RANGER-653 : Delegated Admin check has been moved to Mgr level Signed-off-by: Velmurugan Periasamy <[email protected]>
Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/97078c72 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/97078c72 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/97078c72 Branch: refs/heads/HDP-2.3.2-groupid Commit: 97078c722961cb302ea44a5564686262c65a832b Parents: aaf6c4b Author: Gautam Borad <[email protected]> Authored: Fri Sep 18 11:54:26 2015 +0530 Committer: Velmurugan Periasamy <[email protected]> Committed: Fri Sep 18 15:33:45 2015 -0400 ---------------------------------------------------------------------- .../java/org/apache/ranger/biz/XUserMgr.java | 106 +++++++++++++++++++ .../apache/ranger/service/XAuditMapService.java | 43 +------- .../apache/ranger/service/XPermMapService.java | 47 +------- 3 files changed, 108 insertions(+), 88 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 2413afb..41bc6f8 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -42,6 +42,7 @@ import org.apache.ranger.view.VXGroupPermission; import org.apache.ranger.view.VXModuleDef; import org.apache.ranger.view.VXUserPermission; import org.apache.log4j.Logger; +import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RangerConstants; @@ -53,10 +54,12 @@ import org.apache.ranger.entity.XXAuditMap; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXPermMap; import org.apache.ranger.entity.XXPortalUser; +import org.apache.ranger.entity.XXResource; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; import org.apache.ranger.service.XGroupService; import org.apache.ranger.service.XUserService; +import org.apache.ranger.view.VXAuditMap; import org.apache.ranger.view.VXAuditMapList; import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXGroupGroup; @@ -64,6 +67,7 @@ import org.apache.ranger.view.VXGroupList; import org.apache.ranger.view.VXGroupUser; import org.apache.ranger.view.VXGroupUserList; import org.apache.ranger.view.VXLong; +import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; import org.apache.ranger.view.VXPortalUser; import org.apache.ranger.view.VXUser; @@ -1036,4 +1040,106 @@ public class XUserMgr extends XUserMgrBase { } } + public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) { + VXPermMapList vXPermMapList = super.searchXPermMaps(searchCriteria); + return applyDelegatedAdminAccess(vXPermMapList, searchCriteria); + } + + private VXPermMapList applyDelegatedAdminAccess(VXPermMapList vXPermMapList, SearchCriteria searchCriteria) { + + VXPermMapList returnList; + UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession(); + // If user is system admin + if (currentUserSession != null && currentUserSession.isUserAdmin()) { + returnList = super.searchXPermMaps(searchCriteria); + } else { + returnList = new VXPermMapList(); + int startIndex = searchCriteria.getStartIndex(); + int pageSize = searchCriteria.getMaxRows(); + searchCriteria.setStartIndex(0); + searchCriteria.setMaxRows(Integer.MAX_VALUE); + List<VXPermMap> resultList = xPermMapService.searchXPermMaps(searchCriteria).getVXPermMaps(); + + List<VXPermMap> adminPermResourceList = new ArrayList<VXPermMap>(); + for (VXPermMap xXPermMap : resultList) { + XXResource xRes = daoManager.getXXResource().getById(xXPermMap.getResourceId()); + VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), + AppConstants.XA_PERM_TYPE_ADMIN); + if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) { + adminPermResourceList.add(xXPermMap); + } + } + + if (adminPermResourceList.size() > 0) { + populatePageList(adminPermResourceList, startIndex, pageSize, returnList); + } + } + return returnList; + } + + private void populatePageList(List<VXPermMap> permMapList, int startIndex, int pageSize, VXPermMapList vxPermMapList) { + List<VXPermMap> onePageList = new ArrayList<VXPermMap>(); + for (int i = startIndex; i < pageSize + startIndex && i < permMapList.size(); i++) { + VXPermMap vXPermMap = permMapList.get(i); + onePageList.add(vXPermMap); + } + vxPermMapList.setVXPermMaps(onePageList); + vxPermMapList.setStartIndex(startIndex); + vxPermMapList.setPageSize(pageSize); + vxPermMapList.setResultSize(onePageList.size()); + vxPermMapList.setTotalCount(permMapList.size()); + } + + public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) { + VXAuditMapList vXAuditMapList = xAuditMapService.searchXAuditMaps(searchCriteria); + return applyDelegatedAdminAccess(vXAuditMapList, searchCriteria); + } + + private VXAuditMapList applyDelegatedAdminAccess(VXAuditMapList vXAuditMapList, SearchCriteria searchCriteria) { + + VXAuditMapList returnList; + UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession(); + // If user is system admin + if (currentUserSession != null && currentUserSession.isUserAdmin()) { + returnList = super.searchXAuditMaps(searchCriteria); + } else { + returnList = new VXAuditMapList(); + int startIndex = searchCriteria.getStartIndex(); + int pageSize = searchCriteria.getMaxRows(); + searchCriteria.setStartIndex(0); + searchCriteria.setMaxRows(Integer.MAX_VALUE); + List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps(); + + List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>(); + for (VXAuditMap xXAuditMap : resultList) { + XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId()); + VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), + AppConstants.XA_PERM_TYPE_ADMIN); + if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) { + adminAuditResourceList.add(xXAuditMap); + } + } + + if (adminAuditResourceList.size() > 0) { + populatePageList(adminAuditResourceList, startIndex, pageSize, returnList); + } + } + + return returnList; + } + + private