use of org.apache.ranger.view.VXUser in project ranger by apache.
the class TestXUserREST method test19secureUpdateXUser.
@Test
public void test19secureUpdateXUser() {
Boolean val = true;
Mockito.when(bizUtil.checkUserAccessible(vxUser)).thenReturn(val);
Mockito.when(xUserMgr.updateXUser(vxUser)).thenReturn(vxUser);
VXUser gotVXUser = xUserRest.secureUpdateXUser(vxUser);
Mockito.verify(xUserMgr).updateXUser(vxUser);
Mockito.verify(bizUtil).checkUserAccessible(vxUser);
assertNotNull(gotVXUser);
assertEquals(vxUser.getId(), gotVXUser.getId());
assertEquals(vxUser.getName(), gotVXUser.getName());
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class TestXUserREST method test65deleteXUserByUserNametrue.
@Test
public void test65deleteXUserByUserNametrue() {
HttpServletRequest request = Mockito.mock(HttpServletRequest.class);
String TestforceDeleteStr = "false";
boolean forceDelete = true;
Mockito.when(request.getParameter("forceDelete")).thenReturn(TestforceDeleteStr);
VXUser testUser = createVXUser();
Mockito.when(xUserService.getXUserByUserName(testUser.getName())).thenReturn(testUser);
forceDelete = false;
Mockito.doNothing().when(xUserMgr).deleteXUser(testUser.getId(), forceDelete);
xUserRest.deleteXUserByUserName(testUser.getName(), request);
Mockito.verify(xUserMgr).deleteXUser(testUser.getId(), forceDelete);
Mockito.verify(xUserService).getXUserByUserName(testUser.getName());
Mockito.verify(request).getParameter("forceDelete");
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class TestXUserREST method test15createXUser.
@Test
public void test15createXUser() {
Mockito.when(xUserMgr.createXUserWithOutLogin(vxUser)).thenReturn(vxUser);
VXUser gotVXUser = xUserRest.createXUser(vxUser);
Mockito.verify(xUserMgr).createXUserWithOutLogin(vxUser);
assertNotNull(gotVXUser);
assertEquals(vxUser.getId(), gotVXUser.getId());
assertEquals(vxUser.getName(), gotVXUser.getName());
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class ServiceREST method grantAccess.
@POST
@Path("/services/grant/{serviceName}")
@Produces({ "application/json", "application/xml" })
public RESTResponse grantAccess(@PathParam("serviceName") String serviceName, GrantRevokeRequest grantRequest, @Context HttpServletRequest request) throws Exception {
if (LOG.isDebugEnabled()) {
LOG.debug("==> ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + ")");
}
RESTResponse ret = new RESTResponse();
RangerPerfTracer perf = null;
if (grantRequest != null) {
if (serviceUtil.isValidateHttpsAuthentication(serviceName, request)) {
try {
if (RangerPerfTracer.isPerfTraceEnabled(PERF_LOG)) {
perf = RangerPerfTracer.getPerfTracer(PERF_LOG, "ServiceREST.grantAccess(serviceName=" + serviceName + ")");
}
validateGrantRevokeRequest(grantRequest);
String userName = grantRequest.getGrantor();
Set<String> userGroups = CollectionUtils.isNotEmpty(grantRequest.getGrantorGroups()) ? grantRequest.getGrantorGroups() : userMgr.getGroupsForUser(userName);
RangerAccessResource resource = new RangerAccessResourceImpl(StringUtil.toStringObjectMap(grantRequest.getResource()));
VXUser vxUser = xUserService.getXUserByUserName(userName);
if (vxUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || vxUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) {
VXResponse vXResponse = new VXResponse();
vXResponse.setStatusCode(HttpServletResponse.SC_UNAUTHORIZED);
vXResponse.setMsgDesc("Operation" + " denied. LoggedInUser=" + vxUser.getId() + " ,isn't permitted to perform the action.");
throw restErrorUtil.generateRESTException(vXResponse);
}
boolean isAdmin = hasAdminAccess(serviceName, userName, userGroups, resource);
if (!isAdmin) {
throw restErrorUtil.createGrantRevokeRESTException("User doesn't have necessary permission to grant access");
}
RangerPolicy policy = getExactMatchPolicyForResource(serviceName, resource, userName);
if (policy != null) {
boolean policyUpdated = false;
policyUpdated = ServiceRESTUtil.processGrantRequest(policy, grantRequest);
if (policyUpdated) {
svcStore.updatePolicy(policy);
} else {
LOG.error("processGrantRequest processing failed");
throw new Exception("processGrantRequest processing failed");
}
} else {
policy = new RangerPolicy();
policy.setService(serviceName);
// TODO: better policy name
policy.setName("grant-" + System.currentTimeMillis());
policy.setDescription("created by grant");
policy.setIsAuditEnabled(grantRequest.getEnableAudit());
policy.setCreatedBy(userName);
Map<String, RangerPolicyResource> policyResources = new HashMap<String, RangerPolicyResource>();
Set<String> resourceNames = resource.getKeys();
if (!CollectionUtils.isEmpty(resourceNames)) {
for (String resourceName : resourceNames) {
RangerPolicyResource policyResource = new RangerPolicyResource((String) resource.getValue(resourceName));
policyResource.setIsRecursive(grantRequest.getIsRecursive());
policyResources.put(resourceName, policyResource);
}
}
policy.setResources(policyResources);
RangerPolicyItem policyItem = new RangerPolicyItem();
policyItem.setDelegateAdmin(grantRequest.getDelegateAdmin());
policyItem.getUsers().addAll(grantRequest.getUsers());
policyItem.getGroups().addAll(grantRequest.getGroups());
for (String accessType : grantRequest.getAccessTypes()) {
policyItem.getAccesses().add(new RangerPolicyItemAccess(accessType, Boolean.TRUE));
}
policy.getPolicyItems().add(policyItem);
svcStore.createPolicy(policy);
}
} catch (WebApplicationException excp) {
throw excp;
} catch (Throwable excp) {
LOG.error("grantAccess(" + serviceName + ", " + grantRequest + ") failed", excp);
throw restErrorUtil.createRESTException(excp.getMessage());
} finally {
RangerPerfTracer.log(perf);
}
ret.setStatusCode(RESTResponse.STATUS_SUCCESS);
}
}
if (LOG.isDebugEnabled()) {
LOG.debug("<== ServiceREST.grantAccess(" + serviceName + ", " + grantRequest + "): " + ret);
}
return ret;
}
use of org.apache.ranger.view.VXUser in project ranger by apache.
the class XUserService method populateViewBean.
@Override
public VXUser populateViewBean(XXUser xUser) {
VXUser vObj = super.populateViewBean(xUser);
vObj.setIsVisible(xUser.getIsVisible());
String userName = vObj.getName();
populateUserAttributes(userName, vObj);
populateGroupList(xUser.getId(), vObj);
return vObj;
}
Aggregations