Search in sources :

Example 1 with XXTrxLog

use of org.apache.ranger.entity.XXTrxLog in project ranger by apache.

the class ServiceDBStore method updateService.

@Override
public RangerService updateService(RangerService service, Map<String, Object> options) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.updateService()");
    }
    XXService existing = daoMgr.getXXService().getById(service.getId());
    if (existing == null) {
        throw restErrorUtil.createRESTException("no service exists with ID=" + service.getId(), MessageEnums.DATA_NOT_FOUND);
    }
    String existingName = existing.getName();
    boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
    if (renamed) {
        XXService newNameService = daoMgr.getXXService().findByName(service.getName());
        if (newNameService != null) {
            throw restErrorUtil.createRESTException("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId(), MessageEnums.DATA_NOT_UPDATABLE);
        }
        long countOfTaggedResources = daoMgr.getXXServiceResource().countTaggedResourcesInServiceId(existing.getId());
        Boolean isForceRename = options != null && options.get(ServiceStore.OPTION_FORCE_RENAME) != null ? (Boolean) options.get(ServiceStore.OPTION_FORCE_RENAME) : Boolean.FALSE;
        if (countOfTaggedResources != 0L) {
            if (isForceRename) {
                LOG.warn("Forcing the renaming of service from " + existingName + " to " + service.getName() + " although it is associated with " + countOfTaggedResources + " service-resources!");
            } else {
                throw restErrorUtil.createRESTException("Service " + existingName + " cannot be renamed, as it has associated service-resources", MessageEnums.DATA_NOT_UPDATABLE);
            }
        }
    }
    Map<String, String> configs = service.getConfigs();
    Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
    if (validConfigs == null) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
        }
        throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
    }
    boolean hasTagServiceValueChanged = false;
    Long existingTagServiceId = existing.getTagService();
    // null for old clients; empty string to remove existing association
    String newTagServiceName = service.getTagService();
    Long newTagServiceId = null;
    if (newTagServiceName == null) {
        // old client; don't update existing tagService
        if (existingTagServiceId != null) {
            newTagServiceName = getServiceName(existingTagServiceId);
            service.setTagService(newTagServiceName);
            LOG.info("ServiceDBStore.updateService(id=" + service.getId() + "; name=" + service.getName() + "): tagService is null; using existing tagService '" + newTagServiceName + "'");
        }
    }
    if (StringUtils.isNotBlank(newTagServiceName)) {
        RangerService tmp = getServiceByName(newTagServiceName);
        if (tmp == null || !EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME.equals(tmp.getType())) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("ServiceDBStore.updateService() - " + newTagServiceName + " does not refer to a valid tag service.(" + service + ")");
            }
            throw restErrorUtil.createRESTException("Invalid tag service name " + newTagServiceName, MessageEnums.ERROR_CREATING_OBJECT);
        } else {
            newTagServiceId = tmp.getId();
        }
    }
    if (existingTagServiceId == null) {
        if (newTagServiceId != null) {
            hasTagServiceValueChanged = true;
        }
    } else if (!existingTagServiceId.equals(newTagServiceId)) {
        hasTagServiceValueChanged = true;
    }
    boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled());
    List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
    if (populateExistingBaseFields) {
        svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
        service = svcServiceWithAssignedId.update(service);
        svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
    } else {
        service.setCreateTime(existing.getCreateTime());
        service.setGuid(existing.getGuid());
        service.setVersion(existing.getVersion());
        service = svcService.update(service);
        if (hasTagServiceValueChanged || hasIsEnabledChanged) {
            updatePolicyVersion(service, false);
        }
    }
    XXService xUpdService = daoMgr.getXXService().getById(service.getId());
    String oldPassword = null;
