Search in sources :

Example 1 with RangerPolicy

use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.

the class ServiceDBStore method searchRangerPolicies.

private RangerPolicyList searchRangerPolicies(SearchFilter searchFilter) {
    List<RangerPolicy> policyList = new ArrayList<RangerPolicy>();
    RangerPolicyList retList = new RangerPolicyList();
    Map<Long, RangerPolicy> policyMap = new HashMap<Long, RangerPolicy>();
    Set<Long> processedServices = new HashSet<Long>();
    Set<Long> processedPolicies = new HashSet<Long>();
    Comparator<RangerPolicy> comparator = new Comparator<RangerPolicy>() {

        public int compare(RangerPolicy c1, RangerPolicy c2) {
            return (int) ((c1.getId()).compareTo(c2.getId()));
        }
    };
    List<XXPolicy> xPolList = (List<XXPolicy>) policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
    if (!CollectionUtils.isEmpty(xPolList)) {
        for (XXPolicy xXPolicy : xPolList) {
            if (!processedServices.contains(xXPolicy.getService())) {
                loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap, searchFilter);
            }
        }
    }
    String userName = searchFilter.getParam("user");
    if (!StringUtils.isEmpty(userName)) {
        searchFilter.removeParam("user");
        Set<String> groupNames = daoMgr.getXXGroupUser().findGroupNamesByUserName(userName);
        if (!CollectionUtils.isEmpty(groupNames)) {
            List<XXPolicy> xPolList2 = null;
            for (String groupName : groupNames) {
                xPolList2 = new ArrayList<XXPolicy>();
                searchFilter.setParam("group", groupName);
                xPolList2 = (List<XXPolicy>) policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
                if (!CollectionUtils.isEmpty(xPolList2)) {
                    for (XXPolicy xPol2 : xPolList2) {
                        if (xPol2 != null) {
                            if (!processedPolicies.contains(xPol2.getId())) {
                                if (!processedServices.contains(xPol2.getService())) {
                                    loadRangerPolicies(xPol2.getService(), processedServices, policyMap, searchFilter);
                                }
                                if (policyMap.containsKey(xPol2.getId())) {
                                    policyList.add(policyMap.get(xPol2.getId()));
                                    processedPolicies.add(xPol2.getId());
                                }
                            }
                        }
                    }
                }
            }
        }
    }
    if (!CollectionUtils.isEmpty(xPolList)) {
        for (XXPolicy xPol : xPolList) {
            if (xPol != null) {
                if (!processedPolicies.contains(xPol.getId())) {
                    if (!processedServices.contains(xPol.getService())) {
                        loadRangerPolicies(xPol.getService(), processedServices, policyMap, searchFilter);
                    }
                    if (policyMap.containsKey(xPol.getId())) {
                        policyList.add(policyMap.get(xPol.getId()));
                        processedPolicies.add(xPol.getId());
                    }
                }
            }
        }
        Collections.sort(policyList, comparator);
    }
    retList.setPolicies(policyList);
    return retList;
}
Also used : LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) VXString(org.apache.ranger.view.VXString) XXPolicy(org.apache.ranger.entity.XXPolicy) Comparator(java.util.Comparator) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerServiceList(org.apache.ranger.view.RangerServiceList) ArrayList(java.util.ArrayList) VXPolicyLabelList(org.apache.ranger.view.VXPolicyLabelList) List(java.util.List) RangerExportPolicyList(org.apache.ranger.view.RangerExportPolicyList) RangerPolicyList(org.apache.ranger.view.RangerPolicyList) RangerServiceDefList(org.apache.ranger.view.RangerServiceDefList) PList(org.apache.ranger.plugin.store.PList) RangerPolicyList(org.apache.ranger.view.RangerPolicyList) LinkedHashSet(java.util.LinkedHashSet) HashSet(java.util.HashSet)

Example 2 with RangerPolicy

use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.

the class ServiceDBStore method getPaginatedServicePolicies.

public PList<RangerPolicy> getPaginatedServicePolicies(String serviceName, SearchFilter filter) throws Exception {
    if (LOG.isDebugEnabled()) {
        LOG.debug("==> ServiceDBStore.getPaginatedServicePolicies(" + serviceName + ")");
    }
    if (filter == null) {
        filter = new SearchFilter();
    }
    filter.setParam(SearchFilter.SERVICE_NAME, serviceName);
    PList<RangerPolicy> ret = getPaginatedPolicies(filter);
    if (LOG.isDebugEnabled()) {
        LOG.debug("<== ServiceDBStore.getPaginatedServicePolicies(" + serviceName + "): count=" + ((ret == null) ? 0 : ret.getListSize()));
    }
    return ret;
}
Also used : RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) SearchFilter(org.apache.ranger.plugin.util.SearchFilter)

Example 3 with RangerPolicy

use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.

the class ServiceDBStore method writeCSV.

