http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index fd9fc3d..bad3366 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -1396,21 +1396,30 @@ public class ServiceREST { private boolean compactPolicy(RangerPolicy policy) { boolean ret = false; - List<RangerPolicyItem> policyItems = policy.getPolicyItems(); + List<?>[] policyItemsList = new List<?>[] { policy.getPolicyItems(), + policy.getDenyPolicyItems(), + policy.getAllowExceptions(), + policy.getDenyExceptions() + }; - int numOfItems = policyItems.size(); + for(List<?> policyItemsObj : policyItemsList) { + @SuppressWarnings("unchecked") + List<RangerPolicyItem> policyItems = (List<RangerPolicyItem>)policyItemsObj; + + int numOfItems = policyItems.size(); - for(int i = 0; i < numOfItems; i++) { - RangerPolicyItem policyItem = policyItems.get(i); + for(int i = 0; i < numOfItems; i++) { + RangerPolicyItem policyItem = policyItems.get(i); - // remove the policy item if 1) there are no users and groups OR 2) if there are no accessTypes and not a delegate-admin - if((CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups())) || - (CollectionUtils.isEmpty(policyItem.getAccesses()) && !policyItem.getDelegateAdmin())) { - policyItems.remove(i); - numOfItems--; - i--; + // remove the policy item if 1) there are no users and groups OR 2) if there are no accessTypes and not a delegate-admin + if((CollectionUtils.isEmpty(policyItem.getUsers()) && CollectionUtils.isEmpty(policyItem.getGroups())) || + (CollectionUtils.isEmpty(policyItem.getAccesses()) && !policyItem.getDelegateAdmin())) { + policyItems.remove(i); + numOfItems--; + i--; - ret = true; + ret = true; + } } }
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 224f0cd..12367e6 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -102,8 +102,7 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); vPolicy.setResources(resources); - List<RangerPolicyItem> policyItems = getPolicyItemListForXXPolicy(xPolicy); - vPolicy.setPolicyItems(policyItems); + getPolicyItemListForXXPolicy(xPolicy, vPolicy); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java index b76a0ed..9ee2c2e 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyServiceBase.java @@ -48,6 +48,7 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.policyevaluator.RangerPolicyItemEvaluator; import org.apache.ranger.plugin.util.SearchFilter; import org.apache.ranger.view.RangerPolicyList; import org.springframework.beans.factory.annotation.Autowired; @@ -145,16 +146,30 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends return retList; } - public List<RangerPolicyItem> getPolicyItemListForXXPolicy(XXPolicyBase xPolicy) { - - List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>(); + public void getPolicyItemListForXXPolicy(XXPolicyBase xPolicy, RangerPolicy policy) { List<XXPolicyItem> xPolicyItemList = daoMgr.getXXPolicyItem().findByPolicyId(xPolicy.getId()); + policy.setPolicyItems(null); + policy.setDenyPolicyItems(null); + policy.setAllowExceptions(null); + policy.setDenyExceptions(null); + for (XXPolicyItem xPolItem : xPolicyItemList) { RangerPolicyItem policyItem = populateXXToRangerPolicyItem(xPolItem); - policyItems.add(policyItem); + int itemType = xPolItem.getItemType() == null ? RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW : xPolItem.getItemType(); + + if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW) { + policy.getPolicyItems().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY) { + policy.getDenyPolicyItems().