Example 1 with XXGroup
use of org.apache.ranger.entity.XXGroup in project ranger by apache.
the class XUserMgr method updateXGroup.
@Override
public VXGroup updateXGroup(VXGroup vXGroup) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXGroup xGroup = daoManager.getXXGroup().getById(vXGroup.getId());
List<XXTrxLog> trxLogList = xGroupService.getTransactionLog(vXGroup, xGroup, "update");
xaBizUtil.createTrxLog(trxLogList);
vXGroup = (VXGroup) xGroupService.updateResource(vXGroup);
if (vXGroup != null) {
updateXgroupUserForGroupUpdate(vXGroup);
RangerServicePoliciesCache.sInstance = null;
}
return vXGroup;
}Example 2 with XXGroup
use of org.apache.ranger.entity.XXGroup in project ranger by apache.
the class XUserMgr method updateXModuleDefPermission.
public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
List<VXGroupPermission> groupPermListNew = vXModuleDef.getGroupPermList();
List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList();
List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>();
List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>();
XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(vXModuleDef.getId());
VXModuleDef vModuleDefPopulateOld = xModuleDefService.populateViewBean(xModuleDef);
List<XXGroupPermission> xgroupPermissionList = daoManager.getXXGroupPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXGroup> xXGroupMap = xGroupService.getXXGroupIdXXGroupMap();
if (xXGroupMap == null || xXGroupMap.isEmpty()) {
for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
VXGroupPermission vXGrpPerm = xGroupPermissionService.populateViewBean(xGrpPerm);
groupPermListOld.add(vXGrpPerm);
}
} else {
groupPermListOld = xGroupPermissionService.getPopulatedVXGroupPermissionList(xgroupPermissionList, xXGroupMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXUser> xXPortalUserIdXXUserMap = xUserService.getXXPortalUserIdXXUserMap();
if (xXPortalUserIdXXUserMap == null || xXPortalUserIdXXUserMap.isEmpty()) {
for (XXUserPermission xUserPerm : xuserPermissionList) {
VXUserPermission vUserPerm = xUserPermissionService.populateViewBean(xUserPerm);
userPermListOld.add(vUserPerm);
}
} else {
userPermListOld = xUserPermissionService.getPopulatedVXUserPermissionList(xuserPermissionList, xXPortalUserIdXXUserMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setUserPermList(userPermListOld);
if (groupPermListOld != null && groupPermListNew != null) {
for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
boolean isExist = false;
for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXGroupPerm = this.createXGroupPermission(newVXGroupPerm);
}
}
}
if (userPermListOld != null && userPermListNew != null) {
for (VXUserPermission newVXUserPerm : userPermListNew) {
boolean isExist = false;
for (VXUserPermission oldVXUserPerm : userPermListOld) {
if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXUserPerm = this.createXUserPermission(newVXUserPerm);
}
}
}
vXModuleDef = xModuleDefService.updateResource(vXModuleDef);
return vXModuleDef;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
ArrayList(java.util.ArrayList)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXGroup(org.apache.ranger.entity.XXGroup)
Example 3 with XXGroup
use of org.apache.ranger.entity.XXGroup in project ranger by apache.
the class XUserMgr method deleteXGroup.
public void deleteXGroup(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXGroupDao xXGroupDao = daoManager.getXXGroup();
XXGroup xXGroup = xXGroupDao.getById(id);
VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
if (logger.isDebugEnabled()) {
logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
}
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xGroupId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
logger.warn("Deleting GROUP : " + vXGroup.getName());
if (force) {
// delete XXGroupUser records of matching group
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = null;
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
xXUser = xXUserDao.getById(groupUser.getUserId());
if (xXUser != null) {
logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
}
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of matching group
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
XXResourceDao xXResourceDao = daoManager.getXXResource();
XXResource xXResource = null;
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
if (xXResource != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
}
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of matching group
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXGroupGroupDao records of group-group mapping
for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
if (xXGroupGroup != null) {
XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
if (xXGroupParent != null && xXGroupChild != null) {
logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
}
xXGroupGroupDao.remove(xXGroupGroup.getId());
}
}
// delete XXPolicyItemGroupPerm records of group
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, null, vXGroup.getName());
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
restErrorUtil.createRESTException(excp.getMessage());
}
}
if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
if (xXGroupPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
}
xXGroupPermissionDao.remove(xXGroupPermission.getId());
}
}
}
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
} else {
boolean hasReferences = false;
if (vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
hasReferences = true;
}
if (hasReferences) {
// change visibility to Hidden
if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xGroupService.updateResource(vXGroup);
}
} else {
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao)
XXResourceDao(org.apache.ranger.db.XXResourceDao)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
XXResource(org.apache.ranger.entity.XXResource)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXGroup(org.apache.ranger.entity.XXGroup)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
XXGroupDao(org.apache.ranger.db.XXGroupDao)
XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)
Example 4 with XXGroup
use of org.apache.ranger.entity.XXGroup in project ranger by apache.
