin.sql @@ -0,0 +1,73 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +DECLARE + t_count number:=0; + v_count number:=0; + loginID number:=0; + sql_stmt VARCHAR2(1000); + first_name VARCHAR2(20):='rangerusersync'; + scr_name VARCHAR2(20):='rangerusersync'; + login_name VARCHAR2(20):='rangerusersync'; + password VARCHAR2(50):='70b8374d3dfe0325aaa5002a688c7e3b'; + user_role VARCHAR2(20):='ROLE_SYS_ADMIN'; + email VARCHAR2(20):='rangerusersync'; +BEGIN + select count(*) into t_count from user_tables where table_name IN('X_PORTAL_USER','X_PORTAL_USER_ROLE','X_USER'); + if (t_count = 3) then + select count(*) into v_count from x_portal_user where login_id = login_name; + if (v_count = 0) then + sql_stmt := 'INSERT INTO x_portal_user(ID,CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS,USER_SRC) VALUES (X_PORTAL_USER_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,NULL,:2,:3,:4,:5,1,0)'; + EXECUTE IMMEDIATE sql_stmt USING first_name,scr_name,login_name,password,email; + commit; + end if; + select id into loginID from x_portal_user where login_id = login_name; + if (loginID > 0) then + sql_stmt := 'INSERT INTO x_portal_user_role(id,create_time,update_time,user_id,user_role,status) VALUES (X_PORTAL_USER_ROLE_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,:2,1)'; + EXECUTE IMMEDIATE sql_stmt USING loginID,user_role; + commit; + end if; + select count(*) into v_count from x_user where user_name = login_name; + if (v_count = 0) then + sql_stmt := 'INSERT INTO x_user(id,create_time,update_time,user_name,descr,status) values (X_USER_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,:2,0)'; + EXECUTE IMMEDIATE sql_stmt USING login_name,login_name; + commit; + end if; + first_name :='keyadmin'; + scr_name :='keyadmin'; + login_name :='keyadmin'; + password :='a05f34d2dce2b4688fa82e82a89ba958'; + user_role :='ROLE_KEY_ADMIN'; + email :='keyadmin'; + select count(*) into v_count from x_portal_user where login_id = login_name; + if (v_count = 0) then + sql_stmt := 'INSERT INTO x_portal_user(ID,CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS,USER_SRC) VALUES (X_PORTAL_USER_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,NULL,:2,:3,:4,:5,1,0)'; + EXECUTE IMMEDIATE sql_stmt USING first_name,scr_name,login_name,password,email; + commit; + end if; + select id into loginID from x_portal_user where login_id = login_name; + if (loginID > 0) then + sql_stmt := 'INSERT INTO x_portal_user_role(id,create_time,update_time,user_id,user_role,status) VALUES (X_PORTAL_USER_ROLE_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,:2,1)'; + EXECUTE IMMEDIATE sql_stmt USING loginID,user_role; + commit; + end if; + select count(*) into v_count from x_user where user_name = login_name; + if (v_count = 0) then + sql_stmt := 'INSERT INTO x_user(id,create_time,update_time,user_name,descr,status) values (X_USER_SEQ.nextval,sys_extract_utc(systimestamp),sys_extract_utc(systimestamp),:1,:2,0)'; + EXECUTE IMMEDIATE sql_stmt USING login_name,login_name; + commit; + end if; + end if; +end;/ \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/db/postgres/xa_core_db_postgres.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/postgres/xa_core_db_postgres.sql b/security-admin/db/postgres/xa_core_db_postgres.sql index 574b4ec..10f614b 100644 --- a/security-admin/db/postgres/xa_core_db_postgres.sql +++ b/security-admin/db/postgres/xa_core_db_postgres.sql @@ -971,4 +971,8 @@ COMMIT; INSERT INTO x_portal_user(CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS)VALUES(current_timestamp,current_timestamp,'rangerusersync','','rangerusersync','rangerusersync','70b8374d3dfe0325aaa5002a688c7e3b','rangerusersync',1); INSERT INTO x_portal_user_role(CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS)VALUES(current_timestamp,current_timestamp,2,'ROLE_SYS_ADMIN',1); INSERT INTO x_user(CREATE_TIME,UPDATE_TIME,user_name,status,descr)VALUES(current_timestamp,current_timestamp,'rangerusersync',0,'rangerusersync'); +COMMIT; +INSERT INTO