Repository: incubator-ranger Updated Branches: refs/heads/ranger-0.5 4290d5889 -> 3c11aee92
RANGER-204: Not able to delete user or group if user/group has any policy defined Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/3c11aee9 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/3c11aee9 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/3c11aee9 Branch: refs/heads/ranger-0.5 Commit: 3c11aee929ebc6953f6ded74a457f67d373af262 Parents: 4290d58 Author: Gautam Borad <[email protected]> Authored: Wed Feb 10 16:27:46 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Wed Feb 10 16:27:46 2016 +0530 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/XUserMgr.java | 387 ++++++++++++++++--- .../org/apache/ranger/common/db/BaseDao.java | 14 + .../org/apache/ranger/db/XXAuthSessionDao.java | 12 + .../org/apache/ranger/db/XXGroupGroupDao.java | 18 + .../java/org/apache/ranger/db/XXPolicyDao.java | 25 +- .../java/org/apache/ranger/rest/XUserREST.java | 56 +-- .../apache/ranger/service/XAuditMapService.java | 4 + .../ranger/service/XPortalUserService.java | 75 ++++ .../resources/META-INF/jpa_named_queries.xml | 16 + .../org/apache/ranger/biz/TestXUserMgr.java | 208 ++++++++-- unixauthservice/scripts/setup.py | 4 +- 11 files changed, 712 insertions(+), 107 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 3784439..2e28707 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -33,6 +33,9 @@ import org.apache.ranger.common.RangerCommonEnums; import org.apache.ranger.entity.XXGroupPermission; import org.apache.ranger.entity.XXModuleDef; import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; +import org.apache.ranger.service.RangerPolicyService; import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XModuleDefService; import org.apache.ranger.service.XPortalUserService; @@ -42,6 +45,7 @@ import org.apache.ranger.view.VXGroupPermission; import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXUserPermission; import org.apache.log4j.Logger; +import org.apache.ranger.authorization.utils.StringUtil; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.PropertiesUtil; @@ -49,11 +53,25 @@ import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.db.XXAuditMapDao; +import org.apache.ranger.db.XXAuthSessionDao; +import org.apache.ranger.db.XXGroupDao; +import org.apache.ranger.db.XXGroupGroupDao; import org.apache.ranger.db.XXGroupUserDao; +import org.apache.ranger.db.XXPermMapDao; +import org.apache.ranger.db.XXPolicyDao; +import org.apache.ranger.db.XXPortalUserDao; +import org.apache.ranger.db.XXPortalUserRoleDao; +import org.apache.ranger.db.XXResourceDao; +import org.apache.ranger.db.XXUserDao; +import org.apache.ranger.db.XXUserPermissionDao; import org.apache.ranger.entity.XXAuditMap; +import org.apache.ranger.entity.XXAuthSession; import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXGroupGroup; import org.apache.ranger.entity.XXGroupUser; import org.apache.ranger.entity.XXPermMap; +import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXResource; import org.apache.ranger.entity.XXTrxLog; @@ -81,7 +99,6 @@ import javax.servlet.http.HttpServletResponse; import org.apache.ranger.view.VXResponse; import org.apache.ranger.entity.XXPortalUserRole; -import javax.servlet.http.HttpServletResponse; import org.apache.ranger.view.VXString; import org.apache.ranger.view.VXStringList; @Component @@ -123,56 +140,15 @@ public class XUserMgr extends XUserMgrBase { @Autowired SessionMgr sessionMgr; - static final Logger logger = Logger.getLogger(XUserMgr.class); + @Autowired + RangerPolicyService policyService; - public void deleteXGroup(Long id, boolean force) { - checkAdminAccess(); - if (force) { - SearchCriteria searchCriteria = new SearchCriteria(); - searchCriteria.addParam("xGroupId", id); - VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria); - for (VXGroupUser groupUser : vxGroupUserList.getList()) { - daoManager.getXXGroupUser().remove(groupUser.getId()); - } - XXGroup xGroup = daoManager.getXXGroup().getById(id); - daoManager.getXXGroup().remove(id); - List<XXTrxLog> trxLogList = xGroupService.getTransactionLog( - xGroupService.populateViewBean(xGroup), "delete"); - xaBizUtil.createTrxLog(trxLogList); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } + @Autowired + ServiceDBStore svcStore; + + static final Logger logger = Logger.getLogger(XUserMgr.class); - public void deleteXUser(Long id, boolean force) { - checkAdminAccess(); - if (force) { - SearchCriteria searchCriteria = new SearchCriteria(); - searchCriteria.addParam("xUserId", id); - VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria); - XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser(); - for (VXGroupUser groupUser : vxGroupUserList.getList()) { - xGroupUserDao.remove(groupUser.getId()); - } - // TODO : Need to discuss, why we were not removing user from the - // system. - - // XXUser xUser = daoManager.getXXUser().getById(id); - daoManager.getXXUser().remove(id); - // applicationCache.removeUserID(id); - // Not Supported So Far - // List<XXTrxLog> trxLogList = xUserService.getTransactionLog( - // xUserService.populateViewBean(xUser), "delete"); - // xaBizUtil.createTrxLog(trxLogList); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } public VXUser getXUserByUserName(String userName) { VXUser vXUser=null; @@ -1446,4 +1422,319 @@ public class XUserMgr extends XUserMgrBase { } return false; } + + public void deleteXGroup(Long id, boolean force) { + checkAdminAccess(); + XXGroupDao xXGroupDao = daoManager.getXXGroup(); + XXGroup xXGroup = xXGroupDao.getById(id); + VXGroup vXGroup = xGroupService.populateViewBean(xXGroup); + if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) { + throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA); + } + if(logger.isDebugEnabled()){ + logger.info("Force delete status="+force+" for group="+vXGroup.getName()); + } + + SearchCriteria searchCriteria = new SearchCriteria(); + searchCriteria.addParam("xGroupId", id); + VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria); + + searchCriteria = new SearchCriteria(); + searchCriteria.addParam("groupId", id); + VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria); + + searchCriteria = new SearchCriteria(); + searchCriteria.addParam("groupId", id); + VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria); + + XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup(); + List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id); + + XXPolicyDao xXPolicyDao = daoManager.getXXPolicy(); + List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id); + logger.warn("Deleting GROUP : "+vXGroup.getName()); + if (force) { + //delete XXGroupUser records of matching group + XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser(); + XXUserDao xXUserDao = daoManager.getXXUser(); + XXUser xXUser =null; + for (VXGroupUser groupUser : vxGroupUserList.getList()) { + if(groupUser!=null){ + xXUser=xXUserDao.getById(groupUser.getUserId()); + if(xXUser!=null){ + logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'"); + } + xGroupUserDao.remove(groupUser.getId()); + } + } + //delete XXPermMap records of matching group + XXPermMapDao xXPermMapDao = daoManager.getXXPermMap(); + XXResourceDao xXResourceDao = daoManager.getXXResource(); + XXResource xXResource =null; + for (VXPermMap vXPermMap : vXPermMapList.getList()) { + if(vXPermMap!=null){ + xXResource=xXResourceDao.getById(vXPermMap.getResourceId()); + if(xXResource!=null){ + logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'"); + } + xXPermMapDao.remove(vXPermMap.getId()); + } + } + //delete XXAuditMap records of matching group + XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap(); + for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) { + if(vXAuditMap!=null){ + xXResource=xXResourceDao.getById(vXAuditMap.getResourceId()); + xXAuditMapDao.remove(vXAuditMap.getId()); + } + } + //delete XXGroupGroupDao records of group-group mapping + for (XXGroupGroup xXGroupGroup : xXGroupGroups) { + if(xXGroupGroup!=null){ + XXGroup xXGroupParent=xXGroupDao.getById(xXGroupGroup.getParentGroupId()); + XXGroup xXGroupChild=xXGroupDao.getById(xXGroupGroup.getGroupId()); + if(xXGroupParent!=null && xXGroupChild!=null){ + logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'"); + } + xXGroupGroupDao.remove(xXGroupGroup.getId()); + } + } + //delete XXPolicyItemGroupPerm records of group + for (XXPolicy xXPolicy : xXPolicyList) { + RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy); + List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems(); + removeUserGroupReferences(policyItems,null,vXGroup.getName()); + rangerPolicy.setPolicyItems(policyItems); + try { + svcStore.updatePolicy(rangerPolicy); + } catch (Throwable excp) { + logger.error("updatePolicy(" + rangerPolicy + ") failed", excp); + restErrorUtil.createRESTException(excp.getMessage()); + } + } + //delete XXGroup + xXGroupDao.remove(id); + //Create XXTrxLog + List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), + "delete"); + xaBizUtil.createTrxLog(xXTrxLogsXXGroup); + } else { + boolean hasReferences=false; + + if(vxGroupUserList!=null && vxGroupUserList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && xXPolicyList!=null && xXPolicyList.size()>0){ + hasReferences=true; + } + if(hasReferences==false && vXPermMapList!=null && vXPermMapList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && vXAuditMapList!=null && vXAuditMapList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && xXGroupGroups!=null && xXGroupGroups.size()>0){ + hasReferences=true; + } + + if(hasReferences){ //change visibility to Hidden + if(vXGroup.getIsVisible()==RangerCommonEnums.IS_VISIBLE){ + vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN); + xGroupService.updateResource(vXGroup); + } + }else{ + //delete XXGroup + xXGroupDao.remove(id); + //Create XXTrxLog + List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), + "delete"); + xaBizUtil.createTrxLog(xXTrxLogsXXGroup); + } + } + } + + public void deleteXUser(Long id, boolean force) { + checkAdminAccess(); + XXUserDao xXUserDao = daoManager.getXXUser(); + XXUser xXUser = xXUserDao.getById(id); + VXUser vXUser = xUserService.populateViewBean(xXUser); + if(vXUser==null ||StringUtil.isEmpty(vXUser.getName())){ + throw restErrorUtil.createRESTException("No user found with id=" + id); + } + XXPortalUserDao xXPortalUserDao=daoManager.getXXPortalUser(); + XXPortalUser xXPortalUser=xXPortalUserDao.findByLoginId(vXUser.getName().trim()); + VXPortalUser vXPortalUser=xPortalUserService.populateViewBean(xXPortalUser); + if(vXPortalUser==null ||StringUtil.isEmpty(vXPortalUser.getLoginId())){ + throw restErrorUtil.createRESTException("No user found with id=" + id); + } + if (logger.isDebugEnabled()) { + logger.debug("Force delete status="+force+" for user="+vXUser.getName()); + } + + SearchCriteria searchCriteria = new SearchCriteria(); + searchCriteria.addParam("xUserId", id); + VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria); + + searchCriteria = new SearchCriteria(); + searchCriteria.addParam("userId", id); + VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria); + + searchCriteria = new SearchCriteria(); + searchCriteria.addParam("userId", id); + VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria); + + long