RANGER-697 : KeyAdmin role user should see only KMS related audit access logs in Audit tab
Signed-off-by: Velmurugan Periasamy <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/a94e793d Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/a94e793d Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/a94e793d Branch: refs/heads/ranger-0.5 Commit: a94e793db824b97165eab42ed60538c76d53920b Parents: 86d0ba0 Author: Gautam Borad <[email protected]> Authored: Tue Oct 13 17:34:13 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Tue Oct 13 20:34:14 2015 -0400 ---------------------------------------------------------------------- .../main/java/org/apache/ranger/rest/AssetREST.java | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/a94e793d/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 79cea02..775c647 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -51,8 +51,11 @@ import org.apache.ranger.common.ServiceUtil; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.annotation.RangerAnnotationClassName; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; +import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerService; +import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.plugin.util.ServicePolicies; @@ -134,7 +137,9 @@ public class AssetREST { @Autowired ServiceREST serviceREST; - + @Autowired + RangerDaoManager daoManager; + @GET @Path("/assets/{id}") @Produces({ "application/xml", "application/json" }) @@ -645,6 +650,13 @@ public class AssetREST { "startDate", "MM/dd/yyyy"); searchUtil.extractDate(request, searchCriteria, "endDate", "endDate", "MM/dd/yyyy"); + + boolean isKeyAdmin = msBizUtil.isKeyAdmin(); + XXServiceDef xxServiceDef = daoManager.getXXServiceDef().findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME); + if(isKeyAdmin && xxServiceDef != null){ + searchCriteria.getParamList().put("repoType", xxServiceDef.getId()); + } + return assetMgr.getAccessLogs(searchCriteria); }
