use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class AssetMgr method UpdateDefaultPolicyUserAndPerm.
public void UpdateDefaultPolicyUserAndPerm(VXResource vXResource, String userName) {
if (userName != null && !userName.isEmpty()) {
XXUser xxUser = rangerDaoManager.getXXUser().findByUserName(userName);
VXUser vXUser;
if (xxUser != null) {
vXUser = xUserService.populateViewBean(xxUser);
} else {
vXUser = new VXUser();
vXUser.setName(userName);
// FIXME hack : unnecessary.
vXUser.setDescription(userName);
vXUser = xUserService.createResource(vXUser);
}
// fetch old permission and consider only one permission for default
// policy
List<XXPermMap> xxPermMapList = rangerDaoManager.getXXPermMap().findByResourceId(vXResource.getId());
VXPermMap vXPermMap = null;
if (xxPermMapList != null && xxPermMapList.size() != 0) {
vXPermMap = xPermMapService.populateViewBean(xxPermMapList.get(0));
}
if (vXPermMap == null) {
// create new permission
vXPermMap = new VXPermMap();
vXPermMap.setUserId(vXUser.getId());
vXPermMap.setResourceId(vXResource.getId());
} else {
// update old permission after updating userid
vXPermMap.setUserId(vXUser.getId());
xPermMapService.updateResource(vXPermMap);
}
}
}
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class ServiceDBStore method createDefaultPolicyUsersAndGroups.
void createDefaultPolicyUsersAndGroups(List<RangerPolicy> defaultPolicies) {
Set<String> defaultPolicyUsers = new HashSet<String>();
Set<String> defaultPolicyGroups = new HashSet<String>();
for (RangerPolicy defaultPolicy : defaultPolicies) {
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getAllowExceptions()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDenyExceptions()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getDataMaskPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
for (RangerPolicyItem defaultPolicyItem : defaultPolicy.getRowFilterPolicyItems()) {
defaultPolicyUsers.addAll(defaultPolicyItem.getUsers());
defaultPolicyGroups.addAll(defaultPolicyItem.getGroups());
}
}
for (String policyUser : defaultPolicyUsers) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking policyUser:[" + policyUser + "] for existence");
}
if (StringUtils.isNotBlank(policyUser) && !StringUtils.equals(policyUser, RangerPolicyEngine.USER_CURRENT) && !StringUtils.equals(policyUser, RangerPolicyEngine.RESOURCE_OWNER)) {
XXUser xxUser = daoMgr.getXXUser().findByUserName(policyUser);
if (xxUser == null) {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("User does not exist with given username: [" + policyUser + "] please use existing user", MessageEnums.OPER_NO_PERMISSION);
}
xUserMgr.createServiceConfigUser(policyUser);
}
}
}
for (String policyGroup : defaultPolicyGroups) {
if (LOG.isDebugEnabled()) {
LOG.debug("Checking policyGroup:[" + policyGroup + "] for existence");
}
if (StringUtils.isNotBlank(policyGroup)) {
XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(policyGroup);
if (xxGroup == null) {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && !usb.isKeyAdmin() && !usb.isUserAdmin() && !usb.isSpnegoEnabled()) {
throw restErrorUtil.createRESTException("Group does not exist with given groupname: [" + policyGroup + "] please use existing group", MessageEnums.OPER_NO_PERMISSION);
}
VXGroup vXGroup = new VXGroup();
vXGroup.setName(policyGroup);
vXGroup.setDescription(policyGroup);
vXGroup.setGroupSource(RangerCommonEnums.GROUP_INTERNAL);
vXGroup.setIsVisible(RangerCommonEnums.IS_VISIBLE);
xGroupService.createResource(vXGroup);
}
}
}
}
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class TestRangerBizUtil method testHasPermission_emptyResourceName.
@Test
public void testHasPermission_emptyResourceName() {
VXResource vXResource = new VXResource();
vXResource.setAssetId(12345L);
XXPortalUser portalUser = new XXPortalUser();
portalUser.setId(id);
portalUser.setLoginId("12121");
RangerContextHolder.getSecurityContext().getUserSession().setXXPortalUser(portalUser);
XXUserDao xxUserDao = Mockito.mock(XXUserDao.class);
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
XXUser xxUser = new XXUser();
XXAsset xxAsset = new XXAsset();
List<XXResource> lst = new ArrayList<XXResource>();
XXResourceDao xxResourceDao = Mockito.mock(XXResourceDao.class);
XXAssetDao xxAssetDao = Mockito.mock(XXAssetDao.class);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(Mockito.anyLong())).thenReturn(portalUser);
Mockito.when(daoManager.getXXUser()).thenReturn(xxUserDao);
Mockito.when(xxUserDao.findByUserName(Mockito.anyString())).thenReturn(xxUser);
Mockito.when(daoManager.getXXResource()).thenReturn(xxResourceDao);
Mockito.when(xxResourceDao.findByAssetIdAndResourceStatus(Mockito.anyLong(), Mockito.anyInt())).thenReturn(lst);
Mockito.when(daoManager.getXXAsset()).thenReturn(xxAssetDao);
Mockito.when(xxAssetDao.getById(Mockito.anyLong())).thenReturn(xxAsset);
VXResponse resp = rangerBizUtil.hasPermission(vXResource, AppConstants.XA_PERM_TYPE_UNKNOWN);
Mockito.verify(daoManager).getXXPortalUser();
Mockito.verify(userDao).getById(Mockito.anyLong());
Mockito.verify(daoManager).getXXUser();
Mockito.verify(xxUserDao).findByUserName(Mockito.anyString());
Assert.assertNotNull(resp);
Assert.assertEquals(VXResponse.STATUS_ERROR, resp.getStatusCode());
Assert.assertEquals("Permission Denied !", resp.getMsgDesc());
}
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XGroupUserService method getTransactionLog.
