Example 1 with XXUser
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class ServiceDBStore method updateService.
@Override
public RangerService updateService(RangerService service, Map<String, Object> options) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceDBStore.updateService()");
}
XXService existing = daoMgr.getXXService().getById(service.getId());
if (existing == null) {
throw restErrorUtil.createRESTException("no service exists with ID=" + service.getId(), MessageEnums.DATA_NOT_FOUND);
}
String existingName = existing.getName();
boolean renamed = !StringUtils.equalsIgnoreCase(service.getName(), existingName);
if (renamed) {
XXService newNameService = daoMgr.getXXService().findByName(service.getName());
if (newNameService != null) {
throw restErrorUtil.createRESTException("another service already exists with name '" + service.getName() + "'. ID=" + newNameService.getId(), MessageEnums.DATA_NOT_UPDATABLE);
}
long countOfTaggedResources = daoMgr.getXXServiceResource().countTaggedResourcesInServiceId(existing.getId());
Boolean isForceRename = options != null && options.get(ServiceStore.OPTION_FORCE_RENAME) != null ? (Boolean) options.get(ServiceStore.OPTION_FORCE_RENAME) : Boolean.FALSE;
if (countOfTaggedResources != 0L) {
if (isForceRename) {
LOG.warn("Forcing the renaming of service from " + existingName + " to " + service.getName() + " although it is associated with " + countOfTaggedResources + " service-resources!");
} else {
throw restErrorUtil.createRESTException("Service " + existingName + " cannot be renamed, as it has associated service-resources", MessageEnums.DATA_NOT_UPDATABLE);
}
}
}
Map<String, String> configs = service.getConfigs();
Map<String, String> validConfigs = validateRequiredConfigParams(service, configs);
if (validConfigs == null) {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ConfigParams cannot be null, ServiceDBStore.createService(" + service + ")");
}
throw restErrorUtil.createRESTException("ConfigParams cannot be null.", MessageEnums.ERROR_CREATING_OBJECT);
}
boolean hasTagServiceValueChanged = false;
Long existingTagServiceId = existing.getTagService();
// null for old clients; empty string to remove existing association
String newTagServiceName = service.getTagService();
Long newTagServiceId = null;
if (newTagServiceName == null) {
// old client; don't update existing tagService
if (existingTagServiceId != null) {
newTagServiceName = getServiceName(existingTagServiceId);
service.setTagService(newTagServiceName);
LOG.info("ServiceDBStore.updateService(id=" + service.getId() + "; name=" + service.getName() + "): tagService is null; using existing tagService '" + newTagServiceName + "'");
}
}
if (StringUtils.isNotBlank(newTagServiceName)) {
RangerService tmp = getServiceByName(newTagServiceName);
if (tmp == null || !EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME.equals(tmp.getType())) {
if (LOG.isDebugEnabled()) {
LOG.debug("ServiceDBStore.updateService() - " + newTagServiceName + " does not refer to a valid tag service.(" + service + ")");
}
throw restErrorUtil.createRESTException("Invalid tag service name " + newTagServiceName, MessageEnums.ERROR_CREATING_OBJECT);
} else {
newTagServiceId = tmp.getId();
}
}
if (existingTagServiceId == null) {
if (newTagServiceId != null) {
hasTagServiceValueChanged = true;
}
} else if (!existingTagServiceId.equals(newTagServiceId)) {
hasTagServiceValueChanged = true;
}
boolean hasIsEnabledChanged = !existing.getIsenabled().equals(service.getIsEnabled());
List<XXTrxLog> trxLogList = svcService.getTransactionLog(service, existing, RangerServiceService.OPERATION_UPDATE_CONTEXT);
if (populateExistingBaseFields) {
svcServiceWithAssignedId.setPopulateExistingBaseFields(true);
service = svcServiceWithAssignedId.update(service);
svcServiceWithAssignedId.setPopulateExistingBaseFields(false);
} else {
service.setCreateTime(existing.getCreateTime());