    List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
    for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
        if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) {
            oldPassword = dbConfigMap.getConfigvalue();
        }
        daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
    }
    VXUser vXUser = null;
    XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
    for (Entry<String, String> configMap : validConfigs.entrySet()) {
        String configKey = configMap.getKey();
        String configValue = configMap.getValue();
        if (StringUtils.equalsIgnoreCase(configKey, "username")) {
            String userName = stringUtil.getValidUserName(configValue);
            XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
            if (xxUser != null) {
                vXUser = xUserService.populateViewBean(xxUser);
            } else {
                UserSessionBase usb = ContextUtil.getCurrentUserSession();
                if (usb != null && !usb.isUserAdmin()) {
                    throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
                }
                vXUser = xUserMgr.createServiceConfigUser(userName);
            }
        }
        if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
            if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) {
                String[] crypt_algo_array = null;
                if (configValue.contains(",")) {
                    crypt_algo_array = configValue.split(",");
                }
                if (oldPassword != null && oldPassword.contains(",")) {
                    String encryptKey = null;
                    String salt = null;
                    int iterationCount = 0;
                    crypt_algo_array = oldPassword.split(",");
                    String OLD_CRYPT_ALGO = crypt_algo_array[0];
                    encryptKey = crypt_algo_array[1];
                    salt = crypt_algo_array[2];
                    iterationCount = Integer.parseInt(crypt_algo_array[3]);
                    if (!OLD_CRYPT_ALGO.equalsIgnoreCase(CRYPT_ALGO)) {
                        String decryptedPwd = PasswordUtils.decryptPassword(oldPassword);
                        String paddingString = CRYPT_ALGO + "," + encryptKey + "," + salt + "," + iterationCount;
                        String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + decryptedPwd);
                        String newDecryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
                        if (StringUtils.equals(newDecryptedPwd, decryptedPwd)) {
                            configValue = paddingString + "," + encryptedPwd;
                        }
                    } else {
                        configValue = oldPassword;
                    }
                } else {
                    configValue = oldPassword;
                }
            } else {
                String paddingString = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT;
                String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + configValue);
                String decryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
                if (StringUtils.equals(decryptedPwd, configValue)) {
                    configValue = paddingString + "," + encryptedPwd;
                }
            }
        }
        XXServiceConfigMap xConfMap = new XXServiceConfigMap();
        xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService);
        xConfMap.setServiceId(service.getId());
        xConfMap.setConfigkey(configKey);
        xConfMap.setConfigvalue(configValue);
        xConfMapDao.create(xConfMap);
    }
    if (LOG.isDebugEnabled()) {
        LOG.debug("vXUser:[" + vXUser + "]");
    }
    RangerService updService = svcService.getPopulatedViewObject(xUpdService);
    dataHistService.createObjectDataHistory(updService, RangerDataHistService.ACTION_UPDATE);
    bizUtil.createTrxLog(trxLogList);
    return updService;
}
Also used : XXUser(org.apache.ranger.entity.XXUser) VXString(org.apache.ranger.view.VXString) XXTrxLog(org.apache.ranger.entity.XXTrxLog) VXUser(org.apache.ranger.view.VXUser) XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao) UserSessionBase(org.apache.ranger.common.UserSessionBase) XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap) RangerService(org.apache.ranger.plugin.model.RangerService) XXService(org.apache.ranger.entity.XXService)

