KyrieG created RANGER-4122:
------------------------------
Summary: [RangerAdmin] Reorganize authorization check logic
Key: RANGER-4122
URL: https://issues.apache.org/jira/browse/RANGER-4122
Project: Ranger
Issue Type: Improvement
Components: admin
Affects Versions: 2.3.0
Reporter: KyrieG
Fix For: 2.4.0
# Reorganize authorization logic
Recently when I was sorting out the authorization logic of ranger admin, I saw
confusion.
For example: At ServiceREST I saw the following, similar logic been implemented
in a distributed fasion.
![[Pasted image 20230305134707.png]]
![[Pasted image 20230305134449.png]]
![[Pasted image 20230305140346.png]]
![[Pasted image 20230305141025.png]]
I think these method should be in the same class for easy maintainance. A
Better way is to create a new class for authorization logic instead of putting
everythiong into bizUtil because it's responsible for many thing.
To sum up, I want to put these method into A new class named
"RangerAuthorizationHelper".
RangerBizUtil.isUserAllowed
RangerBizUtil.checkAdminAccess
RangerBizUtil.isUserRangerAdmin
RangerBizUtil.isUserServiceAdmin
RoleREST.userIsSrvAdmOrSrvUser
svcStore.isServiceAdminUser
XUserMgr.hasAccessToModule
RangerBizUtil.hasModuleAccess
RoleDBStore.ensureRoleAccess
RangerBizUtil.blockAuditorRoleUser
... and many.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