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_ALLOW_EXCEPTIONS) { + policy.getAllowExceptions().add(policyItem); + } else if(itemType == RangerPolicyItemEvaluator.POLICY_ITEM_TYPE_DENY_EXCEPTIONS) { + policy.getDenyExceptions().add(policyItem); + } else { // unknown itemType.. set to default type + policy.getPolicyItems().add(policyItem); + } } - return policyItems; } public RangerPolicyItem populateXXToRangerPolicyItem(XXPolicyItem xPolItem) { @@ -203,7 +218,6 @@ public abstract class RangerPolicyServiceBase<T extends XXPolicyBase, V extends rangerPolItem.setGroups(grpList); rangerPolItem.setDelegateAdmin(xPolItem.getDelegateAdmin()); - rangerPolItem.setItemType(xPolItem.getItemType()); return rangerPolItem; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java index 35e9f98..0dae4bd 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyWithAssignedIdService.java @@ -65,8 +65,7 @@ public class RangerPolicyWithAssignedIdService extends RangerPolicyServiceBase<X Map<String, RangerPolicyResource> resources = getResourcesForXXPolicy(xPolicy); vPolicy.setResources(resources); - List<RangerPolicyItem> policyItems = getPolicyItemListForXXPolicy(xPolicy); - vPolicy.setPolicyItems(policyItems); + getPolicyItemListForXXPolicy(xPolicy, vPolicy); return vPolicy; } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/models/RangerPolicy.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js index 3546549..46e498b 100644 --- a/security-admin/src/main/webapp/scripts/models/RangerPolicy.js +++ b/security-admin/src/main/webapp/scripts/models/RangerPolicy.js @@ -80,13 +80,6 @@ define(function(require){ offText : 'NO', switchOn : true }, - policyType : { - type : 'Radio', - options : function(callback, editor){ - var nvPairs = XAUtils.enumToSelectPairs(XAEnums.PolicyType); - callback(nvPairs); - } - }, }); }, http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js index ba986f9..457b7e8 100644 --- a/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js +++ b/security-admin/src/main/webapp/scripts/modules/globalize/message/en.js @@ -213,7 +213,6 @@ define(function(require) { ipAddress : 'IP Address', isVisible : 'Visible', delegatedAdmin : 'Delegate Admin', - itemType : 'Abstain?', policyId : 'Policy ID', moduleName : 'Module Name', keyManagement : 'Key Management', http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/utils/XAUtils.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/utils/XAUtils.js b/security-admin/src/main/webapp/scripts/utils/XAUtils.js index d0d62a2..2af75b2 100644 --- a/security-admin/src/main/webapp/scripts/utils/XAUtils.js +++ b/security-admin/src/main/webapp/scripts/utils/XAUtils.js @@ -572,7 +572,7 @@ define(function(require) { $(this).select2('open'); } }; - XAUtils.makeCollForGroupPermission = function(model) { + XAUtils.makeCollForGroupPermission = function(model, listName) { var XAEnums = require('utils/XAEnums'); var formInputColl = new Backbone.Collection(); // permMapList = [ {id: 18, groupId : 1, permType :5}, {id: 18, groupId @@ -581,8 +581,8 @@ define(function(require) { // permType :4} ] // [2] => [ {id: 18, groupId : 2, permType :5} ] if (!model.isNew()) { - if (!_.isUndefined(model.get('policyItems'))) { - var policyItems = model.get('policyItems'); + if (!_.isUndefined(model.get(listName))) { + var policyItems = model.get(listName); // var groupPolicyItems = // _.filter(policyItems,function(m){if(!_.isEmpty(m.groups)) // return m;}); @@ -598,7 +598,6 @@ define(function(require) { accesses : obj.accesses, conditions : obj.conditions, delegateAdmin : obj.delegateAdmin, - itemType : obj.itemType, editMode : true, }); formInputColl.add(m); @@ -609,7 +608,7 @@ define(function(require) { return formInputColl; }; - XAUtils.makeCollForUserPermission = function(model) { + XAUtils.makeCollForUserPermission = function(model, listName) { var XAEnums = require('utils/XAEnums'); var coll = new Backbone.Collection(); // permMapList = [ {id: 18, groupId : 1, permType :5}, {id: 18, groupId @@ -618,8 +617,8 @@ define(function(require) { // permType :4} ] // [2] => [ {id: 18, groupId : 2, permType :5} ] if (!model.isNew()) { - if (!_.isUndefined(model.get('policyItems'))) { - var policyItems = model.get('policyItems'); + if (!_.isUndefined(model.get(listName))) { + var policyItems = model.get(listName); var userPolicyItems = _.filter(policyItems, function(m) { if (!