x_portal_user(CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS)VALUES(current_timestamp,current_timestamp,'keyadmin','','keyadmin','keyadmin','a05f34d2dce2b4688fa82e82a89ba958','keyadmin',1); +INSERT INTO x_portal_user_role(CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS)VALUES(current_timestamp,current_timestamp,3,'ROLE_KEY_ADMIN',1); +INSERT INTO x_user(CREATE_TIME,UPDATE_TIME,user_name,status,descr)VALUES(current_timestamp,current_timestamp,'keyadmin',0,'keyadmin'); COMMIT; \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/db/sqlserver/xa_core_db_sqlserver.sql ---------------------------------------------------------------------- diff --git a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql index 207b137..11c315d 100644 --- a/security-admin/db/sqlserver/xa_core_db_sqlserver.sql +++ b/security-admin/db/sqlserver/xa_core_db_sqlserver.sql @@ -2754,4 +2754,10 @@ GO insert into x_portal_user_role (CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,2,'ROLE_SYS_ADMIN',1); GO insert into x_user (CREATE_TIME,UPDATE_TIME,user_name,status,descr) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'rangerusersync',0,'rangerusersync'); +GO +insert into x_portal_user (CREATE_TIME,UPDATE_TIME,FIRST_NAME,LAST_NAME,PUB_SCR_NAME,LOGIN_ID,PASSWORD,EMAIL,STATUS) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'keyadmin','','keyadmin','keyadmin','a05f34d2dce2b4688fa82e82a89ba958','keyadmin',1); +GO +insert into x_portal_user_role (CREATE_TIME,UPDATE_TIME,USER_ID,USER_ROLE,STATUS) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,3,'ROLE_KEY_ADMIN',1); +GO +insert into x_user (CREATE_TIME,UPDATE_TIME,user_name,status,descr) values (CURRENT_TIMESTAMP,CURRENT_TIMESTAMP,'keyadmin',0,'keyadmin'); exit \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 08afe79..188682c 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -126,6 +126,7 @@ public class UserMgr { DEFAULT_ROLE_LIST.add(RangerConstants.ROLE_USER); VALID_ROLE_LIST.add(RangerConstants.ROLE_SYS_ADMIN); VALID_ROLE_LIST.add(RangerConstants.ROLE_USER); + VALID_ROLE_LIST.add(RangerConstants.ROLE_KEY_ADMIN); } public UserMgr() { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 512c58f..750129f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -285,14 +285,18 @@ public class XUserMgr extends XUserMgrBase { insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); - insertMappingUserPermisson(vXPortalUser.getId(), - moduleNameId.get(RangerConstants.MODULE_KMS), isCreate); + /*insertMappingUserPermisson(vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_KMS), + isCreate);*/ /*insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_PERMISSION), isCreate);*/ insertMappingUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate); + } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) { + insertMappingUserPermisson(vXPortalUser.getId(), + moduleNameId.get(RangerConstants.MODULE_KMS), isCreate); } } @@ -968,4 +972,32 @@ public class XUserMgr extends XUserMgrBase { xGroupPermissionService.deleteResource(id); } + public void modifyUserActiveStatus(HashMap<Long, Integer> statusMap) { + UserSessionBase session = ContextUtil.getCurrentUserSession(); + String currentUser=null; + if(session!=null){ + currentUser=session.getLoginId(); + if(currentUser==null || currentUser.trim().isEmpty()){ + currentUser=null; + } + } + if(currentUser==null){ + return; + } + Set<Map.Entry<Long, Integer>> entries = statusMap.entrySet(); + for (Map.Entry<Long, Integer> entry : entries) { + if(entry!=null && entry.getKey()!=null && entry.getValue()!=null){ + XXUser xUser = daoManager.getXXUser().getById(entry.getKey()); + if(xUser!=null){ + VXPortalUser vXPortalUser = userMgr.getUserProfileByLoginId(xUser.getName()); + if(vXPortalUser!=null){ + if(vXPortalUser.getLoginId()!