use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class RangerBizUtil method hasAccess.
/**
* @param xxDbBase
* @param baseModel
* @return Boolean
*
* @NOTE: Kindly check all the references of this function before making any changes
*/
public Boolean hasAccess(XXDBBase xxDbBase, RangerBaseModelObject baseModel) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session == null) {
logger.info("User session not found, granting access.");
return true;
}
boolean isKeyAdmin = session.isKeyAdmin();
boolean isSysAdmin = session.isUserAdmin();
boolean isAuditor = session.isAuditUserAdmin();
boolean isAuditorKeyAdmin = session.isAuditKeyAdmin();
boolean isUser = false;
List<String> roleList = session.getUserRoleList();
if (roleList.contains(RangerConstants.ROLE_USER)) {
isUser = true;
}
if (xxDbBase != null && xxDbBase instanceof XXServiceDef) {
XXServiceDef xServiceDef = (XXServiceDef) xxDbBase;
final String implClass = xServiceDef.getImplclassname();
if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
// KMS case
return isKeyAdmin || isAuditorKeyAdmin;
} else {
// Other cases - implClass can be null!
return isSysAdmin || isUser || isAuditor;
}
}
if (xxDbBase != null && xxDbBase instanceof XXService) {
// services including KMS
if (isSysAdmin || isAuditor) {
return true;
}
XXService xService = (XXService) xxDbBase;
XXServiceDef xServiceDef = daoManager.getXXServiceDef().getById(xService.getType());
String implClass = xServiceDef.getImplclassname();
if (EmbeddedServiceDefsUtil.KMS_IMPL_CLASS_NAME.equals(implClass)) {
// KMS case
return isKeyAdmin || isAuditorKeyAdmin;
} else {
// Other cases - implClass can be null!
return isUser;
}
}
return false;
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class ServiceDBStore method createDefaultPolicyUsersAndGroups.
void createDefaultPolicyUsersAndGroups(List<RangerPolicy> defaultPolicies) {
Set<String> defaultPolicyUsers = new HashSet<String>();
Set<String> defaultPolicyGroups = new HashSet<String>();
for (RangerPolicy defaultPolicy : defaultPolicies) {
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getAllowExceptions()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyExceptions()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDataMaskPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getRowFilterPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
}
for (String policyUser : defaultPolicyUsers) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking policyUser:[" + policyUser + "] for existence");
}
if (StringUtils.isNotBlank(policyUser) && !StringUtils.equals(policyUser, RangerPolicyEngine.USER_CURRENT) && !StringUtils.equals(policyUser, RangerPolicyEngine.RESOURCE_OWNER)) {
XXUser xxUser = daoMgr.getXXUser().findByUserName(policyUser);
if (xxUser == null) {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + policyUser + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
xUserMgr.createServiceConfigUser(policyUser);
}
}
}
for (String policyGroup : defaultPolicyGroups) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking policyGroup:[" + policyGroup + "] for existence");
}
if (StringUtils.isNotBlank(policyGroup)) {
XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(policyGroup);
if (xxGroup == null) {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("Group does not exist with given groupname: [" + policyGroup + "] please use existing group", MessageEnums.OPER_NO_PERMISSION);
}
VXGroup vXGroup = new VXGroup();
vXGroup.setName(policyGroup);
vXGroup.setDescription(policyGroup);
vXGroup.setGroupSource(RangerCommonEnums.GROUP_INTERNAL);
vXGroup.setIsVisible(RangerCommonEnums.IS_VISIBLE);
xGroupService.createResource(vXGroup);
}
}
}
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class TestRangerBizUtil method testHasPermission_isAdmin.
@Test
public void testHasPermission_isAdmin() {
VXResource vXResource = new VXResource();
vXResource.setName(resourceName);
vXResource.setAssetId(id);
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
currentUserSession.setUserAdmin(true);
VXResponse resp = rangerBizUtil.hasPermission(vXResource, AppConstants.XA_PERM_TYPE_UNKNOWN);
Assert.assertNotNull(resp);
Assert.assertEquals(VXResponse.STATUS_SUCCESS, resp.getStatusCode());
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class TestRangerBizUtil method setup.
@Before
public void setup() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class TestServiceDBStore method setup.
public void setup() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
RangerContextHolder.setSecurityContext(context);
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
currentUserSession.setUserAdmin(true);
}
Aggregations