Search in sources :

Example 1 with RangerRowFilterPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem in project ranger by apache.

the class ServiceDBStore method createNewRowFilterPolicyItemsForPolicy.

private void createNewRowFilterPolicyItemsForPolicy(RangerPolicy policy, XXPolicy xPolicy, List<RangerRowFilterPolicyItem> policyItems, XXServiceDef xServiceDef, int policyItemType) throws Exception {
    if (CollectionUtils.isNotEmpty(policyItems)) {
        for (int itemOrder = 0; itemOrder < policyItems.size(); itemOrder++) {
            RangerRowFilterPolicyItem policyItem = policyItems.get(itemOrder);
            XXPolicyItem xPolicyItem = createNewPolicyItemForPolicy(policy, xPolicy, policyItem, xServiceDef, itemOrder, policyItemType);
            RangerPolicyItemRowFilterInfo dataMaskInfo = policyItem.getRowFilterInfo();
            if (dataMaskInfo != null) {
                XXPolicyItemRowFilterInfo xxRowFilterInfo = new XXPolicyItemRowFilterInfo();
                xxRowFilterInfo.setPolicyItemId(xPolicyItem.getId());
                xxRowFilterInfo.setFilterExpr(dataMaskInfo.getFilterExpr());
                xxRowFilterInfo = daoMgr.getXXPolicyItemRowFilterInfo().create(xxRowFilterInfo);
            }
        }
    }
}
Also used : XXPolicyItem(org.apache.ranger.entity.XXPolicyItem) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) RangerPolicyItemRowFilterInfo(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemRowFilterInfo) XXPolicyItemRowFilterInfo(org.apache.ranger.entity.XXPolicyItemRowFilterInfo)

Example 2 with RangerRowFilterPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem in project ranger by apache.

the class ServiceDBStore method writeCSV.

private StringBuilder writeCSV(List<RangerPolicy> policies, String cSVFileName, HttpServletResponse response) {
    response.setContentType("text/csv");
    final String LINE_SEPARATOR = "\n";
    final String FILE_HEADER = "ID|Name|Resources|Groups|Users|Accesses|Service Type|Status|Policy Type|Delegate Admin|isRecursive|" + "isExcludes|Service Name|Description|isAuditEnabled|Policy Conditions|Policy Condition Type|Masking Options|Row Filter Expr|Policy Label Name";
    StringBuilder csvBuffer = new StringBuilder();
    csvBuffer.append(FILE_HEADER);
    csvBuffer.append(LINE_SEPARATOR);
    if (!CollectionUtils.isEmpty(policies)) {
        for (RangerPolicy policy : policies) {
            List<RangerPolicyItem> policyItems = policy.getPolicyItems();
            List<RangerRowFilterPolicyItem> rowFilterPolicyItems = policy.getRowFilterPolicyItems();
            List<RangerDataMaskPolicyItem> dataMaskPolicyItems = policy.getDataMaskPolicyItems();
            List<RangerPolicyItem> allowExceptions = policy.getAllowExceptions();
            List<RangerPolicyItem> denyExceptions = policy.getDenyExceptions();
            List<RangerPolicyItem> denyPolicyItems = policy.getDenyPolicyItems();
            XXService xxservice = daoMgr.getXXService().findByName(policy.getService());
            String serviceType = "";
            if (xxservice != null) {
                Long ServiceId = xxservice.getType();
                XXServiceDef xxservDef = daoMgr.getXXServiceDef().getById(ServiceId);
                if (xxservDef != null) {
                    serviceType = xxservDef.getName();
                }
            }
            if (CollectionUtils.isNotEmpty(policyItems)) {
                for (RangerPolicyItem policyItem : policyItems) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
                }
            } else if (CollectionUtils.isNotEmpty(dataMaskPolicyItems)) {
                for (RangerDataMaskPolicyItem dataMaskPolicyItem : dataMaskPolicyItems) {
                    writeCSVForPolicyItems(policy, null, dataMaskPolicyItem, null, csvBuffer, null);
                }
            } else if (CollectionUtils.isNotEmpty(rowFilterPolicyItems)) {
                for (RangerRowFilterPolicyItem rowFilterPolicyItem : rowFilterPolicyItems) {
                    writeCSVForPolicyItems(policy, null, null, rowFilterPolicyItem, csvBuffer, null);
                }
            } else if (serviceType.equalsIgnoreCase(EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_TAG_NAME)) {
                if (CollectionUtils.isEmpty(policyItems)) {
                    RangerPolicyItem policyItem = new RangerPolicyItem();
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
                }
            } else if (CollectionUtils.isEmpty(policyItems)) {
                RangerPolicyItem policyItem = new RangerPolicyItem();
                writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_INCLUDE);
            }
            if (CollectionUtils.isNotEmpty(allowExceptions)) {
                for (RangerPolicyItem policyItem : allowExceptions) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_ALLOW_EXCLUDE);
                }
            }
            if (CollectionUtils.isNotEmpty(denyExceptions)) {
                for (RangerPolicyItem policyItem : denyExceptions) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_EXCLUDE);
                }
            }
            if (CollectionUtils.isNotEmpty(denyPolicyItems)) {
                for (RangerPolicyItem policyItem : denyPolicyItems) {
                    writeCSVForPolicyItems(policy, policyItem, null, null, csvBuffer, POLICY_DENY_INCLUDE);
                }
            }
        }
    }
    response.setHeader("Content-Disposition", "attachment; filename=" + cSVFileName);
    response.setStatus(HttpServletResponse.SC_OK);
    return csvBuffer;
}
Also used : XXServiceDef(org.apache.ranger.entity.XXServiceDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) VXString(org.apache.ranger.view.VXString) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) XXService(org.apache.ranger.entity.XXService)