=null && !vXPortalUser.getLoginId().equalsIgnoreCase(currentUser)){ + vXPortalUser.setStatus(entry.getValue()); + userMgr.updateUser(vXPortalUser); + } + } + } + } + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java index 77b51db..a3a9c7b 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerConstants.java @@ -31,7 +31,7 @@ public class RangerConstants extends RangerCommonEnums { public final static String ROLE_INTEGRATOR = "ROLE_INTEGRATOR"; public final static String ROLE_DATA_ANALYST = "ROLE_DATA_ANALYST"; public final static String ROLE_BIZ_MGR = "ROLE_BIZ_MGR"; - + public final static String ROLE_KEY_ADMIN = "ROLE_KEY_ADMIN"; public final static String ROLE_USER = "ROLE_USER"; public final static String ROLE_ANON = "ROLE_ANON"; public final static String ROLE_OTHER = "ROLE_OTHER"; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index 4c47584..4885c92 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -69,7 +69,6 @@ import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXModuleDefList; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; -import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserGroupInfo; import org.apache.ranger.view.VXUserList; @@ -317,6 +316,7 @@ public class XUserREST { null); searchUtil.extractInt(request, searchCriteria, "userSource", "User Source"); searchUtil.extractInt(request, searchCriteria, "isVisible", "User Visibility"); + searchUtil.extractInt(request, searchCriteria, "status", "User Status"); searchUtil.extractString(request, searchCriteria, "userRoleList", "User Role", null); return xUserMgr.searchXUsers(searchCriteria); @@ -834,4 +834,11 @@ public class XUserREST { request, xGroupPermissionService.sortFields); return xUserMgr.getXGroupPermissionSearchCount(searchCriteria); } + + @PUT + @Path("/secure/users/activestatus") + @Produces({ "application/xml", "application/json" }) + public void modifyUserActiveStatus(HashMap<Long, Integer> statusMap){ + xUserMgr.modifyUserActiveStatus(statusMap); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/java/org/apache/ranger/service/XUserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java index 7f6c8e4..37be6f6 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserService.java @@ -110,6 +110,10 @@ public class XUserService extends XUserServiceBase<XXUser, VXUser> { searchFields.add(new SearchField("isVisible", "obj.isVisible", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL )); + searchFields.add(new SearchField("status", "xXPortalUser.status", + SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL, + "XXPortalUser xXPortalUser", "xXPortalUser.loginId = obj.name ")); + createdByUserId = new Long(PropertiesUtil.getIntProperty( "xa.xuser.createdByUserId", 1)); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/resources/xa_default.properties ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/xa_default.properties b/security-admin/src/main/resources/xa_default.properties index 6686dde..997561a 100644 --- a/security-admin/src/main/resources/xa_default.properties +++ b/security-admin/src/main/resources/xa_default.properties @@ -33,7 +33,7 @@ xa.ajax.auth.failure.page=/ajax_failure.jsp xa.logout.success.page=/login.jsp?action=logged_out #Role list -xa.users.roles.list=ROLE_SYS_ADMIN, ROLE_USER, ROLE_OTHER, ROLE_ANON +xa.users.roles.list=ROLE_SYS_ADMIN, ROLE_USER, ROLE_OTHER, ROLE_ANON, ROLE_KEY_ADMIN #Mail listing xa.mail.enabled=true http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/collection_bases/VXUserListBase.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/collection_bases/VXUserListBase.js b/security-admin/src/main/webapp/scripts/collection_bases/VXUserListBase.js index 3745bc0..c349741 100644 --- a/security-admin/src/main/webapp/scripts/collection_bases/VXUserListBase.js +++ b/security-admin/src/main/webapp/scripts/collection_bases/VXUserListBase.js @@ -82,6 +82,18 @@ define(function(require){ return this.constructor.nonCrudOperation.call(this, url, 'PUT', options); }, + + setStatus : function(postData , options){ + var url = XAGlobals.baseURL + 'xusers/secure/users/activestatus'; + + options = _.extend({ + data : JSON.stringify(postData), + contentType : 'application/json', + dataType : 'json' + }, options); + + return this.constructor.nonCrudOperation.call(this, url, 'PUT', options); + }, },{ /** * Table Cols to be passed to Backgrid http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js