Example 1 with SearchCriteria
use of org.apache.ranger.common.SearchCriteria in project ranger by apache.
the class XUserMgr method updateXUser.
public VXUser updateXUser(VXUser vXUser) {
if (vXUser == null || vXUser.getName() == null || "null".equalsIgnoreCase(vXUser.getName()) || vXUser.getName().trim().isEmpty()) {
throw restErrorUtil.createRESTException("Please provide a valid " + "username.", MessageEnums.INVALID_INPUT_DATA);
}
checkAccess(vXUser.getName());
xaBizUtil.blockAuditorRoleUser();
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName());
VXPortalUser vXPortalUser = new VXPortalUser();
if (oldUserProfile != null && oldUserProfile.getId() != null) {
vXPortalUser.setId(oldUserProfile.getId());
}
// TODO : There is a possibility that old user may not exist.
vXPortalUser.setFirstName(vXUser.getFirstName());
if ("null".equalsIgnoreCase(vXPortalUser.getFirstName())) {
vXPortalUser.setFirstName("");
}
vXPortalUser.setLastName(vXUser.getLastName());
if ("null".equalsIgnoreCase(vXPortalUser.getLastName())) {
vXPortalUser.setLastName("");
}
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
vXPortalUser.setLoginId(vXUser.getName());
vXPortalUser.setStatus(vXUser.getStatus());
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
if (vXPortalUser.getFirstName() != null && vXPortalUser.getLastName() != null && !vXPortalUser.getFirstName().trim().isEmpty() && !vXPortalUser.getLastName().trim().isEmpty()) {
vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " " + vXPortalUser.getLastName());
} else {
vXPortalUser.setPublicScreenName(vXUser.getName());
}
vXPortalUser.setUserSource(oldUserProfile.getUserSource());
String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
String password = vXUser.getPassword();
if (oldUserProfile != null && password != null && password.equals(hiddenPasswordString)) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
} else if (oldUserProfile != null && oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL && password != null) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
logger.debug("User is trrying to change external user password which we are not allowing it to change");
} else if (password != null) {
validatePassword(vXUser);
vXPortalUser.setPassword(password);
}
Collection<Long> groupIdList = vXUser.getGroupIdList();
XXPortalUser xXPortalUser = new XXPortalUser();
xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
// update permissions start
Collection<String> roleListUpdatedProfile = new ArrayList<String>();
if (oldUserProfile != null && oldUserProfile.getId() != null) {
if (vXUser != null && vXUser.getUserRoleList() != null) {
Collection<String> roleListOldProfile = oldUserProfile.getUserRoleList();
Collection<String> roleListNewProfile = vXUser.getUserRoleList();
if (roleListNewProfile != null && roleListOldProfile != null) {
for (String role : roleListNewProfile) {
if (role != null && !roleListOldProfile.contains(role)) {
roleListUpdatedProfile.add(role);
}
}
}
}
}
if (roleListUpdatedProfile != null && roleListUpdatedProfile.size() > 0) {
vXPortalUser.setUserRoleList(roleListUpdatedProfile);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByUserPermissionId(vXPortalUser.getId());
if (xuserPermissionList != null && xuserPermissionList.size() > 0) {
for (XXUserPermission xXUserPermission : xuserPermissionList) {
if (xXUserPermission != null) {
try {
xUserPermissionService.deleteResource(xXUserPermission.getId());
} catch (Exception e) {
logger.error(e.getMessage());
}
}
}
}
assignPermissionToUser(vXPortalUser, true);
}
// update permissions end
Collection<String> roleList = new ArrayList<String>();
if (xXPortalUser != null) {
roleList = userMgr.getRolesForUser(xXPortalUser);
}
if (roleList == null || roleList.size() == 0) {
roleList = new ArrayList<String>();
roleList.add(RangerConstants.ROLE_USER);
}
// TODO I've to get the transaction log from here.
// There is nothing to log anything in XXUser so far.
vXUser = xUserService.updateResource(vXUser);
vXUser.setUserRoleList(roleList);
if (oldUserProfile != null) {
if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) {
vXUser.setPassword(password);
} else if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
vXUser.setPassword(oldUserProfile.getPassword());
}
}
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(vXUser, oldUserProfile, "update");
vXUser.setPassword(hiddenPasswordString);
Long userId = vXUser.getId();
List<Long> groupUsersToRemove = new ArrayList<Long>();
if (groupIdList != null) {
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", userId);
VXGroupUserList vXGroupUserList = xGroupUserService.searchXGroupUsers(searchCriteria);
List<VXGroupUser> vXGroupUsers = vXGroupUserList.getList();
if (vXGroupUsers != null) {
// Create
for (Long groupId : groupIdList) {
boolean found = false;
for (VXGroupUser vXGroupUser : vXGroupUsers) {
if (groupId.equals(vXGroupUser.getParentGroupId())) {
found = true;
break;
}
}
if (!found) {
VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
}
}
// Delete
for (VXGroupUser vXGroupUser : vXGroupUsers) {
boolean found = false;
for (Long groupId : groupIdList) {
if (groupId.equals(vXGroupUser.getParentGroupId())) {
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "update"));
found = true;
break;
}
}
if (!found) {
// TODO I've to get the transaction log from here.