_.isEmpty(m.users)) return m; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js index efc5377..2a49e78 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js +++ b/security-admin/src/main/webapp/scripts/views/policies/PermissionList.js @@ -55,21 +55,19 @@ define(function(require) { addPerms : 'a[data-js="permissions"]', conditionsTags : '[class=tags1]', delegatedAdmin : 'input[data-js="delegatedAdmin"]', - itemType : 'input[data-js="itemType"]', addPermissionsSpan : '.add-permissions', addConditionsSpan : '.add-conditions', }, events : { 'click [data-action="delete"]' : 'evDelete', 'click [data-js="delegatedAdmin"]' : 'evClickTD', - 'click [data-js="itemType"]' : 'evItemTypeClick', 'change [data-js="selectGroups"]': 'evSelectGroup', 'change [data-js="selectUsers"]': 'evSelectUser', 'change input[class="policy-conditions"]' : 'policyCondtionChange' }, initialize : function(options) { - _.extend(this, _.pick(options, 'groupList','policyType','accessTypes','policyConditions','userList','rangerServiceDefModel')); + _.extend(this, _.pick(options, 'groupList','accessTypes','policyConditions','userList','rangerServiceDefModel')); this.setupPermissionsAndConditions(); }, @@ -91,6 +89,7 @@ define(function(require) { this.renderPerms(); } this.renderPolicyCondtion(); + //this.initializePlugins(); }, setupFormForEditMode : function() { this.accessItems = _.map(this.accessTypes, function(perm){ @@ -120,10 +119,6 @@ define(function(require) { if(!_.isUndefined(this.model.get('delegateAdmin')) && this.model.get('delegateAdmin')){ this.ui.delegatedAdmin.attr('checked', 'checked'); } - - if(!_.isUndefined(this.model.get('itemType')) && this.model.get('itemType') == 1){ - this.ui.itemType.attr('checked', 'checked'); - } } }, setupPermissionsAndConditions : function() { @@ -507,15 +502,6 @@ define(function(require) { return; } }, - evItemTypeClick : function(e){ - var $el = $(e.currentTarget); - XAUtil.checkDirtyFieldForToggle($el); - //Set ItemType value - if(!_.isUndefined($el.find('input').data('js'))){ - this.model.set('itemType',($el.is(':checked') == false) ? 0 : 1); - return; - } - }, checkDirtyFieldForCheckBox : function(perms){ var permList = []; @@ -571,6 +557,7 @@ define(function(require) { groupIdList = this.model.get('groupId').split(','); XAUtil.checkDirtyField(groupIdList, e.val, $(e.currentTarget)); }, + }); @@ -580,7 +567,8 @@ define(function(require) { template : require('hbs!tmpl/policies/PermissionList'), templateHelpers :function(){ return { - permHeaders : this.getPermHeaders() + permHeaders : this.getPermHeaders(), + headerTitle : this.headerTitle }; }, getItemView : function(item){ @@ -595,7 +583,6 @@ define(function(require) { 'collection' : this.collection, 'groupList' : this.groupList, 'userList' : this.userList, - 'policyType' : this.policyType, 'accessTypes' : this.accessTypes, 'policyConditions' : this.rangerServiceDefModel.get('policyConditions'), 'rangerServiceDefModel' : this.rangerServiceDefModel @@ -605,14 +592,16 @@ define(function(require) { 'click [data-action="addGroup"]' : 'addNew' }, initialize : function(options) { - _.extend(this, _.pick(options, 'groupList','policyType','accessTypes','rangerServiceDefModel','userList')); + _.extend(this, _.pick(options, 'groupList','accessTypes','rangerServiceDefModel','userList', 'headerTitle')); this.listenTo(this.groupList, 'sync', this.render, this); if(this.collection.length == 0) this.collection.add(new Backbone.Model()); }, onRender : function(){ // this.toggleAddButton(); + //this.initializePlugins(); }, + addNew : function(){ var that =this; // if(this.groupList.length > this.collection.length && (this.userList.length > this.collection.length)){ @@ -639,7 +628,6 @@ define(function(require) { }, getPermHeaders : function(){ var permList = []; - permList.unshift(localization.tt('lbl.itemType')); if(this.rangerServiceDefModel.get('name') != XAEnums.ServiceType.SERVICE_TAG.label){ permList.unshift(localization.tt('lbl.delegatedAdmin')); permList.unshift(localization.tt('lbl.permissions')); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js index d969c37..be18c99 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyForm.js @@ -66,7 +66,10 @@ define(function(require){ this.defaultValidator={} }, initializeCollection: function(){ - this.formInputList = XAUtil.makeCollForGroupPermission(this.model); + this.formInputList = XAUtil.makeCollForGroupPermission(this.model, 'policyItems'); + this.formInputAllowExceptionList= XAUtil.makeCollForGroupPermission(this.model, 'allowExceptions'); + this.formInputDenyList = XAUtil.makeCollForGroupPermission(this.model, 'denyPolicyItems'); + this.formInputDenyExceptionList = XAUtil.makeCollForGroupPermission(this.model, 'denyExceptions'); }, /** all events binding here */ bindEvents : function(){ @@ -76,21 +79,18 @@ define(function(require){ this.on('isEnabled:change', function(form, fieldEditor){ this.evIsEnabledChange(form, fieldEditor); }); - this.on('policyType:change', function(form, fieldEditor){ - this.evPolicyTypeChange(form, fieldEditor); - }); this.on('policyForm:parentChildHideShow',this.renderParentChildHideShow); }, /** fields for the form */ - fields: ['name', 'policyType', 'description', 'isEnabled', 'isAuditEnabled'], + fields: ['name', 'description', 'isEnabled', 'isAuditEnabled'], schema :function(){ return this.getSchema(); }, getSchema : function(){ var attrs = {}; - var basicSchema = ['name','isEnabled','policyType'] + var basicSchema = ['name','isEnabled'] var schemaNames = this.getPolicyBaseFieldNames(); var formDataType = new BackboneFormDataType(); @@ -119,16 +119,42 @@ define(function(require){ //to show error msg on below the field(only for policy name) this.fields.isEnabled.$el.find('.control-label').removeClass(); this.fields.name.$el.find('.help-inline').removeClass('help-inline').addClass('help-block margin-left-5') + this.initializePlugins(); + }, + initializePlugins : function() { + var that = this; + this.$(".wrap-header").each(function() { + var wrap = $(this).next(); + // If next element is a wrap and hasn't .non-collapsible class + if (wrap.hasClass('wrap') && ! wrap.hasClass('non-collapsible')) + $(this).append('<a href="#" class="wrap-expand pull-right">show <i class="icon-caret-down"></i></a>').append('<a href="#" class="wrap-collapse pull-right" style="display: none">hide <i class="icon-caret-up"></i></a>'); + }); + // Collapse wrap + $(document).on("click", "a.wrap-collapse", function() { + var self = $(this).hide(100, 'linear'); + self.parent('.wrap-header').next('.wrap').slideUp(500, function() { + $('.wrap-expand', self.parent('.wrap-header')).show(100, 'linear'); + }); + return false; + + // Expand wrap + }).on("click", "a.wrap-expand", function() { + var self = $(this).hide(100, 'linear'); + self.parent('.wrap-header').next('.wrap').slideDown(500, function() { + $('.wrap-collapse', self.parent('.wrap-header')).show(100, 'linear'); + }); + return false; + }); + }, + + evAuditChange : function(form, fieldEditor){ XAUtil.checkDirtyFieldForToggle(fieldEditor.$el); }, evIsEnabledChange : function(form, fieldEditor){ XAUtil.checkDirtyFieldForToggle(fieldEditor.$el); }, - evPolicyTypeChange : function(form, fieldEditor){ - XAUtil.checkDirtyFieldForToggle(fieldEditor.$el); - }, setupForm : function() { if(!this.model.isNew()){ this.selectedResourceTypes = {}; @@ -150,8 +176,6 @@ define(function(require){ var that = this; this.fields.isAuditEnabled.editor.setValue(this.model.get('isAuditEnabled')); this.fields.isEnabled.editor.setValue(this.model.get('isEnabled')); - this.fields.policyType.editor.setValue(this.model.get('policyType')); - }, /** all custom field rendering */ renderCustomFields: function(){ @@ -177,6 +201,34 @@ define(function(require){ userList : that.userList, model : that.model, accessTypes: accessType, + headerTitle: "", + rangerServiceDefModel : that.rangerServiceDefModel + }).render().el); + that.$('[data-customfields="groupPermsDeny"]').html(new PermissionList({ + collection : that.formInputDenyList, + groupList : that.groupList, + userList : that.userList, + model : that.model, + accessTypes: accessType, + headerTitle: "", + rangerServiceDefModel : that.rangerServiceDefModel + }).render().el); + that.$('[data-customfields="groupPermsAllowException"]').html(new PermissionList({ + collection : that.formInputAllowExceptionList, + groupList : that.groupList, + userList : that.userList, + model : that.model, + accessTypes: accessType, + headerTitle: "Deny", + rangerServiceDefModel : that.rangerServiceDefModel + }).render().el); + that.