This is an automated email from the ASF dual-hosted git repository. pradeep pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push: new b61ed9f RANGER-3502: Make GET zone APIs accessible to authorized users only b61ed9f is described below commit b61ed9f7ac3c7a0c07056cba21d8c9440b05d28a Author: Kishor Gollapalliwar <kishor.gollapalli...@gmail.com> AuthorDate: Mon Dec 6 17:49:53 2021 +0530 RANGER-3502: Make GET zone APIs accessible to authorized users only Signed-off-by: pradeep <prad...@apache.org> --- .../plugin/model/RangerSecurityZoneHeaderInfo.java | 55 +++++++++++++ .../plugin/model/RangerServiceHeaderInfo.java | 67 ++++++++++++++++ .../org/apache/ranger/biz/SecurityZoneDBStore.java | 14 ++++ .../org/apache/ranger/db/XXSecurityZoneDao.java | 15 ++++ .../ranger/db/XXSecurityZoneRefServiceDao.java | 21 +++++ .../ranger/db/XXSecurityZoneRefTagServiceDao.java | 21 +++++ .../java/org/apache/ranger/rest/PublicAPIsv2.java | 75 +++++++++++++++++- .../org/apache/ranger/rest/SecurityZoneREST.java | 56 ++++++++----- .../main/resources/META-INF/jpa_named_queries.xml | 20 ++++- .../main/webapp/scripts/controllers/Controller.js | 5 +- .../webapp/scripts/views/UploadServicePolicy.js | 83 ++++++++++--------- .../scripts/views/policymanager/ServiceLayout.js | 67 +++++++++------- .../views/policymanager/ServiceLayoutSidebar.js | 92 +++++++++++----------- .../webapp/scripts/views/reports/AuditLayout.js | 15 ++-- .../scripts/views/reports/UserAccessLayout.js | 9 ++- .../org/apache/ranger/rest/TestPublicAPIsv2.java | 68 +++++++++++++++- .../apache/ranger/rest/TestSecurityZoneREST.java | 28 ++++++- 17 files changed, 557 insertions(+), 154 deletions(-) diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java new file mode 100644 index 0000000..e9d6b1b --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerSecurityZoneHeaderInfo.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.plugin.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerSecurityZoneHeaderInfo extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + private String name; + + public RangerSecurityZoneHeaderInfo() { + super(); + setId(-1L); + setName(""); + } + + public RangerSecurityZoneHeaderInfo(Long id, String name) { + super(); + setId(id); + setName(name); + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } +} \ No newline at end of file diff --git a/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java new file mode 100644 index 0000000..4343f6f --- /dev/null +++ b/agents-common/src/main/java/org/apache/ranger/plugin/model/RangerServiceHeaderInfo.java @@ -0,0 +1,67 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.plugin.model; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlRootElement; + +import org.codehaus.jackson.annotate.JsonAutoDetect; +import org.codehaus.jackson.annotate.JsonAutoDetect.Visibility; +import org.codehaus.jackson.map.annotate.JsonSerialize; + +@JsonAutoDetect(getterVisibility = Visibility.NONE, setterVisibility = Visibility.NONE, fieldVisibility = Visibility.ANY) +@JsonSerialize(include = JsonSerialize.Inclusion.NON_NULL) +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class RangerServiceHeaderInfo extends RangerBaseModelObject implements java.io.Serializable { + private static final long serialVersionUID = 1L; + + private String name; + private Boolean isTagService; + + public RangerServiceHeaderInfo() { + super(); + setId(-1L); + setName(""); + setIsTagService(false); + } + + public RangerServiceHeaderInfo(Long id, String name, boolean isTagService) { + super(); + setId(id); + setName(name); + setIsTagService(isTagService); + } + + public String getName() { + return name; + } + + public void setName(String name) { + this.name = name; + } + + public Boolean getIsTagService() { + return isTagService; + } + + public void setIsTagService(Boolean isTagService) { + this.isTagService = isTagService; + } +} \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java index 12ad7e6..0c2e42c 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java @@ -33,6 +33,8 @@ import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXSecurityZone; import org.apache.ranger.entity.XXTrxLog; import org.apache.ranger.plugin.model.RangerSecurityZone; +import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; import