Example 2 with XXTrxLog

use of org.apache.ranger.entity.XXTrxLog in project ranger by apache.

the class UserMgr method changePassword.

/**
 * @param pwdChange
 * @return
 */
public VXResponse changePassword(VXPasswordChange pwdChange) {
    VXResponse ret = new VXResponse();
    // First let's get the XXPortalUser for the current logged in user
    String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
    XXPortalUser gjUserCurrent = daoManager.getXXPortalUser().findByLoginId(currentUserLoginId);
    checkAccessForUpdate(gjUserCurrent);
    // Get the user of whom we want to change the password
    XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(pwdChange.getLoginId());
    if (gjUser == null) {
        logger.warn("SECURITY:changePassword(). User not found. LoginId=" + pwdChange.getLoginId());
        throw restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser", MessageEnums.DATA_NOT_FOUND, null, null, pwdChange.getLoginId());
    }
    if (gjUser.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
        logger.info("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId());
        VXResponse vXResponse = new VXResponse();
        vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
        vXResponse.setMsgDesc("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId());
        throw restErrorUtil.generateRESTException(vXResponse);
    }
    // check current password and provided old password is same or not
    String encryptedOldPwd = encrypt(pwdChange.getLoginId(), pwdChange.getOldPassword());
    if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) {
        logger.info("changePassword(). Invalid old password. LoginId=" + pwdChange.getLoginId());
        throw restErrorUtil.createRESTException("serverMsg.userMgrOldPassword", MessageEnums.INVALID_INPUT_DATA, null, null, pwdChange.getLoginId());
    }
    // validate new password
    if (!stringUtil.validatePassword(pwdChange.getUpdPassword(), new String[] { gjUser.getFirstName(), gjUser.getLastName(), gjUser.getLoginId() })) {
        logger.warn("SECURITY:changePassword(). Invalid new password. LoginId=" + pwdChange.getLoginId());
        throw restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_PASSWORD, null, null, pwdChange.getLoginId());
    }
    String encryptedNewPwd = encrypt(pwdChange.getLoginId(), pwdChange.getUpdPassword());
    String currentPassword = gjUser.getPassword();
    if (!encryptedNewPwd.equals(currentPassword)) {
        List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
        XXTrxLog xTrxLog = new XXTrxLog();
        xTrxLog.setAttributeName("Password");
        xTrxLog.setPreviousValue(currentPassword);
        xTrxLog.setNewValue(encryptedNewPwd);
        xTrxLog.setAction("password change");
        xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_PASSWORD_CHANGE);
        xTrxLog.setObjectId(pwdChange.getId());
        xTrxLog.setObjectName(pwdChange.getLoginId());
        trxLogList.add(xTrxLog);
        rangerBizUtil.createTrxLog(trxLogList);
        gjUser.setPassword(encryptedNewPwd);
        gjUser = daoManager.getXXPortalUser().update(gjUser);
        ret.setMsgDesc("Password successfully updated");
        ret.setStatusCode(VXResponse.STATUS_SUCCESS);
    } else {
        ret.setMsgDesc("Password update failed");
        ret.setStatusCode(VXResponse.STATUS_ERROR);
        throw restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_INPUT_DATA, gjUser.getId(), "password", gjUser.toString());
    }
    return ret;
}
Also used : VXResponse(org.apache.ranger.view.VXResponse) XXPortalUser(org.apache.ranger.entity.XXPortalUser) ArrayList(java.util.ArrayList) VXString(org.apache.ranger.view.VXString) XXTrxLog(org.apache.ranger.entity.XXTrxLog)

Example 3 with XXTrxLog

use of org.apache.ranger.entity.XXTrxLog in project ranger by apache.

the class XUserMgr method updateXUser.

