Repository: incubator-ranger Updated Branches: refs/heads/master cd5841991 -> 1f43245f2
RANGER-688 : Handle scenario where ids of XUser and XPortalUser are not in sync Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/1f43245f Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/1f43245f Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/1f43245f Branch: refs/heads/master Commit: 1f43245f2adceaed6b6ca3f45925b586d0f24d77 Parents: cd58419 Author: Gautam Borad <[email protected]> Authored: Wed Oct 14 15:10:57 2015 +0530 Committer: Gautam Borad <[email protected]> Committed: Thu Oct 15 12:24:55 2015 +0530 ---------------------------------------------------------------------- security-admin/scripts/setup.sh | 20 +++--- .../java/org/apache/ranger/biz/XUserMgr.java | 35 +++++++---- .../apache/ranger/common/UserSessionBase.java | 3 +- .../org/apache/ranger/db/XXPortalUserDao.java | 21 ++++--- .../java/org/apache/ranger/db/XXUserDao.java | 12 ++++ .../apache/ranger/db/XXUserPermissionDao.java | 5 +- .../patch/PatchPersmissionModel_J10003.java | 4 +- .../ranger/service/XUserPermissionService.java | 24 ++------ .../service/XUserPermissionServiceBase.java | 65 ++++++++++++++++++-- .../resources/META-INF/jpa_named_queries.xml | 7 ++- 10 files changed, 131 insertions(+), 65 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/scripts/setup.sh ---------------------------------------------------------------------- diff --git a/security-admin/scripts/setup.sh b/security-admin/scripts/setup.sh index 9710706..cd5d2bf 100755 --- a/security-admin/scripts/setup.sh +++ b/security-admin/scripts/setup.sh @@ -1513,26 +1513,22 @@ setup_install_files(){ log "[I] Copying ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist ${WEBAPP_ROOT}/WEB-INF/classes/conf" mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/conf cp ${WEBAPP_ROOT}/WEB-INF/classes/conf.dist/* ${WEBAPP_ROOT}/WEB-INF/classes/conf + fi + if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf fi - if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/conf ]; then - chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/conf - fi - if [ ! -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then log "[I] Creating ${WEBAPP_ROOT}/WEB-INF/classes/lib" mkdir -p ${WEBAPP_ROOT}/WEB-INF/classes/lib + fi + if [ -d ${WEBAPP_ROOT}/WEB-INF/classes/lib ]; then chown -R ${unix_user} ${WEBAPP_ROOT}/WEB-INF/classes/lib fi if [ -d /etc/init.d ]; then log "[I] Setting up init.d" cp ${INSTALL_DIR}/ews/${RANGER_ADMIN_INITD} /etc/init.d/${RANGER_ADMIN} - if [ "${unix_user}" != "ranger" ]; then - sed 's/LINUX_USER=ranger/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN} - fi - chmod ug+rx /etc/init.d/${RANGER_ADMIN} if [ -d /etc/rc2.d ] @@ -1571,15 +1567,19 @@ setup_install_files(){ ln -s /etc/init.d/${RANGER_ADMIN} $RC_DIR/K90${RANGER_ADMIN} fi fi + if [ -f /etc/init.d/${RANGER_ADMIN} ]; then + if [ "${unix_user}" != "ranger" ]; then + sed 's/^LINUX_USER=.*$/LINUX_USER='${unix_user}'/g' -i /etc/init.d/${RANGER_ADMIN} + fi + fi if [ ! -d ${XAPOLICYMGR_DIR}/ews/logs ]; then log "[I] ${XAPOLICYMGR_DIR}/ews/logs folder" mkdir -p ${XAPOLICYMGR_DIR}/ews/logs - chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs fi - if [ -d ${XAPOLICYMGR_DIR}/ews/logs ]; then chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs + chown -R ${unix_user} ${XAPOLICYMGR_DIR}/ews/logs/* fi log "[I] Setting up installation files and directory DONE"; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index b860877..572323f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -242,38 +242,47 @@ public class XUserMgr extends XUserMgrBase { if (role.equals(RangerConstants.ROLE_USER)) { - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); } else if (role.equals(RangerConstants.ROLE_SYS_ADMIN)) { - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_AUDIT), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_USER_GROUPS), isCreate); } else if (role.equals(RangerConstants.ROLE_KEY_ADMIN)) { - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); - createOrUpdateUserPermisson(vXPortalUser.getId(), moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_KEY_MANAGER), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_REPORTS), isCreate); + createOrUpdateUserPermisson(vXPortalUser, moduleNameId.get(RangerConstants.MODULE_RESOURCE_BASED_POLICIES), isCreate); } } } // Insert