Search in sources :

Example 36 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class XAuditMgr method checkAdminAccess.

public void checkAdminAccess() {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session != null) {
        if (!session.isUserAdmin()) {
            throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + session.getXXPortalUser().getId() + " ,isn't permitted to perform the action.");
        }
    } else {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
        vXResponse.setMsgDesc("Bad Credentials");
        throw restErrorUtil.generateRESTException(vXResponse);
    }
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 37 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class XUserMgr method searchXAuditMaps.

public VXAuditMapList searchXAuditMaps(SearchCriteria searchCriteria) {
    VXAuditMapList returnList;
    UserSessionBase currentUserSession = ContextUtil.getCurrentUserSession();
    // If user is system admin
    if (currentUserSession != null && currentUserSession.isUserAdmin()) {
        returnList = super.searchXAuditMaps(searchCriteria);
    } else {
        returnList = new VXAuditMapList();
        int startIndex = searchCriteria.getStartIndex();
        int pageSize = searchCriteria.getMaxRows();
        searchCriteria.setStartIndex(0);
        searchCriteria.setMaxRows(Integer.MAX_VALUE);
        List<VXAuditMap> resultList = xAuditMapService.searchXAuditMaps(searchCriteria).getVXAuditMaps();
        List<VXAuditMap> adminAuditResourceList = new ArrayList<VXAuditMap>();
        for (VXAuditMap xXAuditMap : resultList) {
            XXResource xRes = daoManager.getXXResource().getById(xXAuditMap.getResourceId());
            VXResponse vXResponse = msBizUtil.hasPermission(xResourceService.populateViewBean(xRes), AppConstants.XA_PERM_TYPE_ADMIN);
            if (vXResponse.getStatusCode() == VXResponse.STATUS_SUCCESS) {
                adminAuditResourceList.add(xXAuditMap);
            }
        }
        if (adminAuditResourceList.size() > 0) {
            populatePageList(adminAuditResourceList, startIndex, pageSize, returnList);
        }
    }
    return returnList;
}
Also used : XXResource(org.apache.ranger.entity.XXResource) ArrayList(java.util.ArrayList) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 38 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class XUserMgr method createXGroupPermission.

// Group permission
public VXGroupPermission createXGroupPermission(VXGroupPermission vXGroupPermission) {
    vXGroupPermission = xGroupPermissionService.createResource(vXGroupPermission);
    List<XXGroupUser> grpUsers = daoManager.getXXGroupUser().findByGroupId(vXGroupPermission.getGroupId());
    for (XXGroupUser xGrpUser : grpUsers) {
        Set<UserSessionBase> userSessions = sessionMgr.getActiveUserSessionsForXUserId(xGrpUser.getUserId());
        if (!CollectionUtils.isEmpty(userSessions)) {
            for (UserSessionBase userSession : userSessions) {
                logger.info("Assigning permission to group, one of the user belongs to that group found logged in into system, so updating permission in session of that user");
                sessionMgr.resetUserModulePermission(userSession);
            }
        }
    }
    return vXGroupPermission;
}
Also used : XXGroupUser(org.apache.ranger.entity.XXGroupUser) UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 39 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class XUserMgr method restrictSelfAccountDeletion.

public void restrictSelfAccountDeletion(String loginID) {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session != null) {
        if (!session.isUserAdmin()) {
            throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to perform the action.");
        } else {
            if (!StringUtil.isEmpty(loginID) && loginID.equals(session.getLoginId())) {
                throw restErrorUtil.create403RESTException("Operation denied. LoggedInUser= " + session.getXXPortalUser().getLoginId() + " isn't permitted to delete his own profile.");
            }
        }
    } else {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
        vXResponse.setMsgDesc("Bad Credentials");
        throw restErrorUtil.generateRESTException(vXResponse);
    }
}
Also used : UserSessionBase(org.apache.ranger.common.UserSessionBase)

Example 40 with UserSessionBase

use of org.apache.ranger.common.UserSessionBase in project ranger by apache.

the class XUserMgr method checkAccessRoles.

public void checkAccessRoles(List<String> stringRolesList) {
    UserSessionBase session = ContextUtil.getCurrentUserSession();
    if (session != null && stringRolesList != null) {
        if (!session.isUserAdmin() && !session.isKeyAdmin()) {
            throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action.");
        } else {
            if (!"rangerusersync".equals(session.getXXPortalUser().getLoginId())) {
                // new logic for rangerusersync user
                if (session.isUserAdmin() && stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN)) {
                    throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
                }
                if (session.isKeyAdmin() && stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN)) {
                    throw restErrorUtil.create403RESTException("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
                }
            } else {
                logger.info("LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " is permitted to perform the action.");
            }
        }
    } else {
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
        vXResponse.setMsgDesc("Bad Credentials");
        throw restErrorUtil.generateRESTException(vXResponse);
    }
}
Also used : UserSessionBase(org.apache.ranger.common.UserSessionBase)

Aggregations

UserSessionBase (org.apache.ranger.common.UserSessionBase)69 RangerSecurityContext (org.apache.ranger.security.context.RangerSecurityContext)24 XXPortalUser (org.apache.ranger.entity.XXPortalUser)11 VXString (org.apache.ranger.view.VXString)11 XXUser (org.apache.ranger.entity.XXUser)8 ArrayList (java.util.ArrayList)6 XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)6 XXService (org.apache.ranger.entity.XXService)5 VXResponse (org.apache.ranger.view.VXResponse)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 HashSet (java.util.HashSet)3 HttpSession (javax.servlet.http.HttpSession)3 XXGroupUser (org.apache.ranger.entity.XXGroupUser)3 XXResource (org.apache.ranger.entity.XXResource)3 EntityManager (javax.persistence.EntityManager)2 CriteriaBuilder (javax.persistence.criteria.CriteriaBuilder)2 Predicate (javax.persistence.criteria.Predicate)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2