Search in sources :

Example 1 with XXResourceDao

use of org.apache.ranger.db.XXResourceDao in project ranger by apache.

the class XUserMgr method deleteXGroup.

public void deleteXGroup(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXGroupDao xXGroupDao = daoManager.getXXGroup();
    XXGroup xXGroup = xXGroupDao.getById(id);
    VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
    if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
        throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
    }
    if (logger.isDebugEnabled()) {
        logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
    }
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xGroupId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
    List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
    XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
    List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
    logger.warn("Deleting GROUP : " + vXGroup.getName());
    if (force) {
        // delete XXGroupUser records of matching group
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        XXUserDao xXUserDao = daoManager.getXXUser();
        XXUser xXUser = null;
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                xXUser = xXUserDao.getById(groupUser.getUserId());
                if (xXUser != null) {
                    logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
                }
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of matching group
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        XXResourceDao xXResourceDao = daoManager.getXXResource();
        XXResource xXResource = null;
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
                if (xXResource != null) {
                    logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
                }
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of matching group
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXGroupGroupDao records of group-group mapping
        for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
            if (xXGroupGroup != null) {
                XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
                XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
                if (xXGroupParent != null && xXGroupChild != null) {
                    logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
                }
                xXGroupGroupDao.remove(xXGroupGroup.getId());
            }
        }
        // delete XXPolicyItemGroupPerm records of group
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, null, vXGroup.getName());
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
                if (xXGroupPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
                    }
                    xXGroupPermissionDao.remove(xXGroupPermission.getId());
                }
            }
        }
        // delete XXGroup
        xXGroupDao.remove(id);
        // Create XXTrxLog
        List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
        xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            hasReferences = true;
        }
        if (hasReferences) {
            // change visibility to Hidden
            if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
                vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xGroupService.updateResource(vXGroup);
            }
        } else {
            // delete XXGroup
            xXGroupDao.remove(id);
            // Create XXTrxLog
            List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
            xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXModuleDef(org.apache.ranger.entity.XXModuleDef) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao) XXResourceDao(org.apache.ranger.db.XXResourceDao) XXGroupPermission(org.apache.ranger.entity.XXGroupPermission) XXResource(org.apache.ranger.entity.XXResource) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXGroup(org.apache.ranger.entity.XXGroup) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXGroupDao(org.apache.ranger.db.XXGroupDao) XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)

Example 2 with XXResourceDao

use of org.apache.ranger.db.XXResourceDao in project ranger by apache.

the class TestRangerBizUtil method testHasPermission_emptyResourceName.

@Test
public void testHasPermission_emptyResourceName() {
    VXResource vXResource = new VXResource();
    vXResource.setAssetId(12345L);
    XXPortalUser portalUser = new XXPortalUser();
    portalUser.setId(id);
    portalUser.setLoginId("12121");
    RangerContextHolder.getSecurityContext().getUserSession().setXXPortalUser(portalUser);
    XXUserDao xxUserDao = Mockito.mock(XXUserDao.class);
    XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
    XXUser xxUser = new XXUser();
    XXAsset xxAsset = new XXAsset();
    List<XXResource> lst = new ArrayList<XXResource>();
    XXResourceDao xxResourceDao = Mockito.mock(XXResourceDao.class);
    XXAssetDao xxAssetDao = Mockito.mock(XXAssetDao.class);
    Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
    Mockito.when(userDao.getById(Mockito.anyLong())).thenReturn(portalUser);
    Mockito.when(daoManager.getXXUser()).thenReturn(xxUserDao);
    Mockito.when(xxUserDao.findByUserName(Mockito.anyString())).thenReturn(xxUser);
    Mockito.when(daoManager.getXXResource()).thenReturn(xxResourceDao);
    Mockito.when(xxResourceDao.findByAssetIdAndResourceStatus(Mockito.anyLong(), Mockito.anyInt())).thenReturn(lst);
    Mockito.when(daoManager.getXXAsset()).thenReturn(xxAssetDao);
    Mockito.when(xxAssetDao.getById(Mockito.anyLong())).thenReturn(xxAsset);
    VXResponse resp = rangerBizUtil.hasPermission(vXResource, AppConstants.XA_PERM_TYPE_UNKNOWN);
    Mockito.verify(daoManager).getXXPortalUser();
    Mockito.verify(userDao).getById(Mockito.anyLong());
    Mockito.verify(daoManager).getXXUser();
    Mockito.verify(xxUserDao).findByUserName(Mockito.anyString());
    Assert.assertNotNull(resp);
    Assert.assertEquals(VXResponse.STATUS_ERROR, resp.getStatusCode());
    Assert.assertEquals("Permission Denied !", resp.getMsgDesc());
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) XXPortalUser(org.apache.ranger.entity.XXPortalUser) XXUser(org.apache.ranger.entity.XXUser) XXAssetDao(org.apache.ranger.db.XXAssetDao) XXResource(org.apache.ranger.entity.XXResource) XXUserDao(org.apache.ranger.db.XXUserDao) VXResource(org.apache.ranger.view.VXResource) XXAsset(org.apache.ranger.entity.XXAsset) ArrayList(java.util.ArrayList) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXResourceDao(org.apache.ranger.db.XXResourceDao) Test(org.junit.Test)

Aggregations

XXResourceDao (org.apache.ranger.db.XXResourceDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXResource (org.apache.ranger.entity.XXResource)2 XXUser (org.apache.ranger.entity.XXUser)2 ArrayList (java.util.ArrayList)1 SearchCriteria (org.apache.ranger.common.SearchCriteria)1 XXAssetDao (org.apache.ranger.db.XXAssetDao)1 XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)1 XXGroupDao (org.apache.ranger.db.XXGroupDao)1 XXGroupGroupDao (org.apache.ranger.db.XXGroupGroupDao)1 XXGroupPermissionDao (org.apache.ranger.db.XXGroupPermissionDao)1 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)1 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)1 XXPolicyDao (org.apache.ranger.db.XXPolicyDao)1 XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)1 XXAsset (org.apache.ranger.entity.XXAsset)1 XXGroup (org.apache.ranger.entity.XXGroup)1 XXGroupGroup (org.apache.ranger.entity.XXGroupGroup)1 XXGroupPermission (org.apache.ranger.entity.XXGroupPermission)1 XXModuleDef (org.apache.ranger.entity.XXModuleDef)1