service.setGuid(existing.getGuid());
service.setVersion(existing.getVersion());
service = svcService.update(service);
if (hasTagServiceValueChanged || hasIsEnabledChanged) {
updatePolicyVersion(service, false);
}
}
XXService xUpdService = daoMgr.getXXService().getById(service.getId());
String oldPassword = null;
List<XXServiceConfigMap> dbConfigMaps = daoMgr.getXXServiceConfigMap().findByServiceId(service.getId());
for (XXServiceConfigMap dbConfigMap : dbConfigMaps) {
if (StringUtils.equalsIgnoreCase(dbConfigMap.getConfigkey(), CONFIG_KEY_PASSWORD)) {
oldPassword = dbConfigMap.getConfigvalue();
}
daoMgr.getXXServiceConfigMap().remove(dbConfigMap);
}
VXUser vXUser = null;
XXServiceConfigMapDao xConfMapDao = daoMgr.getXXServiceConfigMap();
for (Entry<String, String> configMap : validConfigs.entrySet()) {
String configKey = configMap.getKey();
String configValue = configMap.getValue();
if (StringUtils.equalsIgnoreCase(configKey, "username")) {
String userName = stringUtil.getValidUserName(configValue);
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isUserAdmin()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + userName + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
vXUser = xUserMgr.createServiceConfigUser(userName);
}
}
if (StringUtils.equalsIgnoreCase(configKey, CONFIG_KEY_PASSWORD)) {
if (StringUtils.equalsIgnoreCase(configValue, HIDDEN_PASSWORD_STR)) {
String[] crypt_algo_array = null;
if (configValue.contains(",")) {
crypt_algo_array = configValue.split(",");
}
if (oldPassword != null && oldPassword.contains(",")) {
String encryptKey = null;
String salt = null;
int iterationCount = 0;
crypt_algo_array = oldPassword.split(",");
String OLD_CRYPT_ALGO = crypt_algo_array[0];
encryptKey = crypt_algo_array[1];
salt = crypt_algo_array[2];
iterationCount = Integer.parseInt(crypt_algo_array[3]);
if (!OLD_CRYPT_ALGO.equalsIgnoreCase(CRYPT_ALGO)) {
String decryptedPwd = PasswordUtils.decryptPassword(oldPassword);
String paddingString = CRYPT_ALGO + "," + encryptKey + "," + salt + "," + iterationCount;
String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + decryptedPwd);
String newDecryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
if (StringUtils.equals(newDecryptedPwd, decryptedPwd)) {
configValue = paddingString + "," + encryptedPwd;
}
} else {
configValue = oldPassword;
}
} else {
configValue = oldPassword;
}
} else {
String paddingString = CRYPT_ALGO + "," + ENCRYPT_KEY + "," + SALT + "," + ITERATION_COUNT;
String encryptedPwd = PasswordUtils.encryptPassword(paddingString + "," + configValue);
String decryptedPwd = PasswordUtils.decryptPassword(paddingString + "," + encryptedPwd);
if (StringUtils.equals(decryptedPwd, configValue)) {
configValue = paddingString + "," + encryptedPwd;
}
}
}
XXServiceConfigMap xConfMap = new XXServiceConfigMap();
xConfMap = (XXServiceConfigMap) rangerAuditFields.populateAuditFields(xConfMap, xUpdService);
xConfMap.setServiceId(service.getId());
xConfMap.setConfigkey(configKey);
xConfMap.setConfigvalue(configValue);
xConfMapDao.create(xConfMap);
}
if (LOG.isDebugEnabled()) {
LOG.debug("vXUser:[" + vXUser + "]");
}
RangerService updService = svcService.getPopulatedViewObject(xUpdService);
dataHistService.createObjectDataHistory(updService, RangerDataHistService.ACTION_UPDATE);
bizUtil.createTrxLog(trxLogList);
return updService;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
VXString(org.apache.ranger.view.VXString)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
VXUser(org.apache.ranger.view.VXUser)
XXServiceConfigMapDao(org.apache.ranger.db.XXServiceConfigMapDao)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
XXServiceConfigMap(org.apache.ranger.entity.XXServiceConfigMap)
RangerService(org.apache.ranger.plugin.model.RangerService)
XXService(org.apache.ranger.entity.XXService)
Example 2 with XXUser
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XUserMgr method updateXModuleDefPermission.