xXPortalUserId=0; + xXPortalUserId=vXPortalUser.getId(); + XXAuthSessionDao xXAuthSessionDao=daoManager.getXXAuthSession(); + XXUserPermissionDao xXUserPermissionDao=daoManager.getXXUserPermission(); + XXPortalUserRoleDao xXPortalUserRoleDao=daoManager.getXXPortalUserRole(); + List<XXAuthSession> xXAuthSessions=xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId); + List<XXUserPermission> xXUserPermissions=xXUserPermissionDao.findByUserPermissionId(xXPortalUserId); + List<XXPortalUserRole> xXPortalUserRoles=xXPortalUserRoleDao.findByUserId(xXPortalUserId); + + XXPolicyDao xXPolicyDao = daoManager.getXXPolicy(); + List<XXPolicy> xXPolicyList=xXPolicyDao.findByUserId(id); + logger.warn("Deleting User : "+vXUser.getName()); + if (force) { + //delete XXGroupUser mapping + XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser(); + for (VXGroupUser groupUser : vxGroupUserList.getList()) { + if(groupUser!=null){ + logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'"); + xGroupUserDao.remove(groupUser.getId()); + } + } + //delete XXPermMap records of user + XXPermMapDao xXPermMapDao = daoManager.getXXPermMap(); + for (VXPermMap vXPermMap : vXPermMapList.getList()) { + if(vXPermMap!=null){ + logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'"); + xXPermMapDao.remove(vXPermMap.getId()); + } + } + //delete XXAuditMap records of user + XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap(); + for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) { + if(vXAuditMap!=null){ + xXAuditMapDao.remove(vXAuditMap.getId()); + } + } + //delete XXPortalUser references + if(vXPortalUser!=null){ + xPortalUserService.updateXXPortalUserReferences(xXPortalUserId); + if(xXAuthSessions!=null && xXAuthSessions.size()>0){ + logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'"); + } + for (XXAuthSession xXAuthSession : xXAuthSessions) { + xXAuthSessionDao.remove(xXAuthSession.getId()); + } + for (XXUserPermission xXUserPermission : xXUserPermissions) { + if(xXUserPermission!=null){ + XXModuleDef xXModuleDef=daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId()); + if(xXModuleDef!=null){ + logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'"); + } + xXUserPermissionDao.remove(xXUserPermission.getId()); + } + } + for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) { + if(xXPortalUserRole!=null){ + logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'"); + xXPortalUserRoleDao.remove(xXPortalUserRole.getId()); + } + } + } + //delete XXPolicyItemUserPerm records of user + for(XXPolicy xXPolicy:xXPolicyList){ + RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy); + List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems(); + removeUserGroupReferences(policyItems,vXUser.getName(),null); + rangerPolicy.setPolicyItems(policyItems); + try{ + svcStore.updatePolicy(rangerPolicy); + }catch(Throwable excp) { + logger.error("updatePolicy(" + rangerPolicy + ") failed", excp); + throw restErrorUtil.createRESTException(excp.getMessage()); + } + } + //delete XXUser entry of user + xXUserDao.remove(id); + //delete XXPortal entry of user + logger.warn("Deleting Portal User : "+vXPortalUser.getLoginId()); + xXPortalUserDao.remove(xXPortalUserId); + List<XXTrxLog> trxLogList =xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete"); + xaBizUtil.createTrxLog(trxLogList); + if (xXPortalUser != null) { + trxLogList=xPortalUserService + .getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete"); + xaBizUtil.createTrxLog(trxLogList); + } + } else { + boolean hasReferences=false; + + if(vxGroupUserList!=null && vxGroupUserList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && xXPolicyList!=null && xXPolicyList.size()>0){ + hasReferences=true; + } + if(hasReferences==false && vXPermMapList!=null && vXPermMapList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && vXAuditMapList!=null && vXAuditMapList.getListSize()>0){ + hasReferences=true; + } + if(hasReferences==false && xXAuthSessions!=null && xXAuthSessions.size()>0){ + hasReferences=true; + } + if(hasReferences==false && xXUserPermissions!=null && xXUserPermissions.size()>0){ + hasReferences=true; + } + if(hasReferences==false && xXPortalUserRoles!=null && xXPortalUserRoles.size()>0){ + hasReferences=true; + } + if(hasReferences){ + if(vXUser.getIsVisible()!=RangerCommonEnums.IS_HIDDEN){ + logger.info("Updating visibility of user '"+vXUser.getName()+"' to Hidden!"); + vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN); + xUserService.updateResource(vXUser); + } + }else{ + xPortalUserService.updateXXPortalUserReferences(xXPortalUserId); + //delete XXUser entry of user + xXUserDao.remove(id); + //delete XXPortal entry of user + logger.warn("Deleting Portal User : "+vXPortalUser.getLoginId()); + xXPortalUserDao.remove(xXPortalUserId); + List<XXTrxLog> trxLogList =xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete"); + xaBizUtil.createTrxLog(trxLogList); + if (xXPortalUser != null) { + trxLogList=xPortalUserService + .getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete"); + xaBizUtil.createTrxLog(trxLogList); + } + } + } + } + + private void removeUserGroupReferences(List<RangerPolicyItem> policyItems, String user, String group) { + List<RangerPolicyItem> itemsToRemove = null; + for(RangerPolicyItem policyItem : policyItems) { + if(!StringUtil.isEmpty(user)) { + policyItem.getUsers().remove(user); + } + if(!StringUtil.isEmpty(group)) { + policyItem.getGroups().remove(group); + } + if(policyItem.getUsers().isEmpty() && policyItem.getGroups().isEmpty()) { + if(itemsToRemove == null) { + itemsToRemove = new ArrayList<RangerPolicyItem>(); + } + itemsToRemove.add(policyItem); + } + } + if(CollectionUtils.isNotEmpty(itemsToRemove)) { + policyItems.removeAll(itemsToRemove); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java index aaa4fa5..514a63e 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java +++ b/security-admin/src/main/java/org/apache/ranger/common/db/BaseDao.java @@ -265,4 +265,18 @@ public abstract class BaseDao<T> { } } + public void updateUserIDReference(String paramName,long oldID) { + Table table = tClass.getAnnotation(Table.class); + if(table == null) { + logger.warn("Required annotation `Table` not found"); + } + String tableName = table.name(); + String query = "update " + tableName + " set " + tableName + "."