Examples with XXUserPermission org.apache.ranger.entity.XXUserPermission used on opensource projects
Example 1 with XXUserPermission
use of org.apache.ranger.entity.XXUserPermission in project ranger by apache.
the class UserMgr method updateRoleForExternalUsers.
protected VXPortalUser updateRoleForExternalUsers(Collection<String> reqRoleList, Collection<String> existingRoleList, VXPortalUser userProfileRes) {
rangerBizUtil.blockAuditorRoleUser();
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null && session.getXXPortalUser() != null && session.getXXPortalUser().getLoginId() != null && "rangerusersync".equals(session.getXXPortalUser().getLoginId()) && reqRoleList != null && !reqRoleList.isEmpty() && existingRoleList != null && !existingRoleList.isEmpty()) {
if (!reqRoleList.equals(existingRoleList)) {
userProfileRes.setUserRoleList(reqRoleList);
userProfileRes.setUserSource(RangerCommonEnums.USER_EXTERNAL);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByUserPermissionId(userProfileRes.getId());
if (xuserPermissionList != null && xuserPermissionList.size() > 0) {
for (XXUserPermission xXUserPermission : xuserPermissionList) {
if (xXUserPermission != null) {
try {
xUserPermissionService.deleteResource(xXUserPermission.getId());
} catch (Exception e) {
logger.error(e.getMessage());
}
}
}
}
updateUser(userProfileRes);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Permission" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action.");
}
}
return userProfileRes;
}
Also used :
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
UserSessionBase(org.apache.ranger.common.UserSessionBase)
Example 2 with XXUserPermission
use of org.apache.ranger.entity.XXUserPermission in project ranger by apache.
the class XUserMgr method updateXUser.
public VXUser updateXUser(VXUser vXUser) {
if (vXUser == null || vXUser.getName() == null || "null".equalsIgnoreCase(vXUser.getName()) || vXUser.getName().trim().isEmpty()) {
throw restErrorUtil.createRESTException("Please provide a valid " + "username.", MessageEnums.INVALID_INPUT_DATA);
}
checkAccess(vXUser.getName());
xaBizUtil.blockAuditorRoleUser();
VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName());
VXPortalUser vXPortalUser = new VXPortalUser();
if (oldUserProfile != null && oldUserProfile.getId() != null) {
vXPortalUser.setId(oldUserProfile.getId());
}
// TODO : There is a possibility that old user may not exist.
vXPortalUser.setFirstName(vXUser.getFirstName());
if ("null".equalsIgnoreCase(vXPortalUser.getFirstName())) {
vXPortalUser.setFirstName("");
}
vXPortalUser.setLastName(vXUser.getLastName());
if ("null".equalsIgnoreCase(vXPortalUser.getLastName())) {
vXPortalUser.setLastName("");
}
vXPortalUser.setEmailAddress(vXUser.getEmailAddress());
vXPortalUser.setLoginId(vXUser.getName());
vXPortalUser.setStatus(vXUser.getStatus());
vXPortalUser.setUserRoleList(vXUser.getUserRoleList());
if (vXPortalUser.getFirstName() != null && vXPortalUser.getLastName() != null && !vXPortalUser.getFirstName().trim().isEmpty() && !vXPortalUser.getLastName().trim().isEmpty()) {
vXPortalUser.setPublicScreenName(vXPortalUser.getFirstName() + " " + vXPortalUser.getLastName());
} else {
vXPortalUser.setPublicScreenName(vXUser.getName());
}
vXPortalUser.setUserSource(oldUserProfile.getUserSource());
String hiddenPasswordString = PropertiesUtil.getProperty("ranger.password.hidden", "*****");
String password = vXUser.getPassword();
if (oldUserProfile != null && password != null && password.equals(hiddenPasswordString)) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
} else if (oldUserProfile != null && oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL && password != null) {
vXPortalUser.setPassword(oldUserProfile.getPassword());
logger.debug("User is trrying to change external user password which we are not allowing it to change");
} else if (password != null) {
validatePassword(vXUser);
vXPortalUser.setPassword(password);
}
Collection<Long> groupIdList = vXUser.getGroupIdList();
