Re: [PR] RANGER-4607: Ranger REST API improvements [ranger]

via GitHub Tue, 08 Oct 2024 23:27:53 -0700


kumaab commented on code in PR #393:
URL: https://github.com/apache/ranger/pull/393#discussion_r1792913986



##########
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java:
##########
@@ -52,8 +52,11 @@ public class XAuditMgr extends XAuditMgrBase {
        RangerBizUtil rangerBizUtil;
 
        public VXTrxLog getXTrxLog(Long id) {
-               checkAdminAccess();
-               return super.getXTrxLog(id);
+               if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() || 
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) {

Review Comment:
   Please see if a private function can be re-used at lines 55, 81 and 90, for 
eg:
   
   ```
   private boolean checkAdminAccess(){
       if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() || 
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()){
           return true;
       } else {
           throw 
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User 
doesn't have permissions to perform this action", true);
       }
   }
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Re: [PR] RANGER-4607: Ranger REST API improvements [ranger]

Reply via email to