b/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js index a75c264..6449c50 100644 --- a/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js +++ b/security-admin/src/main/webapp/scripts/mgrs/SessionMgr.js @@ -128,7 +128,9 @@ define(function(require){ SessionMgr.isSystemAdmin = function(){ return this.userInRole('ROLE_SYS_ADMIN') ? true : false; }; - + SessionMgr.isKeyAdmin = function(){ + return this.userInRole('ROLE_KEY_ADMIN') ? true : false; + }; SessionMgr.isUser = function(){ var roles = this.getRoleInUserSchool(); return $.inArray('ROLE_USER',roles) != -1 ? true : false ; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/models/VXUser.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/VXUser.js b/security-admin/src/main/webapp/scripts/models/VXUser.js index 875b828..8bbdbec 100644 --- a/security-admin/src/main/webapp/scripts/models/VXUser.js +++ b/security-admin/src/main/webapp/scripts/models/VXUser.js @@ -38,6 +38,7 @@ define(function(require){ _.extend(this, selectable); this.bindErrorEvents(); this.toView(); + this.toViewStatus(); }, toView : function(){ @@ -52,6 +53,18 @@ define(function(require){ this.set('isVisible', visible); }, + toViewStatus : function(){ + if(!_.isUndefined(this.get('status'))){ + var status = (this.get('status') == XAEnums.ActiveStatus.STATUS_ENABLED.value); + this.set('status', status); + } + }, + + toServerStatus : function(){ + var status = this.get('status') ? XAEnums.ActiveStatus.STATUS_ENABLED.value : XAEnums.ActiveStatus.STATUS_DISABLED.value; + this.set('status', status); + }, + /** This models toString() */ toString : function(){ return this.get('name'); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index 9eae73c..48cb766 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -231,7 +231,8 @@ define(function(require) { addMore : 'Add More..', stayOnPage : 'Stay on this page', leavePage : 'Leave this page', - setVisibility : 'Set Visibility' + setVisibility : 'Set Visibility', + setStatus : 'Set Status' }, // h1, h2, h3, fieldset, title http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/utils/XAEnums.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAEnums.js b/security-admin/src/main/webapp/scripts/utils/XAEnums.js index 31cc9e9..1e619a0 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAEnums.js +++ b/security-admin/src/main/webapp/scripts/utils/XAEnums.js @@ -49,7 +49,8 @@ define(function(require) { XAEnums.UserRoles = mergeParams(XAEnums.UserRoles, { ROLE_SYS_ADMIN:{value:0, label:'Admin', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'}, - ROLE_USER:{value:1, label:'User', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_DENIED', tt: 'lbl.AccessResult_ACCESS_RESULT_DENIED'} + ROLE_USER:{value:1, label:'User', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_DENIED', tt: 'lbl.AccessResult_ACCESS_RESULT_DENIED'}, + ROLE_KEY_ADMIN:{value:2, label:'KeyAdmin', rbkey:'xa.enum.AccessResult.ACCESS_RESULT_ALLOWED', tt: 'lbl.AccessResult_ACCESS_RESULT_ALLOWED'}, }); XAEnums.UserTypes = mergeParams(XAEnums.UserTypes, { http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js index 48a3715..1b66728 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js +++ b/security-admin/src/main/webapp/scripts/views/reports/OperationDiffDetail.js @@ -353,10 +353,14 @@ define(function(require){ m.set('newValue',XAEnums.UserRoles.ROLE_USER.label) else if(newRole == "ROLE_SYS_ADMIN") m.set('newValue',XAEnums.UserRoles.ROLE_SYS_ADMIN.label) + else if(newRole == "ROLE_KEY_ADMIN") + m.set('newValue',XAEnums.UserRoles.ROLE_KEY_ADMIN.label) if(prevRole == "ROLE_USER") m.set('previousValue',XAEnums.UserRoles.ROLE_USER.label) else if(prevRole == "ROLE_SYS_ADMIN") m.set('previousValue',XAEnums.UserRoles.ROLE_SYS_ADMIN.label) + else if(prevRole == "ROLE_KEY_ADMIN") + m.set('previousValue',XAEnums.UserRoles.ROLE_KEY_ADMIN.label) }else{ if(!m.has('attributeName')) modelArr.push(m); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js b/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js index e2eec02..b363a10 100644 --- a/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js +++ b/security-admin/src/main/webapp/scripts/views/user/UserProfileForm.js @@ -78,6 +78,8 @@ define(function(require){ if(!