XXPortalUser xXPortalUser = new XXPortalUser();
xXPortalUser = userMgr.updateUserWithPass(vXPortalUser);
// update permissions start
Collection<String> roleListUpdatedProfile = new ArrayList<String>();
if (oldUserProfile != null && oldUserProfile.getId() != null) {
if (vXUser != null && vXUser.getUserRoleList() != null) {
Collection<String> roleListOldProfile = oldUserProfile.getUserRoleList();
Collection<String> roleListNewProfile = vXUser.getUserRoleList();
if (roleListNewProfile != null && roleListOldProfile != null) {
for (String role : roleListNewProfile) {
if (role != null && !roleListOldProfile.contains(role)) {
roleListUpdatedProfile.add(role);
}
}
}
}
}
if (roleListUpdatedProfile != null && roleListUpdatedProfile.size() > 0) {
vXPortalUser.setUserRoleList(roleListUpdatedProfile);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByUserPermissionId(vXPortalUser.getId());
if (xuserPermissionList != null && xuserPermissionList.size() > 0) {
for (XXUserPermission xXUserPermission : xuserPermissionList) {
if (xXUserPermission != null) {
try {
xUserPermissionService.deleteResource(xXUserPermission.getId());
} catch (Exception e) {
logger.error(e.getMessage());
}
}
}
}
assignPermissionToUser(vXPortalUser, true);
}
// update permissions end
Collection<String> roleList = new ArrayList<String>();
if (xXPortalUser != null) {
roleList = userMgr.getRolesForUser(xXPortalUser);
}
if (roleList == null || roleList.size() == 0) {
roleList = new ArrayList<String>();
roleList.add(RangerConstants.ROLE_USER);
}
// TODO I've to get the transaction log from here.
// There is nothing to log anything in XXUser so far.
vXUser = xUserService.updateResource(vXUser);
vXUser.setUserRoleList(roleList);
if (oldUserProfile != null) {
if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_APP) {
vXUser.setPassword(password);
} else if (oldUserProfile.getUserSource() == RangerCommonEnums.USER_EXTERNAL) {
vXUser.setPassword(oldUserProfile.getPassword());
}
}
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(vXUser, oldUserProfile, "update");
vXUser.setPassword(hiddenPasswordString);
Long userId = vXUser.getId();
List<Long> groupUsersToRemove = new ArrayList<Long>();
if (groupIdList != null) {
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", userId);
VXGroupUserList vXGroupUserList = xGroupUserService.searchXGroupUsers(searchCriteria);
List<VXGroupUser> vXGroupUsers = vXGroupUserList.getList();
if (vXGroupUsers != null) {
// Create
for (Long groupId : groupIdList) {
boolean found = false;
for (VXGroupUser vXGroupUser : vXGroupUsers) {
if (groupId.equals(vXGroupUser.getParentGroupId())) {
found = true;
break;
}
}
if (!found) {
VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
}
}
// Delete
for (VXGroupUser vXGroupUser : vXGroupUsers) {
boolean found = false;
for (Long groupId : groupIdList) {
if (groupId.equals(vXGroupUser.getParentGroupId())) {
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "update"));
found = true;
break;
}
}
if (!found) {
// TODO I've to get the transaction log from here.
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "delete"));
groupUsersToRemove.add(vXGroupUser.getId());
// xGroupUserService.deleteResource(vXGroupUser.getId());
}
}
} else {
for (Long groupId : groupIdList) {
VXGroupUser vXGroupUser = createXGroupUser(userId, groupId);
trxLogList.addAll(xGroupUserService.getTransactionLog(vXGroupUser, "create"));
}
}
vXUser.setGroupIdList(groupIdList);
} else {
logger.debug("Group id list can't be null for user. Group user " + "mapping not updated for user : " + userId);
}
xaBizUtil.createTrxLog(trxLogList);
for (Long groupUserId : groupUsersToRemove) {
xGroupUserService.deleteResource(groupUserId);
}
return vXUser;
}
Also used :
ArrayList(java.util.ArrayList)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
Example 3 with XXUserPermission
use of org.apache.ranger.entity.XXUserPermission in project ranger by apache.
the class XUserMgr method updateXModuleDefPermission.