void populatePageList(List<VXAuditMap> auditMapList, int startIndex, int pageSize, + VXAuditMapList vxAuditMapList) { + List<VXAuditMap> onePageList = new ArrayList<VXAuditMap>(); + for (int i = startIndex; i < pageSize + startIndex && i < auditMapList.size(); i++) { + VXAuditMap vXAuditMap = auditMapList.get(i); + onePageList.add(vXAuditMap); + } + vxAuditMapList.setVXAuditMaps(onePageList); + vxAuditMapList.setStartIndex(startIndex); + vxAuditMapList.setPageSize(pageSize); + vxAuditMapList.setResultSize(onePageList.size()); + vxAuditMapList.setTotalCount(auditMapList.size()); + } + } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java index 349ddbd..462b81a 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XAuditMapService.java @@ -202,48 +202,7 @@ public class XAuditMapService extends @Override public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) { - - VXAuditMapList returnList; - UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession(); - // If user is system admin - if (currentUserSession.isUserAdmin()) { - returnList = super.searchXAuditMaps(searchCriteria); - } else { - returnList = new VXAuditMapList(); - int startIndex = searchCriteria.getStartIndex(); - int pageSize = searchCriteria.getMaxRows(); - searchCriteria.setStartIndex(0); - searchCriteria.setMaxRows(Integer.MAX_VALUE); - List<XXAuditMap> resultList = (List<XXAuditMap>) searchResources(searchCriteria, searchFields, sortFields, returnList); - - List<XXAuditMap> adminAuditResourceList = new ArrayList<XXAuditMap>(); - for (XXAuditMap xXAuditMap : resultList) { - XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId()); - VXResponse vXResponse = rangerBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN); - if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) { - adminAuditResourceList.add(xXAuditMap); - } - } - - if (adminAuditResourceList.size() > 0) { - populatePageList(adminAuditResourceList, startIndex, pageSize, returnList); - } - } - - return returnList; - } - - private void populatePageList(List<XXAuditMap> auditMapList, int startIndex, int pageSize, VXAuditMapList vxAuditMapList) { - List<VXAuditMap> onePageList = new ArrayList<VXAuditMap>(); - for (int i = startIndex; i < pageSize + startIndex && i < auditMapList.size(); i++) { - VXAuditMap vXAuditMap = populateViewBean(auditMapList.get(i)); - onePageList.add(vXAuditMap); - } - vxAuditMapList.setVXAuditMaps(onePageList); - vxAuditMapList.setStartIndex(startIndex); - vxAuditMapList.setPageSize(pageSize); - vxAuditMapList.setResultSize(onePageList.size()); - vxAuditMapList.setTotalCount(auditMapList.size()); + return super.searchXAuditMaps(searchCriteria); } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/97078c72/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java index 6d96107..c20373d 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XPermMapService.java @@ -26,23 +26,19 @@ import java.util.List; import org.apache.ranger.biz.RangerBizUtil; import org.apache.ranger.common.AppConstants; -import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.SearchField; -import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.common.view.VTrxLogAttr; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXPermMap; import org.apache.ranger.entity.XXPortalUser; -import org.apache.ranger.entity.XXResource; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; import org.apache.ranger.util.RangerEnumUtil; import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXPermMap; import org.apache.ranger.view.VXPermMapList; -import org.apache.ranger.view.VXResponse; import org.apache.ranger.view.VXUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Scope; @@ -123,48 +119,7 @@ public class XPermMapService extends XPermMapServiceBase<XXPermMap, VXPermMap> { @Override public VXPermMapList searchXPermMaps(SearchCriteria searchCriteria) { - - - VXPermMapList returnList; - UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession(); - // If user is system admin - if (currentUserSession.isUserAdmin()) { - returnList = super.searchXPermMaps(searchCriteria); - } else { - returnList = new VXPermMapList(); - int startIndex = searchCriteria.getStartIndex(); - int pageSize = searchCriteria.getMaxRows(); - searchCriteria.setStartIndex(0); - searchCriteria.setMaxRows(Integer.MAX_VALUE); - List<XXPermMap> resultList = (List<XXPermMap>) searchResources(searchCriteria, searchFields, sortFields, returnList); - - List<XXPermMap> adminPermResourceList = new ArrayList<XXPermMap>(); - for (XXPermMap xXPermMap : resultList) { - XXResource xRes = daoManager.getXXResource().getById(xXPermMap.getResourceId()); - VXResponse vXResponse = rangerBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN); - if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) { - adminPermResourceList.add(xXPermMap); - } - } - - if (adminPermResourceList.size() > 0) { - populatePageList(adminPermResourceList, startIndex, pageSize, returnList); - } - } - return returnList; - } - - private void populatePageList(List<XXPermMap> permMapList, int startIndex, int pageSize, VXPermMapList vxPermMapList) { - List<VXPermMap> onePageList = new ArrayList<VXPermMap>(); - for (int i = startIndex; i < pageSize + startIndex && i < permMapList.size(); i++) { - VXPermMap vXPermMap = populateViewBean(permMapList.get(i)); - onePageList.add(vXPermMap); - } - vxPermMapList.setVXPermMaps(onePageList); - vxPermMapList.setStartIndex(startIndex); - vxPermMapList.setPageSize(pageSize); - vxPermMapList.setResultSize(onePageList.size()); - vxPermMapList.setTotalCount(permMapList.size()); + return super.searchXPermMaps(searchCriteria); } public String getGroupName(Long groupId){