public VXUser updateXUser(VXUser vXUser) {
    if (vXUser == null || vXUser.getName() == null || "null".equalsIgnoreCase(vXUser.getName()) || vXUser.getName().trim().isEmpty()) {
        throw restErrorUtil.createRESTException("Please provide a valid " + "username.", MessageEnums.INVALID_INPUT_DATA);
    }
    checkAccess(vXUser.getName());
    xaBizUtil.blockAuditorRoleUser();
    VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName());
    VXPortalUser vXPortalUser = new VXPortalUser();
    if (oldUserProfile != null && oldUserProfile.getId() != null) {
        vXPortalUser.setId(oldUserProfile.getId());
    }
    // TODO : There is a possibility that old user may not exist.
    vXPortalUser.setFirstName(vXUser.getFirstName());
    if ("null".equalsIgnoreCase(vXPortalUser.getFirstName())) {
        vXPortalUser.setFirstName("");
    }
    vXPortalUser.setLastName(vXUser.getLastName());
    if ("null".equalsIgnoreCase(vXPortalUser.getLastName())) {
        vXPortalUser.setLastName("");
    }
    vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
    vXPortalUser.setLoginId(vXUser.getName());
    vXPortalUser.setStatus(vXUser.getStatus());
    vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
    if (vXPortalUser.getFirstName() != null && vXPortalUser.getLastName() != null && !vXPortalUser.getFirstName().trim().isEmpty() && !vXPortalUser.getLastName().trim().isEmpty()) {
        vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " " + vXPortalUser.getLastName());
    } else {
        vXPortalUser.setPublicScreenName(vXUser.getName());
    }
    vXPortalUser.setUserSource(oldUserProfile.getUserSource());
    String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
    String password = vXUser.getPassword();
    if (oldUserProfile != null && password != null && password.equals(hiddenPasswordString)) {
        vXPortalUser.setPassword(oldUserProfile.getPassword());
    } else if (oldUserProfile != null && oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL && password != null) {
        vXPortalUser.setPassword(oldUserProfile.getPassword());
        logger.debug("User is trrying to change external user password which we are not allowing it to change");
    } else if (password != null) {
        validatePassword(vXUser);
        vXPortalUser.setPassword(password);
    }
    Collection<Long> groupIdList = vXUser.getGroupIdList();
    XXPortalUser xXPortalUser = new XXPortalUser();
    xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
    // update permissions start
    Collection<String> roleListUpdatedProfile = new ArrayList<String>();
    if (oldUserProfile != null && oldUserProfile.getId() != null) {
        if (vXUser != null && vXUser.getUserRoleList() != null) {
            Collection<String> roleListOldProfile = oldUserProfile.getUserRoleList();
            Collection<String> roleListNewProfile = vXUser.getUserRoleList();
            if (roleListNewProfile != null && roleListOldProfile != null) {
                for (String role : roleListNewProfile) {
                    if (role != null && !roleListOldProfile.contains(role)) {
                        roleListUpdatedProfile.add(role);
                    }
                }
            }
        }
    }
    if (roleListUpdatedProfile != null && roleListUpdatedProfile.size() > 0) {
        vXPortalUser.setUserRoleList(roleListUpdatedProfile);
        List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByUserPermissionId(vXPortalUser.getId());
        if (xuserPermissionList != null && xuserPermissionList.size() > 0) {
            for (XXUserPermission xXUserPermission : xuserPermissionList) {
                if (xXUserPermission != null) {
                    try {
                        xUserPermissionService.deleteResource(xXUserPermission.getId());
                    } catch (Exception e) {
                        logger.error(e.getMessage());
                    }
                }
            }
        }
        assignPermissionToUser(vXPortalUser, true);
    }
    // update permissions end
    Collection<String> roleList = new ArrayList<String>();
    if (xXPortalUser != null) {
        roleList = userMgr.getRolesForUser(xXPortalUser);
    }
    if (roleList == null || roleList.size() == 0) {
        roleList = new ArrayList<String>();
        roleList.add(RangerConstants.ROLE_USER);
    }
    // TODO I've to get the transaction log from here.
    // There is nothing to log anything in XXUser so far.
    vXUser = xUserService.updateResource(vXUser);
    vXUser.setUserRoleList(roleList);
    if (oldUserProfile != null) {
        if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) {
            vXUser.setPassword(password);
        } else if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
            vXUser.setPassword(oldUserProfile.getPassword());
        }
    }
    List<XXTrxLog> trxLogList = xUserService.getTransactionLog(vXUser, oldUserProfile, "update");
    vXUser.setPassword(hiddenPasswordString);
    Long userId = vXUser.getId();
    List<Long> groupUsersToRemove = new ArrayList<Long>();
    if (groupIdList != null) {
        SearchCriteria searchCriteria = new SearchCriteria();
        searchCriteria.addParam("xUserId", userId);
        VXGroupUserList vXGroupUserList = xGroupUserService.searchXGroupUsers(searchCriteria);
        List<VXGroupUser> vXGroupUsers = vXGroupUserList.getList();
        if (vXGroupUsers != null) {
            // Create
            for (Long groupId : groupIdList) {
                boolean found = false;
                for (VXGroupUser vXGroupUser : vXGroupUsers) {
                    if (groupId.equals(vXGroupUser.getParentGroupId())) {
                        found = true;
                        break;
                    }
                }
                if (!found) {
                    VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
                    trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
                }
            }
            // Delete
            for (VXGroupUser vXGroupUser : vXGroupUsers) {
                boolean found = false;
                for (Long groupId : groupIdList) {
                    if (groupId.equals(vXGroupUser.getParentGroupId())) {
                        trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "update"));
                        found = true;
                        break;
                    }
                }
                if (!found) {
                    // TODO I've to get the transaction log from here.
                    trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "delete"));
                    groupUsersToRemove.add(vXGroupUser.getId());
                // xGroupUserService.deleteResource(vXGroupUser.getId());
                }
            }
        } else {
            for (Long groupId : groupIdList) {
                VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
                trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
            }
        }
        vXUser.setGroupIdList(groupIdList);
    } else {
        logger.debug("Group id list can't be null for user. Group user " + "mapping not updated for user : " + userId);
    }
    xaBizUtil.createTrxLog(trxLogList);
    for (Long groupUserId : groupUsersToRemove) {
        xGroupUserService.deleteResource(groupUserId);
    }
    return vXUser;
}
Also used : ArrayList(java.util.ArrayList) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXUserPermission(org.apache.ranger.entity.XXUserPermission) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser)

