Repository: incubator-ranger Updated Branches: refs/heads/master c28abae1f -> 982e0a99f
RANGER-993: Row filtering and column masking audit log fix Signed-off-by: Gautam Borad <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/982e0a99 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/982e0a99 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/982e0a99 Branch: refs/heads/master Commit: 982e0a99ffd9b2ffc33643476a3b54b98a931469 Parents: c28abae Author: pradeep agrawal <[email protected]> Authored: Tue May 24 09:45:25 2016 +0530 Committer: Gautam Borad <[email protected]> Committed: Wed May 25 12:21:04 2016 +0530 ---------------------------------------------------------------------- .../ranger/service/RangerPolicyService.java | 148 ++++++++++++++ .../views/reports/PlugableServiceDiffDetail.js | 62 +++++- security-admin/src/main/webapp/styles/xa.css | 7 + .../reports/PlugableServicePolicyDiff_tmpl.html | 86 +++++++- .../PlugableServicePolicyUpdateDiff_tmpl.html | 199 +++++++++++++++++-- 5 files changed, 484 insertions(+), 18 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/982e0a99/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java index 7987057..042c239 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerPolicyService.java @@ -34,8 +34,10 @@ import org.apache.ranger.entity.XXPolicyBase; import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; +import org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem; import org.codehaus.jackson.JsonParseException; import org.codehaus.jackson.map.JsonMappingException; import org.codehaus.jackson.map.ObjectMapper; @@ -58,6 +60,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range public static final String DENYPOLICY_ITEM_CLASS_FIELD_NAME = "denyPolicyItems"; public static final String ALLOW_EXCEPTIONS_CLASS_FIELD_NAME="allowExceptions"; public static final String DENY_EXCEPTIONS_CLASS_FIELD_NAME="denyExceptions"; + public static final String DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME="dataMaskPolicyItems"; + public static final String ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME="rowFilterPolicyItems"; static HashMap<String, VTrxLogAttr> trxLogAttrs = new HashMap<String, VTrxLogAttr>(); String actionCreate; @@ -73,6 +77,8 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range trxLogAttrs.put("denyPolicyItems", new VTrxLogAttr("denyPolicyItems", "DenyPolicy Items", false)); trxLogAttrs.put("allowExceptions", new VTrxLogAttr("allowExceptions", "Allow Exceptions", false)); trxLogAttrs.put("denyExceptions", new VTrxLogAttr("denyExceptions", "Deny Exceptions", false)); + trxLogAttrs.put("dataMaskPolicyItems", new VTrxLogAttr("dataMaskPolicyItems", "Masked Policy Items", false)); + trxLogAttrs.put("rowFilterPolicyItems", new VTrxLogAttr("rowFilterPolicyItems", "Row level filter Policy Items", false)); } public RangerPolicyService() { @@ -193,6 +199,10 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range value = processPolicyItemsForTrxLog(field.get(vObj)); } else if (fieldName.equalsIgnoreCase(DENY_EXCEPTIONS_CLASS_FIELD_NAME)){ value = processPolicyItemsForTrxLog(field.get(vObj)); + } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)){ + value = processDataMaskPolicyItemsForTrxLog(field.get(vObj)); + } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)){ + value = processRowFilterPolicyItemForTrxLog(field.get(vObj)); } else { value = "" + field.get(vObj); @@ -252,6 +262,14 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range if (oldPolicy != null) { oldValue = processPolicyItemsForTrxLog(oldPolicy.getDenyExceptions()); } + } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)) { + if (oldPolicy != null) { + oldValue = processDataMaskPolicyItemsForTrxLog(oldPolicy.getDataMaskPolicyItems()); + } + } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)) { + if (oldPolicy != null) { + oldValue = processRowFilterPolicyItemForTrxLog(oldPolicy.getRowFilterPolicyItems()); + } } if (oldValue == null || value.equalsIgnoreCase(oldValue)) { return null; @@ -290,6 +308,16 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range if(org.apache.commons.lang.StringUtils.equals(value, oldValue)) { return null; } + } else if (fieldName.equalsIgnoreCase(DATAMASK_POLICY_ITEM_CLASS_FIELD_NAME)) { + //compare old and new dataMaskPolicyItems + if(compareTwoDataMaskingPolicyItemList(value, oldValue)) { + return null; + } + } else if (fieldName.equalsIgnoreCase(ROWFILTER_POLICY_ITEM_CLASS_FIELD_NAME)) { + //compare old and new rowFilterPolicyItems + if(compareTwoRowFilterPolicyItemList(value, oldValue)) { + return null; + } } xTrxLog.setPreviousValue(oldValue); xTrxLog.setNewValue(value); @@ -443,4 +471,124 @@ public class RangerPolicyService extends RangerPolicyServiceBase<XXPolicy, Range String name = (String) value; return name; } + + @SuppressWarnings("unchecked") + private String processDataMaskPolicyItemsForTrxLog(Object value) { + if(value == null) { + return ""; + } + List<RangerDataMaskPolicyItem> rangerPolicyItems = (List<RangerDataMaskPolicyItem>) value; + if(rangerPolicyItems==null || rangerPolicyItems.size()==0){ + return ""; + } + String ret = jsonUtil.readListToString(rangerPolicyItems); + if(ret == null) { + return ""; + } + return ret; + } + + @SuppressWarnings("unchecked") + private String processRowFilterPolicyItemForTrxLog(Object value) { + if(value == null) { + return ""; + } + List<RangerRowFilterPolicyItem> rangerPolicyItems = (List<RangerRowFilterPolicyItem>) value; + if(rangerPolicyItems==null || rangerPolicyItems.size()==0){ + return ""; + } + String ret = jsonUtil.readListToString(rangerPolicyItems); + if(ret == null) { + return ""; + } + return ret; + } + + private boolean compareTwoDataMaskingPolicyItemList(String value, String oldValue) { + if (value == null && oldValue == null) { + return true; + } + if (value == "" && oldValue == "") { + return true; + } + if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) { + return false; + } + ObjectMapper mapper = new ObjectMapper(); + try { + List<RangerDataMaskPolicyItem> obj = mapper.readValue(value, + new TypeReference<List<RangerDataMaskPolicyItem>>() { + }); + List<RangerDataMaskPolicyItem> oldObj = mapper.readValue(oldValue, + new TypeReference<List<RangerDataMaskPolicyItem>>() { + }); + int oldListSize = oldObj.size(); + int listSize = obj.size(); + if(oldListSize != listSize) { + return false; + } + for(RangerDataMaskPolicyItem polItem : obj) { + if(!oldObj.contains(polItem)) { + return false; + } + } + return true; + } catch (JsonParseException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (JsonMappingException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (IOException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } + } + + private boolean compareTwoRowFilterPolicyItemList(String value, String oldValue) { + if (value == null && oldValue == null) { + return true; + } + if (value == "" && oldValue == "") { + return true; + } + if (stringUtil.isEmpty(value) || stringUtil.isEmpty(oldValue)) { + return false; + } + ObjectMapper mapper = new ObjectMapper(); + try { + List<RangerRowFilterPolicyItem> obj = mapper.readValue(value, + new TypeReference<List<RangerRowFilterPolicyItem>>() { + }); + List<RangerRowFilterPolicyItem> oldObj = mapper.readValue(oldValue, + new TypeReference<List<RangerRowFilterPolicyItem>>() { + }); + int oldListSize = oldObj.size(); + int listSize = obj.size(); + if(oldListSize != listSize) { + return false; + } + for(RangerRowFilterPolicyItem polItem : obj) { + if(!oldObj.contains(polItem)) { + return