This is an automated email from the ASF dual-hosted git repository.
spolavarapu pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new f30fa46 RANGER-2585: Incorporated review comments
f30fa46 is described below
commit f30fa46d4046a69451ffd6a2b77a0d9a333cdfad
Author: Sailaja Polavarapu <spolavar...@cloudera.com>
AuthorDate: Mon Sep 23 10:33:59 2019 -0700
RANGER-2585: Incorporated review comments
---
.../hive/authorizer/RangerHiveAuthorizer.java | 2 ++
.../apache/ranger/common/db/JPABeanCallbacks.java | 31 +++++++++++++---------
.../main/java/org/apache/ranger/rest/RoleREST.java | 2 ++
.../apache/ranger/service/RangerRoleService.java | 21 +++++++++++++++
4 files changed, 43 insertions(+), 13 deletions(-)
diff --git
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
index 0c5449d..f10bde4 100644
---
a/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
+++
b/hive-agent/src/main/java/org/apache/ranger/authorization/hive/authorizer/RangerHiveAuthorizer.java
@@ -166,6 +166,8 @@ public class RangerHiveAuthorizer extends
RangerHiveAuthorizerBase {
RangerRole role = new RangerRole();
role.setName(roleName);
role.setCreatedByUser(currentUserName);
+ role.setCreatedBy(currentUserName);
+ role.setUpdatedBy(currentUserName);
//Add grantor as the member to this role with grant
option.
RangerRole.RoleMember userMember = new
RangerRole.RoleMember(currentUserName, true);
List<RangerRole.RoleMember> userMemberList = new
ArrayList<>();
diff --git
a/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java
b/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java
index 226c060..86df95d 100644
---
a/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java
+++
b/security-admin/src/main/java/org/apache/ranger/common/db/JPABeanCallbacks.java
@@ -39,24 +39,29 @@ public class JPABeanCallbacks {
XXDBBase entity = (XXDBBase) o;
entity.setUpdateTime(DateUtil.getUTCDate());
+ if (entity.getAddedByUserId() == null ||
entity.getAddedByUserId() == 0) {
- RangerSecurityContext context =
RangerContextHolder
- .getSecurityContext();
- if (context != null) {
- UserSessionBase userSession =
context.getUserSession();
- if (userSession != null) {
-
entity.setAddedByUserId(userSession.getUserId());
-
entity.setUpdatedByUserId(userSession
- .getUserId());
+ if (logger.isDebugEnabled()) {
+ logger.debug("AddedByUserId is
null or 0 and hence getting it from userSession for " + entity.getId());
+ }
+ RangerSecurityContext context =
RangerContextHolder
+ .getSecurityContext();
+ if (context != null) {
+ UserSessionBase userSession =
context.getUserSession();
+ if (userSession != null) {
+
entity.setAddedByUserId(userSession.getUserId());
+
entity.setUpdatedByUserId(userSession
+
.getUserId());
+ } else {
+ if
(logger.isDebugEnabled()) {
+
logger.debug("User session not found for this request. Identity of originator
of this change cannot be recorded");
+ }
+ }
} else {
if (logger.isDebugEnabled()) {
- logger.debug("User
session not found for this request. Identity of originator of this change
cannot be recorded");
+ logger.debug("Security
context not found for this request. Identity of originator of this change
cannot be recorded");
}
}
- } else {
- if (logger.isDebugEnabled()) {
- logger.debug("Security context
not found for this request. Identity of originator of this change cannot be
recorded");
- }
}
}
} catch (Throwable t) {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 25fb085..4af768a 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -548,6 +548,7 @@ public class RoleREST {
throw restErrorUtil.createRESTException("User doesn't have
permissions to grant role " + roleName);
}
+ existingRole.setUpdatedBy(userName);
addUsersGroupsAndRoles(existingRole,
grantRoleRequest.getUsers(), grantRoleRequest.getGroups(),
grantRoleRequest.getRoles(), grantRoleRequest.getGrantOption());
}
} catch(WebApplicationException excp) {
@@ -601,6 +602,7 @@ public class RoleREST {
if (existingRole == null) {
throw restErrorUtil.createRESTException("User doesn't have
permissions to revoke role " + roleName);
}
+ existingRole.setUpdatedBy(userName);
if (revokeRoleRequest.getGrantOption()) {
removeAdminFromUsersGroupsAndRoles(existingRole,
revokeRoleRequest.getUsers(), revokeRoleRequest.getGroups(),
revokeRoleRequest.getRoles());
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java
b/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java
index ca4407b..8857afd 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/RangerRoleService.java
@@ -34,6 +34,7 @@ import org.apache.ranger.biz.ServiceDBStore;
import org.apache.ranger.common.AppConstants;
import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.view.VTrxLogAttr;
+import org.apache.ranger.entity.XXPortalUser;
import org.apache.ranger.entity.XXRole;
import org.apache.ranger.entity.XXTrxLog;
import org.apache.ranger.entity.XXUser;
@@ -150,6 +151,20 @@ public class RangerRoleService extends
RangerRoleServiceBase<XXRole, RangerRole>
xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_ROLE);
xTrxLog.setObjectName(objectName);
+ if(!StringUtils.isNotBlank(current.getCreatedByUser())){
+ if (logger.isDebugEnabled()) {
+ logger.debug("Created User = " +
current.getCreatedByUser());
+ }
+ XXPortalUser xXPortalUser =
daoMgr.getXXPortalUser().findByLoginId(current.getCreatedByUser());
+ if(xXPortalUser != null){
+ if (logger.isDebugEnabled()) {
+ logger.debug("User Id for " +
current.getCreatedByUser() + " = " + xXPortalUser.getId());
+ }
+ xTrxLog.setAddedByUserId(xXPortalUser.getId());
+ xTrxLog.setUpdatedByUserId(xXPortalUser.getId());
+ }
+ }
+
String value;
if (vTrxLogAttr.isEnum()) {
String enumName = XXUser.getEnumName(fieldName);
@@ -221,8 +236,14 @@ public class RangerRoleService extends
RangerRoleServiceBase<XXRole, RangerRole>
xTrxLog.setNewValue(value);
trxLogList.add(xTrxLog);
}
+ if(logger.isDebugEnabled()) {
+ logger.debug("AddedByUserId for " +
xTrxLog.getObjectName() + " = " + xTrxLog.getAddedByUserId());
+ }
}
if (trxLogList.isEmpty()) {
+ if(logger.isDebugEnabled()) {
+ logger.debug("trxLogList is empty!!");
+ }
XXTrxLog xTrxLog = new XXTrxLog();
xTrxLog.setAction(action);
xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_RANGER_ROLE);