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "delete"));
groupUsersToRemove.add(vXGroupUser.getId());
// xGroupUserService.deleteResource(vXGroupUser.getId());
}
}
} else {
for (Long groupId : groupIdList) {
VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
}
}
vXUser.setGroupIdList(groupIdList);
} else {
logger.debug("Group id list can't be null for user. Group user " + "mapping not updated for user : " + userId);
}
xaBizUtil.createTrxLog(trxLogList);
for (Long groupUserId : groupUsersToRemove) {
xGroupUserService.deleteResource(groupUserId);
}
return vXUser;
}
Also used :
ArrayList(java.util.ArrayList)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
Example 2 with SearchCriteria
use of org.apache.ranger.common.SearchCriteria in project ranger by apache.
the class XUserMgr method deleteXUser.
public synchronized void deleteXUser(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = xXUserDao.getById(id);
VXUser vXUser = xUserService.populateViewBean(xXUser);
if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
VXPortalUser vXPortalUser = null;
if (xXPortalUser != null) {
vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
}
if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
if (logger.isDebugEnabled()) {
logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
}
restrictSelfAccountDeletion(vXUser.getName().trim());
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
long xXPortalUserId = 0;
xXPortalUserId = vXPortalUser.getId();
XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : " + vXUser.getName());
if (force) {
// delete XXGroupUser mapping
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of user
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of user
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXPortalUser references
if (vXPortalUser != null) {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
}
for (XXAuthSession xXAuthSession : xXAuthSessions) {
xXAuthSessionDao.remove(xXAuthSession.getId());
}
for (XXUserPermission xXUserPermission : xXUserPermissions) {
if (xXUserPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
}
xXUserPermissionDao.remove(xXUserPermission.getId());
}
}
for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
if (xXPortalUserRole != null) {
logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
}
}
}
// delete XXPolicyItemUserPerm records of user
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, vXUser.getName(), null);
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
}
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
if (xXPortalUser != null) {
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
} else {
boolean hasReferences = false;
if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
hasReferences = true;
}
if (hasReferences) {
if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xUserService.updateResource(vXUser);
}
} else {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao)
XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
Example 3 with SearchCriteria
use of org.apache.ranger.common.SearchCriteria in project ranger by apache.
the class XUserMgr method deleteXGroup.
public void deleteXGroup(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXGroupDao xXGroupDao = daoManager.getXXGroup();
XXGroup xXGroup = xXGroupDao.getById(id);
VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
if (logger.isDebugEnabled()) {
logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
}
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xGroupId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
logger.warn("Deleting GROUP : " + vXGroup.getName());
if (force) {
// delete XXGroupUser records of matching group
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = null;
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
xXUser = xXUserDao.getById(groupUser.getUserId());
if (xXUser != null) {
logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
}
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of matching group
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
XXResourceDao xXResourceDao = daoManager.getXXResource();
XXResource xXResource = null;
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
if (xXResource != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
}
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of matching group
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXGroupGroupDao records of group-group mapping
for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
if (xXGroupGroup != null) {
XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
if (xXGroupParent != null && xXGroupChild != null) {
logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
}
xXGroupGroupDao.remove(xXGroupGroup.getId());
}
}
// delete XXPolicyItemGroupPerm records of group
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, null, vXGroup.getName());
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
restErrorUtil.createRESTException(excp.getMessage());
}
}
if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
if (xXGroupPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
}
xXGroupPermissionDao.remove(xXGroupPermission.getId());
}
}
}
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
} else {
boolean hasReferences = false;
if (vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
hasReferences = true;
}
if (hasReferences) {
// change visibility to Hidden
if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xGroupService.updateResource(vXGroup);
}
} else {
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao)
XXResourceDao(org.apache.ranger.db.XXResourceDao)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
XXResource(org.apache.ranger.entity.XXResource)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXGroup(org.apache.ranger.entity.XXGroup)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
XXGroupDao(org.apache.ranger.db.XXGroupDao)
XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)
Example 4 with SearchCriteria
use of org.apache.ranger.common.SearchCriteria in project ranger by apache.