false; + } + } + return true; + } catch (JsonParseException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (JsonMappingException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } catch (IOException e) { + throw restErrorUtil.createRESTException( + "Invalid input data: " + e.getMessage(), + MessageEnums.INVALID_INPUT_DATA); + } + } } http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/982e0a99/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js index 800eed7..7ff1b0e 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js +++ b/security-admin/src/main/webapp/scripts/views/reports/PlugableServiceDiffDetail.js @@ -59,6 +59,11 @@ define(function(require){ oldDenyPolicyItems : this.oldDenyPolicyItems, newDenyExceptionPolicyItems : this.newDenyExceptionPolicyItems, oldDenyExceptionPolicyItems : this.oldDenyExceptionPolicyItems, + newMaskPolicyItems: this.newMaskPolicyItems, + newRowFilterPolicyItems: this.newRowFilterPolicyItems, + oldMaskPolicyItems: this.oldMaskPolicyItems, + oldRowFilterPolicyItems: this.oldRowFilterPolicyItems, + }; }, /** ui selector cache */ @@ -149,6 +154,7 @@ define(function(require){ this.highLightElement($(ol).find('.groupname'), $(newOl[i]).find('.groupname')); this.highLightElement($(ol).find('.perm'), $(newOl[i]).find('.perm')); this.highLightElement($(ol).find('.condition'), $(newOl[i]).find('.condition')); + this.highLightElement($(ol).find('.maskingAndRow'), $(newOl[i]).find('.maskingAndRow')); },this); }, @@ -192,6 +198,8 @@ define(function(require){ this.newAllowExceptionPolicyItems = null, this.oldAllowExceptionPolicyItems = null, this.newDenyPolicyItems = null, this.oldDenyPolicyItems = null, this.newDenyExceptionPolicyItems = null, this.oldDenyExceptionPolicyItems = null; + this.newMaskPolicyItems = null, this.newRowFilterPolicyItems = null, + this.oldMaskPolicyItems = null, this.oldRowFilterPolicyItems = null; var policyStatus = this.collection.findWhere({'attributeName':'Policy Status'}) if(!_.isUndefined(policyStatus)){ if(!_.isEmpty(policyStatus.get('previousValue'))){ @@ -239,6 +247,22 @@ define(function(require){ this.oldDenyExceptionPolicyItems = perms.oldPerms; } } + var policyItems = this.collection.findWhere({'attributeName':'Masked Policy Items'}); + if(!_.isUndefined(policyItems)){ + var perms = this.getPolicyItems('Masked Policy Items'); + if(!_.isEmpty(perms)){ + this.newMaskPolicyItems = perms.newPerms; + this.oldMaskPolicyItems = perms.oldPerms; + } + } + var policyItems = this.collection.findWhere({'attributeName':'Row level filter Policy Items'}); + if(!_.isUndefined(policyItems)){ + var perms = this.getPolicyItems('Row level filter Policy Items'); + if(!_.isEmpty(perms)){ + this.newRowFilterPolicyItems = perms.newPerms; + this.oldRowFilterPolicyItems = perms.oldPerms; + } + } }, getPolicyResources : function() { var policyResources = this.collection.findWhere({'attributeName':'Policy Resources'}); @@ -294,7 +318,7 @@ define(function(require){ } }, getPolicyItems : function(itemType) { - var items = {}; + var items = {},that = this; var newPolicyItems=[], oldPolicyItems =[]; var policyItems = this.collection.findWhere({'attributeName': itemType }); this.collection.remove(policyItems); @@ -318,9 +342,32 @@ define(function(require){ } }); } + if(itemType === 'Masked Policy Items') { + for(var i = 0; i < newPolicyItems.length ; i++){ + var maskingType = newPolicyItems[i].dataMaskInfo.dataMaskType; + var dataMaskDefs = that.rangerServiceDefModel.get('dataMaskDef'); + _.each(dataMaskDefs.maskTypes,function(maskType){ + if(maskType.name === maskingType) { + newPolicyItems[i].dataMaskInfo.dataMaskType = maskType.label; + } + }); + }; + + for(var i = 0; i < oldPolicyItems.length ; i++){ + var maskingType = oldPolicyItems[i].dataMaskInfo.dataMaskType; + var dataMaskDefs = that.rangerServiceDefModel.get('dataMaskDef'); + _.each(dataMaskDefs.maskTypes,function(maskType){ + if(maskType.name === maskingType) { + oldPolicyItems[i].dataMaskInfo.dataMaskType = maskType.label; + } + }); + }; + } + // this.oldPermList =[], this.newPermList =[] if(this.action == "update"){ - return this.setOldeNewPermList(newPolicyItems, oldPolicyItems); + //return this.setOldeNewPermList(newPolicyItems, oldPolicyItems); + return this.setOldNewPermDiff(newPolicyItems, oldPolicyItems); } else { return {'oldPerms' : oldPolicyItems, 'newPerms' : newPolicyItems}; @@ -328,6 +375,17 @@ define(function(require){ // this.newPermList = this.newPolicyItems; } }, + setOldNewPermDiff: function(newPolicyItems, oldPolicyItems){ + var oldPerms = [], newPerms = []; + var len = oldPolicyItems.length > newPolicyItems.length ? oldPolicyItems.length : newPolicyItems.length; + for(var i = 0; i < len ; i++) { + if (JSON.stringify(newPolicyItems[i]) != JSON.stringify(oldPolicyItems[i])) { + oldPerms.push(oldPolicyItems[i]); + newPerms.push(newPolicyItems[i]); + } + } + return {'newPerms': newPerms, 'oldPerms': oldPerms}; + }, setOldeNewPermList : function(newPolicyItems, oldPolicyItems) { var found = false, oldPerms = [], newPerms = []; for(var i=0; i< newPolicyItems.length ;i++){ http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/982e0a99/security-admin/src/main/webapp/styles/xa.css ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/styles/xa.css b/security-admin/src/main/webapp/styles/xa.css index f8e7273..b586e11 100644 --- a/security-admin/src/main/webapp/styles/xa.css +++ b/security-admin/src/main/webapp/styles/xa.css @@ -1468,6 +1468,13 @@ ul.tabs > li > a { .diff-right .data li { min-width: 16.5em; } +.diff-list > ol { + display: initial; + min-width: 250px; +} +.diff .diff-left{ + min-width: 16.5em; +} .change { background-color: #ffd; http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/982e0a99/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html index 5ed8d00..3018c84 100644 --- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html +++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyDiff_tmpl.html @@ -46,7 +46,7 @@ {{#if newPolicyItems}} <h5>Allow PolicyItems :</h5> <div class="diff diff-perms" > - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newPolicyItems}} <ol class="unstyled data"> @@ -89,7 +89,7 @@ {{#if newAllowExceptionPolicyItems}} <h5>Allow Exceptions :</h5> <div class="diff diff-perms" > - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newAllowExceptionPolicyItems}} <ol class="unstyled data"> @@ -132,7 +132,7 @@ {{#if newDenyPolicyItems}} <h5>Deny PolicyItems :</h5> <div class="diff diff-perms" > - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newDenyPolicyItems}} <ol class="unstyled data"> @@ -173,7 +173,7 @@ {{#if oldDenyExceptionPolicyItems}} <h5>Deny Exception PolicyItems:</h5> <div class="diff diff-perms" > - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each oldDenyExceptionPolicyItems}} <ol class="unstyled data"> @@ -211,4 +211,82 @@ </div> {{/if}} +<!-- Masking Policy Items --> +{{#if newMaskPolicyItems}} + <h5>Masking Policy Items :</h5> + <div class="diff diff-perms" > + <div class="diff-right diff-list" data-id="diff"> + <h3>New Value</h3> + {{#each newMaskPolicyItems}} + <ol class="unstyled data"> + <li class="change-row">Groups: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{this.groups}} + {{/if_eq}} + </li> + <li class="change-row">Users: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{this.users}} + {{/if_eq}} + </li> + <li class="change-row">Accesses: + {{#each this.accesses}} + {{this.type}} <span>,</span> + {{/each}} + </li> + {{#if this.dataMaskInfo}} + <li class="change-row"> + Data Mask Types: + {{this.dataMaskInfo.dataMaskType}} + </li> + {{/if}} + </ol><br/> + {{/each}} + </div> + </div> +{{/if}} + +<!