public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
List<VXGroupPermission> groupPermListNew = vXModuleDef.getGroupPermList();
List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList();
List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>();
List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>();
XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(vXModuleDef.getId());
VXModuleDef vModuleDefPopulateOld = xModuleDefService.populateViewBean(xModuleDef);
List<XXGroupPermission> xgroupPermissionList = daoManager.getXXGroupPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXGroup> xXGroupMap = xGroupService.getXXGroupIdXXGroupMap();
if (xXGroupMap == null || xXGroupMap.isEmpty()) {
for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
VXGroupPermission vXGrpPerm = xGroupPermissionService.populateViewBean(xGrpPerm);
groupPermListOld.add(vXGrpPerm);
}
} else {
groupPermListOld = xGroupPermissionService.getPopulatedVXGroupPermissionList(xgroupPermissionList, xXGroupMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXUser> xXPortalUserIdXXUserMap = xUserService.getXXPortalUserIdXXUserMap();
if (xXPortalUserIdXXUserMap == null || xXPortalUserIdXXUserMap.isEmpty()) {
for (XXUserPermission xUserPerm : xuserPermissionList) {
VXUserPermission vUserPerm = xUserPermissionService.populateViewBean(xUserPerm);
userPermListOld.add(vUserPerm);
}
} else {
userPermListOld = xUserPermissionService.getPopulatedVXUserPermissionList(xuserPermissionList, xXPortalUserIdXXUserMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setUserPermList(userPermListOld);
if (groupPermListOld != null && groupPermListNew != null) {
for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
boolean isExist = false;
for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXGroupPerm = this.createXGroupPermission(newVXGroupPerm);
}
}
}
if (userPermListOld != null && userPermListNew != null) {
for (VXUserPermission newVXUserPerm : userPermListNew) {
boolean isExist = false;
for (VXUserPermission oldVXUserPerm : userPermListOld) {
if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXUserPerm = this.createXUserPermission(newVXUserPerm);
}
}
}
vXModuleDef = xModuleDefService.updateResource(vXModuleDef);
return vXModuleDef;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
ArrayList(java.util.ArrayList)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXGroup(org.apache.ranger.entity.XXGroup)
Example 3 with XXUser
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XUserMgr method deleteXUser.
public synchronized void deleteXUser(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = xXUserDao.getById(id);
VXUser vXUser = xUserService.populateViewBean(xXUser);
if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
VXPortalUser vXPortalUser = null;
if (xXPortalUser != null) {
vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
}
if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
if (logger.isDebugEnabled()) {
logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
}
restrictSelfAccountDeletion(vXUser.getName().trim());
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
long xXPortalUserId = 0;
xXPortalUserId = vXPortalUser.getId();
XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : " + vXUser.getName());
if (force) {
// delete XXGroupUser mapping
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of user
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of user
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXPortalUser references
if (vXPortalUser != null) {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
}
for (XXAuthSession xXAuthSession : xXAuthSessions) {
xXAuthSessionDao.remove(xXAuthSession.getId());
}
for (XXUserPermission xXUserPermission : xXUserPermissions) {
if (xXUserPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
}
xXUserPermissionDao.remove(xXUserPermission.getId());
}
}
for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
if (xXPortalUserRole != null) {
logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
}
}
}
// delete XXPolicyItemUserPerm records of user
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, vXUser.getName(), null);
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
}
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
if (xXPortalUser != null) {
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
} else {
boolean hasReferences = false;
if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
hasReferences = true;
}
if (hasReferences) {
if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xUserService.updateResource(vXUser);
}
} else {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao)
XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
Example 4 with XXUser
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XUserMgr method modifyUserVisibility.
