Example 1 with XXPermMap
use of org.apache.ranger.entity.XXPermMap in project ranger by apache.
the class AssetMgr method UpdateDefaultPolicyUserAndPerm.
public void UpdateDefaultPolicyUserAndPerm(VXResource vXResource, String userName) {
if (userName != null && !userName.isEmpty()) {
XXUser xxUser = rangerDaoManager.getXXUser().findByUserName(userName);
VXUser vXUser;
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
vXUser = new VXUser();
vXUser.setName(userName);
// FIXME hack : unnecessary.
vXUser.setDescription(userName);
vXUser = xUserService.createResource(vXUser);
}
// fetch old permission and consider only one permission for default
// policy
List<XXPermMap> xxPermMapList = rangerDaoManager.getXXPermMap().findByResourceId(vXResource.getId());
VXPermMap vXPermMap = null;
if (xxPermMapList != null && xxPermMapList.size() != 0) {
vXPermMap = xPermMapService.populateViewBean(xxPermMapList.get(0));
}
if (vXPermMap == null) {
// create new permission
vXPermMap = new VXPermMap();
vXPermMap.setUserId(vXUser.getId());
vXPermMap.setResourceId(vXResource.getId());
} else {
// update old permission after updating userid
vXPermMap.setUserId(vXUser.getId());
xPermMapService.updateResource(vXPermMap);
}
}
}Example 2 with XXPermMap
use of org.apache.ranger.entity.XXPermMap in project ranger by apache.
the class RangerBizUtil method checkUsrPermForPolicy.
/**
* returns true if given userID is having specified permission on specified
* resource
*
* @param xUserId
* @param permission
* @param resourceId
* @return
*/
private boolean checkUsrPermForPolicy(Long xUserId, int permission, Long resourceId) {
// this snippet load user groups and permission map list from DB
List<XXGroup> userGroups = new ArrayList<XXGroup>();
List<XXPermMap> permMapList = new ArrayList<XXPermMap>();
userGroups = daoManager.getXXGroup().findByUserId(xUserId);
permMapList = daoManager.getXXPermMap().findByResourceId(resourceId);
Long publicGroupId = getPublicGroupId();
boolean matchFound = false;
for (XXPermMap permMap : permMapList) {
if (permMap.getPermType() == permission) {
if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
// check whether permission is enabled for public group or a
// group to which user belongs
matchFound = (publicGroupId != null && publicGroupId == permMap.getGroupId()) || isGroupInList(permMap.getGroupId(), userGroups);
} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
// check whether permission is enabled to user
matchFound = permMap.getUserId().equals(xUserId);
}
}
if (matchFound) {
break;
}
}
return matchFound;
}Example 3 with XXPermMap
use of org.apache.ranger.entity.XXPermMap in project ranger by apache.
the class XPolicyService method getPrevPermMap.
private Map<String, XXPermMap> getPrevPermMap(Long resId) {
List<XXPermMap> xxPermMapList = xaDaoMgr.getXXPermMap().findByResourceId(resId);
Map<String, XXPermMap> prevPermMap = new LinkedHashMap<String, XXPermMap>();
for (XXPermMap xxPermMap : xxPermMapList) {
int permFor = xxPermMap.getPermFor();
Long userId = xxPermMap.getUserId();
Long grpId = xxPermMap.getGroupId();
int permType = xxPermMap.getPermType();
StringBuilder uniqueKey = new StringBuilder();
uniqueKey.append(resId + uniqueKeySeparator);
uniqueKey.append(permFor + uniqueKeySeparator);
if (userId != null) {
uniqueKey.append(userId + uniqueKeySeparator);
} else if (grpId != null) {
uniqueKey.append(grpId + uniqueKeySeparator);
}
uniqueKey.append(permType);
prevPermMap.put(uniqueKey.toString(), xxPermMap);
}
return prevPermMap;
}
Also used :
XXPermMap(org.apache.ranger.entity.XXPermMap)
LinkedHashMap(java.util.LinkedHashMap)
Example 4 with XXPermMap
use of org.apache.ranger.entity.XXPermMap in project ranger by apache.
the class XPolicyService method mapPermObjToPermList.
