use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XAuditMgr method checkAdminAccess.
public void checkAdminAccess() {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (!session.isUserAdmin()) {
throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method searchXAuditMaps.
public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
VXAuditMapList returnList;
UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
// If user is system admin
if (currentUserSession != null && currentUserSession.isUserAdmin()) {
returnList = super.searchXAuditMaps(searchCriteria);
} else {
returnList = new VXAuditMapList();
int startIndex = searchCriteria.getStartIndex();
int pageSize = searchCriteria.getMaxRows();
searchCriteria.setStartIndex(0);
searchCriteria.setMaxRows(Integer.MAX_VALUE);
List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps();
List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>();
for (VXAuditMap xXAuditMap : resultList) {
XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
adminAuditResourceList.add(xXAuditMap);
}
}
if (adminAuditResourceList.size() > 0) {
populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
}
}
return returnList;
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method createXGroupPermission.
// Group permission
public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
vXGroupPermission = xGroupPermissionService.createResource(vXGroupPermission);
List<XXGroupUser> grpUsers = daoManager.getXXGroupUser().findByGroupId(vXGroupPermission.getGroupId());
for (XXGroupUser xGrpUser : grpUsers) {
Set<UserSessionBase> userSessions = sessionMgr.getActiveUserSessionsForXUserId(xGrpUser.getUserId());
if (!CollectionUtils.isEmpty(userSessions)) {
for (UserSessionBase userSession : userSessions) {
logger.info("Assigning permission to group, one of the user belongs to that group found logged in into system, so updating permission in session of that user");
sessionMgr.resetUserModulePermission(userSession);
}
}
}
return vXGroupPermission;
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method restrictSelfAccountDeletion.
public void restrictSelfAccountDeletion(String loginID) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
if (!session.isUserAdmin()) {
throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to perform the action.");
} else {
if (!StringUtil.isEmpty(loginID) && loginID.equals(session.getLoginId())) {
throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to delete his own profile.");
}
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
use of org.apache.ranger.common.UserSessionBase in project ranger by apache.
the class XUserMgr method checkAccessRoles.
public void checkAccessRoles(List<String> stringRolesList) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null && stringRolesList != null) {
if (!session.isUserAdmin() && !session.isKeyAdmin()) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action.");
} else {
if (!"rangerusersync".equals(session.getXXPortalUser().getLoginId())) {
// new logic for rangerusersync user
if (session.isUserAdmin() && stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
}
if (session.isKeyAdmin() && stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
}
} else {
logger.info("LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " is permitted to perform the action.");
}
}
} else {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Bad Credentials");
throw restErrorUtil.generateRESTException(vXResponse);
}
}
Aggregations