AMBARI-21687. User can't add node via Ambari UI when being part of both "cluster user" and "cluster admin" roles (echekanskiy)
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/c51540de Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/c51540de Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/c51540de Branch: refs/heads/feature-branch-AMBARI-21307 Commit: c51540dee89d90bb488c2b1a1269ae7d40d5d509 Parents: 18a16cb Author: Eugene Chekanskiy <echekans...@apache.org> Authored: Mon Sep 4 14:53:51 2017 +0300 Committer: Eugene Chekanskiy <echekans...@apache.org> Committed: Mon Sep 4 14:53:51 2017 +0300 ---------------------------------------------------------------------- .../server/controller/internal/RequestResourceProvider.java | 8 +++++++- .../controller/internal/RequestResourceProviderTest.java | 2 -- 2 files changed, 7 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/c51540de/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java index 355e572..81f283c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/RequestResourceProvider.java @@ -251,7 +251,13 @@ public class RequestResourceProvider extends AbstractControllerResourceProvider ? null : actionDefinition.getPermissions(); - if (!AuthorizationHelper.isAuthorized(resourceType, resourceId, permissions)) { + // here goes ResourceType handling for some specific custom actions + ResourceType customActionResourceType = resourceType; + if (actionName.contains("check_host")) { // check_host custom action + customActionResourceType = ResourceType.CLUSTER; + } + + if (!AuthorizationHelper.isAuthorized(customActionResourceType, resourceId, permissions)) { throw new AuthorizationException(String.format("The authenticated user is not authorized to execute the action %s.", actionName)); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/c51540de/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java index b2e9472..c0695b1 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/RequestResourceProviderTest.java @@ -1358,13 +1358,11 @@ public class RequestResourceProviderTest { EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS)); } - @Test(expected = AuthorizationException.class) public void testCreateResourcesCheckHostForNonClusterAsClusterAdministrator() throws Exception { testCreateResources(TestAuthenticationFactory.createClusterAdministrator(), null, null, "check_host", EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS)); } - @Test(expected = AuthorizationException.class) public void testCreateResourcesCheckHostForNonClusterAsClusterOperator() throws Exception { testCreateResources(TestAuthenticationFactory.createClusterOperator(), null, null, "check_host", EnumSet.of(RoleAuthorization.HOST_ADD_DELETE_HOSTS));