or Updating Mapping permissions depending upon roles - private void createOrUpdateUserPermisson(Long portalUserId, Long moduleId, boolean isCreate) { + private void createOrUpdateUserPermisson(VXPortalUser portalUser, Long moduleId, boolean isCreate) { VXUserPermission vXUserPermission; - XXUserPermission xUserPermission = daoManager.getXXUserPermission().findByModuleIdAndUserId(portalUserId, moduleId); + XXUserPermission xUserPermission = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(portalUser.getId(), moduleId); if (xUserPermission == null) { vXUserPermission = new VXUserPermission(); - vXUserPermission.setUserId(portalUserId); + + // When Creating XXUserPermission UI sends xUserId, to keep it consistent here xUserId should be used + XXUser xUser = daoManager.getXXUser().findByPortalUserId(portalUser.getId()); + if (xUser == null) { + logger.warn("Could not found corresponding xUser for username: [" + portalUser.getLoginId() + "], So not assigning permission to this user"); + return; + } else { + vXUserPermission.setUserId(xUser.getId()); + } + vXUserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED); vXUserPermission.setModuleId(moduleId); try { vXUserPermission = this.createXUserPermission(vXUserPermission); logger.info("Permission assigned to user: [" + vXUserPermission.getUserName() + "] For Module: [" + vXUserPermission.getModuleName() + "]"); } catch (Exception e) { - logger.error("Error while assigning permission to user: [" + portalUserId + "] for module: [" + moduleId + "]", e); + logger.error("Error while assigning permission to user: [" + portalUser.getLoginId() + "] for module: [" + moduleId + "]", e); } } else if (isCreate) { vXUserPermission = xUserPermissionService.populateViewBean(xUserPermission); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java index 59e55f3..175459c 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java +++ b/security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java @@ -128,7 +128,8 @@ public class UserSessionBase implements Serializable { - public static class RangerUserPermission { + public static class RangerUserPermission implements Serializable { + private static final long serialVersionUID = 1L; protected CopyOnWriteArraySet<String> userPermissions; protected Long lastUpdatedTime; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java index d3467f8..393252c 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java @@ -21,9 +21,10 @@ package org.apache.ranger.db; import java.util.List; +import javax.persistence.NoResultException; + import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXPortalUser; -import org.apache.ranger.entity.XXPortalUserRole; public class XXPortalUserDao extends BaseDao<XXPortalUser> { @@ -76,16 +77,16 @@ public class XXPortalUserDao extends BaseDao<XXPortalUser> { .getResultList(); } - - public XXPortalUser findByXUserId(Long id) { - - List resultList = getEntityManager() - .createNamedQuery("XXPortalUser.findByXUserId") - .setParameter("id", id).getResultList(); - if (resultList.size() != 0) { - return (XXPortalUser) resultList.get(0); + public XXPortalUser findByXUserId(Long xUserId) { + if (xUserId == null) { + return null; + } + try { + return getEntityManager().createNamedQuery("XXPortalUser.findByXUserId", tClass) + .setParameter("id", xUserId).getSingleResult(); + } catch (NoResultException e) { + return null; } - return null; } @SuppressWarnings("unchecked") http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java index 0887594..225e733 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java @@ -64,4 +64,16 @@ public class XXUserDao extends BaseDao<XXUser> { return null; } } + + public XXUser findByPortalUserId(Long portalUserId) { + if (portalUserId == null) { + return null; + } + try { + return getEntityManager().createNamedQuery("XXUser.findByPortalUserId", tClass) + .setParameter("portalUserId", portalUserId).getSingleResult(); + } catch (NoResultException e) { + return null; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java index e10dc14..2db6fd6 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java @@ -25,7 +25,6 @@ import javax.persistence.NoResultException; import