Example 3 with RangerRowFilterPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem in project ranger by apache.

the class XUserMgr method deleteXUser.

public synchronized void deleteXUser(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXUserDao xXUserDao = daoManager.getXXUser();
    XXUser xXUser = xXUserDao.getById(id);
    VXUser vXUser = xUserService.populateViewBean(xXUser);
    if (vXUser == null || StringUtil.isEmpty(vXUser.getName())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
    XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
    VXPortalUser vXPortalUser = null;
    if (xXPortalUser != null) {
        vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
    }
    if (vXPortalUser == null || StringUtil.isEmpty(vXPortalUser.getLoginId())) {
        throw restErrorUtil.createRESTException("No user found with id=" + id);
    }
    if (logger.isDebugEnabled()) {
        logger.debug("Force delete status=" + force + " for user=" + vXUser.getName());
    }
    restrictSelfAccountDeletion(vXUser.getName().trim());
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xUserId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("userId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    long xXPortalUserId = 0;
    xXPortalUserId = vXPortalUser.getId();
    XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
    XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
    XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
    List<XXAuthSession> xXAuthSessions = xXAuthSessionDao.getAuthSessionByUserId(xXPortalUserId);
    List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
    List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
    logger.warn("Deleting User : " + vXUser.getName());
    if (force) {
        // delete XXGroupUser mapping
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                logger.warn("Removing user '" + vXUser.getName() + "' from group '" + groupUser.getName() + "'");
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of user
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for user '" + vXPermMap.getUserName() + "'");
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of user
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXPortalUser references
        if (vXPortalUser != null) {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            if (xXAuthSessions != null && xXAuthSessions.size() > 0) {
                logger.warn("Deleting " + xXAuthSessions.size() + " login session records for user '" + vXPortalUser.getLoginId() + "'");
            }
            for (XXAuthSession xXAuthSession : xXAuthSessions) {
                xXAuthSessionDao.remove(xXAuthSession.getId());
            }
            for (XXUserPermission xXUserPermission : xXUserPermissions) {
                if (xXUserPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for user '" + vXPortalUser.getLoginId() + "'");
                    }
                    xXUserPermissionDao.remove(xXUserPermission.getId());
                }
            }
            for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
                if (xXPortalUserRole != null) {
                    logger.warn("Deleting '" + xXPortalUserRole.getUserRole() + "' role for user '" + vXPortalUser.getLoginId() + "'");
                    xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
                }
            }
        }
        // delete XXPolicyItemUserPerm records of user
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, vXUser.getName(), null);
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                throw restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        // delete XXUser entry of user
        xXUserDao.remove(id);
        // delete XXPortal entry of user
        logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
        xXPortalUserDao.remove(xXPortalUserId);
        List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
        xaBizUtil.createTrxLog(trxLogList);
        if (xXPortalUser != null) {
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPolicyList != null && xXPolicyList.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXAuthSessions != null && xXAuthSessions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXUserPermissions != null && xXUserPermissions.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && xXPortalUserRoles != null && xXPortalUserRoles.size() > 0) {
            hasReferences = true;
        }
        if (hasReferences) {
            if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
                logger.info("Updating visibility of user '" + vXUser.getName() + "' to Hidden!");
                vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xUserService.updateResource(vXUser);
            }
        } else {
            xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
            // delete XXUser entry of user
            xXUserDao.remove(id);
            // delete XXPortal entry of user
            logger.warn("Deleting Portal User : " + vXPortalUser.getLoginId());
            xXPortalUserDao.remove(xXPortalUserId);
            List<XXTrxLog> trxLogList = xUserService.getTransactionLog(xUserService.populateViewBean(xXUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
            trxLogList = xPortalUserService.getTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), "delete");
            xaBizUtil.createTrxLog(trxLogList);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXAuthSessionDao(org.apache.ranger.db.XXAuthSessionDao) XXPortalUserRoleDao(org.apache.ranger.db.XXPortalUserRoleDao) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) XXModuleDef(org.apache.ranger.entity.XXModuleDef) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXPortalUserRole(org.apache.ranger.entity.XXPortalUserRole) XXUserPermissionDao(org.apache.ranger.db.XXUserPermissionDao) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) XXAuthSession(org.apache.ranger.entity.XXAuthSession) XXUserPermission(org.apache.ranger.entity.XXUserPermission) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXPortalUser(org.apache.ranger.entity.XXPortalUser) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPortalUserDao(org.apache.ranger.db.XXPortalUserDao) XXPolicyDao(org.apache.ranger.db.XXPolicyDao)

