This is an automated email from the ASF dual-hosted git repository. spolavarapu pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new f30fa46 RANGER-2585: Incorporated review comments f30fa46 is described below commit f30fa46d4046a69451ffd6a2b77a0d9a333cdfad Author: Sailaja Polavarapu <spolavar...@cloudera.com> AuthorDate: Mon Sep 23 10:33:59 2019 -0700 RANGER-2585: Incorporated review comments --- .../hive/authorizer/RangerHiveAuthorizer.java | 2 ++ .../apache/ranger/common/db/JPABeanCallbacks.java | 31 +++++++++++++--------- .../main/java/org/apache/ranger/rest/RoleREST.java | 2 ++ .../apache/ranger/service/RangerRoleService.java | 21 +++++++++++++++ 4 files changed, 43 insertions(+), 13 deletions(-) diff --git a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java index 0c5449d..f10bde4 100644 --- a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java +++ b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java @@ -166,6 +166,8 @@ public class RangerHiveAuthorizer extends RangerHiveAuthorizerBase { RangerRole role = new RangerRole(); role.setName(roleName); role.setCreatedByUser(currentUserName); + role.setCreatedBy(currentUserName); + role.setUpdatedBy(currentUserName); //Add grantor as the member to this role with grant option. RangerRole.RoleMember userMember = new RangerRole.RoleMember(currentUserName, true); List<RangerRole.RoleMember> userMemberList = new ArrayList<>(); diff --git a/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java b/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java index 226c060..86df95d 100644 --- a/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java +++ b/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java @@ -39,24 +39,29 @@ public class JPABeanCallbacks { XXDBBase entity = (XXDBBase) o; entity.setUpdateTime(DateUtil.getUTCDate()); + if (entity.getAddedByUserId() == null || entity.getAddedByUserId() == 0) { - RangerSecurityContext context = RangerContextHolder - .getSecurityContext(); - if (context != null) { - UserSessionBase userSession = context.getUserSession(); - if (userSession != null) { - entity.setAddedByUserId(userSession.getUserId()); - entity.setUpdatedByUserId(userSession - .getUserId()); + if (logger.isDebugEnabled()) { + logger.debug("AddedByUserId is null or 0 and hence getting it from userSession for " + entity.getId()); + } + RangerSecurityContext context = RangerContextHolder + .getSecurityContext(); + if (context != null) { + UserSessionBase userSession = context.getUserSession(); + if (userSession != null) { + entity.setAddedByUserId(userSession.getUserId()); + entity.setUpdatedByUserId(userSession + .getUserId()); + } else { + if (logger.isDebugEnabled()) { + logger.debug("User session not found for this request. Identity of originator of this change cannot be recorded"); + } + } } else { if (logger.isDebugEnabled()) { - logger.debug("User session not found for this request. Identity of originator of this change cannot be recorded"); + logger.debug("Security context not found for this request. Identity of originator of this change cannot be recorded"); } } - } else { - if (logger.isDebugEnabled()) { - logger.debug("Security context not found for this request. Identity of originator of this change cannot be recorded"); - } } } } catch (Throwable t) { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 25fb085..4af768a 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -548,6 +548,7 @@ public class RoleREST { throw restErrorUtil.createRESTException("User doesn't have permissions to grant role " + roleName); } + existingRole.setUpdatedBy(userName); addUsersGroupsAndRoles(existingRole, grantRoleRequest.getUsers(), grantRoleRequest.getGroups(), grantRoleRequest.getRoles(), grantRoleRequest.getGrantOption()); } } catch(WebApplicationException excp) { @@ -601,6 +602,7 @@ public class RoleREST { if (existingRole == null) { throw restErrorUtil.createRESTException("User doesn't have permissions to revoke role " + roleName); } + existingRole.setUpdatedBy(userName); if (revokeRoleRequest.getGrantOption()) { removeAdminFromUsersGroupsAndRoles(existingRole, revokeRoleRequest.getUsers(), revokeRoleRequest.getGroups(), revokeRoleRequest.getRoles()); diff --git a/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java b/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java index ca4407b..8857afd 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java @@ -34,6 +34,7 @@ import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.common.AppConstants; import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.view.VTrxLogAttr; +import org.apache.ranger.entity.XXPortalUser; import org.apache.ranger.entity.XXRole; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.entity.XXUser; @@ -150,6 +151,20 @@ public class RangerRoleService extends RangerRoleServiceBase<XXRole, RangerRole> xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_ROLE); xTrxLog.setObjectName(objectName); + if(!StringUtils.isNotBlank(current.getCreatedByUser())){ + if (logger.isDebugEnabled()) { + logger.debug("Created User = " + current.getCreatedByUser()); + } + XXPortalUser xXPortalUser = daoMgr.getXXPortalUser().findByLoginId(current.getCreatedByUser()); + if(xXPortalUser != null){ + if (logger.isDebugEnabled()) { + logger.debug("User Id for " + current.getCreatedByUser() + " = " + xXPortalUser.getId()); + } + xTrxLog.setAddedByUserId(xXPortalUser.getId()); + xTrxLog.setUpdatedByUserId(xXPortalUser.getId()); + } + } + String value; if (vTrxLogAttr.isEnum()) { String enumName = XXUser.getEnumName(fieldName); @@ -221,8 +236,14 @@ public class RangerRoleService extends RangerRoleServiceBase<XXRole, RangerRole> xTrxLog.setNewValue(value); trxLogList.add(xTrxLog); } + if(logger.isDebugEnabled()) { + logger.debug("AddedByUserId for " + xTrxLog.getObjectName() + " = " + xTrxLog.getAddedByUserId()); + } } if (trxLogList.isEmpty()) { + if(logger.isDebugEnabled()) { + logger.debug("trxLogList is empty!!"); + } XXTrxLog xTrxLog = new XXTrxLog(); xTrxLog.setAction(action); xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_ROLE);