Review Request 73152: RANGER-3154: Admin user cann't get role info throught rest API

Thu, 21 Jan 2021 01:21:08 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73152/
-----------------------------------------------------------

Review request for ranger, Abhay Kulkarni, Madhan Neethiraj, Mahesh Bandal, 
Pradeep Agrawal, Ramesh Mani, and Sailaja Polavarapu.


Bugs: RANGER-3154
    https://issues.apache.org/jira/browse/RANGER-3154


Repository: ranger


Description
-------

Admin user always get msg :"Role with name: xxx does not exist" when query role 
through rest API


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 20db16da6 


Diff: https://reviews.apache.org/r/73152/diff/1/


Testing
-------

1. create new role kkk from ranger web, and it cantains two user: test and 
hdfs, user 'test' is role adimin. And kkk111 is a none-exist role.
2. use admin user 'rangeradmin' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk"; -X GET -H 
"Content-Type:application/json", return role 'kkk' info.
3. use user 'test' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk"; -X GET -H 
"Content-Type:application/json", return "User doesn't have permission to get 
details for kkk".
4. use user 'test' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk?execUser=test"; -X GET -H 
"Content-Type:application/json", return role 'kkk' info.
5. use user 'hdfs' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk"; -X GET -H 
"Content-Type:application/json", return "User doesn't have permission to get 
details for kkk".
6. use admin user 'rangeradmin' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk111"; -X GET -H 
"Content-Type:application/json", return "Role with name: kkk111 does not exist".
7. use admin user 'rangeradmin' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk111?execUser=test"; -X GET -H 
"Content-Type:application/json", return "User doesn't have permission to get 
details for kkk111".
8. use user 'test' execute: curl -s -k 
"https://x.x.x.x:6080/service/roles/roles/name/kkk111"; -X GET -H 
"Content-Type:application/json", return "User doesn't have permission to get 
details for kkk111".


Thanks,

ru jia

Reply via email to