private StringBuilder writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse response) {
    response.setContentType("text/csv");
    final String LINE_SEPARATOR = "\n";
    final String FILE_HEADER = "ID|Name|Resources|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|" + "isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name";
    StringBuilder csvBuffer = new StringBuilder();
    csvBuffer.append(FILE_HEADER);
    csvBuffer.append(LINE_SEPARATOR);
    if (!CollectionUtils.isEmpty(policies)) {
        for (RangerPolicy policy : policies) {
            List<RangerPolicyItem> policyItems = policy.getPolicyItems();
            List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
            List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
            List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
            List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
            List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
            XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
            String serviceType = "";
            if (xxservice != null) {
                Long ServiceId = xxservice.getType();
                XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
                if (xxservDef != null) {
                    serviceType = xxservDef.getName();
                }
            }
            if (CollectionUtils.isNotEmpty(policyItems)) {
                for (RangerPolicyItem policyItem : policyItems) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
                }
            } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
                for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
                    writeCSVForPolicyItems(policy, null, dataMaskPolicyItem, null, csvBuffer, null);
                }
            } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
                for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
                    writeCSVForPolicyItems(policy, null, null, rowFilterPolicyItem, csvBuffer, null);
                }
            } else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
                if (CollectionUtils.isEmpty(policyItems)) {
                    RangerPolicyItem policyItem = new RangerPolicyItem();
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
                }
            } else if (CollectionUtils.isEmpty(policyItems)) {
                RangerPolicyItem policyItem = new RangerPolicyItem();
                writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
            }
            if (CollectionUtils.isNotEmpty(allowExceptions)) {
                for (RangerPolicyItem policyItem : allowExceptions) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_EXCLUDE);
                }
            }
            if (CollectionUtils.isNotEmpty(denyExceptions)) {
                for (RangerPolicyItem policyItem : denyExceptions) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_EXCLUDE);
                }
            }
            if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
                for (RangerPolicyItem policyItem : denyPolicyItems) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_INCLUDE);
                }
            }
        }
    }
    response.setHeader("Content-Disposition", "attachment; filename=" + cSVFileName);
    response.setStatus(HttpServletResponse.SC_OK);
    return csvBuffer;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) VXString(org.apache.ranger.view.VXString) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXService(org.apache.ranger.entity.XXService)

Example 4 with RangerPolicy

use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Example 5 with RangerPolicy

use of org.apache.ranger.plugin.model.RangerPolicy in project ranger by apache.

the class XUserMgr method deleteXGroup.

public void deleteXGroup(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXGroupDao xXGroupDao = daoManager.getXXGroup();
    XXGroup xXGroup = xXGroupDao.getById(id);
    VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
    if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
        throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
    }
    if (logger.isDebugEnabled()) {
        logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
    }
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xGroupId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
    List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
    XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
    List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
    logger.warn("Deleting GROUP : " + vXGroup.getName());
    if (force) {
        // delete XXGroupUser records of matching group
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        XXUserDao xXUserDao = daoManager.getXXUser();
        XXUser xXUser = null;
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                xXUser = xXUserDao.getById(groupUser.getUserId());
                if (xXUser != null) {
                    logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
                }
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of matching group
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        XXResourceDao xXResourceDao = daoManager.getXXResource();
        XXResource xXResource = null;
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
                if (xXResource != null) {
                    logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
                }
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of matching group
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXGroupGroupDao records of group-group mapping
        for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
            if (xXGroupGroup != null) {
                XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
                XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
                if (xXGroupParent != null && xXGroupChild != null) {
                    logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
                }
                xXGroupGroupDao.remove(xXGroupGroup.getId());
            }
        }
        // delete XXPolicyItemGroupPerm records of group
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, null, vXGroup.getName());
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
                if (xXGroupPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
                    }
                    xXGroupPermissionDao.remove(xXGroupPermission.getId());
                }
            }
        }
        // delete XXGroup
        xXGroupDao.remove(id);
        // Create XXTrxLog
        List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
        xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            hasReferences = true;
        }
        if (hasReferences) {
            // change visibility to Hidden
            if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
                vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xGroupService.updateResource(vXGroup);
            }
        } else {
            // delete XXGroup
            xXGroupDao.remove(id);
            // Create XXTrxLog
            List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
            xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXModuleDef(org.apache.ranger.entity.XXModuleDef) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao) XXResourceDao(org.apache.ranger.db.XXResourceDao) XXGroupPermission(org.apache.ranger.entity.XXGroupPermission) XXResource(org.apache.ranger.entity.XXResource) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXGroup(org.apache.ranger.entity.XXGroup) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXGroupDao(org.apache.ranger.db.XXGroupDao) XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)

Aggregations

RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)196 ArrayList (java.util.ArrayList)78 Test (org.junit.Test)73 RangerService (org.apache.ranger.plugin.model.RangerService)52 VXString (org.apache.ranger.view.VXString)48 HashMap (java.util.HashMap)38 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)36 RangerPolicyResource (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource)33 SearchFilter (org.apache.ranger.plugin.util.SearchFilter)30 WebApplicationException (javax.ws.rs.WebApplicationException)29 RangerServiceDef (org.apache.ranger.plugin.model.RangerServiceDef)27 RangerPolicyItemAccess (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess)26 Path (javax.ws.rs.Path)23 Produces (javax.ws.rs.Produces)22 RangerPerfTracer (org.apache.ranger.plugin.util.RangerPerfTracer)20 Date (java.util.Date)19 IOException (java.io.IOException)18 XXService (org.apache.ranger.entity.XXService)18 ServicePolicies (org.apache.ranger.plugin.util.ServicePolicies)16 RangerPolicyList (org.apache.ranger.view.RangerPolicyList)15