org.apache.ranger.plugin.store.AbstractPredicateUtil; import org.apache.ranger.plugin.store.SecurityZonePredicateUtil; import org.apache.ranger.plugin.store.SecurityZoneStore; @@ -216,4 +218,16 @@ public class SecurityZoneDBStore implements SecurityZoneStore { return ret; } + + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() { + return daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos(); + } + + public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId) { + List<RangerServiceHeaderInfo> services = daoMgr.getXXSecurityZoneRefService().findServiceHeaderInfosByZoneId(zoneId); + List<RangerServiceHeaderInfo> tagServices = daoMgr.getXXSecurityZoneRefTagService().findServiceHeaderInfosByZoneId(zoneId); + services.addAll(tagServices); + + return services; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java index 46ff16f..5f73b64 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java @@ -20,8 +20,12 @@ package org.apache.ranger.db; import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXSecurityZone; +import org.apache.ranger.plugin.model.RangerSecurityZone; +import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; import org.springframework.stereotype.Service; import javax.persistence.NoResultException; + +import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -107,4 +111,15 @@ public class XXSecurityZoneDao extends BaseDao<XXSecurityZone> { } } + public List<RangerSecurityZoneHeaderInfo> findAllZoneHeaderInfos() { + @SuppressWarnings("unchecked") + List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfos").setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID).getResultList(); + + List<RangerSecurityZoneHeaderInfo> securityZoneList = new ArrayList<RangerSecurityZoneHeaderInfo>(results.size()); + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java index f5c1a88..c6a8011 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefServiceDao.java @@ -19,6 +19,7 @@ package org.apache.ranger.db; +import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -26,6 +27,8 @@ import javax.persistence.NoResultException; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXSecurityZoneRefService; +import org.apache.ranger.plugin.model.RangerSecurityZone; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; public class XXSecurityZoneRefServiceDao extends BaseDao<XXSecurityZoneRefService>{ @@ -83,4 +86,22 @@ public class XXSecurityZoneRefServiceDao extends BaseDao<XXSecurityZoneRefServic return Collections.emptyList(); } } + + public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) { + List<RangerServiceHeaderInfo> serviceHeaderInfos = null; + + if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) { + @SuppressWarnings("unchecked") + List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList(); + + serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size()); + for (Object[] result : results) { + serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], false)); + } + } else { + serviceHeaderInfos = Collections.emptyList(); + } + + return serviceHeaderInfos; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java index c30dba1..1eaf0de 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneRefTagServiceDao.java @@ -18,6 +18,7 @@ */ package org.apache.ranger.db; +import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -25,6 +26,8 @@ import javax.persistence.NoResultException; import org.apache.ranger.common.db.BaseDao; import org.apache.ranger.entity.XXSecurityZoneRefTagService; +import org.apache.ranger.plugin.model.RangerSecurityZone; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; public class XXSecurityZoneRefTagServiceDao extends BaseDao<XXSecurityZoneRefTagService>{ @@ -58,4 +61,22 @@ public class XXSecurityZoneRefTagServiceDao extends BaseDao<XXSecurityZoneRefTag return Collections.emptyList(); } } + + public List<RangerServiceHeaderInfo> findServiceHeaderInfosByZoneId(Long zoneId) { + List<RangerServiceHeaderInfo> serviceHeaderInfos = null; + + if (zoneId != null && zoneId > RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) { + @SuppressWarnings("unchecked") + List<Object[]> results = getEntityManager().createNamedQuery("XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId").setParameter("zoneId", zoneId).getResultList(); + serviceHeaderInfos = new ArrayList<RangerServiceHeaderInfo>(results.size()); + + for (Object[] result : results) { + serviceHeaderInfos.add(new RangerServiceHeaderInfo((Long) result[0], (String) result[1], true)); + } + } else { + serviceHeaderInfos = Collections.emptyList(); + } + + return serviceHeaderInfos; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java index 204cadb..bb343c0 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java @@ -22,14 +22,17 @@ package org.apache.ranger.rest; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import org.apache.ranger.admin.client.datatype.RESTResponse; +import org.apache.ranger.biz.SecurityZoneDBStore; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; import org.apache.ranger.plugin.model.RangerPluginInfo; import org.apache.ranger.plugin.model.RangerPolicy; import org.apache.ranger.plugin.model.RangerRole; import org.apache.ranger.plugin.model.RangerSecurityZone; +import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; import org.apache.ranger.plugin.util.GrantRevokeRoleRequest; import org.apache.ranger.plugin.util.SearchFilter; import org.springframework.beans.factory.annotation.Autowired; @@ -41,7 +44,17 @@ import org.springframework.transaction.annotation.Transactional; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.*; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; import java.util.ArrayList; @@ -70,6 +83,9 @@ public class PublicAPIsv2 { @Autowired RESTErrorUtil restErrorUtil; + @Autowired + SecurityZoneDBStore securityZoneStore; + /* * SecurityZone Creation API */ @@ -121,6 +137,63 @@ public class PublicAPIsv2 { return securityZoneRest.getAllZones(request).getSecurityZones(); } + /** + * Get {@link List} of security zone header info. + * This API is authorized to every authenticated user. + * @return {@link List} of {@link RangerSecurityZoneHeaderInfo} if present. + */ + @GET + @Path("/api/zone-headers") + public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList() { + if (logger.isDebugEnabled()) { + logger.debug("==> PublicAPIsv2.getSecurityZoneHeaderInfoList()"); + } + + List<RangerSecurityZoneHeaderInfo> ret; + try { + ret = securityZoneStore.getSecurityZoneHeaderInfoList(); + } catch (WebApplicationException excp) { + throw excp; + } catch (Throwable excp) { + logger.error("PublicAPIsv2.getSecurityZoneHeaderInfoList() failed", excp); + throw restErrorUtil.createRESTException(excp.getMessage()); + } + + if (logger.isDebugEnabled()) { + logger.debug("<== PublicAPIsv2.getSecurityZoneHeaderInfoList():" + ret); + } + return ret; + } + + /** + * Get service header info {@link List} for given zone. + * This API is authorized to every authenticated user. + * @param zoneId + * @return {@link List} of {@link RangerServiceHeaderInfo} for given zone if present. + */ + @GET + @Path("/api/zones/{zoneId}/service-headers") + public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(@PathParam("zoneId") Long zoneId) { + if (logger.isDebugEnabled()) { + logger.debug("==> PublicAPIsv2.getServiceHeaderInfoListByZoneId({})" + zoneId); + } + + List<RangerServiceHeaderInfo> ret; + try { + ret = securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId); + } catch (WebApplicationException excp) { + throw excp; + } catch (Throwable excp) { + logger.error("PublicAPIsv2.getServiceHeaderInfoListByZoneId() failed", excp); + throw restErrorUtil.createRESTException(excp.getMessage()); + } + + if (logger.isDebugEnabled()) { + logger.debug("<== PublicAPIsv2.getServiceHeaderInfoListByZoneId():" + ret); + } + return ret; + } + /* * ServiceDef Manipulation APIs */ diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java index fcf8433..1a9f554 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java @@ -46,6 +46,7 @@ import org.apache.ranger.biz.ServiceDBStore; import org.apache.ranger.biz.ServiceMgr; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.common.RangerValidatorFactory; import org.apache.ranger.db.RangerDaoManager; @@ -72,7 +73,8 @@ import com.google.common.collect.Sets; @Scope("request") @Transactional(propagation = Propagation.REQUIRES_NEW) public class SecurityZoneREST { - private static final Log LOG = LogFactory.getLog(SecurityZoneREST.class); + private static final Log LOG = LogFactory.getLog(SecurityZoneREST.class); + private static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s)."; @Autowired RESTErrorUtil restErrorUtil; @@ -224,6 +226,11 @@ public class SecurityZoneREST { if (LOG.isDebugEnabled()) { LOG.debug("==> getSecurityZone(name=" + zoneName + ")"); } + + if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) { + throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION); + } + RangerSecurityZone ret; try { ret = securityZoneStore.getSecurityZoneByName(zoneName); @@ -234,6 +241,7 @@ public class SecurityZoneREST { throw restErrorUtil.createRESTException(excp.getMessage()); } + if (LOG.isDebugEnabled()) { LOG.debug("<== getSecurityZone(name=" + zoneName + "):" + ret); } @@ -246,9 +254,15 @@ public class SecurityZoneREST { if (LOG.isDebugEnabled()) { LOG.debug("==> getSecurityZone(id=" + id + ")"); } + + if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) { + throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION); + } + if (id != null && id.equals(RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)) { - throw restErrorUtil.createRESTException("Cannot delete unzoned zone"); + throw restErrorUtil.createRESTException("Cannot access unzoned zone"); } + RangerSecurityZone ret; try { ret = securityZoneStore.getSecurityZone(id); @@ -259,6 +273,7 @@ public class SecurityZoneREST { throw restErrorUtil.createRESTException(excp.getMessage()); } + if (LOG.isDebugEnabled()) { LOG.debug("<== getSecurityZone(id=" + id + "):" + ret); } @@ -268,34 +283,39 @@ public class SecurityZoneREST { @GET @Path("/zones") public RangerSecurityZoneList getAllZones(@Context HttpServletRequest request) { - RangerSecurityZoneList ret = new RangerSecurityZoneList(); - if (LOG.isDebugEnabled()) { + if (LOG.isDebugEnabled()) { LOG.debug("==> getAllZones()"); } - SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields); - List<RangerSecurityZone> securityZones; - try { - securityZones = securityZoneStore.getSecurityZones(filter); - ret.setSecurityZoneList(securityZones); - if (securityZones != null) { - ret.setTotalCount(securityZones.size()); - ret.setSortBy(filter.getSortBy()); - ret.setSortType(filter.getSortType()); - ret.setResultSize(securityZones.size()); - } - } catch(WebApplicationException excp) { + + if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) { + throw restErrorUtil.createRESTException(STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION); + } + + RangerSecurityZoneList ret = new RangerSecurityZoneList(); + SearchFilter filter = searchUtil.getSearchFilter(request, securityZoneService.sortFields); + try { + List<RangerSecurityZone> securityZones = securityZoneStore.getSecurityZones(filter); + ret.setSecurityZoneList(securityZones); + if (securityZones != null) { + ret.setTotalCount(securityZones.size()); + ret.setSortBy(filter.getSortBy()); + ret.setSortType(filter.getSortType()); + ret.setResultSize(securityZones.size()); + } + } catch (WebApplicationException excp) { throw excp; - } catch(Throwable excp) { + } catch (Throwable excp) { LOG.error("getSecurityZones() failed", excp); throw restErrorUtil.createRESTException(excp.getMessage()); } + if (LOG.isDebugEnabled()) { LOG.debug("<== getAllZones():" + ret); } return ret; } - + private void ensureAdminAccess(){ if(!bizUtil.isAdmin()){ String userName = bizUtil.getCurrentUserLoginId(); diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 539d600..c19ec49 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -1571,6 +1571,12 @@ </query> </named-query> + <named-query name="XXSecurityZoneRefService.findServiceHeaderInfosByZoneId"> + <query> + SELECT obj.serviceId, obj.serviceName FROM XXSecurityZoneRefService obj WHERE obj.zoneId = :zoneId + </query> + </named-query> + <named-query name="XXSecurityZoneRefTagService.findByZoneId"> <query> select obj from XXSecurityZoneRefTagService obj where obj.zoneId = :zoneId @@ -1583,6 +1589,12 @@ </query> </named-query> + <named-query name="XXSecurityZoneRefTagService.findServiceHeaderInfosByZoneId"> + <query> + SELECT obj.tagServiceId, obj.tagServiceName FROM XXSecurityZoneRefTagService obj WHERE obj.zoneId = :zoneId + </query> + </named-query> + <named-query