-- Row Filter Policy Items--> +{{#if newRowFilterPolicyItems}} + <h5>Row Level Filter Policy Items :</h5> + <div class="diff diff-perms" > + <div class="diff-right diff-list" data-id="diff"> + <h3>New Value</h3> + {{#each newRowFilterPolicyItems}} + <ol class="unstyled data"> + <li class="change-row">Groups: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{this.groups}} + {{/if_eq}} + </li> + <li class="change-row">Users: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{this.users}} + {{/if_eq}} + </li> + <li class="change-row">Accesses: + {{#each this.accesses}} + {{this.type}} <span>,</span> + {{/each}} + </li> + {{#if this.rowFilterInfo}} + <li class="change-row"> + Row Level Filter: + {{this.rowFilterInfo.filterExpr}} + </li> + {{/if}} + </ol><br/> + {{/each}} + </div> + </div> +{{/if}} + </div> http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/982e0a99/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html ---------------------------------------------------------------------- diff --git a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html index d2a4f80..c2d6c2d 100644 --- a/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html +++ b/security-admin/src/main/webapp/templates/reports/PlugableServicePolicyUpdateDiff_tmpl.html @@ -70,8 +70,8 @@ {{#if oldPolicyItems}} <h5>Allow PolicyItems :</h5> <div class="diff diff-perms"> - <div class="diff-left" data-id="diff"> - <h3>old Value</h3> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> {{#each oldPolicyItems}} <ol class="unstyled data"> {{#if this.permissions}} @@ -113,7 +113,7 @@ </ol><br/> {{/each}} </div> - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newPolicyItems}} <ol class="unstyled data"> @@ -162,8 +162,8 @@ {{#if oldAllowExceptionPolicyItems}} <h5>Allow Exception PolicyItems :</h5> <div class="diff diff-perms"> - <div class="diff-left" data-id="diff"> - <h3>old Value</h3> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> {{#each oldAllowExceptionPolicyItems}} <ol class="unstyled data"> {{#if this.permissions}} @@ -205,7 +205,7 @@ </ol><br/> {{/each}} </div> - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newAllowExceptionPolicyItems}} <ol class="unstyled data"> @@ -255,8 +255,8 @@ {{#if oldDenyPolicyItems}} <h5>Deny PolicyItems :</h5> <div class="diff diff-perms"> - <div class="diff-left" data-id="diff"> - <h3>old Value</h3> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> {{#each oldDenyPolicyItems}} <ol class="unstyled data"> {{#if this.permissions}} @@ -298,7 +298,7 @@ </ol><br/> {{/each}} </div> - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newDenyPolicyItems}} <ol class="unstyled data"> @@ -349,8 +349,8 @@ {{#if oldDenyExceptionPolicyItems}} <h5>Deny Exception PolicyItems :</h5> <div class="diff diff-perms"> - <div class="diff-left" data-id="diff"> - <h3>old Value</h3> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> {{#each oldDenyExceptionPolicyItems}} <ol class="unstyled data"> {{#if this.permissions}} @@ -392,7 +392,7 @@ </ol><br/> {{/each}} </div> - <div class="diff-right" data-id="diff"> + <div class="diff-right diff-list" data-id="diff"> <h3>New Value</h3> {{#each newDenyExceptionPolicyItems}} <ol class="unstyled data"> @@ -438,5 +438,180 @@ </div> {{/if}} +<!