public List<XXTrxLog> getTransactionLog(VXGroupUser vObj, XXGroupUser mObj, String action) {
// if(vObj == null && (action == null || !action.equalsIgnoreCase("update"))){
// return null;
// }
Long groupId = vObj.getParentGroupId();
XXGroup xGroup = daoManager.getXXGroup().getById(groupId);
String groupName = xGroup.getName();
Long userId = vObj.getUserId();
XXUser xUser = daoManager.getXXUser().getById(userId);
String userName = xUser.getName();
List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>();
Field[] fields = vObj.getClass().getDeclaredFields();
try {
for (Field field : fields) {
field.setAccessible(true);
String fieldName = field.getName();
if (!trxLogAttrs.containsKey(fieldName)) {
continue;
}
VTrxLogAttr vTrxLogAttr = trxLogAttrs.get(fieldName);
XXTrxLog xTrxLog = new XXTrxLog();
xTrxLog.setAttributeName(vTrxLogAttr.getAttribUserFriendlyName());
String value = null;
boolean isEnum = vTrxLogAttr.isEnum();
if (isEnum) {
String enumName = XXAsset.getEnumName(fieldName);
int enumValue = field.get(vObj) == null ? 0 : Integer.parseInt("" + field.get(vObj));
value = xaEnumUtil.getLabel(enumName, enumValue);
} else {
value = "" + field.get(vObj);
XXGroup xXGroup = daoManager.getXXGroup().getById(Long.parseLong(value));
value = xXGroup.getName();
}
if ("create".equalsIgnoreCase(action)) {
xTrxLog.setNewValue(value);
} else if ("delete".equalsIgnoreCase(action)) {
xTrxLog.setPreviousValue(value);
} else if ("update".equalsIgnoreCase(action)) {
// No Change.
xTrxLog.setNewValue(value);
xTrxLog.setPreviousValue(value);
}
xTrxLog.setAction(action);
xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_XA_GROUP_USER);
xTrxLog.setObjectId(vObj.getId());
xTrxLog.setObjectName(userName);
xTrxLog.setParentObjectClassType(AppConstants.CLASS_TYPE_XA_GROUP);
xTrxLog.setParentObjectId(groupId);
xTrxLog.setParentObjectName(groupName);
trxLogList.add(xTrxLog);
}
} catch (IllegalArgumentException e) {
e.printStackTrace();
} catch (IllegalAccessException e) {
e.printStackTrace();
} catch (SecurityException e) {
e.printStackTrace();
}
return trxLogList;
}
use of org.apache.ranger.entity.XXUser in project ranger by apache.
the class XModuleDefService method populateViewBean.
@Override
public VXModuleDef populateViewBean(XXModuleDef xObj) {
VXModuleDef vModuleDef = super.populateViewBean(xObj);
Map<Long, XXUser> xXPortalUserIdXXUserMap = xUserService.getXXPortalUserIdXXUserMap();
Map<Long, XXGroup> xXGroupMap = xGroupService.getXXGroupIdXXGroupMap();
List<VXUserPermission> vXUserPermissionList = new ArrayList<VXUserPermission>();
List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>();
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByModuleId(xObj.getId(), false);
List<XXGroupPermission> xgroupPermissionList = daoManager.getXXGroupPermission().findByModuleId(xObj.getId(), false);
if (CollectionUtils.isEmpty(xXPortalUserIdXXUserMap)) {
for (XXUserPermission xUserPerm : xuserPermissionList) {
VXUserPermission vXUserPerm = xUserPermService.populateViewBean(xUserPerm);
vXUserPermissionList.add(vXUserPerm);
}
} else {
vXUserPermissionList = xUserPermService.getPopulatedVXUserPermissionList(xuserPermissionList, xXPortalUserIdXXUserMap, vModuleDef);
}
if (CollectionUtils.isEmpty(xXGroupMap)) {
for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
VXGroupPermission vXGrpPerm = xGrpPermService.populateViewBean(xGrpPerm);
vXGroupPermissionList.add(vXGrpPerm);
}
} else {
vXGroupPermissionList = xGrpPermService.getPopulatedVXGroupPermissionList(xgroupPermissionList, xXGroupMap, vModuleDef);
}
vModuleDef.setUserPermList(vXUserPermissionList);
vModuleDef.setGroupPermList(vXGroupPermissionList);
return vModuleDef;
}
Aggregations