-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/54965/
-----------------------------------------------------------
Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj,
and Velmurugan Periasamy.
Bugs: RANGER-1213
https://issues.apache.org/jira/browse/RANGER-1213
Repository: ranger
Description
-------
** Problem Statement :** The following curl command goes through ok but the
role is misspelled and as result the user disappears from the UI's user list:
%curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H
"Content-Type: application/json"
http://localhost:6080/service/xusers/secure/users/4 -d@hive_user.role_sys_adm
where the file of hive_user.role_sys_adm has the following contents:
{"id":4,"name":"hive","firstName":"hive","lastName":"hive","description":"hive
- add from Unix
box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]}
The issue is that XUserMgr.updateXUser does not check the validity of the roles
passed from client.
** Proposed Solution :** Provided user role will be validated in user
create/update call; if user will be having valid role then only create/update
call will be processed.
Diffs
-----
security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9885090
Diff: https://reviews.apache.org/r/54965/diff/
Testing
-------
** Steps performed(with patch) :**
Installed and started Ranger admin.
**Case-1 : User create request should fail if its having invalid role.**
1. Tried to create a user with invalid role :
Request : curl -u admin:admin -v -i -s -X POST -H "Accept: application/json" -H
"Content-Type: application/json"
http://localhost:6080/service/xusers/secure/users -d
'{"name":"hive1","firstName":"hive1","lastName":"hive1","description":"hive -
add from Unix
box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]}'
Expected Behaviour : User creation should fail with proper error message.
Actual Behaviour : User creation failed with following response code and
message.
**Response :**
HTTP/1.1 400 Bad Request
{"statusCode":1,"msgDesc":"Invalid user role, please provide valid user
role.","messageList":[{"name":"INVALID_INPUT_DATA","rbKey":"xa.validation.invalid_input_data","message":"Invalid
input data"}]
**Case-2 : User update request should fail if its having invalid role. **
1. Created user 'hive2' with user role.
2. Tried to update user 'hive2' role with an invalid role.
Request : curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H
"Content-Type: application/json"
http://localhost:6080/service/xusers/secure/users/81 -d
'{"id":81,"name":"hive2","firstName":"hive2","lastName":"hive2","description":"hive2
- add from Unix
box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]}'
Expected Behaviour : User role update request should fail with proper error
message.
Actual Behaviour : User role update request failed with following response code
and message.
** Response : **
HTTP/1.1 400 Bad Request
{"statusCode":1,"msgDesc":"Invalid user role, please provide valid user
role.","messageList":[{"name":"INVALID_INPUT_DATA","rbKey":"xa.validation.invalid_input_data","message":"Invalid
input data"}]}
Thanks,
Pradeep Agrawal
