Search in sources :

Example 1 with XXPolicyDao

use of org.apache.ranger.db.XXPolicyDao in project ranger by apache.

the class TestXUserMgr method test27DeleteXGroup.

@Test
public void test27DeleteXGroup() {
    setup();
    boolean force = true;
    VXGroup vXGroup = new VXGroup();
    vXGroup.setId(userId);
    vXGroup.setDescription("group test");
    vXGroup.setName("grouptest");
    // XXGroup
    XXGroupDao xXGroupDao = Mockito.mock(XXGroupDao.class);
    XXGroup xXGroup = new XXGroup();
    Mockito.when(daoManager.getXXGroup()).thenReturn(xXGroupDao);
    Mockito.when(xXGroupDao.getById(vXGroup.getId())).thenReturn(xXGroup);
    Mockito.when(xGroupService.populateViewBean(xXGroup)).thenReturn(vXGroup);
    // VXGroupUser
    VXGroupUserList vxGroupUserList = new VXGroupUserList();
    XXGroupUserDao xGroupUserDao = Mockito.mock(XXGroupUserDao.class);
    VXGroupUser vxGroupUser = new VXGroupUser();
    vxGroupUser.setId(userId);
    vxGroupUser.setName("group user test");
    vxGroupUser.setOwner("Admin");
    vxGroupUser.setUserId(userId);
    vxGroupUser.setUpdatedBy("User");
    Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList);
    Mockito.when(daoManager.getXXGroupUser()).thenReturn(xGroupUserDao);
    // VXPermMap
    VXPermMapList vXPermMapList = new VXPermMapList();
    XXPermMapDao xXPermMapDao = Mockito.mock(XXPermMapDao.class);
    Mockito.when(xPermMapService.searchXPermMaps((SearchCriteria) Mockito.any())).thenReturn(vXPermMapList);
    Mockito.when(daoManager.getXXPermMap()).thenReturn(xXPermMapDao);
    // VXAuditMap
    VXAuditMapList vXAuditMapList = new VXAuditMapList();
    XXAuditMapDao xXAuditMapDao = Mockito.mock(XXAuditMapDao.class);
    Mockito.when(xAuditMapService.searchXAuditMaps((SearchCriteria) Mockito.any())).thenReturn(vXAuditMapList);
    Mockito.when(daoManager.getXXAuditMap()).thenReturn(xXAuditMapDao);
    // XXGroupGroup
    XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class);
    List<XXGroupGroup> xXGroupGroups = new ArrayList<XXGroupGroup>();
    Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao);
    Mockito.when(xXGroupGroupDao.findByGroupId(userId)).thenReturn(xXGroupGroups);
    // update XXGroupPermission
    XXGroupPermissionDao xXGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class);
    Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xXGroupPermissionDao);
    List<XXGroupPermission> xXGroupPermissions = new ArrayList<XXGroupPermission>();
    Mockito.when(xXGroupPermissionDao.findByGroupId(vXGroup.getId())).thenReturn(xXGroupPermissions);
    // update XXPolicyItemUserPerm
    XXPolicyDao xXPolicyDao = Mockito.mock(XXPolicyDao.class);
    List<XXPolicy> xXPolicyList = new ArrayList<XXPolicy>();
    Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao);
    Mockito.when(xXPolicyDao.findByGroupId(userId)).thenReturn(xXPolicyList);
    xUserMgr.deleteXGroup(vXGroup.getId(), force);
    Mockito.verify(xGroupUserService).searchXGroupUsers((SearchCriteria) Mockito.any());
}
Also used : VXGroupUserList(org.apache.ranger.view.VXGroupUserList) XXGroupPermission(org.apache.ranger.entity.XXGroupPermission) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao) ArrayList(java.util.ArrayList) VXGroupUser(org.apache.ranger.view.VXGroupUser) VXAuditMapList(org.apache.ranger.view.VXAuditMapList) XXPolicy(org.apache.ranger.entity.XXPolicy) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXGroup(org.apache.ranger.entity.XXGroup) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) VXPermMapList(org.apache.ranger.view.VXPermMapList) VXGroup(org.apache.ranger.view.VXGroup) XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao) XXGroupDao(org.apache.ranger.db.XXGroupDao) XXGroupGroup(org.apache.ranger.entity.XXGroupGroup) Test(org.junit.Test)