_.isUndefined(roleList) && roleList.length > 0){ if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_USER.value) this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_USER.value); + else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN.value) + this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN.value); else this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_SYS_ADMIN.value); } @@ -120,6 +122,8 @@ define(function(require){ this.model.set('userRoleList',["ROLE_SYS_ADMIN"]); }else if(this.model.get('userRoleList') == XAEnums.UserRoles.ROLE_USER.value){ this.model.set('userRoleList',["ROLE_USER"]); + }else if(this.model.get('userRoleList') == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){ + this.model.set('userRoleList',["ROLE_KEY_ADMIN"]); } }, /** all post render plugin initialization */ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/views/users/UserForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/users/UserForm.js b/security-admin/src/main/webapp/scripts/views/users/UserForm.js index 086fcb2..c94a20e 100644 --- a/security-admin/src/main/webapp/scripts/views/users/UserForm.js +++ b/security-admin/src/main/webapp/scripts/views/users/UserForm.js @@ -120,6 +120,8 @@ define(function(require){ if(!_.isUndefined(roleList) && roleList.length > 0){ if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_USER.value) this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_USER.value); + else if(XAEnums.UserRoles[roleList[0]].value == XAEnums.UserRoles.ROLE_KEY_ADMIN.value) + this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_KEY_ADMIN.value); else this.fields.userRoleList.setValue(XAEnums.UserRoles.ROLE_SYS_ADMIN.value); } @@ -211,6 +213,8 @@ define(function(require){ //FOR USER ROLE if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_USER.value){ this.model.set('userRoleList',["ROLE_USER"]); + }else if(this.fields.userRoleList.getValue() == XAEnums.UserRoles.ROLE_KEY_ADMIN.value){ + this.model.set('userRoleList',["ROLE_KEY_ADMIN"]); }else{ this.model.set('userRoleList',["ROLE_SYS_ADMIN"]); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js index 87458d5..89a9a36 100644 --- a/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/users/UserTableLayout.js @@ -59,7 +59,9 @@ define(function(require){ btnShowLess : '[data-id="showLess"]', btnSave : '[data-id="save"]', btnShowHide : '[data-action="showHide"]', - visibilityDropdown : '[data-id="visibilityDropdown"]' + visibilityDropdown : '[data-id="visibilityDropdown"]', + activeStatusDropdown : '[data-id="activeStatusDropdown"]', + activeStatusDiv :'[data-id="activeStatusDiv"]' }, /** ui events hash */ @@ -70,7 +72,7 @@ define(function(require){ events['click ' + this.ui.btnShowLess] = 'onShowLess'; events['click ' + this.ui.btnSave] = 'onSave'; events['click ' + this.ui.visibilityDropdown +' li a'] = 'onVisibilityChange'; - + events['click ' + this.ui.activeStatusDropdown +' li a'] = 'onStatusChange'; return events; }, @@ -162,6 +164,38 @@ define(function(require){ }); } }, + onStatusChange : function(e){ + var that = this; + var status = $(e.currentTarget).attr('data-id') == 'Enable' ? true : false; + var updateMap = {}; + var collection = this.showUsers ? this.collection : this.groupList; + + _.each(collection.selected, function(s){ + if( s.get('status') != status ){ + s.set('status', status); + s.toServerStatus(); + updateMap[s.get('id')] = s.get('status'); + } + }); + + var clearCache = function(coll){ + _.each(Backbone.fetchCache._cache, function(url, val){ + var urlStr = coll.url; + if((val.indexOf(urlStr) != -1)){ + Backbone.fetchCache.clearItem(val); + } + }); + coll.fetch({reset: true, cache : false}); + } + if(this.showUsers){ + collection.setStatus(updateMap, { + success : function(){ + that.chgFlags = []; + clearCache(collection); + } + }); + } + }, renderUserTab : function(){ var that = this; if(_.isUndefined(this.collection)){ @@ -175,6 +209,7 @@ define(function(require){ if(!