Search in sources :

Example 1 with XXAuthSessionDao

use of org.apache.ranger.db.XXAuthSessionDao in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Example 2 with XXAuthSessionDao

use of org.apache.ranger.db.XXAuthSessionDao in project ranger by apache.

the class TestXUserMgr method test28DeleteXUser.

@Test
public void test28DeleteXUser() {
    setup();
    boolean force = true;
    VXUser vXUser = vxUser();
    // XXUser
    XXUser xXUser = new XXUser();
    XXUserDao xXUserDao = Mockito.mock(XXUserDao.class);
    Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao);
    Mockito.when(xXUserDao.getById(vXUser.getId())).thenReturn(xXUser);
    Mockito.when(xUserService.populateViewBean(xXUser)).thenReturn(vXUser);
    // VXGroupUser
    VXGroupUserList vxGroupUserList = new VXGroupUserList();
    XXGroupUserDao xGroupUserDao = Mockito.mock(XXGroupUserDao.class);
    VXGroupUser vxGroupUser = new VXGroupUser();
    vxGroupUser.setId(userId);
    vxGroupUser.setName("group user test");
    vxGroupUser.setOwner("Admin");
    vxGroupUser.setUserId(vXUser.getId());
    vxGroupUser.setUpdatedBy("User");
    Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
    Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupUserDao);
    // VXPermMap
    VXPermMapList vXPermMapList = new VXPermMapList();
    XXPermMapDao xXPermMapDao = Mockito.mock(XXPermMapDao.class);
    Mockito.when(xPermMapService.searchXPermMaps((SearchCriteria) Mockito.any())).thenReturn(vXPermMapList);
    Mockito.when(daoManager.getXXPermMap()).thenReturn(xXPermMapDao);
    // VXAuditMap
    VXAuditMapList vXAuditMapList = new VXAuditMapList();
    XXAuditMapDao xXAuditMapDao = Mockito.mock(XXAuditMapDao.class);
    Mockito.when(xAuditMapService.searchXAuditMaps((SearchCriteria) Mockito.any())).thenReturn(vXAuditMapList);
    Mockito.when(daoManager.getXXAuditMap()).thenReturn(xXAuditMapDao);
    // XXPortalUser
    VXPortalUser vXPortalUser = userProfile();
    XXPortalUser xXPortalUser = new XXPortalUser();
    XXPortalUserDao xXPortalUserDao = Mockito.mock(XXPortalUserDao.class);
    Mockito.when(daoManager.getXXPortalUser()).thenReturn(xXPortalUserDao);
    Mockito.when(xXPortalUserDao.findByLoginId(vXUser.getName().trim())).thenReturn(xXPortalUser);
    Mockito.when(xPortalUserService.populateViewBean(xXPortalUser)).thenReturn(vXPortalUser);
    XXAuthSessionDao xXAuthSessionDao = Mockito.mock(XXAuthSessionDao.class);
    XXUserPermissionDao xXUserPermissionDao = Mockito.mock(XXUserPermissionDao.class);
    XXPortalUserRoleDao xXPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class);
    Mockito.when(daoManager.getXXAuthSession()).thenReturn(xXAuthSessionDao);
    Mockito.when(daoManager.getXXUserPermission()).thenReturn(xXUserPermissionDao);
    Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xXPortalUserRoleDao);
    List<XXAuthSession> xXAuthSessions = new ArrayList<XXAuthSession>();
    List<XXUserPermission> xXUserPermissions = new ArrayList<XXUserPermission>();
    List<XXPortalUserRole> xXPortalUserRoles = new ArrayList<XXPortalUserRole>();
    Mockito.when(xXAuthSessionDao.getAuthSessionByUserId(vXPortalUser.getId())).thenReturn(xXAuthSessions);
    Mockito.when(xXUserPermissionDao.findByUserPermissionId(vXPortalUser.getId())).thenReturn(xXUserPermissions);
    Mockito.when(xXPortalUserRoleDao.findByUserId(vXPortalUser.getId())).thenReturn(xXPortalUserRoles);
    // update XXPolicyItemUserPerm
    XXPolicyDao xXPolicyDao = Mockito.mock(XXPolicyDao.class);
    List<XXPolicy> xXPolicyList = new ArrayList<XXPolicy>();
    Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao);
    Mockito.when(xXPolicyDao.findByUserId(vXUser.getId())).thenReturn(xXPolicyList);
    xUserMgr.deleteXUser(vXUser.getId(), force);
    Mockito.verify(xGroupUserService).searchXGroupUsers((SearchCriteria) Mockito.any());
}
Also used : XXUser(org.apache.ranger.entity.XXUser) VXGroupUserList(org.apache.ranger.view.VXGroupUserList) XXUserDao(org.apache.ranger.db.XXUserDao) ArrayList(java.util.ArrayList) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) VXPortalUser(org.apache.ranger.view.VXPortalUser) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) VXPermMapList(org.apache.ranger.view.VXPermMapList) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) VXGroupUser(org.apache.ranger.view.VXGroupUser) VXAuditMapList(org.apache.ranger.view.VXAuditMapList) VXUser(org.apache.ranger.view.VXUser) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) XXPortalUser(org.apache.ranger.entity.XXPortalUser) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) Test(org.junit.Test)

Aggregations

XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2 XXAuthSessionDao (org.apache.ranger.db.XXAuthSessionDao)2 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)2 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)2 XXPolicyDao (org.apache.ranger.db.XXPolicyDao)2 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)2 XXPortalUserRoleDao (org.apache.ranger.db.XXPortalUserRoleDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXUserPermissionDao (org.apache.ranger.db.XXUserPermissionDao)2 XXAuthSession (org.apache.ranger.entity.XXAuthSession)2 XXPolicy (org.apache.ranger.entity.XXPolicy)2 XXPortalUser (org.apache.ranger.entity.XXPortalUser)2 XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)2 XXUser (org.apache.ranger.entity.XXUser)2 XXUserPermission (org.apache.ranger.entity.XXUserPermission)2 ArrayList (java.util.ArrayList)1 SearchCriteria (org.apache.ranger.common.SearchCriteria)1 XXModuleDef (org.apache.ranger.entity.XXModuleDef)1 XXTrxLog (org.apache.ranger.entity.XXTrxLog)1 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)1