This is an automated email from the ASF dual-hosted git repository. madhan pushed a commit to branch RANGER-3923 in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/RANGER-3923 by this push: new 37606e29e RANGER:4397: updated dataShare retrieval API to support excludeDatasetId flag 37606e29e is described below commit 37606e29ede711d4c801c60d937928fbdf98bcc5 Author: prashant <prashantsatam...@gmail.com> AuthorDate: Thu Nov 9 12:57:15 2023 -0800 RANGER:4397: updated dataShare retrieval API to support excludeDatasetId flag Signed-off-by: Madhan Neethiraj <mad...@apache.org> --- .../apache/ranger/plugin/util/SearchFilter.java | 1 + .../java/org/apache/ranger/biz/GdsDBStore.java | 24 ++++++++++++++++++++-- .../org/apache/ranger/common/RangerSearchUtil.java | 1 + .../ranger/db/XXGdsDataShareInDatasetDao.java | 18 ++++++++++++++++ .../main/resources/META-INF/jpa_named_queries.xml | 4 ++++ 5 files changed, 46 insertions(+), 2 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java index e64a7395b..60df0c52b 100755 --- a/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java +++ b/agents-common/src/main/java/org/apache/ranger/plugin/util/SearchFilter.java @@ -108,6 +108,7 @@ public class SearchFilter { public static final String DATA_SHARE_NAME = "dataShareName"; // search, sort public static final String DATA_SHARE_NAME_PARTIAL = "dataShareNamePartial"; // search, sort public static final String DATA_SHARE_ID = "dataShareId"; // search, sort + public static final String EXCLUDE_DATASET_ID = "excludeDatasetId"; // search public static final String SHARED_RESOURCE_NAME = "sharedResourceName"; // search, sort public static final String SHARED_RESOURCE_NAME_PARTIAL = "sharedResourceNamePartial"; // search, sort public static final String RESOURCE_CONTAINS = "resourceContains"; // search diff --git a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java index f58943617..6390f0547 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/GdsDBStore.java @@ -66,6 +66,8 @@ public class GdsDBStore extends AbstractGdsStore { public static final String NOT_AUTHORIZED_FOR_PROJECT_POLICIES = "User is not authorized to manage policies for this dataset"; public static final String NOT_AUTHORIZED_TO_VIEW_PROJECT_POLICIES = "User is not authorized to view policies for this dataset"; + private static final Set<Integer> SHARE_STATUS_AGR = new HashSet<>(Arrays.asList(GdsShareStatus.ACTIVE.ordinal(), GdsShareStatus.GRANTED.ordinal(), GdsShareStatus.REQUESTED.ordinal())); + @Autowired RangerGdsValidator validator; @@ -818,7 +820,7 @@ public class GdsDBStore extends AbstractGdsStore { if (gdsPermission.equals(GdsPermission.LIST)) { scrubDataShareForListing(dataShare); } - } + } LOG.debug("<== searchDataShares({}): ret={}", filter, ret); @@ -1383,6 +1385,7 @@ public class GdsDBStore extends AbstractGdsStore { int startIndex = filter.getStartIndex(); filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true"); + GdsPermission gdsPermission = getGdsPermissionFromFilter(filter); RangerDatasetList result = datasetService.searchDatasets(filter); List<RangerDataset> datasets = new ArrayList<>(); @@ -1402,6 +1405,21 @@ public class GdsDBStore extends AbstractGdsStore { int startIndex = filter.getStartIndex(); filter.setParam(SearchFilter.RETRIEVE_ALL_PAGES, "true"); + + String datasetId = filter.getParam(SearchFilter.DATASET_ID); + boolean excludeDatasetId = Boolean.parseBoolean(filter.getParam(SearchFilter.EXCLUDE_DATASET_ID)); + List<Long> dataSharesToExclude = null; + + if (excludeDatasetId) { + filter.removeParam(SearchFilter.DATASET_ID); + + dataSharesToExclude = daoMgr.getXXGdsDataShareInDataset().findDataShareIdsInStatuses(Long.parseLong(datasetId), SHARE_STATUS_AGR); + } + + if (dataSharesToExclude == null) { + dataSharesToExclude = Collections.emptyList(); + } + GdsPermission gdsPermission = getGdsPermissionFromFilter(filter); RangerDataShareList result = dataShareService.searchDataShares(filter); List<RangerDataShare> dataShares = new ArrayList<>(); @@ -1409,7 +1427,9 @@ public class GdsDBStore extends AbstractGdsStore { for (RangerDataShare dataShare : result.getList()) { if (dataShare != null && validator.hasPermission(dataShare.getAcl(), gdsPermission)) { - dataShares.add(dataShare); + if (!dataSharesToExclude.contains(dataShare.getId())) { + dataShares.add(dataShare); + } } } diff --git a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java index f769d2ed0..ab5f69b5a 100755 --- a/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java +++ b/security-admin/src/main/java/org/apache/ranger/common/RangerSearchUtil.java @@ -110,6 +110,7 @@ public class RangerSearchUtil extends SearchUtil { ret.setParam(SearchFilter.DATA_SHARE_NAME, request.getParameter(SearchFilter.DATA_SHARE_NAME)); ret.setParam(SearchFilter.DATA_SHARE_NAME_PARTIAL, request.getParameter(SearchFilter.DATA_SHARE_NAME_PARTIAL)); ret.setParam(SearchFilter.DATA_SHARE_ID, request.getParameter(SearchFilter.DATA_SHARE_ID)); + ret.setParam(SearchFilter.EXCLUDE_DATASET_ID, request.getParameter(SearchFilter.EXCLUDE_DATASET_ID)); ret.setParam(SearchFilter.SHARED_RESOURCE_ID, request.getParameter(SearchFilter.SHARED_RESOURCE_ID)); ret.setParam(SearchFilter.SHARED_RESOURCE_NAME, request.getParameter(SearchFilter.SHARED_RESOURCE_NAME)); ret.setParam(SearchFilter.SHARED_RESOURCE_NAME_PARTIAL, request.getParameter(SearchFilter.SHARED_RESOURCE_NAME_PARTIAL)); diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java index 7637b275d..130a260cc 100755 --- a/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXGdsDataShareInDatasetDao.java @@ -32,6 +32,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Objects; +import java.util.Set; @Service public class XXGdsDataShareInDatasetDao extends BaseDao<XXGdsDataShareInDataset> { @@ -125,4 +126,21 @@ public class XXGdsDataShareInDatasetDao extends BaseDao<XXGdsDataShareInDataset> return ret; } + + public List<Long> findDataShareIdsInStatuses(Long datasetId, Set<Integer> statuses) { + List<Long> ret = null; + + if (datasetId != null) { + try { + ret = getEntityManager().createNamedQuery("XXGdsDataShareInDataset.findDataShareIdsInStatuses", Long.class) + .setParameter("datasetId", datasetId) + .setParameter("statuses", statuses) + .getResultList(); + } catch (NoResultException e) { + LOG.debug("XXGdsDataShareInDataset({}, {}): ", datasetId, statuses, e); + } + } + + return ret != null ? ret : Collections.emptyList(); + } } diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 32b573054..69095b837 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -2265,6 +2265,10 @@ <query>select obj from XXGdsDataShareInDataset obj where obj.datasetId = :datasetId</query> </named-query> + <named-query name="XXGdsDataShareInDataset.findDataShareIdsInStatuses"> + <query>SELECT obj.dataShareId FROM XXGdsDataShareInDataset obj WHERE obj.datasetId = :datasetId AND obj.status IN :statuses</query> + </named-query> + <named-query name="XXGdsDatasetInProject.findByGuid"> <query>select obj from XXGdsDatasetInProject obj where obj.guid = :guid</query> </named-query>