Example 2 with XXPolicyDao

use of org.apache.ranger.db.XXPolicyDao in project ranger by apache.

the class PatchForMigratingOldRegimePolicyJson_J10046 method portPolicy.

private void portPolicy(String serviceType, RangerPolicy policy) throws Exception {
    logger.info("==> portPolicy(id=" + policy.getId() + ")");
    String policyText = JsonUtils.objectToJson(policy);
    if (StringUtils.isEmpty(policyText)) {
        throw new Exception("Failed to convert policy to json string. Policy: [id=" + policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]");
    }
    XXPolicyDao policyDao = daoMgr.getXXPolicy();
    XXPolicy dbBean = policyDao.getById(policy.getId());
    dbBean.setPolicyText(policyText);
    policyDao.update(dbBean);
    try {
        Set<String> accesses = new HashSet<>();
        Set<String> users = new HashSet<>();
        Set<String> groups = new HashSet<>();
        Set<String> conditions = new HashSet<>();
        Set<String> dataMasks = new HashSet<>();
        buildLists(policy.getPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getDenyPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getAllowExceptions(), accesses, conditions, users, groups);
        buildLists(policy.getDenyExceptions(), accesses, conditions, users, groups);
        buildLists(policy.getDataMaskPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getRowFilterPolicyItems(), accesses, conditions, users, groups);
        buildList(policy.getDataMaskPolicyItems(), dataMasks);
        addResourceDefRef(serviceType, policy);
        addUserNameRef(policy.getId(), users);
        addGroupNameRef(policy.getId(), groups);
        addAccessDefRef(serviceType, policy.getId(), accesses);
        addPolicyConditionDefRef(serviceType, policy.getId(), conditions);
        addDataMaskDefRef(serviceType, policy.getId(), dataMasks);
    } catch (Exception e) {
        logger.error("portPoliry(id=" + policy.getId() + ") failed!!");
        logger.error("Offending policy:" + policyText);
        throw e;
    }
    logger.info("<== portPolicy(id=" + policy.getId() + ")");
}
Also used : XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXPolicy(org.apache.ranger.entity.XXPolicy) HashSet(java.util.HashSet)

Example 3 with XXPolicyDao

use of org.apache.ranger.db.XXPolicyDao in project ranger by apache.

the class PatchForUpdatingPolicyJson_J10019 method portPolicy.

private void portPolicy(String serviceType, RangerPolicy policy) throws Exception {
    logger.info("==> portPolicy(id=" + policy.getId() + ")");
    String policyText = JsonUtils.objectToJson(policy);
    if (StringUtils.isEmpty(policyText)) {
        throw new Exception("Failed to convert policy to json string. Policy: [id=" + policy.getId() + "; name=" + policy.getName() + "; serviceType=" + serviceType + "]");
    }
    XXPolicyDao policyDao = daoMgr.getXXPolicy();
    XXPolicy dbBean = policyDao.getById(policy.getId());
    dbBean.setPolicyText(policyText);
    policyDao.update(dbBean);
    try {
        Set<String> accesses = new HashSet<>();
        Set<String> users = new HashSet<>();
        Set<String> groups = new HashSet<>();
        Set<String> conditions = new HashSet<>();
        Set<String> dataMasks = new HashSet<>();
        buildLists(policy.getPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getDenyPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getAllowExceptions(), accesses, conditions, users, groups);
        buildLists(policy.getDenyExceptions(), accesses, conditions, users, groups);
        buildLists(policy.getDataMaskPolicyItems(), accesses, conditions, users, groups);
        buildLists(policy.getRowFilterPolicyItems(), accesses, conditions, users, groups);
        buildList(policy.getDataMaskPolicyItems(), dataMasks);
        addResourceDefRef(serviceType, policy);
        addUserNameRef(policy.getId(), users);
        addGroupNameRef(policy.getId(), groups);
        addAccessDefRef(serviceType, policy.getId(), accesses);
        addPolicyConditionDefRef(serviceType, policy.getId(), conditions);
        addDataMaskDefRef(serviceType, policy.getId(), dataMasks);
    } catch (Exception e) {
        logger.error("portPoliry(id=" + policy.getId() + ") failed!!");
        logger.error("Offending policy:" + policyText);
        throw e;
    }
    logger.info("<== portPolicy(id=" + policy.getId() + ")");
}
Also used : XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXPolicy(org.apache.ranger.entity.XXPolicy) HashSet(java.util.HashSet)