Example 4 with RangerRowFilterPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem in project ranger by apache.

the class XUserMgr method deleteXGroup.

public void deleteXGroup(Long id, boolean force) {
    checkAdminAccess();
    xaBizUtil.blockAuditorRoleUser();
    XXGroupDao xXGroupDao = daoManager.getXXGroup();
    XXGroup xXGroup = xXGroupDao.getById(id);
    VXGroup vXGroup = xGroupService.populateViewBean(xXGroup);
    if (vXGroup == null || StringUtil.isEmpty(vXGroup.getName())) {
        throw restErrorUtil.createRESTException("Group ID doesn't exist.", MessageEnums.INVALID_INPUT_DATA);
    }
    if (logger.isDebugEnabled()) {
        logger.info("Force delete status=" + force + " for group=" + vXGroup.getName());
    }
    SearchCriteria searchCriteria = new SearchCriteria();
    searchCriteria.addParam("xGroupId", id);
    VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
    searchCriteria = new SearchCriteria();
    searchCriteria.addParam("groupId", id);
    VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
    XXGroupPermissionDao xXGroupPermissionDao = daoManager.getXXGroupPermission();
    List<XXGroupPermission> xXGroupPermissions = xXGroupPermissionDao.findByGroupId(id);
    XXGroupGroupDao xXGroupGroupDao = daoManager.getXXGroupGroup();
    List<XXGroupGroup> xXGroupGroups = xXGroupGroupDao.findByGroupId(id);
    XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
    List<XXPolicy> xXPolicyList = xXPolicyDao.findByGroupId(id);
    logger.warn("Deleting GROUP : " + vXGroup.getName());
    if (force) {
        // delete XXGroupUser records of matching group
        XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
        XXUserDao xXUserDao = daoManager.getXXUser();
        XXUser xXUser = null;
        for (VXGroupUser groupUser : vxGroupUserList.getList()) {
            if (groupUser != null) {
                xXUser = xXUserDao.getById(groupUser.getUserId());
                if (xXUser != null) {
                    logger.warn("Removing user '" + xXUser.getName() + "' from group '" + groupUser.getName() + "'");
                }
                xGroupUserDao.remove(groupUser.getId());
            }
        }
        // delete XXPermMap records of matching group
        XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
        XXResourceDao xXResourceDao = daoManager.getXXResource();
        XXResource xXResource = null;
        for (VXPermMap vXPermMap : vXPermMapList.getList()) {
            if (vXPermMap != null) {
                xXResource = xXResourceDao.getById(vXPermMap.getResourceId());
                if (xXResource != null) {
                    logger.warn("Deleting '" + AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()) + "' permission from policy ID='" + vXPermMap.getResourceId() + "' for group '" + vXPermMap.getGroupName() + "'");
                }
                xXPermMapDao.remove(vXPermMap.getId());
            }
        }
        // delete XXAuditMap records of matching group
        XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
        for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
            if (vXAuditMap != null) {
                xXResource = xXResourceDao.getById(vXAuditMap.getResourceId());
                xXAuditMapDao.remove(vXAuditMap.getId());
            }
        }
        // delete XXGroupGroupDao records of group-group mapping
        for (XXGroupGroup xXGroupGroup : xXGroupGroups) {
            if (xXGroupGroup != null) {
                XXGroup xXGroupParent = xXGroupDao.getById(xXGroupGroup.getParentGroupId());
                XXGroup xXGroupChild = xXGroupDao.getById(xXGroupGroup.getGroupId());
                if (xXGroupParent != null && xXGroupChild != null) {
                    logger.warn("Removing group '" + xXGroupChild.getName() + "' from group '" + xXGroupParent.getName() + "'");
                }
                xXGroupGroupDao.remove(xXGroupGroup.getId());
            }
        }
        // delete XXPolicyItemGroupPerm records of group
        for (XXPolicy xXPolicy : xXPolicyList) {
            RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
            List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
            removeUserGroupReferences(policyItems, null, vXGroup.getName());
            rangerPolicy.setPolicyItems(policyItems);
            List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