+paramName+"=null" + + " where " + tableName + "."+paramName+"=" + oldID; + int count=getEntityManager().createNativeQuery(query).executeUpdate(); + if(count>0){ + logger.warn(count + " records updated in table '" + tableName + "' with: set " + paramName + "=null where " + paramName + "=" + oldID); + } + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java index 4c9bdc5..c05546f 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXAuthSessionDao.java @@ -49,5 +49,17 @@ public class XXAuthSessionDao extends BaseDao<XXAuthSession> { return null; } } + + @SuppressWarnings("unchecked") + public List<XXAuthSession> getAuthSessionByUserId(Long userId){ + try{ + return getEntityManager() + .createNamedQuery("XXAuthSession.getAuthSessionByUserId") + .setParameter("userId", userId) + .getResultList(); + } catch(NoResultException ignoreNoResultFound) { + return null; + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java index df2796c..0e0783d 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGroupGroupDao.java @@ -19,6 +19,11 @@ package org.apache.ranger.db; +import java.util.ArrayList; +import java.util.List; + +import javax.persistence.NoResultException; + import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXGroupGroup; @@ -27,5 +32,18 @@ public class XXGroupGroupDao extends BaseDao<XXGroupGroup> { public XXGroupGroupDao( RangerDaoManagerBase daoManager ) { super(daoManager); } + public List<XXGroupGroup> findByGroupId(Long groupId) { + if (groupId == null) { + return new ArrayList<XXGroupGroup>(); + } + try { + return getEntityManager().createNamedQuery("XXGroupGroup.findByGroupId", tClass) + .setParameter("groupId", groupId) + .setParameter("parentGroupId", groupId) + .getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXGroupGroup>(); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java index 006964c..e25540b 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXPolicyDao.java @@ -122,5 +122,28 @@ public class XXPolicyDao extends BaseDao<XXPolicy> { updateSequence("X_POLICY_SEQ", maxId + 1); } - + public List<XXPolicy> findByUserId(Long userId) { + if(userId == null || userId.equals(0)) { + return new ArrayList<XXPolicy>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicy.findByUserId", tClass) + .setParameter("userId", userId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicy>(); + } + } + public List<XXPolicy> findByGroupId(Long groupId) { + if(groupId == null || groupId.equals(0)) { + return new ArrayList<XXPolicy>(); + } + try { + return getEntityManager() + .createNamedQuery("XXPolicy.findByGroupId", tClass) + .setParameter("groupId", groupId).getResultList(); + } catch (NoResultException e) { + return new ArrayList<XXPolicy>(); + } + } } \ No newline at end of file http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index 448a60a..0f5a462 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -20,7 +20,6 @@ package org.apache.ranger.rest; import java.util.HashMap; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.DELETE; @@ -32,6 +31,7 @@ import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.Context; +import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.biz.SessionMgr; @@ -45,8 +45,6 @@ import org.apache.ranger.common.annotation.RangerAnnotationClassName; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.security.context.RangerAPIList; -import org.apache.ranger.security.context.RangerAPIMapping; -import org.apache.ranger.security.context.RangerPreAuthSecurityHandler; import org.apache.ranger.service.AuthSessionService; import org.apache.ranger.service.XAuditMapService; import org.apache.ranger.service.XGroupGroupService; @@ -75,8 +73,6 @@ import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXModuleDefList; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; -import org.apache.ranger.view.VXPortalUser; -import org.apache.ranger.view.VXResponse; import org.apache.ranger.view.VXStringList; import org.apache.ranger.view.VXUser; import org.apache.ranger.view.VXUserGroupInfo; @@ -211,8 +207,12 @@ public class XUserREST { @RangerAnnotationClassName(class_name = VXGroup.class) public void deleteXGroup(@PathParam("id") Long id, @Context HttpServletRequest request) { - boolean force = true; - xUserMgr.deleteXGroup(id, force); + String forceDeleteStr = request.getParameter("forceDelete"); + boolean forceDelete = false; + if(!StringUtils.isEmpty(forceDeleteStr) && "true".equalsIgnoreCase(forceDeleteStr.trim())) { + forceDelete = true; + } + xUserMgr.deleteXGroup(id, forceDelete); } /** @@ -318,8 +318,12 @@ public class XUserREST { @RangerAnnotationClassName(class_name = VXUser.class) public void deleteXUser(@PathParam("id") Long id, @Context HttpServletRequest request) { - boolean force = true; - xUserMgr.deleteXUser(id, force); + String forceDeleteStr = request.getParameter("forceDelete"); + boolean forceDelete = false; + if(!StringUtils.isEmpty(forceDeleteStr) && forceDeleteStr.equalsIgnoreCase("true")) { + forceDelete = true; + } + xUserMgr.deleteXUser(id, forceDelete); } /** @@ -671,33 +675,33 @@ public class XUserREST { @DELETE @Path("/users/userName/{userName}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public void deleteXUserByUserName(@PathParam("userName") String userName, @Context HttpServletRequest request) { - boolean force = true; + String forceDeleteStr = request.getParameter("forceDelete"); + boolean forceDelete = false; + if(!StringUtils.isEmpty(forceDeleteStr) && forceDeleteStr.equalsIgnoreCase("true")) { + forceDelete = true; + } VXUser vxUser = xUserService.getXUserByUserName(userName); - xUserMgr.deleteXUser(vxUser.getId(), force); + xUserMgr.deleteXUser(vxUser.getId(), forceDelete); } @DELETE @Path("/groups/groupName/{groupName}") + @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public void deleteXGroupByGroupName( @PathParam("groupName") String groupName, @Context HttpServletRequest request) { - boolean force = true; + String forceDeleteStr = request.getParameter("forceDelete"); + boolean forceDelete = false; + if(!StringUtils.isEmpty(forceDeleteStr) && forceDeleteStr.equalsIgnoreCase("true")) { + forceDelete = true; + } VXGroup vxGroup = xGroupService.getGroupByGroupName(groupName); - xUserMgr.deleteXGroup(vxGroup.getId(), force); - } - - // @POST - // @Path("/group/{groupName}/user/{userName}") - // @Produces({ "application/xml", "application/json" }) - // public void createXGroupAndXUser(@PathParam("groupName") String - // groupName, - // @PathParam("userName") String userName, - // @Context HttpServletRequest request) { - // xUserMgr.createXGroupAndXUser(groupName, userName); - // } - // + xUserMgr.deleteXGroup(vxGroup.getId(), forceDelete); + } + @DELETE @Path("/group/{groupName}/user/{userName}") @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") @@ -731,7 +735,7 @@ public class XUserREST { @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_AUTH_SESSIONS + "\")") public VXAuthSessionList getAuthSessions(@Context HttpServletRequest request){ SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, authSessionService.AUTH_SESSION_SORT_FLDS); + request, AuthSessionService.AUTH_SESSION_SORT_FLDS); searchUtil.extractLong(request, searchCriteria, "id", "Auth Session Id"); searchUtil.extractLong(request, searchCriteria, "userId", "User Id"); searchUtil.extractInt(request, searchCriteria, "authStatus", "Auth Status"); http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java index 462b81a..a6ba2e2 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java @@ -72,6 +72,10 @@ public class XAuditMapService extends public XAuditMapService() { searchFields.add(new SearchField("resourceId", "obj.resourceId", SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); + searchFields.add(new SearchField("userId", "obj.userId", + SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); + searchFields.add(new SearchField("groupId", "obj.groupId", + SearchField.DATA_TYPE.INTEGER, SearchField.SEARCH_TYPE.FULL)); } @Override http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java index 41c4552..18dcdba 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XPortalUserService.java @@ -192,4 +192,79 @@ public class XPortalUserService extends return trxLogList; } + public void updateXXPortalUserReferences(long xXPortalUserId){ + daoManager.getXXAsset().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXAsset().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXAuditMap().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXAuditMap().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXAuthSession().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXAuthSession().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXCredentialStore().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXCredentialStore().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXGroup().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXGroup().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXGroupGroup().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXGroupGroup().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXGroupUser().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXGroupUser().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPermMap().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPermMap().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyExportAudit().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyExportAudit().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPortalUser().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPortalUser().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPortalUserRole().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPortalUserRole().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXResource().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXResource().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXTrxLog().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXTrxLog().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXUser().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXUser().updateUserIDReference("upd_by_id", xXPortalUserId); + //0.5 + daoManager.getXXServiceDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXServiceDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXService().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXService().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicy().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicy().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXServiceConfigDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXServiceConfigDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXResourceDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXResourceDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXAccessTypeDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXAccessTypeDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXAccessTypeDefGrants().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXAccessTypeDefGrants().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyConditionDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyConditionDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXContextEnricherDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXContextEnricherDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXEnumDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXEnumDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXEnumElementDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXEnumElementDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXServiceConfigMap().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXServiceConfigMap().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyResource().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyResource().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyResourceMap().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyResourceMap().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyItem().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyItem().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyItemAccess().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyItemAccess().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyItemCondition().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyItemCondition().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyItemUserPerm().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyItemUserPerm().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXPolicyItemGroupPerm().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXPolicyItemGroupPerm().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXModuleDef().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXModuleDef().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXUserPermission().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXUserPermission().updateUserIDReference("upd_by_id", xXPortalUserId); + daoManager.getXXGroupPermission().updateUserIDReference("added_by_id", xXPortalUserId); + daoManager.getXXGroupPermission().updateUserIDReference("upd_by_id", xXPortalUserId); + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/main/resources/META-INF/jpa_named_queries.xml ---------------------------------------------------------------------- diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 55c4f1c..f55923b 100644 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -667,4 +667,20 @@ AND obj.attributeName = :attrName </query> </named-query> + <named-query name="XXAuthSession.getAuthSessionByUserId"> + <query>SELECT obj FROM XXAuthSession obj WHERE obj.userId = :userId + </query> + </named-query> + <named-query name="XXGroupGroup.findByGroupId"> + <query>SELECT obj FROM XXGroupGroup obj WHERE obj.groupId = :groupId or obj.parentGroupId = :parentGroupId + </query> + </named-query> + <named-query name="XXPolicy.findByUserId"> + <query>select obj from XXPolicy obj, XXPolicyItem polItem,XXPolicyItemUserPerm polItemUserPerm where + obj.id = polItem.policyId and polItem.id = polItemUserPerm.policyItemId and polItemUserPerm.userId = :userId</query> + </named-query> + <named-query name="XXPolicy.findByGroupId"> + <query>select obj from XXPolicy obj, XXPolicyItem polItem,XXPolicyItemGroupPerm polItemGroupPerm where + obj.id = polItem.policyId and polItem.id = polItemGroupPerm.policyItemId and polItemGroupPerm.groupId = :groupId</query> + </named-query> </entity-mappings> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java index 8ace44b..a7b6bb9 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java @@ -22,6 +22,7 @@ import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.List; +import java.util.Map; import java.util.Set; import org.apache.ranger.common.ContextUtil; @@ -30,36 +31,57 @@ import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.StringUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.db.XXAuditMapDao; +import org.apache.ranger.db.XXAuthSessionDao; import org.apache.ranger.db.XXGroupDao; +import org.apache.ranger.db.XXGroupGroupDao; import org.apache.ranger.db.XXGroupPermissionDao; import org.apache.ranger.db.XXGroupUserDao; import org.apache.ranger.db.XXModuleDefDao; +import org.apache.ranger.db.XXPermMapDao; +import org.apache.ranger.db.XXPolicyDao; import org.apache.ranger.db.XXPortalUserDao; import org.apache.ranger.db.XXPortalUserRoleDao; import org.apache.ranger.db.XXUserDao; import org.apache.ranger.db.XXUserPermissionDao; +import org.apache.ranger.entity.XXAuthSession; import org.apache.ranger.entity.XXGroup; +import org.apache.ranger.entity.XXGroupGroup; import org.apache.ranger.entity.XXGroupPermission; import org.apache.ranger.entity.XXModuleDef; +import org.apache.ranger.entity.XXPolicy; import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXPortalUserRole; +import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; import org.apache.ranger.entity.XXUserPermission; +import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; +import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.security.context.RangerContextHolder; import org.apache.ranger.security.context.RangerSecurityContext; +import org.apache.ranger.service.RangerPolicyService; +import org.apache.ranger.service.XAuditMapService; import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XGroupService; import