the class TestXUserMgr method createsearchCriteria.
private SearchCriteria createsearchCriteria() {
SearchCriteria testsearchCriteria = new SearchCriteria();
testsearchCriteria.setStartIndex(0);
testsearchCriteria.setMaxRows(Integer.MAX_VALUE);
testsearchCriteria.setSortBy("id");
testsearchCriteria.setSortType("asc");
testsearchCriteria.setGetCount(true);
testsearchCriteria.setOwnerId(null);
testsearchCriteria.setGetChildren(false);
testsearchCriteria.setDistinct(false);
return testsearchCriteria;
}
Also used :
SearchCriteria(org.apache.ranger.common.SearchCriteria)
Example 5 with SearchCriteria
use of org.apache.ranger.common.SearchCriteria in project ranger by apache.
the class TestAssetREST method testGetAccessLogsForKms.
@Test
public void testGetAccessLogsForKms() {
SearchCriteria searchCriteria = new SearchCriteria();
List<SortField> sortFields = null;
List<VXAccessAudit> vXAccessAudits = new ArrayList<VXAccessAudit>();
VXAccessAuditList vXAccessAuditList = new VXAccessAuditList();
vXAccessAuditList.setVXAccessAudits(vXAccessAudits);
Mockito.when(searchUtil.extractCommonCriterias(request, sortFields)).thenReturn(searchCriteria);
Mockito.when(searchUtil.extractString((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn("test");
Mockito.when(searchUtil.extractInt((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())).thenReturn((Integer) 8);
Mockito.when(searchUtil.extractDate((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString())).thenReturn(new Date());
Mockito.when(searchUtil.extractLong((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())).thenReturn((Long) 8l);
Mockito.when(searchUtil.extractLong((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString())).thenReturn((Long) 8l);
Mockito.when(msBizUtil.isKeyAdmin()).thenReturn(true);
Mockito.when(daoManager.getXXServiceDef()).thenReturn(xxServiceDefDao);
XXServiceDef xServiceDef = new XXServiceDef();
xServiceDef.setId(Id);
Mockito.when(xxServiceDefDao.findByName(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_KMS_NAME)).thenReturn(xServiceDef);
Mockito.when(assetMgr.getAccessLogs(searchCriteria)).thenReturn(vXAccessAuditList);
VXAccessAuditList expectedVXAccessAuditList = assetREST.getAccessLogs(request);
Assert.assertEquals(vXAccessAuditList, expectedVXAccessAuditList);
Mockito.verify(msBizUtil).isKeyAdmin();
Mockito.verify(assetMgr).getAccessLogs(searchCriteria);
Mockito.verify(daoManager).getXXServiceDef();
Mockito.verify(searchUtil, Mockito.times(12)).extractString((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.nullable(String.class));
Mockito.verify(searchUtil, Mockito.times(4)).extractInt((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString());
Mockito.verify(searchUtil, Mockito.times(2)).extractDate((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString(), Mockito.anyString());
Mockito.verify(searchUtil).extractLong((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), Mockito.anyString(), Mockito.anyString());
}
Also used :
XXServiceDef(org.apache.ranger.entity.XXServiceDef)
ArrayList(java.util.ArrayList)
SortField(org.apache.ranger.common.SortField)
VXAccessAudit(org.apache.ranger.view.VXAccessAudit)
VXAccessAuditList(org.apache.ranger.view.VXAccessAuditList)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
Date(java.util.Date)
Test(org.junit.Test)
Aggregations
SearchCriteria (org.apache.ranger.common.SearchCriteria)61
Test (org.junit.Test)29
SortField (org.apache.ranger.common.SortField)27
ArrayList (java.util.ArrayList)22
HttpServletRequest (javax.servlet.http.HttpServletRequest)20
GET (javax.ws.rs.GET)13
Path (javax.ws.rs.Path)12
Produces (javax.ws.rs.Produces)12
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)12
VXLong (org.apache.ranger.view.VXLong)10
Date (java.util.Date)9
DateUtil (org.apache.ranger.common.DateUtil)6
HashMap (java.util.HashMap)4
XXPortalUser (org.apache.ranger.entity.XXPortalUser)4
RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)4
RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)4
VXPermMap (org.apache.ranger.view.VXPermMap)4
VXUserList (org.apache.ranger.view.VXUserList)4
List (java.util.List)3
XXServiceDef (org.apache.ranger.entity.XXServiceDef)3