            removeUserGroupReferences(denyPolicyItems, null, vXGroup.getName());
            rangerPolicy.setDenyPolicyItems(denyPolicyItems);
            List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
            removeUserGroupReferences(allowExceptions, null, vXGroup.getName());
            rangerPolicy.setAllowExceptions(allowExceptions);
            List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
            removeUserGroupReferences(denyExceptions, null, vXGroup.getName());
            rangerPolicy.setDenyExceptions(denyExceptions);
            List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
            removeUserGroupReferences(dataMaskItems, null, vXGroup.getName());
            rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
            List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
            removeUserGroupReferences(rowFilterItems, null, vXGroup.getName());
            rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
            try {
                svcStore.updatePolicy(rangerPolicy);
            } catch (Throwable excp) {
                logger.error("updatePolicy(" + rangerPolicy + ") failed", excp);
                restErrorUtil.createRESTException(excp.getMessage());
            }
        }
        if (CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            for (XXGroupPermission xXGroupPermission : xXGroupPermissions) {
                if (xXGroupPermission != null) {
                    XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXGroupPermission.getModuleId());
                    if (xXModuleDef != null) {
                        logger.warn("Deleting '" + xXModuleDef.getModule() + "' module permission for group '" + xXGroup.getName() + "'");
                    }
                    xXGroupPermissionDao.remove(xXGroupPermission.getId());
                }
            }
        }
        // delete XXGroup
        xXGroupDao.remove(id);
        // Create XXTrxLog
        List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
        xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
    } else {
        boolean hasReferences = false;
        if (vxGroupUserList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXPolicyList)) {
            hasReferences = true;
        }
        if (hasReferences == false && vXPermMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && vXAuditMapList.getListSize() > 0) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupGroups)) {
            hasReferences = true;
        }
        if (hasReferences == false && CollectionUtils.isNotEmpty(xXGroupPermissions)) {
            hasReferences = true;
        }
        if (hasReferences) {
            // change visibility to Hidden
            if (vXGroup.getIsVisible() == RangerCommonEnums.IS_VISIBLE) {
                vXGroup.setIsVisible(RangerCommonEnums.IS_HIDDEN);
                xGroupService.updateResource(vXGroup);
            }
        } else {
            // delete XXGroup
            xXGroupDao.remove(id);
            // Create XXTrxLog
            List<XXTrxLog> xXTrxLogsXXGroup = xGroupService.getTransactionLog(xGroupService.populateViewBean(xXGroup), "delete");
            xaBizUtil.createTrxLog(xXTrxLogsXXGroup);
        }
    }
}
Also used : XXUser(org.apache.ranger.entity.XXUser) XXGroupPermissionDao(org.apache.ranger.db.XXGroupPermissionDao) XXUserDao(org.apache.ranger.db.XXUserDao) XXPolicy(org.apache.ranger.entity.XXPolicy) XXGroupUserDao(org.apache.ranger.db.XXGroupUserDao) RangerPolicy(org.apache.ranger.plugin.model.RangerPolicy) XXModuleDef(org.apache.ranger.entity.XXModuleDef) XXPermMapDao(org.apache.ranger.db.XXPermMapDao) XXGroupGroupDao(org.apache.ranger.db.XXGroupGroupDao) XXResourceDao(org.apache.ranger.db.XXResourceDao) XXGroupPermission(org.apache.ranger.entity.XXGroupPermission) XXResource(org.apache.ranger.entity.XXResource) XXAuditMapDao(org.apache.ranger.db.XXAuditMapDao) RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem) XXTrxLog(org.apache.ranger.entity.XXTrxLog) RangerPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem) SearchCriteria(org.apache.ranger.common.SearchCriteria) XXGroup(org.apache.ranger.entity.XXGroup) RangerDataMaskPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem) XXPolicyDao(org.apache.ranger.db.XXPolicyDao) XXGroupDao(org.apache.ranger.db.XXGroupDao) XXGroupGroup(org.apache.ranger.entity.XXGroupGroup)