Example 4 with XXTrxLog

use of org.apache.ranger.entity.XXTrxLog in project ranger by apache.

the class XUserMgr method updateXGroup.

@Override
public VXGroup updateXGroup(VXGroup vXGroup) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXGroup xGroup = daoManager.getXXGroup().getById(vXGroup.getId());
    List<XXTrxLog> trxLogList = xGroupService.getTransactionLog(vXGroup, xGroup, "update");
    xaBizUtil.createTrxLog(trxLogList);
    vXGroup = (VXGroup) xGroupService.updateResource(vXGroup);
    if (vXGroup != null) {
        updateXgroupUserForGroupUpdate(vXGroup);
        RangerServicePoliciesCache.sInstance = null;
    }
    return vXGroup;
}
Also used : XXGroup(org.apache.ranger.entity.XXGroup) XXTrxLog(org.apache.ranger.entity.XXTrxLog)

Example 5 with XXTrxLog

use of org.apache.ranger.entity.XXTrxLog in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Aggregations

XXTrxLog (org.apache.ranger.entity.XXTrxLog)38 ArrayList (java.util.ArrayList)21 VXString (org.apache.ranger.view.VXString)13 Field (java.lang.reflect.Field)12 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)12 RangerService (org.apache.ranger.plugin.model.RangerService)12 VTrxLogAttr (org.apache.ranger.common.view.VTrxLogAttr)10 XXUser (org.apache.ranger.entity.XXUser)9 SearchField (org.apache.ranger.common.SearchField)7 XXPortalUser (org.apache.ranger.entity.XXPortalUser)7 IOException (java.io.IOException)6 UnknownHostException (java.net.UnknownHostException)5 XXPolicy (org.apache.ranger.entity.XXPolicy)5 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)5 Path (javax.ws.rs.Path)4 Produces (javax.ws.rs.Produces)4 WebApplicationException (javax.ws.rs.WebApplicationException)4 XXGroup (org.apache.ranger.entity.XXGroup)4 XXService (org.apache.ranger.entity.XXService)4 XXServiceConfigMap (org.apache.ranger.entity.XXServiceConfigMap)4