Re: Review Request 71220: RANGER-2518: Allow service creator to delete the service

Wed, 31 Jul 2019 15:35:02 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71220/#review217013
-----------------------------------------------------------


Ship it!




Ship It!

- Ramesh Mani


On July 31, 2019, 10:08 p.m., Abhay Kulkarni wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/71220/
> -----------------------------------------------------------
> 
> (Updated July 31, 2019, 10:08 p.m.)
> 
> 
> Review request for ranger, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, 
> and Velmurugan Periasamy.
> 
> 
> Bugs: RANGER-2518
>     https://issues.apache.org/jira/browse/RANGER-2518
> 
> 
> Repository: ranger
> 
> 
> Description
> -------
> 
> Problem Statement: Current service admin user can not delete the ranger 
> service. 
> 
> 
> Proposed Solution: 
> 
> 
> As during service/repo creation, creator reference get added in added_by_id 
> field of x_service table. we can compare the logged in user id and service 
> creator id. if both matches then no need to check the admin permissions. This 
> will allow service creator user to delete the service.
> 
> 
> Diffs
> -----
> 
>   security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
> 0ad7df2dd 
>   security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
> 84202335d 
>   security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
> b06273cc5 
>   
> security-admin/src/main/java/org/apache/ranger/service/XResourceService.java 
> 43a855e6d 
>   
> security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
>  d613c700a 
>   security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
> 34be7e914 
> 
> 
> Diff: https://reviews.apache.org/r/71220/diff/1/
> 
> 
> Testing
> -------
> 
> Built, Installed and started ranger with the patch.
> Login from admin user.
> Create a user 'testuser1' with 'admin' role
> Logout from admin user and login from 'testuser1'
> create hive service 'hivedev'
> Logout from 'testuser1' user and login from 'admin'
> Change the role of 'testuser1' user from 'admin' to 'user'
> Logout from admin user
> execute below curl command by using 'testuser1' user's credential
> curl -i --header "Accept:application/json" -H "Content-Type: 
> application/json" -u testuser1:user1234 -X  DELETE 
> 'http://172.22.111.117:6080/service/plugins/services/5'
> 
> 
> Expected behaviour:
> service should get deleted and return http response code 204 with no content.
> 
> 
> Actual behaviour:
> Response received:
> 
> 
> HTTP/1.1 204 No Content
> Set-Cookie: RANGERADMINSESSIONID=3F481200366A0823073FFE27FF982A84; Path=/; 
> HttpOnly
> X-Frame-Options: DENY
> X-XSS-Protection: 1; mode=block
> Strict-Transport-Security: max-age=31536000; includeSubDomains
> Content-Security-Policy: default-src 'none'; script-src 'self' 
> 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 
> 'self' 'unsafe-inline';font-src 'self'
> Cache-Control: no-cache, no-store, max-age=0, must-revalidate
> Pragma: no-cache
> Expires: 0
> X-Content-Type-Options: nosniff
> Content-Type: application/json
> Date: Thu, 25 Jul 2019 13:50:13 GMT
> Server: Apache Ranger
> 
> 
> Thanks,
> 
> Abhay Kulkarni
> 
>

Reply via email to