name="XXSecurityZoneRefUser.findByZoneId"> <query> select obj from XXSecurityZoneRefUser obj where obj.zoneId = :zoneId @@ -1607,12 +1619,18 @@ </query> </named-query> - <named-query name="XXSecurityZone.findZoneNamesByGroupId"> + <named-query name="XXSecurityZone.findZoneNamesByGroupId"> <query> select distinct obj.name from XXSecurityZone obj, XXSecurityZoneRefGroup refObj where obj.id = refObj.zoneId and refObj.groupId = :groupId </query> </named-query> + <named-query name="XXSecurityZone.findAllZoneHeaderInfos"> + <query> + SELECT obj.id, obj.name FROM XXSecurityZone obj WHERE obj.id != :unzoneId + </query> + </named-query> + <named-query name="XXGlobalState.findByStateId"> <query> select obj from XXGlobalState obj where obj.id = :stateId diff --git a/security-admin/src/main/webapp/scripts/controllers/Controller.js b/security-admin/src/main/webapp/scripts/controllers/Controller.js index 74f2af5..7bfce42 100755 --- a/security-admin/src/main/webapp/scripts/controllers/Controller.js +++ b/security-admin/src/main/webapp/scripts/controllers/Controller.js @@ -304,12 +304,11 @@ define(function(require) { var view = require('views/policymanager/ServiceLayout'); var RangerServiceDefList = require('collections/RangerServiceDefList'); var RangerServiceDef = require('models/RangerServiceDef'); - var RangerZoneList = require('collections/RangerZoneList'); + var RangerZoneList = require('model_bases/RangerZoneBase'); var rangerZoneList = new RangerZoneList(); var collection = new RangerServiceDefList(); collection.queryParams.sortBy = 'serviceTypeId'; - if (type == 'tag') { var tagServiceDef = new RangerServiceDef(); tagServiceDef.url = XAUtil.getRangerServiceDef(XAEnums.ServiceType.SERVICE_TAG.label) @@ -331,8 +330,8 @@ define(function(require) { rangerZoneList.fetch({ cache: false, async: false, + url: "service/public/v2/api/zone-headers", }) - // if(App.rContent.currentView) App.rContent.currentView.close(); App.rContent.show(new view({ collection: collection, type: type, diff --git a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js index f7d3b73..6ef5637 100644 --- a/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js +++ b/security-admin/src/main/webapp/scripts/views/UploadServicePolicy.js @@ -26,6 +26,7 @@ define(function(require){ var XAEnums = require('utils/XAEnums'); var XALinks = require('modules/XALinks'); var localization = require('utils/XALangSupport'); + var RangerServiceList = require('models/RangerService'); var UploadservicepolicyTmpl = require('hbs!tmpl/common/uploadservicepolicy_tmpl'); var ServiceMappingItem = Backbone.Marionette.ItemView.extend({ @@ -218,27 +219,25 @@ define(function(require){ }else{ var selectedZoneServices = [], selectedZone; if(!_.isUndefined( that.ui.zoneDestination.val()) && !_.isEmpty( that.ui.zoneDestination.val())){ - selectedZone = this.rangerZoneList.find(function(m) { - return that.ui.zoneDestination.val() === m.get('name'); - }); - _.each(selectedZone.get('services'), function(value, key) { - var model = that.services.find(function(m) { - return m.get('name') == key - }) - if (model) { - selectedZoneServices.push(model); - } - }) - if(selectedZone.has('tagServices') && !_.isEmpty(selectedZone.get('tagServices'))){ - _.filter(selectedZone.get('tagServices'), function(tag){ - var zoneServiceModelTags = that.serviceNames.find(function(serviceModel){ - return serviceModel.get('name') === tag - }) - if(zoneServiceModelTags){ - selectedZoneServices.push(zoneServiceModelTags); - } - }) - } + selectedZone = _.find(that.rangerZoneList.attributes, function (m){ + return m.name == that.ui.zoneDestination.val(); + }) + var zoneServiceListModel = new RangerServiceList(); + zoneServiceListModel.fetch({ + cache : false, + async : false, + url : "service/public/v2/api/zones/"+selectedZone.id+"/service-headers", + }); + if(!