ramackri commented on code in PR #1000:
URL: https://github.com/apache/ranger/pull/1000#discussion_r3377991511
##########
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java:
##########
@@ -1153,6 +1159,43 @@ public Collection<String> getRolesByLoginId(String
loginId) {
return roleList;
}
+ /**
+ * Returns DB roles augmented with config super-user roles for
+ * Spring Security authentication.
+ * Does not modify {@code x_portal_user_role}; use
+ * {@link #getRolesByLoginId(String)} for DB-only roles.
+ *
+ * @param loginId portal login id
+ * @return DB roles plus config super-user roles when applicable
+ */
+ public Collection<String> getAuthenticationRolesByLoginId(final String
loginId) {
Review Comment:
Done — removed getAuthenticationRolesByLoginId()
##########
security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java:
##########
@@ -457,7 +457,8 @@ public VXUserList searchXUsers(@Context HttpServletRequest
request, @QueryParam(
hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN) : hasRole;
hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) : hasRole;
hasRole =
!userRolesList.contains(RangerConstants.ROLE_USER) ?
userRolesList.add(RangerConstants.ROLE_USER) : hasRole;
- } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ } else if (userSession.isSingleRoleUserSession()) {
Review Comment:
Fixed — simplified guard
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