the class XUserMgr method modifyGroupsVisibility.
public void modifyGroupsVisibility(HashMap<Long, Integer> groupVisibilityMap) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
Set<Map.Entry<Long, Integer>> entries = groupVisibilityMap.entrySet();
for (Map.Entry<Long, Integer> entry : entries) {
XXGroup xGroup = daoManager.getXXGroup().getById(entry.getKey());
VXGroup vObj = xGroupService.populateViewBean(xGroup);
vObj.setIsVisible(entry.getValue());
vObj = xGroupService.updateResource(vObj);
}
}
Also used :
XXGroup(org.apache.ranger.entity.XXGroup)
Map(java.util.Map)
XXAuditMap(org.apache.ranger.entity.XXAuditMap)
HashMap(java.util.HashMap)
XXPermMap(org.apache.ranger.entity.XXPermMap)
Example 5 with XXGroup
use of org.apache.ranger.entity.XXGroup in project ranger by apache.
the class TestXUserMgr method test18ModifyGroupsVisibilitySetOne.
@Test
public void test18ModifyGroupsVisibilitySetOne() {
XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class);
VXGroup vXGroup = new VXGroup();
vXGroup.setId(userId);
vXGroup.setDescription("group test");
vXGroup.setName("grouptest");
XXGroup xxGroup = new XXGroup();
HashMap<Long, Integer> groupVisibilityMap = new HashMap<Long, Integer>();
Integer value = 1;
groupVisibilityMap.put(userId, value);
Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
Mockito.when(xxGroupDao.getById(vXGroup.getId())).thenReturn(xxGroup);
Mockito.when(xGroupService.populateViewBean(xxGroup)).thenReturn(vXGroup);
Mockito.when(xGroupService.updateResource(vXGroup)).thenReturn(vXGroup);
xUserMgr.modifyGroupsVisibility(groupVisibilityMap);
Assert.assertEquals(value, vXGroup.getIsVisible());
Assert.assertEquals(userId, vXGroup.getId());
Mockito.verify(daoManager).getXXGroup();
Mockito.verify(xGroupService).populateViewBean(xxGroup);
Mockito.verify(xGroupService).updateResource(vXGroup);
}
Also used :
XXGroup(org.apache.ranger.entity.XXGroup)
HashMap(java.util.HashMap)
VXGroup(org.apache.ranger.view.VXGroup)
XXGroupDao(org.apache.ranger.db.XXGroupDao)
Test(org.junit.Test)
Aggregations
XXGroup (org.apache.ranger.entity.XXGroup)24
ArrayList (java.util.ArrayList)11
XXUser (org.apache.ranger.entity.XXUser)10
VXGroup (org.apache.ranger.view.VXGroup)7
XXGroupDao (org.apache.ranger.db.XXGroupDao)6
XXGroupPermission (org.apache.ranger.entity.XXGroupPermission)5
Test (org.junit.Test)5
HashMap (java.util.HashMap)4
XXTrxLog (org.apache.ranger.entity.XXTrxLog)4
XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)3
XXPermMap (org.apache.ranger.entity.XXPermMap)3
XXPortalUser (org.apache.ranger.entity.XXPortalUser)3
VXGroupPermission (org.apache.ranger.view.VXGroupPermission)3
Field (java.lang.reflect.Field)2
Date (java.util.Date)2
Random (java.util.Random)2
SearchCriteria (org.apache.ranger.common.SearchCriteria)2
SearchField (org.apache.ranger.common.SearchField)2
VTrxLogAttr (org.apache.ranger.common.view.VTrxLogAttr)2
XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2
