-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/73154/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Gautam Borad, Kishor Gollapalliwar,
Abhay Kulkarni, Madhan Neethiraj, Mehul Parikh, Pradeep Agrawal, Ramesh Mani,
Sailaja Polavarapu, and Velmurugan Periasamy.
Bugs: RANGER-3155
https://issues.apache.org/jira/browse/RANGER-3155
Repository: ranger
Description
-------
Reverted RANGER-3135 patch as it breaks current functionality to access role
for ranger admin and provided a fix with its root cause to represent proper
message in case of role does not exist. Earlier it was showing "User doesn't
have permissions to get details for role" even if role does not exist.
With this patch we Admin user can access roles and if role does not exist it
shows message as "Role with name: ROLETEST does not exist". For non-admin user
it behaves as it is. It shows "User doesn't have permissions to get details for
ROLETEST".
This fix simply throws an error caught in getRoleIfAccessible() function of
RoleREST.java class to parent method. Parent method prints appropriate message
caught in exception. And reverted changes made in RANGER-3135.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 20db16da6
Diff: https://reviews.apache.org/r/73154/diff/1/
Testing
-------
For admin user :
1. If role is present - API returns role information.
2. If role does not exist - API will return "Role with name: ROLETEST does not
exist.
3. If role exist and ?execUser=non-admin - API will return "User non-admin does
not have privilege to role ROLETEST"
For non-admin user :
1. It shows "User doesn't have permissions to get details for ROLETEST".
Thanks,
Mahesh Bandal