$('[data-customfields="groupPermsDenyException"]').html(new PermissionList({ + collection : that.formInputDenyExceptionList, + groupList : that.groupList, + userList : that.userList, + model : that.model, + accessTypes: accessType, + headerTitle: "Deny", rangerServiceDefModel : that.rangerServiceDefModel }).render().el); }); @@ -259,10 +311,11 @@ define(function(require){ //Set UserGroups Permission var RangerPolicyItem = Backbone.Collection.extend(); - var policyItemList = new RangerPolicyItem(); - policyItemList = this.setPermissionsToColl(this.formInputList, policyItemList); - this.model.set('policyItems', policyItemList) + this.model.set('policyItems', this.setPermissionsToColl(this.formInputList, new RangerPolicyItem())); + this.model.set('denyPolicyItems', this.setPermissionsToColl(this.formInputDenyList, new RangerPolicyItem())); + this.model.set('allowExceptions', this.setPermissionsToColl(this.formInputAllowExceptionList, new RangerPolicyItem())); + this.model.set('denyExceptions', this.setPermissionsToColl(this.formInputDenyExceptionList, new RangerPolicyItem())); this.model.set('service',this.rangerService.get('name')); /*//Unset attrs which are not needed _.each(this.model.attributes.resources,function(obj,key){ @@ -283,9 +336,6 @@ define(function(require){ if(!_.isUndefined(m.get('delegateAdmin'))){ policyItem.set("delegateAdmin",m.get("delegateAdmin")); } - if(!_.isUndefined(m.get('itemType'))){ - policyItem.set("itemType",m.get("itemType")); - } var RangerPolicyItemAccessList = Backbone.Collection.extend(); var rangerPlcItemAccessList = new RangerPolicyItemAccessList(m.get('accesses')); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js index 6d7f3d7..6532957 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyRO.js @@ -125,7 +125,6 @@ define(function(require) { getPermHeaders : function(){ var permList = [], policyCondition = false; - permList.unshift(localization.tt('lbl.itemType')); permList.unshift(localization.tt('lbl.delegatedAdmin')); permList.unshift(localization.tt('lbl.permissions')); if(!_.isEmpty(this.serviceDef.get('policyConditions'))){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js index eaaf273..55ea285 100644 --- a/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policies/RangerPolicyTableLayout.js @@ -169,17 +169,6 @@ define(function(require){ editable: false, sortable : false }, - policyType : { - cell : 'html', - label : localization.tt("lbl.policyType"), - formatter: _.extend({}, Backgrid.CellFormatter.prototype, { - fromRaw: function (rawValue) { - return rawValue === 0 ? '<label label-success">Allow</label>' : rawValue === 1 ? '<label label-important">Deny</label>' : '<label label-success">Unknown</label>'; - } - }), - editable: false, - sortable : false - }, isEnabled:{ label:localization.tt('lbl.status'), cell :"html", http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js index 3979ea2..ceb8898 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js +++ b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js @@ -216,20 +216,6 @@ define(function(require){ if(!_.isUndefined(policyItems)){ this.getPolicyItems(); } - var policyType = this.collection.findWhere({'attributeName':'Policy Type'}); - /*if(this.action == 'delete'){ - this.template = PolicyOperationDiff_tmpl; - }*/ - if(!_.isUndefined(policyType)){ - if(!_.isEmpty(policyType.get('previousValue'))){ - var tmp = this.collection.get(policyType.id); - tmp.set("previousValue", policyType.get('previousValue') === "0" ? 'Allow' : policyType.get('previousValue') === "1" ? 'Deny' : "Unknown"); - } - if(!_.isEmpty(policyType.get('newValue'))){ - var tmp = this.collection.get(policyType.id); - tmp.set("newValue", policyType.get('newValue') === "0" ? 'Allow' : policyType.get('newValue') === "1" ? 