private List<VXPermMap> mapPermObjToPermList(List<VXPermObj> permObjList, VXPolicy vXPolicy) {
Long resId = vXPolicy.getId();
List<VXPermMap> permMapList = new ArrayList<VXPermMap>();
List<VXPermMap> updPermMapList = new ArrayList<VXPermMap>();
Map<String, VXPermMap> newPermMap = new LinkedHashMap<String, VXPermMap>();
Random rand = new Random();
Map<String, XXPermMap> prevPermMap = getPrevPermMap(resId);
if (permObjList == null) {
permObjList = new ArrayList<VXPermObj>();
}
for (VXPermObj permObj : permObjList) {
String permGrp = new Date() + " : " + rand.nextInt(9999);
String ipAddress = permObj.getIpAddress();
if (!stringUtil.isEmpty(permObj.getUserList())) {
int permFor = AppConstants.XA_PERM_FOR_USER;
for (String user : permObj.getUserList()) {
XXUser xxUser = xaDaoMgr.getXXUser().findByUserName(user);
if (xxUser == null) {
logger.error("No User found with this name : " + user);
throw restErrorUtil.createRESTException("No User found with name : " + user, MessageEnums.DATA_NOT_FOUND);
}
Long userId = xxUser.getId();
for (String permission : permObj.getPermList()) {
int permType = AppConstants.getEnumFor_XAPermType(permission);
VXPermMap vXPermMap = new VXPermMap();
vXPermMap.setPermFor(AppConstants.XA_PERM_FOR_USER);
vXPermMap.setPermGroup(permGrp);
vXPermMap.setPermType(permType);
vXPermMap.setUserId(xxUser.getId());
vXPermMap.setResourceId(resId);
vXPermMap.setIpAddress(ipAddress);
permMapList.add(vXPermMap);
StringBuilder uniqueKey = new StringBuilder();
uniqueKey.append(resId + uniqueKeySeparator);
uniqueKey.append(permFor + uniqueKeySeparator);
uniqueKey.append(userId + uniqueKeySeparator);
uniqueKey.append(permType);
newPermMap.put(uniqueKey.toString(), vXPermMap);
}
}
}
if (!stringUtil.isEmpty(permObj.getGroupList())) {
int permFor = AppConstants.XA_PERM_FOR_GROUP;
for (String group : permObj.getGroupList()) {
XXGroup xxGroup = xaDaoMgr.getXXGroup().findByGroupName(group);
if (xxGroup == null) {
logger.error("No UserGroup found with this name : " + group);
throw restErrorUtil.createRESTException("No Group found with name : " + group, MessageEnums.DATA_NOT_FOUND);
}
Long grpId = xxGroup.getId();
for (String permission : permObj.getPermList()) {
int permType = AppConstants.getEnumFor_XAPermType(permission);
VXPermMap vXPermMap = new VXPermMap();
vXPermMap.setPermFor(AppConstants.XA_PERM_FOR_GROUP);
vXPermMap.setPermGroup(permGrp);
vXPermMap.setPermType(permType);
vXPermMap.setGroupId(xxGroup.getId());
vXPermMap.setResourceId(resId);
vXPermMap.setIpAddress(ipAddress);
permMapList.add(vXPermMap);
StringBuilder uniqueKey = new StringBuilder();
uniqueKey.append(resId + uniqueKeySeparator);
uniqueKey.append(permFor + uniqueKeySeparator);
uniqueKey.append(grpId + uniqueKeySeparator);
uniqueKey.append(permType);
newPermMap.put(uniqueKey.toString(), vXPermMap);
}
}
}
}
// Create Newly added permissions and Remove deleted permissions from DB
if (prevPermMap.isEmpty()) {
updPermMapList.addAll(permMapList);
} else {
for (Entry<String, VXPermMap> entry : newPermMap.entrySet()) {
if (!prevPermMap.containsKey(entry.getKey())) {
updPermMapList.add(entry.getValue());
} else {
VXPermMap vPMap = xPermMapService.populateViewBean(prevPermMap.get(entry.getKey()));
VXPermMap vPMapNew = entry.getValue();
vPMap.setIpAddress(vPMapNew.getIpAddress());
updPermMapList.add(vPMap);
}
}
}
return updPermMapList;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
VXPermMap(org.apache.ranger.view.VXPermMap)
ArrayList(java.util.ArrayList)
VXPermObj(org.apache.ranger.view.VXPermObj)
Date(java.util.Date)
LinkedHashMap(java.util.LinkedHashMap)
XXGroup(org.apache.ranger.entity.XXGroup)
Random(java.util.Random)
XXPermMap(org.apache.ranger.entity.XXPermMap)
Example 5 with XXPermMap
use of org.apache.ranger.entity.XXPermMap in project ranger by apache.
the class XUserMgr method deleteXPermMap.
public void deleteXPermMap(Long id, boolean force) {
xaBizUtil.blockAuditorRoleUser();
if (force) {
XXPermMap xPermMap = daoManager.getXXPermMap().getById(id);
if (xPermMap != null) {
if (xResourceService.readResource(xPermMap.getResourceId()) == null) {
throw restErrorUtil.createRESTException("Invalid Input Data - No resource found with Id: " + xPermMap.getResourceId(), MessageEnums.INVALID_INPUT_DATA);
}
}
xPermMapService.deleteResource(id);
} else {
throw restErrorUtil.createRESTException("serverMsg.modelMgrBaseDeleteModel", MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY);
}
}
Also used :
XXPermMap(org.apache.ranger.entity.XXPermMap)
Aggregations
XXPermMap (org.apache.ranger.entity.XXPermMap)6
ArrayList (java.util.ArrayList)3
LinkedHashMap (java.util.LinkedHashMap)2
XXGroup (org.apache.ranger.entity.XXGroup)2
XXUser (org.apache.ranger.entity.XXUser)2
VXPermMap (org.apache.ranger.view.VXPermMap)2
Date (java.util.Date)1
Random (java.util.Random)1
VXPermObj (org.apache.ranger.view.VXPermObj)1