org.apache.log4j.Logger; import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.common.db.BaseDao; -import org.apache.ranger.entity.XXGroupUser; import org.apache.ranger.entity.XXUserPermission; public class XXUserPermissionDao extends BaseDao<XXUserPermission>{ @@ -99,10 +98,10 @@ public class XXUserPermissionDao extends BaseDao<XXUserPermission>{ return null; } - public XXUserPermission findByModuleIdAndUserId(Long userId, Long moduleId) { + public XXUserPermission findByModuleIdAndPortalUserId(Long userId, Long moduleId) { if (userId != null) { try { - return getEntityManager().createNamedQuery("XXUserPermission.findByModuleIdAndUserId", XXUserPermission.class) + return getEntityManager().createNamedQuery("XXUserPermission.findByModuleIdAndPortalUserId", XXUserPermission.class) .setParameter("userId", userId) .setParameter("moduleId", moduleId) .getSingleResult(); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java index f0aa938..804d08e 100644 --- a/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java +++ b/security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java @@ -84,9 +84,9 @@ public class PatchPersmissionModel_J10003 extends BaseLoader { vPortalUser.setUserRoleList(daoManager.getXXPortalUser().findXPortalUserRolebyXPortalUserId(vPortalUser.getId())); xUserMgr.assignPermissionToUser(vPortalUser, false); countUserPermissionUpdated += 1; - logger.info(" Permission was assigned to UserId - " + xPortalUser.getId()); + logger.info("Permissions assigned/updated on base of User's Role, UserId [" + xPortalUser.getId() + "]"); } - logger.info(countUserPermissionUpdated + " permissions where assigned"); + logger.info(countUserPermissionUpdated + " permissions were assigned"); } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java index 3ff9c8d..bd3a50d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java @@ -17,7 +17,6 @@ package org.apache.ranger.service; -import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.SearchField; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXModuleDef; @@ -47,36 +46,23 @@ public class XUserPermissionService extends XUserPermissionServiceBase<XXUserPer @Override protected void validateForCreate(VXUserPermission vObj) { - XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndUserId(vObj.getUserId(), vObj.getModuleId()); - if (xUserPerm != null) { - throw restErrorUtil.createRESTException("User with ID [" + vObj.getUserId() + "] " + "is already " + "assigned to the module with ID [" + vObj.getModuleId() + "]", - MessageEnums.ERROR_DUPLICATE_OBJECT); - } + } @Override protected void validateForUpdate(VXUserPermission vObj, XXUserPermission mObj) { - XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndUserId(vObj.getUserId(), vObj.getModuleId()); - if (xUserPerm != null && !xUserPerm.getId().equals(vObj.getId())) { - throw restErrorUtil.createRESTException("User with ID [" + vObj.getUserId() + "] " + "is already " + "assigned to the module with ID [" + vObj.getModuleId() + "]", - MessageEnums.ERROR_DUPLICATE_OBJECT); - } + } @Override public VXUserPermission populateViewBean(XXUserPermission xObj) { VXUserPermission vObj = super.populateViewBean(xObj); - XXPortalUser xUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId()); - if (xUser == null) { - xUser=rangerDaoManager.getXXPortalUser().findByXUserId(xObj.getUserId()); - if(xUser==null) - throw restErrorUtil.createRESTException(xUser + " is Not Found", - MessageEnums.DATA_NOT_FOUND); + XXPortalUser xPortalUser = rangerDaoManager.getXXPortalUser().getById(xObj.getUserId()); + if (xPortalUser != null) { + vObj.setUserName(xPortalUser.getLoginId()); } - vObj.setUserName(xUser.getLoginId()); - XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(xObj.getModuleId()); if (xModuleDef != null) { vObj.setModuleName(xModuleDef.getModule()); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java index 59c082d..a5a1213 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java @@ -20,7 +20,10 @@ package org.apache.ranger.service; import java.util.ArrayList; import java.util.List; +import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.SearchCriteria; +import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXUser; import