public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
List<VXGroupPermission> groupPermListNew = vXModuleDef.getGroupPermList();
List<VXUserPermission> userPermListNew = vXModuleDef.getUserPermList();
List<VXGroupPermission> groupPermListOld = new ArrayList<VXGroupPermission>();
List<VXUserPermission> userPermListOld = new ArrayList<VXUserPermission>();
XXModuleDef xModuleDef = daoManager.getXXModuleDef().getById(vXModuleDef.getId());
VXModuleDef vModuleDefPopulateOld = xModuleDefService.populateViewBean(xModuleDef);
List<XXGroupPermission> xgroupPermissionList = daoManager.getXXGroupPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXGroup> xXGroupMap = xGroupService.getXXGroupIdXXGroupMap();
if (xXGroupMap == null || xXGroupMap.isEmpty()) {
for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
VXGroupPermission vXGrpPerm = xGroupPermissionService.populateViewBean(xGrpPerm);
groupPermListOld.add(vXGrpPerm);
}
} else {
groupPermListOld = xGroupPermissionService.getPopulatedVXGroupPermissionList(xgroupPermissionList, xXGroupMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByModuleId(vXModuleDef.getId(), true);
Map<Long, XXUser> xXPortalUserIdXXUserMap = xUserService.getXXPortalUserIdXXUserMap();
if (xXPortalUserIdXXUserMap == null || xXPortalUserIdXXUserMap.isEmpty()) {
for (XXUserPermission xUserPerm : xuserPermissionList) {
VXUserPermission vUserPerm = xUserPermissionService.populateViewBean(xUserPerm);
userPermListOld.add(vUserPerm);
}
} else {
userPermListOld = xUserPermissionService.getPopulatedVXUserPermissionList(xuserPermissionList, xXPortalUserIdXXUserMap, vModuleDefPopulateOld);
}
vModuleDefPopulateOld.setUserPermList(userPermListOld);
if (groupPermListOld != null && groupPermListNew != null) {
for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
boolean isExist = false;
for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXGroupPerm = this.createXGroupPermission(newVXGroupPerm);
}
}
}
if (userPermListOld != null && userPermListNew != null) {
for (VXUserPermission newVXUserPerm : userPermListNew) {
boolean isExist = false;
for (VXUserPermission oldVXUserPerm : userPermListOld) {
if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
}
isExist = true;
}
}
if (!isExist) {
newVXUserPerm = this.createXUserPermission(newVXUserPerm);
}
}
}
vXModuleDef = xModuleDefService.updateResource(vXModuleDef);
return vXModuleDef;
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXGroupPermission(org.apache.ranger.entity.XXGroupPermission)
ArrayList(java.util.ArrayList)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
XXGroup(org.apache.ranger.entity.XXGroup)
Example 4 with XXUserPermission
use of org.apache.ranger.entity.XXUserPermission in project ranger by apache.
the class XUserMgr method deleteXUser.
public synchronized void deleteXUser(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = xXUserDao.getById(id);
VXUser vXUser = xUserService.populateViewBean(xXUser);
if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
VXPortalUser vXPortalUser = null;
if (xXPortalUser != null) {
vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
}
if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
if (logger.isDebugEnabled()) {
logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
}
restrictSelfAccountDeletion(vXUser.getName().trim());
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
long xXPortalUserId = 0;
xXPortalUserId = vXPortalUser.getId();
XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
logger.warn("Deleting User : " + vXUser.getName());
if (force) {
// delete XXGroupUser mapping
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
xGroupUserDao.remove(groupUser.getId());
}
}
// delete XXPermMap records of user
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
xXPermMapDao.remove(vXPermMap.getId());
}
}
// delete XXAuditMap records of user
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
// delete XXPortalUser references
if (vXPortalUser != null) {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
}
for (XXAuthSession xXAuthSession : xXAuthSessions) {
xXAuthSessionDao.remove(xXAuthSession.getId());
}
for (XXUserPermission xXUserPermission : xXUserPermissions) {
if (xXUserPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
}
xXUserPermissionDao.remove(xXUserPermission.getId());
}
}
for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
if (xXPortalUserRole != null) {
logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
}
}
}
// delete XXPolicyItemUserPerm records of user
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, vXUser.getName(), null);
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
svcStore.updatePolicy(rangerPolicy);
} catch (Throwable excp) {
logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
}
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
if (xXPortalUser != null) {
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
} else {
boolean hasReferences = false;
if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
hasReferences = true;
}
if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
hasReferences = true;
}
if (hasReferences) {
if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xUserService.updateResource(vXUser);
}
} else {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
// delete XXUser entry of user
xXUserDao.remove(id);
// delete XXPortal entry of user
logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
xaBizUtil.createTrxLog(trxLogList);
}
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXUserDao(org.apache.ranger.db.XXUserDao)
XXPolicy(org.apache.ranger.entity.XXPolicy)
XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao)
XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao)
XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao)
XXModuleDef(org.apache.ranger.entity.XXModuleDef)
RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy)
XXPermMapDao(org.apache.ranger.db.XXPermMapDao)
XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole)
XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao)
XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao)
RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)
XXTrxLog(org.apache.ranger.entity.XXTrxLog)
XXAuthSession(org.apache.ranger.entity.XXAuthSession)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)
SearchCriteria(org.apache.ranger.common.SearchCriteria)
XXPortalUser(org.apache.ranger.entity.XXPortalUser)
RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)
XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao)
XXPolicyDao(org.apache.ranger.db.XXPolicyDao)
Example 5 with XXUserPermission
use of org.apache.ranger.entity.XXUserPermission in project ranger by apache.