'Deny' : "Unknown"); - } - } }, getPolicyResources : function() { var policyResources = this.collection.findWhere({'attributeName':'Policy Resources'}); @@ -295,7 +281,6 @@ define(function(require){ var permissions = _.map(_.where(obj.accesses,{'isAllowed':true}), function(t) { return t.type; }); obj['permissions'] = permissions; obj['delegateAdmin'] = obj.delegateAdmin ? 'enabled' : 'disabled'; - obj['itemType'] = obj.itemType == 1 ? 'enabled' : 'disabled'; } }); } @@ -306,7 +291,6 @@ define(function(require){ var permissions = _.map(_.where(obj.accesses,{'isAllowed':true}), function(t) { return t.type; }); obj['permissions'] = permissions; obj['delegateAdmin'] = obj.delegateAdmin ? 'enabled' : 'disabled'; - obj['itemType'] = obj.itemType == 1? 'enabled' : 'disabled'; } }); } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js index 9c4fb3f..ac05eba 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js +++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js @@ -209,17 +209,6 @@ define(function(require) {'use strict'; editable: false, sortable : false }, - policyType : { - cell : 'html', - label : localization.tt("lbl.policyType"), - formatter: _.extend({}, Backgrid.CellFormatter.prototype, { - fromRaw: function (rawValue) { - return rawValue === 0 ? '<label label-success">Allow</label>' : rawValue === 1 ? '<label label-important">Deny</label>' : '<label label-success">Unknown</label>'; - } - }), - editable: false, - sortable : false - }, isEnabled:{ label:localization.tt('lbl.status'), cell :"html", http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/policies/PermissionItem.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/PermissionItem.html b/security-admin/src/main/webapp/templates/policies/PermissionItem.html index 63375c9..99c20fa 100644 --- a/security-admin/src/main/webapp/templates/policies/PermissionItem.html +++ b/security-admin/src/main/webapp/templates/policies/PermissionItem.html @@ -35,9 +35,6 @@ <td style=" width: 12%; "> <input data-js="delegatedAdmin" type="checkbox"> </td> -<td style=" width: 12%; "> - <input data-js="itemType" type="checkbox"> -</td> <td> <button type="button" class="btn btn-small btn-danger " data-action="delete"> <i class="icon-remove"></i> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/policies/PermissionList.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/PermissionList.html b/security-admin/src/main/webapp/templates/policies/PermissionList.html index 070b908..bb96a61 100644 --- a/security-admin/src/main/webapp/templates/policies/PermissionList.html +++ b/security-admin/src/main/webapp/templates/policies/PermissionList.html @@ -14,8 +14,17 @@ See the License for the specific language governing permissions and limitations under the License. --}} + +<!-- + +<h3 class="wrap-header bold reportSearchHeader" > {{headerTitle}} + <span class="label label-yellow pull-right" ></span> +</h3> +<div class="wrap well position-relative"> +--> + <div class="control-group"> - <label class="control-label">{{tt 'lbl.permissions'}}</label> + <!--label class="control-label">{{headerTitle}}</label--> <div class="controls"> <table class="table-permission table-condensed"> <thead> @@ -31,6 +40,7 @@ </tbody> </table> </div> + </div> <div class="control-group"> <div class="controls" style="margin-top:-14px"> @@ -40,3 +50,6 @@ </button> </div> </div> +<!-- +</div> +--> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html index 4a6533b..50a5f45 100644 --- a/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html +++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyForm_tmpl.html @@ -29,8 +29,11 @@ </fieldset> <fieldset> <p class="formHeader"> - User and Group Permissions : + Allow Conditions : + <span class="label label-yellow pull-right" ></span> </p> + <div class="position-relative"> + <div class="" data-customfields="groupPerms"> <div class="control-group"> <label class="control-label">{{tt 'lbl.permissions'}}</label> @@ -39,5 +42,52 @@ </div> </div> </div> + <div class="form-indent-right"> + <p class="wrap-header reportSearchHeader"> + Exceptions : + </p> + <div class="wrap position-relative" style="display:none;"> + + <div class="" data-customfields="groupPermsAllowException"> + <div