public void modifyUserVisibility(HashMap<Long, Integer> visibilityMap) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
Set<Map.Entry<Long, Integer>> entries = visibilityMap.entrySet();
for (Map.Entry<Long, Integer> entry : entries) {
XXUser xUser = daoManager.getXXUser().getById(entry.getKey());
VXUser vObj = xUserService.populateViewBean(xUser);
vObj.setIsVisible(entry.getValue());
vObj = xUserService.updateResource(vObj);
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
Map(java.util.Map)
XXAuditMap(org.apache.ranger.entity.XXAuditMap)
HashMap(java.util.HashMap)
XXPermMap(org.apache.ranger.entity.XXPermMap)
Example 5 with XXUser
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XUserMgr method deleteXGroup.
public void deleteXGroup(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXGroupDao xXGroupDao = daoManager.getXXGroup();
XXGroup xXGroup = xXGroupDao.getById(id);
VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
}
if (logger.isDebugEnabled()) {
logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
}
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xGroupId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("groupId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
logger.warn("Deleting GROUP : " + vXGroup.getName());
if (force) {
// delete XXGroupUser records of matching group
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = null;
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
xXUser = xXUserDao.getById(groupUser.getUserId());
if (xXUser != null) {
logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
}
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of matching group
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
XXResourceDao xXResourceDao = daoManager.getXXResource();
XXResource xXResource = null;
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
if (xXResource != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
}
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of matching group
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXGroupGroupDao records of group-group mapping
for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
if (xXGroupGroup != null) {
XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
if (xXGroupParent != null && xXGroupChild != null) {
logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
}
xXGroupGroupDao.remove(xXGroupGroup.getId());
}
}
// delete XXPolicyItemGroupPerm records of group
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, null, vXGroup.getName());
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
restErrorUtil.createRESTException(excp.getMessage());
}
}
if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
if (xXGroupPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
}
xXGroupPermissionDao.remove(xXGroupPermission.getId());
}
}
}
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
} else {
boolean hasReferences = false;
if (vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
hasReferences = true;
}
if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
hasReferences = true;
}
if (hasReferences) {
// change visibility to Hidden
if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xGroupService.updateResource(vXGroup);
}
} else {
// delete XXGroup
xXGroupDao.remove(id);
// Create XXTrxLog
List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao)
XXResourceDao(org.apache.ranger.db.XXResourceDao)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
XXResource(org.apache.ranger.entity.XXResource)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXGroup(org.apache.ranger.entity.XXGroup)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
XXGroupDao(org.apache.ranger.db.XXGroupDao)
XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)
Aggregations
XXUser (org.apache.ranger.entity.XXUser)36
ArrayList (java.util.ArrayList)15
XXPortalUser (org.apache.ranger.entity.XXPortalUser)12
XXGroup (org.apache.ranger.entity.XXGroup)10
XXUserDao (org.apache.ranger.db.XXUserDao)9
XXTrxLog (org.apache.ranger.entity.XXTrxLog)9
UserSessionBase (org.apache.ranger.common.UserSessionBase)8
VXUser (org.apache.ranger.view.VXUser)8
Test (org.junit.Test)7
HashMap (java.util.HashMap)6
XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)5
XXUserPermission (org.apache.ranger.entity.XXUserPermission)5
VXString (org.apache.ranger.view.VXString)5
XXPermMap (org.apache.ranger.entity.XXPermMap)4
Field (java.lang.reflect.Field)3
SearchCriteria (org.apache.ranger.common.SearchCriteria)3
SearchField (org.apache.ranger.common.SearchField)3
VTrxLogAttr (org.apache.ranger.common.view.VTrxLogAttr)3
XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)3
XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)3