the class XUserMgr method createOrUpdateUserPermisson.
// Insert or Updating Mapping permissions depending upon roles
public void createOrUpdateUserPermisson(VXPortalUser portalUser, Long moduleId, boolean isCreate) {
VXUserPermission vXUserPermission;
XXUserPermission xUserPermission = daoManager.getXXUserPermission().findByModuleIdAndPortalUserId(portalUser.getId(), moduleId);
if (xUserPermission == null) {
vXUserPermission = new VXUserPermission();
// When Creating XXUserPermission UI sends xUserId, to keep it consistent here xUserId should be used
XXUser xUser = daoManager.getXXUser().findByPortalUserId(portalUser.getId());
if (xUser == null) {
logger.warn("Could not found corresponding xUser for username: [" + portalUser.getLoginId() + "], So not assigning permission to this user");
return;
} else {
vXUserPermission.setUserId(xUser.getId());
}
vXUserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
vXUserPermission.setModuleId(moduleId);
try {
vXUserPermission = this.createXUserPermission(vXUserPermission);
logger.info("Permission assigned to user: [" + vXUserPermission.getUserName() + "] For Module: [" + vXUserPermission.getModuleName() + "]");
} catch (Exception e) {
logger.error("Error while assigning permission to user: [" + portalUser.getLoginId() + "] for module: [" + moduleId + "]", e);
}
} else if (isCreate) {
vXUserPermission = xUserPermissionService.populateViewBean(xUserPermission);
vXUserPermission.setIsAllowed(RangerCommonEnums.IS_ALLOWED);
vXUserPermission = this.updateXUserPermission(vXUserPermission);
logger.info("Permission Updated for user: [" + vXUserPermission.getUserName() + "] For Module: [" + vXUserPermission.getModuleName() + "]");
}
}
Also used :
XXUser(org.apache.ranger.entity.XXUser)
XXUserPermission(org.apache.ranger.entity.XXUserPermission)
Aggregations
XXUserPermission (org.apache.ranger.entity.XXUserPermission)23
ArrayList (java.util.ArrayList)18
XXGroupPermission (org.apache.ranger.entity.XXGroupPermission)14
XXPortalUser (org.apache.ranger.entity.XXPortalUser)14
XXPortalUserRole (org.apache.ranger.entity.XXPortalUserRole)14
XXPortalUserRoleDao (org.apache.ranger.db.XXPortalUserRoleDao)13
Test (org.junit.Test)13
VXPortalUser (org.apache.ranger.view.VXPortalUser)12
VXUserPermission (org.apache.ranger.view.VXUserPermission)12
Date (java.util.Date)11
XXModuleDef (org.apache.ranger.entity.XXModuleDef)11
VXGroupPermission (org.apache.ranger.view.VXGroupPermission)11
XXUserPermissionDao (org.apache.ranger.db.XXUserPermissionDao)10
XXPortalUserDao (org.apache.ranger.db.XXPortalUserDao)9
VXString (org.apache.ranger.view.VXString)9
XXGroupPermissionDao (org.apache.ranger.db.XXGroupPermissionDao)7
XXUser (org.apache.ranger.entity.XXUser)6
XXModuleDefDao (org.apache.ranger.db.XXModuleDefDao)5
VXStringList (org.apache.ranger.view.VXStringList)4
UserSessionBase (org.apache.ranger.common.UserSessionBase)3