Example 5 with RangerRowFilterPolicyItem

use of org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem in project ranger by apache.

the class RangerDefaultPolicyEvaluator method createRowFilterPolicyItemEvaluators.

private List<RangerRowFilterPolicyItemEvaluator> createRowFilterPolicyItemEvaluators(RangerPolicy policy, RangerServiceDef serviceDef, RangerPolicyEngineOptions options, List<RangerRowFilterPolicyItem> policyItems) {
    List<RangerRowFilterPolicyItemEvaluator> ret = null;
    if (CollectionUtils.isNotEmpty(policyItems)) {
        ret = new ArrayList<>();
        int policyItemCounter = 1;
        for (RangerRowFilterPolicyItem policyItem : policyItems) {
            RangerRowFilterPolicyItemEvaluator itemEvaluator = new RangerDefaultRowFilterPolicyItemEvaluator(serviceDef, policy, policyItem, policyItemCounter++, options);
            itemEvaluator.init();
            ret.add(itemEvaluator);
            if (CollectionUtils.isNotEmpty(itemEvaluator.getConditionEvaluators())) {
                customConditionsCount += itemEvaluator.getConditionEvaluators().size();
            }
        }
    } else {
        ret = Collections.<RangerRowFilterPolicyItemEvaluator>emptyList();
    }
    return ret;
}
Also used : RangerRowFilterPolicyItem(org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)

Aggregations

RangerRowFilterPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerRowFilterPolicyItem)10 RangerDataMaskPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerDataMaskPolicyItem)7 RangerPolicy (org.apache.ranger.plugin.model.RangerPolicy)6 RangerPolicyItem (org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem)6 IOException (java.io.IOException)4 XXPolicy (org.apache.ranger.entity.XXPolicy)4 XXServiceDef (org.apache.ranger.entity.XXServiceDef)4 XXTrxLog (org.apache.ranger.entity.XXTrxLog)4 UnknownHostException (java.net.UnknownHostException)3 VXString (org.apache.ranger.view.VXString)3 JSONException (org.codehaus.jettison.json.JSONException)3 SearchCriteria (org.apache.ranger.common.SearchCriteria)2 XXAuditMapDao (org.apache.ranger.db.XXAuditMapDao)2 XXGroupUserDao (org.apache.ranger.db.XXGroupUserDao)2 XXPermMapDao (org.apache.ranger.db.XXPermMapDao)2 XXPolicyDao (org.apache.ranger.db.XXPolicyDao)2 XXUserDao (org.apache.ranger.db.XXUserDao)2 XXModuleDef (org.apache.ranger.entity.XXModuleDef)2 XXService (org.apache.ranger.entity.XXService)2 XXUser (org.apache.ranger.entity.XXUser)2