class="control-group" style="margin-left: -100px;"> + <label class="control-label">Exclude :</label> + <div class="controls"> + <img src="images/loading.gif" style=" margin-left: 4%; margin-top: 1%;" /> + </div> + </div> + </div> + </div> + </div> + </div> + + <p class="wrap-header bold formHeader"> + Deny Conditions : + </p> + <div class="wrap position-relative" style="display:none;"> + <div class="" data-customfields="groupPermsDeny"> + <div class="control-group"> + <label class="control-label">{{tt 'lbl.permissions'}}</label> + <div class="controls"> + <img src="images/loading.gif" style=" margin-left: 4%; margin-top: 1%;" /> + </div> + </div> + </div> + <div class="form-indent-right"> + <p class="wrap-header reportSearchHeader"> + Exceptions : + </p> + <div class="wrap position-relative" style="display:none;"> + <div class="" data-customfields="groupPermsDenyException"> + <div class="control-group"> + <label class="control-label">Exclude :</label> + <div class="controls"> + <img src="images/loading.gif" style=" margin-left: 4%; margin-top: 1%;" /> + </div> + </div> + </div> + </div> + </div> + </div> </fieldset> -</form> \ No newline at end of file +</form> + http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html index 1185980..9627b09 100644 --- a/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html +++ b/security-admin/src/main/webapp/templates/policies/RangerPolicyRO_tmpl.html @@ -118,9 +118,6 @@ <td> <input type="checkbox" {{#if this.delegateAdmin}}checked{{/if}} disabled="disabled"> </td> - <td> - <input type="checkbox" {{#if this.itemType}}checked{{/if}} disabled="disabled"> - </td> </tr> {{/each}} </tbody> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html index ad7a07d..53be812 100644 --- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html +++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDeleteDiff_tmpl.html @@ -82,7 +82,6 @@ </li> {{/if}} <li class="change-row"><i>Delegate Admin</i>: {{this.delegateAdmin}}</li> - <li class="change-row"><i>Is Abstain?</i>: {{this.itemType}}</li> </ol><br/> {{/each}} </div> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html index fc697db..353baa9 100644 --- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html +++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html @@ -78,7 +78,6 @@ </li> {{/if}} <li class="change-row">Delegate Admin:{{this.delegateAdmin}}</li> - <li class="change-row">Is Abstain?:{{this.itemType}}</li> </ol><br/> {{/each}} </div> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html index 1a43c98..f61e91f 100644 --- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html +++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html @@ -107,7 +107,6 @@ </li> {{/if}} <li class="change-row"><i>Delegate Admin</i>: {{this.delegateAdmin}}</li> - <li class="change-row"><i>Is Abstain?</i>: {{this.itemType}}</li> {{else}} <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> {{/if}} @@ -151,7 +150,6 @@ </li> {{/if}} <li class="change-row"><i>Delegate Admin</i>: {{this.delegateAdmin}}</li> - <li class="change-row"><i>Is Abstain?</i>: {{this.itemType}}</li> {{else}} <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> {{/if}} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/c18f8bf7/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java index bac5261..b5cc196 100644 --- a/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java +++ b/security-admin/src/test/java/org/apache/ranger/service/TestRangerPolicyService.java @@ -573,9 +573,9 @@ public class TestRangerPolicyService { Mockito.when(xGroupDao.findByPolicyItemId(xPolicyItem.getId())) .thenReturn(groupsList); - List<RangerPolicyItem> dbRangerPolicyItem = policyService - .getPolicyItemListForXXPolicy(policy); - Assert.assertNotNull(dbRangerPolicyItem); + RangerPolicy vPolicy = new RangerPolicy(); + policyService.getPolicyItemListForXXPolicy(policy, vPolicy); + Assert.assertNotNull(vPolicy.getPolicyItems()); Mockito.verify(daoManager).getXXPolicyItemAccess(); Mockito.verify(daoManager).getXXAccessTypeDef();
