----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/48844/#review138212 -----------------------------------------------------------
Ship it! Ship It! - Robert Levas On June 17, 2016, 6:16 a.m., Andrew Onischuk wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/48844/ > ----------------------------------------------------------- > > (Updated June 17, 2016, 6:16 a.m.) > > > Review request for Ambari, Jonathan Hurley, Nate Cole, and Robert Levas. > > > Bugs: AMBARI-17292 > https://issues.apache.org/jira/browse/AMBARI-17292 > > > Repository: ambari > > > Description > ------- > > ambari-server --hash > 9a2943ba77371f1c20b4f3da900abb7c2e89d22b > Build# ambari-server-2.4.0.0-591.x86_64 > > **Steps** > > 1. Create user with different roles like Cluster user, Service > Administrator etc. > 2. Login as Ambari admin user and start Express Upgrade (register version, > install packages and start EU) > 3. Pause the Upgrade at any step that requires manual intervention (like > stop YARN queue or backup DB or even at Finalize step) > 4. Logout and login as cluster user > > **Result**: > The logged in user has complete access to Upgrade Wizard and can resume > upgrade > Also do actions like Downgrade, 'Ignore and Proceed', 'Retry' > > The same is true for other roles like service administrator too, both during > upgrade and downgrade > > **Expected Result:** Only Ambari Admin and Cluster Admin should be permitted > to perform actions during cluster upgrade > > Screenshots attached for reference while logged in as cluster user role > (cluser) > > Another observation: While upgrade is in progress, login in a different > session as cluster user - the cluster user can view the upgrade wizard in > exact same way as admin > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeItemResourceProvider.java > 0719430 > > ambari-server/src/main/java/org/apache/ambari/server/controller/internal/UpgradeResourceProvider.java > fb3ae69 > > ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java > 922a215 > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderHDP22Test.java > c052a6c > > ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UpgradeResourceProviderTest.java > 5bcfd86 > > Diff: https://reviews.apache.org/r/48844/diff/ > > > Testing > ------- > > mvn clean test > > > Thanks, > > Andrew Onischuk > >