org.apache.ranger.service.XGroupUserService; import org.apache.ranger.service.XModuleDefService; +import org.apache.ranger.service.XPermMapService; import org.apache.ranger.service.XPortalUserService; import org.apache.ranger.service.XUserPermissionService; import org.apache.ranger.service.XUserService; +import org.apache.ranger.view.VXAuditMap; +import org.apache.ranger.view.VXAuditMapList; import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXGroupList; import org.apache.ranger.view.VXGroupPermission; import org.apache.ranger.view.VXGroupUser; import org.apache.ranger.view.VXGroupUserList; import org.apache.ranger.view.VXModuleDef; +import org.apache.ranger.view.VXPermMap; +import org.apache.ranger.view.VXPermMapList; import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXStringList; import org.apache.ranger.view.VXUser; @@ -136,6 +158,17 @@ public class TestXUserMgr { @Mock SessionMgr sessionMgr; + @Mock + XPermMapService xPermMapService; + + @Mock + XAuditMapService xAuditMapService; + + @Mock + RangerPolicyService policyService; + + @Mock + ServiceDBStore svcStore; @Rule public ExpectedException thrown = ExpectedException.none(); @@ -226,6 +259,43 @@ public class TestXUserMgr { return userProfile; } + private RangerPolicy rangerPolicy() { + List<RangerPolicyItemAccess> accesses = new ArrayList<RangerPolicyItemAccess>(); + List<String> users = new ArrayList<String>(); + List<String> groups = new ArrayList<String>(); + List<RangerPolicyItemCondition> conditions = new ArrayList<RangerPolicyItemCondition>(); + List<RangerPolicyItem> policyItems = new ArrayList<RangerPolicyItem>(); + RangerPolicyItem rangerPolicyItem = new RangerPolicyItem(); + rangerPolicyItem.setAccesses(accesses); + rangerPolicyItem.setConditions(conditions); + rangerPolicyItem.setGroups(groups); + rangerPolicyItem.setUsers(users); + rangerPolicyItem.setDelegateAdmin(false); + + policyItems.add(rangerPolicyItem); + + Map<String, RangerPolicyResource> policyResource = new HashMap<String, RangerPolicyResource>(); + RangerPolicyResource rangerPolicyResource = new RangerPolicyResource(); + rangerPolicyResource.setIsExcludes(true); + rangerPolicyResource.setIsRecursive(true); + rangerPolicyResource.setValue("1"); + rangerPolicyResource.setValues(users); + RangerPolicy policy = new RangerPolicy(); + policy.setId(userId); + policy.setCreateTime(new Date()); + policy.setDescription("policy"); + policy.setGuid("policyguid"); + policy.setIsEnabled(true); + policy.setName("HDFS_1-1-20150316062453"); + policy.setUpdatedBy("Admin"); + policy.setUpdateTime(new Date()); + policy.setService("HDFS_1-1-20150316062453"); + policy.setIsAuditEnabled(true); + policy.setPolicyItems(policyItems); + policy.setResources(policyResource); + + return policy; + } @Test public void test11CreateXUser() { setup(); @@ -615,43 +685,121 @@ public class TestXUserMgr { @Test public void test27DeleteXGroup() { setup(); - XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class); - - VXGroupUserList vxGroupUserList = new VXGroupUserList(); - XXGroup xxGroup = new XXGroup(); boolean force = true; - Mockito.when( - xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito - .anyObject())).thenReturn(vxGroupUserList); - - Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); - Mockito.when(xxGroupDao.getById(userId)).thenReturn(xxGroup); - - xUserMgr.deleteXGroup(userId, force); - Mockito.verify(xGroupUserService).searchXGroupUsers( - (SearchCriteria) Mockito.anyObject()); + VXGroup vXGroup = new VXGroup(); + vXGroup.setId(userId); + vXGroup.setDescription("group test"); + vXGroup.setName("grouptest"); + // XXGroup + XXGroupDao xXGroupDao = Mockito.mock(XXGroupDao.class); + XXGroup xXGroup = new XXGroup(); + Mockito.when(daoManager.getXXGroup()).thenReturn(xXGroupDao); + Mockito.when(xXGroupDao.getById(vXGroup.getId())).thenReturn(xXGroup); + Mockito.when(xGroupService.populateViewBean(xXGroup)).thenReturn(vXGroup); + // VXGroupUser + VXGroupUserList vxGroupUserList = new VXGroupUserList(); + XXGroupUserDao xGroupUserDao = Mockito.mock(XXGroupUserDao.class); + VXGroupUser vxGroupUser = new VXGroupUser(); + vxGroupUser.setId(userId); + vxGroupUser.setName("group user test"); + vxGroupUser.setOwner("Admin"); + vxGroupUser.setUserId(userId); + vxGroupUser.setUpdatedBy("User"); + Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.anyObject())) + .thenReturn(vxGroupUserList); + Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupUserDao); + // VXPermMap + VXPermMapList vXPermMapList = new VXPermMapList(); + XXPermMapDao xXPermMapDao = Mockito.mock(XXPermMapDao.class); + Mockito.when(xPermMapService.searchXPermMaps((SearchCriteria) Mockito.anyObject())).thenReturn(vXPermMapList); + Mockito.when(daoManager.getXXPermMap()).thenReturn(xXPermMapDao); + // VXAuditMap + VXAuditMapList vXAuditMapList = new VXAuditMapList(); + XXAuditMapDao xXAuditMapDao = Mockito.mock(XXAuditMapDao.class); + Mockito.when(xAuditMapService.searchXAuditMaps((SearchCriteria) Mockito.anyObject())) + .thenReturn(vXAuditMapList); + Mockito.when(daoManager.getXXAuditMap()).thenReturn(xXAuditMapDao); + //XXGroupGroup + XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class); + List<XXGroupGroup> xXGroupGroups = new ArrayList<XXGroupGroup>(); + Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao); + Mockito.when(xXGroupGroupDao.findByGroupId(userId)).thenReturn(xXGroupGroups); + //update XXPolicyItemUserPerm + XXPolicyDao xXPolicyDao = Mockito.mock(XXPolicyDao.class); + List<XXPolicy> xXPolicyList = new ArrayList<XXPolicy>(); + XXPolicy xXPolicy = Mockito.mock(XXPolicy.class); + RangerPolicy rangerPolicy = rangerPolicy(); + Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao); + Mockito.when(xXPolicyDao.findByGroupId(userId)).thenReturn(xXPolicyList); + Mockito.when(policyService.getPopulatedViewObject(xXPolicy)).thenReturn(rangerPolicy); + xUserMgr.deleteXGroup(vXGroup.getId(), force); + Mockito.verify(xGroupUserService).searchXGroupUsers((SearchCriteria) Mockito.anyObject()); } @Test public void test28DeleteXUser() { setup(); - XXGroupUserDao xxGroupDao = Mockito.mock(XXGroupUserDao.class); - XXUserDao xxUserDao = Mockito.mock(XXUserDao.class); - VXGroupUserList vxGroupUserList = new VXGroupUserList(); boolean force = true; - - Mockito.when( - xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito - .anyObject())).thenReturn(vxGroupUserList); - Mockito.when(daoManager.getXXGroupUser()).thenReturn(xxGroupDao); - Mockito.when(daoManager.getXXUser()).thenReturn(xxUserDao); - Mockito.when(xxUserDao.remove(userId)).thenReturn(true); - - xUserMgr.deleteXUser(userId, force); - Mockito.verify(xGroupUserService).searchXGroupUsers( - (SearchCriteria) Mockito.anyObject()); - Mockito.verify(daoManager).getXXGroupUser(); - Mockito.verify(daoManager).getXXUser(); + VXUser vXUser = vxUser(); + // XXUser + XXUser xXUser = new XXUser(); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.getById(vXUser.getId())).thenReturn(xXUser); + Mockito.when(xUserService.populateViewBean(xXUser)).thenReturn(vXUser); + // VXGroupUser + VXGroupUserList vxGroupUserList = new VXGroupUserList(); + XXGroupUserDao xGroupUserDao = Mockito.mock(XXGroupUserDao.class); + VXGroupUser vxGroupUser = new VXGroupUser(); + vxGroupUser.setId(userId); + vxGroupUser.setName("group user test"); + vxGroupUser.setOwner("Admin"); + vxGroupUser.setUserId(vXUser.getId()); + vxGroupUser.setUpdatedBy("User"); + Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.anyObject())) + .thenReturn(vxGroupUserList); + Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupUserDao); + // VXPermMap + VXPermMapList vXPermMapList = new VXPermMapList(); + XXPermMapDao xXPermMapDao = Mockito.mock(XXPermMapDao.class); + Mockito.when(xPermMapService.searchXPermMaps((SearchCriteria) Mockito.anyObject())).thenReturn(vXPermMapList); + Mockito.when(daoManager.getXXPermMap()).thenReturn(xXPermMapDao); + // VXAuditMap + VXAuditMapList vXAuditMapList = new VXAuditMapList(); + XXAuditMapDao xXAuditMapDao = Mockito.mock(XXAuditMapDao.class); + Mockito.when(xAuditMapService.searchXAuditMaps((SearchCriteria) Mockito.anyObject())) + .thenReturn(vXAuditMapList); + Mockito.when(daoManager.getXXAuditMap()).thenReturn(xXAuditMapDao); + //XXPortalUser + VXPortalUser vXPortalUser = userProfile(); + XXPortalUser xXPortalUser = new XXPortalUser(); + XXPortalUserDao xXPortalUserDao = Mockito.mock(XXPortalUserDao.class); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(xXPortalUserDao); + Mockito.when(xXPortalUserDao.findByLoginId(vXUser.getName().trim())).thenReturn(xXPortalUser); + Mockito.when(xPortalUserService.populateViewBean(xXPortalUser)).thenReturn(vXPortalUser); + + XXAuthSessionDao xXAuthSessionDao= Mockito.mock(XXAuthSessionDao.class); + XXUserPermissionDao xXUserPermissionDao= Mockito.mock(XXUserPermissionDao.class); + XXPortalUserRoleDao xXPortalUserRoleDao= Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXAuthSession()).thenReturn(xXAuthSessionDao); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xXUserPermissionDao); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xXPortalUserRoleDao); + List<XXAuthSession> xXAuthSessions=new ArrayList<XXAuthSession>(); + List<XXUserPermission> xXUserPermissions=new ArrayList<XXUserPermission>(); + List<XXPortalUserRole> xXPortalUserRoles=new ArrayList<XXPortalUserRole>(); + Mockito.when(xXAuthSessionDao.getAuthSessionByUserId(vXPortalUser.getId())).thenReturn(xXAuthSessions); + Mockito.when(xXUserPermissionDao.findByUserPermissionId(vXPortalUser.getId())).thenReturn(xXUserPermissions); + Mockito.when(xXPortalUserRoleDao.findByUserId(vXPortalUser.getId())).thenReturn(xXPortalUserRoles); + //update XXPolicyItemUserPerm + XXPolicyDao xXPolicyDao = Mockito.mock(XXPolicyDao.class); + List<XXPolicy> xXPolicyList = new ArrayList<XXPolicy>(); + XXPolicy xXPolicy = Mockito.mock(XXPolicy.class); + RangerPolicy rangerPolicy = rangerPolicy(); + Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao); + Mockito.when(xXPolicyDao.findByUserId(vXUser.getId())).thenReturn(xXPolicyList); + Mockito.when(policyService.getPopulatedViewObject(xXPolicy)).thenReturn(rangerPolicy); + xUserMgr.deleteXUser(vXUser.getId(), force); + Mockito.verify(xGroupUserService).searchXGroupUsers((SearchCriteria) Mockito.anyObject()); } @Test http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/3c11aee9/unixauthservice/scripts/setup.py ---------------------------------------------------------------------- diff --git a/unixauthservice/scripts/setup.py b/unixauthservice/scripts/setup.py index b35a261..fface25 100755 --- a/unixauthservice/scripts/setup.py +++ b/unixauthservice/scripts/setup.py @@ -267,13 +267,13 @@ def initializeInitD(ownerName): for prefix in initPrefixList: scriptFn = prefix + initdProgramName scriptName = join(rcDir, scriptFn) - if isfile(scriptName): + if isfile(scriptName) or os.path.islink(scriptName): os.remove(scriptName) os.symlink(initdFn,scriptName) userSyncScriptName = "ranger-usersync-services.sh" localScriptName = os.path.abspath(join(installPropDirName,userSyncScriptName)) ubinScriptName = join("/usr/bin",initdProgramName) - if isfile(ubinScriptName): + if isfile(ubinScriptName) or os.path.islink(ubinScriptName): os.remove(ubinScriptName) os.symlink(localScriptName,ubinScriptName)