_.isString(that.ui.addNewGroup)){ that.ui.addNewGroup.hide(); that.ui.addNewUser.show(); + that.ui.activeStatusDiv.show(); } that.$('.wrap-header').text('User List'); }); @@ -191,6 +226,7 @@ define(function(require){ }).done(function(){ that.ui.addNewUser.hide(); that.ui.addNewGroup.show(); + that.ui.activeStatusDiv.hide(); that.$('.wrap-header').text('Group List'); that.$('ul').find('[data-js="groups"]').addClass('active'); that.$('ul').find('[data-js="users"]').removeClass(); @@ -317,6 +353,23 @@ define(function(require){ editable:false, sortable:false }, + status : { + label : localization.tt("lbl.status"), + cell : Backgrid.HtmlCell.extend({className: 'cellWidth-1'}), + formatter: _.extend({}, Backgrid.CellFormatter.prototype, { + fromRaw: function (rawValue, model) { + if(!_.isUndefined(rawValue)){ + if(rawValue) + return '<span class="label label-success">'+XAEnums.ActiveStatus.STATUS_ENABLED.label+'</span>'; + else + return '<span class="label label-green">'+XAEnums.ActiveStatus.STATUS_DISABLED.label+'</span>'; + }else + return '--'; + } + }), + editable:false, + sortable:false + }, }; return this.collection.constructor.getTableCols(cols, this.collection); @@ -415,13 +468,14 @@ define(function(require){ if(this.showUsers){ placeholder = localization.tt('h.searchForYourUser'); coll = this.collection; - searchOpt = ['User Name','Email Address','Visibility', 'Role','User Source'];//,'Start Date','End Date','Today']; + searchOpt = ['User Name','Email Address','Visibility', 'Role','User Source','User Status'];//,'Start Date','End Date','Today']; var userRoleList = _.map(XAEnums.UserRoles,function(obj,key){return {label:obj.label,value:key};}); serverAttrName = [ {text : "User Name", label :"name"}, {text : "Email Address", label :"emailAddress"}, {text : "Role", label :"userRoleList", 'multiple' : true, 'optionsArr' : userRoleList}, {text : "Visibility", label :"isVisible", 'multiple' : true, 'optionsArr' : XAUtil.enumToSelectLabelValuePairs(XAEnums.VisibilityStatus)}, {text : "User Source", label :"userSource", 'multiple' : true, 'optionsArr' : XAUtil.enumToSelectLabelValuePairs(XAEnums.UserTypes)}, + {text : "User Status", label :"status", 'multiple' : true, 'optionsArr' : XAUtil.enumToSelectLabelValuePairs(XAEnums.ActiveStatus)}, ]; }else{ placeholder = localization.tt('h.searchForYourGroup'); @@ -452,6 +506,9 @@ define(function(require){ case 'Visibility': callback(XAUtil.hackForVSLabelValuePairs(XAEnums.VisibilityStatus)); break; + case 'User Status': + callback(XAUtil.hackForVSLabelValuePairs(XAEnums.ActiveStatus)); + break; /*case 'Start Date' : setTimeout(function () { XAUtil.displayDatepicker(that.ui.visualSearch, callback); }, 0); break; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/cafe8697/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html b/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html index 3dbefd4..6dd4b0f 100644 --- a/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html +++ b/security-admin/src/main/webapp/templates/users/UserTableLayout_tmpl.html @@ -26,7 +26,7 @@ <h3 class="wrap-header bold"> {{tt 'lbl.userListing'}} </h3> <div class="wrap non-collapsible m-height "> <div> - <div class="span9"> + <div class="span8"> <div class="visual_search"></div> </div> <div class="clearfix"> @@ -42,6 +42,16 @@ <li><a href="javascript:void(0);" data-id="hidden">{{tt 'lbl.VisibilityStatus_IS_HIDDEN'}}</a></li> </ul> </div> + <div class="btn-group btn-right" data-id="activeStatusDiv"> + <a class="btn btn-primary dropdown-toggle" data-toggle="dropdown" href="#"> + {{tt 'btn.setStatus'}} + <span class="caret"></span> + </a> + <ul class="dropdown-menu" data-id="activeStatusDropdown"> + <li><a href="javascript:void(0);" data-id="Enable">{{tt 'lbl.ActiveStatus_STATUS_ENABLED'}}</a></li> + <li><a href="javascript:void(0);" data-id="Disable">{{tt 'lbl.ActiveStatus_STATUS_DISABLED'}}</a></li> + </ul> + </div> </div> <div data-id="r_tableList" class="clickable"> <b class="_prevNav"></b>