-- Masking Policy Items --> +{{#if oldMaskPolicyItems}} + <h5>Masking Policy Items :</h5> + <div class="diff diff-perms"> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> + {{#each oldMaskPolicyItems}} + <ol class="unstyled data"> + {{#if this.accesses}} + <li class="change-row"><i>Groups</i>: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{#each this.groups}} + <span class="groupname">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Users</i>: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{#each this.users}} + <span class="username">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Accesses</i>: + {{#each this.accesses}} + <span class="perm">{{this.type}}</span> <span>,</span> + {{/each}} + </li> + {{#if this.dataMaskInfo}} + <li class="change-row"> + <i>Data Mask Types</i>: + <span class="maskingAndRow">{{this.dataMaskInfo.dataMaskType}}</span> <span>,</span> + </li> + {{/if}} + {{else}} + <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> + {{/if}} + </ol><br/> + {{/each}} + </div> + <div class="diff-right diff-list" data-id="diff"> + <h3>New Value</h3> + {{#each newMaskPolicyItems}} + <ol class="unstyled data"> + {{#if this.accesses}} + <li class="change-row"><i>Groups</i>: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{#each this.groups}} + <span class="groupname">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Users</i>: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{#each this.users}} + <span class="username">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Accesses</i>: + {{#each this.accesses}} + <span class="perm">{{this.type}}</span> <span>,</span> + {{/each}} + </li> + {{#if this.dataMaskInfo}} + <li class="change-row"> + <i>Data Mask Types</i>: + <span class="maskingAndRow">{{this.dataMaskInfo.dataMaskType}}</span> <span>,</span> + </li> + {{/if}} + + {{else}} + <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> + {{/if}} + </ol><br/> + {{/each}} + </div> + </div> + {{/if}} + +<!-- Row filter Policy Items--> +{{#if oldRowFilterPolicyItems}} + <h5>Row Level Filter Policy Items :</h5> + <div class="diff diff-perms"> + <div class="diff-left diff-list" data-id="diff"> + <h3>Old Value</h3> + {{#each oldRowFilterPolicyItems}} + <ol class="unstyled data"> + {{#if this.accesses}} + <li class="change-row"><i>Groups</i>: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{#each this.groups}} + <span class="groupname">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Users</i>: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{#each this.users}} + <span class="username">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Accesses</i>: + {{#each this.accesses}} + <span class="perm">{{this.type}}</span> <span>,</span> + {{/each}} + </li> + {{#if this.rowFilterInfo}} + <li class="change-row"> + <i>Row Level Filter</i>: + <span class="maskingAndRow">{{this.rowFilterInfo.filterExpr}}</span> <span>,</span> + </li> + {{/if}} + {{else}} + <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> + {{/if}} + </ol><br/> + {{/each}} + </div> + <div class="diff-right diff-list" data-id="diff"> + <h3>New Value</h3> + {{#each newRowFilterPolicyItems}} + <ol class="unstyled data"> + {{#if this.accesses}} + <li class="change-row"><i>Groups</i>: + {{#if_eq this.groups compare=0}} + <empty> + {{else}} + {{#each this.groups}} + <span class="groupname">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Users</i>: + {{#if_eq this.users compare=0}} + <empty> + {{else}} + {{#each this.users}} + <span class="username">{{this}}</span><span>,</span> + {{/each}} + {{/if_eq}} + </li> + <li class="change-row"><i>Accesses</i>: + {{#each this.accesses}} + <span class="perm">{{this.type}}</span> <span>,</span> + {{/each}} + </li> + {{#if this.rowFilterInfo}} + <li class="change-row"> + <i>Row Level Filter</i>: + <span class="maskingAndRow">{{this.rowFilterInfo.filterExpr}}</span> <span>,</span> + </li> + {{/if}} + + {{else}} + <li style=" min-height: 99px; line-height: 102px; text-align: center; font-weight: bold; font-style: italic;"><empty></li> + {{/if}} + </ol><br/> + {{/each}} + </div> + </div> + {{/if}} </div>
