use of org.apache.ranger.entity.XXPolicyItemGroupPerm in project ranger by apache.
the class ServiceDBStore method deleteExistingPolicyItems.
private Boolean deleteExistingPolicyItems(RangerPolicy policy) {
if (policy == null) {
return false;
}
XXPolicyItemDao policyItemDao = daoMgr.getXXPolicyItem();
List<XXPolicyItem> policyItems = policyItemDao.findByPolicyId(policy.getId());
for (XXPolicyItem policyItem : policyItems) {
Long polItemId = policyItem.getId();
XXPolicyItemConditionDao polCondDao = daoMgr.getXXPolicyItemCondition();
List<XXPolicyItemCondition> conditions = polCondDao.findByPolicyItemId(polItemId);
for (XXPolicyItemCondition condition : conditions) {
polCondDao.remove(condition);
}
XXPolicyItemGroupPermDao grpPermDao = daoMgr.getXXPolicyItemGroupPerm();
List<XXPolicyItemGroupPerm> groups = grpPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemGroupPerm group : groups) {
grpPermDao.remove(group);
}
XXPolicyItemUserPermDao userPermDao = daoMgr.getXXPolicyItemUserPerm();
List<XXPolicyItemUserPerm> users = userPermDao.findByPolicyItemId(polItemId);
for (XXPolicyItemUserPerm user : users) {
userPermDao.remove(user);
}
XXPolicyItemAccessDao polItemAccDao = daoMgr.getXXPolicyItemAccess();
List<XXPolicyItemAccess> accesses = polItemAccDao.findByPolicyItemId(polItemId);
for (XXPolicyItemAccess access : accesses) {
polItemAccDao.remove(access);
}
XXPolicyItemDataMaskInfoDao polItemDataMaskInfoDao = daoMgr.getXXPolicyItemDataMaskInfo();
List<XXPolicyItemDataMaskInfo> dataMaskInfos = polItemDataMaskInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemDataMaskInfo dataMaskInfo : dataMaskInfos) {
polItemDataMaskInfoDao.remove(dataMaskInfo);
}
XXPolicyItemRowFilterInfoDao polItemRowFilterInfoDao = daoMgr.getXXPolicyItemRowFilterInfo();
List<XXPolicyItemRowFilterInfo> rowFilterInfos = polItemRowFilterInfoDao.findByPolicyItemId(polItemId);
for (XXPolicyItemRowFilterInfo rowFilterInfo : rowFilterInfos) {
polItemRowFilterInfoDao.remove(rowFilterInfo);
}
policyItemDao.remove(policyItem);
}
return true;
}
use of org.apache.ranger.entity.XXPolicyItemGroupPerm in project ranger by apache.
the class ServiceDBStore method createNewPolicyItemForPolicy.
private XXPolicyItem createNewPolicyItemForPolicy(RangerPolicy policy, XXPolicy xPolicy, RangerPolicyItem policyItem, XXServiceDef xServiceDef, int itemOrder, int policyItemType) throws Exception {
XXPolicyItem xPolicyItem = new XXPolicyItem();
xPolicyItem = rangerAuditFields.populateAuditFields(xPolicyItem, xPolicy);
xPolicyItem.setDelegateAdmin(policyItem.getDelegateAdmin());
xPolicyItem.setItemType(policyItemType);
xPolicyItem.setIsEnabled(Boolean.TRUE);
xPolicyItem.setComments(null);
xPolicyItem.setPolicyId(policy.getId());
xPolicyItem.setOrder(itemOrder);
xPolicyItem = daoMgr.getXXPolicyItem().create(xPolicyItem);
List<RangerPolicyItemAccess> accesses = policyItem.getAccesses();
for (int i = 0; i < accesses.size(); i++) {
RangerPolicyItemAccess access = accesses.get(i);
XXAccessTypeDef xAccTypeDef = daoMgr.getXXAccessTypeDef().findByNameAndServiceId(access.getType(), xPolicy.getService());
if (xAccTypeDef == null) {
throw new Exception(access.getType() + ": is not a valid access-type. policy='" + policy.getName() + "' service='" + policy.getService() + "'");
}
XXPolicyItemAccess xPolItemAcc = new XXPolicyItemAccess();
xPolItemAcc = (XXPolicyItemAccess) rangerAuditFields.populateAuditFields(xPolItemAcc, xPolicyItem);
xPolItemAcc.setIsAllowed(access.getIsAllowed());
xPolItemAcc.setType(xAccTypeDef.getId());
xPolItemAcc.setPolicyitemid(xPolicyItem.getId());
xPolItemAcc.setOrder(i);
daoMgr.getXXPolicyItemAccess().create(xPolItemAcc);
}
List<String> users = policyItem.getUsers();
for (int i = 0; i < users.size(); i++) {
String user = users.get(i);
if (StringUtils.isBlank(user)) {
continue;
}
XXUser xUser = daoMgr.getXXUser().findByUserName(user);
if (xUser == null) {
throw new Exception(user + ": user does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' user='" + user + "'");
}
XXPolicyItemUserPerm xUserPerm = new XXPolicyItemUserPerm();
xUserPerm = rangerAuditFields.populateAuditFields(xUserPerm, xPolicyItem);
xUserPerm.setUserId(xUser.getId());
xUserPerm.setPolicyItemId(xPolicyItem.getId());
xUserPerm.setOrder(i);
xUserPerm = daoMgr.getXXPolicyItemUserPerm().create(xUserPerm);
}
List<String> groups = policyItem.getGroups();
for (int i = 0; i < groups.size(); i++) {
String group = groups.get(i);
if (StringUtils.isBlank(group)) {
continue;
}
XXGroup xGrp = daoMgr.getXXGroup().findByGroupName(group);
if (xGrp == null) {
throw new Exception(group + ": group does not exist. policy='" + policy.getName() + "' service='" + policy.getService() + "' group='" + group + "'");
}
XXPolicyItemGroupPerm xGrpPerm = new XXPolicyItemGroupPerm();
xGrpPerm = rangerAuditFields.populateAuditFields(xGrpPerm, xPolicyItem);
xGrpPerm.setGroupId(xGrp.getId());
xGrpPerm.setPolicyItemId(xPolicyItem.getId());
xGrpPerm.setOrder(i);
xGrpPerm = daoMgr.getXXPolicyItemGroupPerm().create(xGrpPerm);
}
List<RangerPolicyItemCondition> conditions = policyItem.getConditions();
for (RangerPolicyItemCondition condition : conditions) {
XXPolicyConditionDef xPolCond = daoMgr.getXXPolicyConditionDef().findByServiceDefIdAndName(xServiceDef.getId(), condition.getType());
if (xPolCond == null) {
throw new Exception(condition.getType() + ": is not a valid condition-type. policy='" + xPolicy.getName() + "' service='" + xPolicy.getService() + "'");
}
for (int i = 0; i < condition.getValues().size(); i++) {
String value = condition.getValues().get(i);
XXPolicyItemCondition xPolItemCond = new XXPolicyItemCondition();
xPolItemCond = rangerAuditFields.populateAuditFields(xPolItemCond, xPolicyItem);
xPolItemCond.setPolicyItemId(xPolicyItem.getId());
xPolItemCond.setType(xPolCond.getId());
xPolItemCond.setValue(value);
xPolItemCond.setOrder(i);
daoMgr.getXXPolicyItemCondition().create(xPolItemCond);
}
}
return xPolicyItem;
}
Aggregations