----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/39122/#review102634 -----------------------------------------------------------
Ship it! Ship It! - Madhan Neethiraj On Oct. 14, 2015, 10:27 a.m., Gautam Borad wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/39122/ > ----------------------------------------------------------- > > (Updated Oct. 14, 2015, 10:27 a.m.) > > > Review request for ranger, Alok Lal, Don Bosco Durai, Abhay Kulkarni, Madhan > Neethiraj, Ramesh Mani, Selvamohan Neethiraj, and Velmurugan Periasamy. > > > Bugs: RANGER-688 > https://issues.apache.org/jira/browse/RANGER-688 > > > Repository: ranger > > > Description > ------- > > *Current Implementation:* > > x_user_module_perm.userId refers to x_portal_user.id but while > assigning/revoking permissions using permission model, UI sends userId of > x_user table. > So this is a bug in current implementation because UI sends x_user.id and > server assumes that it's x_portal_user.id and will create permission. > When IDs of x_user and x_portal_user will not be in sync at that time this > may cause a serious issue. > > *Fix provided in patch:* > > UI will always have x_user/s but on server side x_portal_user/s required. So > now we can't expect UI to send x_portal_user.id in userPermission object so > in patch what we have done is: > Let UI send x_user.id in userPermission object but on server side it will be > mapped to x_portal_user.id and same when UI is reading permissions, let > database return x_portal_user.id that will be mapped to x_user.id. > Due to this UI remains as it is and also, we don't need to change table > structure of x_user_module_perm. > > > Diffs > ----- > > security-admin/scripts/setup.sh 9710706ed5147d572dd988eaf7db5e757a8338f2 > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > b86087773c97770a96ee62fa817b10615be08bab > security-admin/src/main/java/org/apache/ranger/common/UserSessionBase.java > 59e55f3e1db02f1fdd2d03dd22183929b1173027 > security-admin/src/main/java/org/apache/ranger/db/XXPortalUserDao.java > d3467f86aefccca9b0387e382628b95e4466eecd > security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java > 088759469608ab45e3ad3341ad2bf6558a30f5d9 > security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java > e10dc14fdcb58265467aa02d0a9b9b2aea1040ad > > security-admin/src/main/java/org/apache/ranger/patch/PatchPersmissionModel_J10003.java > f0aa938dd918124e050ee54a3dcc64e86e3f5236 > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionService.java > 3ff9c8d0ac070032089bcbc9f5c3c33c401b30b3 > > security-admin/src/main/java/org/apache/ranger/service/XUserPermissionServiceBase.java > 59c082d2760acc8bd296b29497ab763cbb97c407 > security-admin/src/main/resources/META-INF/jpa_named_queries.xml > 0370e9abe60582152f6d71ac8e0ed8312e4f2e7f > > Diff: https://reviews.apache.org/r/39122/diff/ > > > Testing > ------- > > Tested by creating a XPOrtalUser user using curl command and then for a new > user, assigned permissions to check if permissions are not messed up. > > > Thanks, > > Gautam Borad > >