org.apache.ranger.entity.XXUserPermission; import org.apache.ranger.view.VXUserPermission; import org.apache.ranger.view.VXUserPermissionList; @@ -34,20 +37,48 @@ public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V e } - @SuppressWarnings("unchecked") @Override - protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj, - XXUserPermission mObj, int OPERATION_CONTEXT) { - mObj.setUserId(vObj.getUserId()); + @SuppressWarnings("unchecked") + protected XXUserPermission mapViewToEntityBean(VXUserPermission vObj, XXUserPermission mObj, int OPERATION_CONTEXT) { + + // Assuming that vObj.userId coming from UI/Client would be of XXUser, but in DB it should be of XXPortalUser so + // have to map XXUser.ID to XXPortalUser.ID and if portalUser does not exist then not allowing to create/update + + XXPortalUser portalUser = daoManager.getXXPortalUser().findByXUserId(vObj.getUserId()); + if (portalUser == null) { + throw restErrorUtil.createRESTException("Invalid UserId: [" + vObj.getUserId() + + "], Please make sure while create/update given userId should be of x_user", + MessageEnums.INVALID_INPUT_DATA); + } + + mObj.setUserId(portalUser.getId()); mObj.setModuleId(vObj.getModuleId()); mObj.setIsAllowed(vObj.getIsAllowed()); + + if (OPERATION_CONTEXT == OPERATION_CREATE_CONTEXT) { + validateXUserPermForCreate(mObj); + } else if (OPERATION_CONTEXT == OPERATION_UPDATE_CONTEXT) { + validateXUserPermForUpdate(mObj); + } + return mObj; } - @SuppressWarnings("unchecked") @Override + @SuppressWarnings("unchecked") protected VXUserPermission mapEntityToViewBean(VXUserPermission vObj, XXUserPermission mObj) { - vObj.setUserId(mObj.getUserId()); + + // As XXUserPermission.userID refers to XXPortalUser.ID, But UI/Client expects XXUser.ID so have to map + // XXUserPermission.userID from XXPortalUser.ID to XXUser.ID + XXUser xUser = daoManager.getXXUser().findByPortalUserId(mObj.getUserId()); + Long userId; + if (xUser != null) { + userId = xUser.getId(); + } else { + // In this case rather throwing exception, send it as null + userId = null; + } + vObj.setUserId(userId); vObj.setModuleId(mObj.getModuleId()); vObj.setIsAllowed(mObj.getIsAllowed()); return vObj; @@ -75,4 +106,26 @@ public abstract class XUserPermissionServiceBase<T extends XXUserPermission, V e returnList.setvXModuleDef(vXUserPermissions); return returnList; } + + protected void validateXUserPermForCreate(XXUserPermission mObj) { + XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(mObj.getUserId(), + mObj.getModuleId()); + if (xUserPerm != null) { + throw restErrorUtil.createRESTException("User with ID [" + mObj.getUserId() + "] " + "is already " + + "assigned to the module with ID [" + mObj.getModuleId() + "]", + MessageEnums.ERROR_DUPLICATE_OBJECT); + } + } + + protected void validateXUserPermForUpdate(XXUserPermission mObj) { + + XXUserPermission xUserPerm = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(mObj.getUserId(), + mObj.getModuleId()); + if (xUserPerm != null && !xUserPerm.getId().equals(mObj.getId())) { + throw restErrorUtil.createRESTException("User with ID [" + mObj.getUserId() + "] " + "is already " + + "assigned to the module with ID [" + mObj.getModuleId() + "]", + MessageEnums.ERROR_DUPLICATE_OBJECT); + } + } + } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/1f43245f/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 0370e9a..12c4c6d 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -192,6 +192,11 @@ where polItemUser.policyItemId = :polItemId and polItemUser.userId = obj.id </query> </named-query> + <named-query name="XXUser.findByPortalUserId"> + <query>select obj from XXUser obj, XXPortalUser portalUser where portalUser.id = :portalUserId and + obj.name = portalUser.loginId</query> + </named-query> + <named-query name="XXGroup.findByPolicyItemId"> <query>select obj.name from XXGroup obj, XXPolicyItemGroupPerm polItemGrp where polItemGrp.policyItemId = :polItemId and polItemGrp.groupId = obj.id </query> @@ -489,7 +494,7 @@ </query> </named-query> - <named-query name="XXUserPermission.findByModuleIdAndUserId"> + <named-query name="XXUserPermission.findByModuleIdAndPortalUserId"> <query>SELECT XXUserPermObj FROM XXUserPermission XXUserPermObj WHERE XXUserPermObj.moduleId = :moduleId AND XXUserPermObj.userId =:userId
