[
https://issues.apache.org/jira/browse/RANGER-899?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15299626#comment-15299626
]
rangerqa commented on RANGER-899:
---------------------------------
{color:green}+1 overall{color}. Here are the results of testing the latest
attachment
http://issues.apache.org/jira/secure/attachment/12806081/RANGER-899-2.patch
against master revision 982e0a9.
{color:green}+1 @author{color}. The patch does not contain any @author
tags.
{color:green}+1 tests included{color}. The patch appears to include 4 new
or modified test files.
{color:green}+1 javac{color}. The applied patch does not increase the
total number of javac compiler warnings.
{color:green}+1 javadoc{color}. There were no new javadoc warning messages.
+1 checkstyle. The patch generated 0 code style errors.
{color:green}+1 findbugs{color}. The patch does not introduce any new
Findbugs (version 2.0.3) warnings.
{color:green}+1 release audit{color}. The applied patch does not increase
the total number of release audit warnings.
{color:green}+1 core tests{color}. The patch passed unit tests in .
Test results:
https://builds.apache.org/job/PreCommit-RANGER-Build/213//testReport/
Console output:
https://builds.apache.org/job/PreCommit-RANGER-Build/213//console
This message is automatically generated.
> Problem Changing/Updating emailAddress of logged in user using API:
> "{userId}/emailchange" of class org.apache.ranger.rest.UserREST.java
> ----------------------------------------------------------------------------------------------------------------------------------------
>
> Key: RANGER-899
> URL: https://issues.apache.org/jira/browse/RANGER-899
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 0.5.0, 0.6.0
> Reporter: Tushar Dudhatra
> Assignee: Pradeep Agrawal
> Priority: Minor
> Fix For: 0.6.0
>
> Attachments: RANGER-899-2.patch
>
>
> While taking tour to the existing code I found something not good about this
> API. This API is for changing/updating emailAddress of logged in user. Here
> is what I have done:
> --- Case 1:
>
> 1) Created new user with Admin UI with this data:
> {"groupIdList":null,"status":1,"userRoleList":["ROLE_SYS_ADMIN"],"name":"user1","password":"user12345","firstName":"User1","lastName":"","emailAddress":"[email protected]"}
>
> 2) After this I logged in with username `user1`.
> 3) Tried hitting this POST URL using RESTClient : {base
> url}/service/users/5/emailchange. Data I posted: {"loginId":"user1",
> "emailAddress":"[email protected]", "oldPassword":"user12345"}
> It gave me 400 Bad Request with message "User doesn't have permission to
> perform this operation"
> Expected: It should allow me to change/update my email address
> --- Case 2:
> In this case when I tried creating another new user with username `user3`
> without giving emailId and saved it and followed the same steps. So again it
> gave me 400 Bad Request with message "User doesn't have permission to perform
> this operation".
> Reason is in back-end it will automatically set some random number in my
> email id if I don't provide. So While creating new user it doesn't matter
> whether I give email or not it will either save user given email or it will
> save some random system generated number in my emailId and hence emailId in
> database will never be empty and because of that I will never be able to
> change/update my emailId using this API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
