kumaab commented on code in PR #554:
URL: https://github.com/apache/ranger/pull/554#discussion_r2029195488
##########
security-admin/src/main/java/org/apache/ranger/biz/RoleRefUpdater.java:
##########
@@ -345,45 +345,63 @@ private Long createPrincipal(String user) {
return ret;
}
+ private boolean doesPrincipalExist(String name,
PolicyRefUpdater.PRINCIPAL_TYPE type) {
+ switch (type) {
+ case USER:
+ return daoMgr.getXXUser().findByUserName(name) != null;
+ case GROUP:
+ return daoMgr.getXXGroup().findByGroupName(name) != null;
+ case ROLE:
+ return daoMgr.getXXRole().findByRoleName(name) != null;
+ default:
+ break;
+ }
+ return false;
+ }
+
private void createRoleAssociation(Long id, String name) {
LOG.debug("===>
RolePrincipalAssociator.createRoleAssociation(roleId={}, type={}, name={},
id={})", roleId, type.name(), name, id);
- switch (type) {
- case USER: {
- XXRoleRefUser xRoleRefUser =
rangerAuditFields.populateAuditFieldsForCreate(new XXRoleRefUser());
+ if (doesPrincipalExist(name, type)) {
Review Comment:
Actually figured out `doesPrincipalExist(name, type)` is redundant as it
happens in the caller `Long id = createOrGetPrincipal(isAdmin);` in `boolean
doAssociate(boolean isAdmin) {`, check for `roleId` should be done instead,
will update the PR.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@ranger.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
