> On Oct. 9, 2015, 10:24 p.m., Madhan Neethiraj wrote: > > Followig two places seem to be inconsistent in assigning to > > XXUserPermission.userId: the first one assigns XXUser.id and the second one > > assigns XXPortalUser.id. Please review. > > > > XUserMgr.java: #272 > > vXUserPermission.setUserId(xUser.getId()); > > > > XUserPermissionServiceBase.java: #53 > > vObj.setUserId(portalUser.getId());
XUserMgr.java: #272 vXUserPermission.setUserId(xUser.getId()); >>> From here object is getting created using createResource method of service >>> class, so as per the implementation while creating object, >>> client/UI/internal code will send xUserId and at service layer it will be >>> mapped to xPortalUserId. So this seems correct. XUserPermissionServiceBase.java: #53 vObj.setUserId(portalUser.getId()); >>> This is the place where the mapping from xUserId to xPortalUserId happens. >>> As I mentioned above while creating/updating, UI/client will send xUserId >>> which will be mapped here to xPortalUserId. - Gautam ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/39122/#review102121 ----------------------------------------------------------- On Oct. 9, 2015, 9:15 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/39122/ > ----------------------------------------------------------- > > (Updated Oct. 9, 2015, 9:15 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-688 > https://issues.apache.org/jira/browse/RANGER-688 > > > Repository: ranger > > > Description > ------- > > *Current Implementation:* > > x_user_module_perm.userId refers to x_portal_user.id but while > assigning/revoking permissions using permission model, UI sends userId of > x_user table. > So this is a bug in current implementation because UI sends x_user.id and > server assumes that it's x_portal_user.id and will create permission. > When IDs of x_user and x_portal_user will not be in sync at that time this > may cause a serious issue. > > *Fix provided in patch:* > > UI will always have x_user/s but on server side x_portal_user/s required. So > now we can't expect UI to send x_portal_user.id in userPermission object so > in patch what we have done is: > Let UI send x_user.id in userPermission object but on server side it will be > mapped to x_portal_user.id and same when UI is reading permissions, let > database return x_portal_user.id that will be mapped to x_user.id. > Due to this UI remains as it is and also, we don't need to change table > structure of x_user_module_perm. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 5f43bc0 > security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java > 59e55f3 > security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java > d3467f8 > security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java 0887594 > security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java > e10dc14 > > security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java > f0aa938 > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java > 3ff9c8d > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java > 59c082d > security-admin/src/main/resources/META-INF/jpa_named_queries.xml 0370e9a > > Diff: https://reviews.apache.org/r/39122/diff/ > > > Testing > ------- > > Tested by creating a XPOrtalUser user using curl command and then for a new > user, assigned permissions to check if permissions are not messed up. > > > Thanks, > > Gautam Borad > >