Example 4 with XXPolicyDao

use of org.apache.ranger.db.XXPolicyDao in project ranger by apache.

the class XUserMgr method deleteXGroup.

public void deleteXGroup(Long id, boolean force) {
    checkAdminAccess();
    blockIfZoneGroup(id);
    this.blockIfRoleGroup(id);
    xaBizUtil.blockAuditorRoleUser();
    XXGroupDao xXGroupDao = daoManager.getXXGroup();
    XXGroup xXGroup = xXGroupDao.getById(id);
    VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
    if (vXGroup == null || StringUtils.isEmpty(vXGroup.getName())) {
        throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
    }
    if (logger.isDebugEnabled()) {
        logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
    }
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xGroupId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
    List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
    XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
    List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
    logger.warn("Deleting GROUP : " + vXGroup.getName());
    if (force) {
        // delete XXGroupUser records of matching group
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        XXUserDao xXUserDao = daoManager.getXXUser();
        XXUser xXUser = null;
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                xXUser = xXUserDao.getById(groupUser.getUserId());
                if (xXUser != null) {
                    logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
                }
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of matching group
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        XXResourceDao xXResourceDao = daoManager.getXXResource();
        XXResource xXResource = null;
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
                if (xXResource != null) {
                    logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
                }
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of matching group
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXGroupGroupDao records of group-group mapping
        for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
            if (xXGroupGroup != null) {
                XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
                XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
                if (xXGroupParent != null && xXGroupChild != null) {
                    logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
                }
                xXGroupGroupDao.remove(xXGroupGroup.getId());
            }
        }
        // delete XXPolicyItemGroupPerm records of group
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, null, vXGroup.getName());
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
                if (xXGroupPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
                    }
                    xXGroupPermissionDao.remove(xXGroupPermission.getId());
                }
            }
        }
        // delete group from audit filter configs
        svcStore.updateServiceAuditConfig(vXGroup.getName(), REMOVE_REF_TYPE.GROUP);
        // delete XXGroup
        xXGroupDao.remove(id);
        // Create XXTrxLog
        List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
        xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            hasReferences = true;
        }
        if (hasReferences) {
            // change visibility to Hidden
            if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
                vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xGroupService.updateResource(vXGroup);
            }
        } else {
            // delete XXGroup
            xXGroupDao.remove(id);
            // Create XXTrxLog
            List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
            xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXModuleDef(org.apache.ranger.entity.XXModuleDef) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao) XXResourceDao(org.apache.ranger.db.XXResourceDao) XXGroupPermission(org.apache.ranger.entity.XXGroupPermission) XXResource(org.apache.ranger.entity.XXResource) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXGroup(org.apache.ranger.entity.XXGroup) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXGroupDao(org.apache.ranger.db.XXGroupDao) XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)

Example 5 with XXPolicyDao

use of org.apache.ranger.db.XXPolicyDao in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtils.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtils.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    blockIfZoneUser(id);
    this.blockIfRoleUser(id);
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete user from audit filter configs
        svcStore.updateServiceAuditConfig(vXUser.getName(), REMOVE_REF_TYPE.USER);
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Aggregations

XXPolicyDao (org.apache.ranger.db.XXPolicyDao)13 XXPolicy (org.apache.ranger.entity.XXPolicy)11 ArrayList (java.util.ArrayList)7 Test (org.junit.Test)7 XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)6 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)6 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)6 XXUserDao (org.apache.ranger.db.XXUserDao)6 XXUser (org.apache.ranger.entity.XXUser)6 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 VXAuditMapList (org.apache.ranger.view.VXAuditMapList)6 VXGroupUserList (org.apache.ranger.view.VXGroupUserList)6 VXPermMapList (org.apache.ranger.view.VXPermMapList)6 XXAuthSessionDao (org.apache.ranger.db.XXAuthSessionDao)4 XXGroupDao (org.apache.ranger.db.XXGroupDao)4 XXGroupGroupDao (org.apache.ranger.db.XXGroupGroupDao)4 XXGroupPermissionDao (org.apache.ranger.db.XXGroupPermissionDao)4 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)4 XXPortalUserRoleDao (org.apache.ranger.db.XXPortalUserRoleDao)4 XXUserPermissionDao (org.apache.ranger.db.XXUserPermissionDao)4