_.isEmpty(zoneServiceListModel.attributes)) { + _.filter(zoneServiceListModel.attributes, function(obj) { + var zoneServiceModel = that.services.find(function(m) { + return m.get('name') == obj.name; + }); + if (zoneServiceModel) { + selectedZoneServices.push(zoneServiceModel); + } + }) + } }else{ selectedZoneServices = this.serviceNames; } @@ -366,8 +365,8 @@ define(function(require){ }, setServiceDestination : function(){ var that =this, - zoneNameOption = _.map(this.rangerZoneList.models, function(m){ - return { 'id':m.get('name'), 'text':m.get('name')} + zoneNameOption = _.map(that.rangerZoneList.attributes, function(m){ + return { 'id':m.name, 'text':m.name} }); this.ui.zoneDestination.attr('disabled',false); this.ui.zoneDestination.select2({ @@ -382,25 +381,25 @@ define(function(require){ var zoneServiceList = []; that.ui.selectServicesMapping.show(); that.serviceNames = that.services.models; - var selectedZone = that.rangerZoneList.find(function(m) {return e.val === m.get('name')}); - _.filter(selectedZone.get('services'), function(m, key){ - var zoneServiceModel = that.serviceNames.find(function(serviceModel){ - return serviceModel.get('name') === key - }) - if(zoneServiceModel){ - zoneServiceList.push(zoneServiceModel); - } - }); - if(selectedZone.has('tagServices') && !_.isEmpty(selectedZone.get('tagServices'))){ - _.filter(selectedZone.get('tagServices'), function(tag){ - var zoneServiceModelTags = that.serviceNames.find(function(serviceModel){ - return serviceModel.get('name') === tag - }) - if(zoneServiceModelTags){ - zoneServiceList.push(zoneServiceModelTags); - } - }) - } + var selectedZone = _.find( that.rangerZoneList.attributes, function (m){ + return m.name == e.val + }) + var zoneServiceListModel = new RangerServiceList(); + zoneServiceListModel.fetch({ + cache : false, + async : false, + url : "service/public/v2/api/zones/"+selectedZone.id+"/service-headers", + }); + if(!_.isEmpty(zoneServiceListModel.attributes)) { + _.filter(zoneServiceListModel.attributes, function(obj) { + var zoneServiceModel = that.serviceNames.find(function(m) { + return m.get('name') == obj.name; + }); + if (zoneServiceModel) { + zoneServiceList.push(zoneServiceModel); + } + }) + } that.serviceNames = zoneServiceList; that.setServiceSourceData(); }else{ diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js index 11d4711..e3593e8 100644 --- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js +++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayout.js @@ -45,8 +45,8 @@ define(function(require){ templateHelpers: function(){ return { operation : SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(), - serviceDefs : this.componentCollectionModels(App.vZone.vZoneName), - services : this.componentServicesModels(App.vZone.vZoneName), + serviceDefs : this.componentCollectionModels(App.vZone.vZoneName, App.vZone.vZoneId), + services : this.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId), showImportExportBtn : (SessionMgr.isUser() || XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true, isZoneAdministration : (SessionMgr.isSystemAdmin()|| SessionMgr.isUser() || SessionMgr.isAuditor()) ? true : false, isServiceManager : (App.vZone && _.isEmpty(App.vZone.vZoneName)) ? true : false, @@ -109,7 +109,8 @@ define(function(require){ this.initializeServices(); if (!App.vZone) { App.vZone = { - vZoneName: "" + vZoneName: "", + vZoneId: "", } } if (!_.isUndefined(XAUtil.urlQueryParams())) { @@ -118,6 +119,7 @@ define(function(require){ App.vZone.vZoneName = searchFregment['securityZone']; } } + this.zoneServiceList = new RangerService(); }, /** all events binding here */ @@ -133,7 +135,7 @@ define(function(require){ onRender: function() { this.$('[data-id="r_tableSpinner"]').removeClass('loading').addClass('display-none'); this.initializePlugins(); - if (this.rangerZoneList.length > 0) { + if (!_.isUndefined(this.rangerZoneList.attributes) && !_.isEmpty(this.rangerZoneList.attributes)) { this.ui.selectZoneName.removeAttr('disabled'); this.$el.find('.zoneEmptyMsg').removeAttr('title'); } @@ -305,13 +307,12 @@ define(function(require){ }, selectZoneName : function(){ var that = this; - var zoneName = _.map(this.rangerZoneList.models, function(m){ - return { 'id':m.get('name'), 'text':m.get('name'), 'zoneId' : m.get('id')} + var zoneName = _.map(this.rangerZoneList.attributes, function(m){ + return { 'id': m.name, 'text':m.name, 'zoneId' : m.id } }); if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)){ this.ui.selectZoneName.val(App.vZone.vZoneName); } - var servicesModel = _.clone(that.services); this.ui.selectZoneName.select2({ theme: 'bootstrap4', closeOnSelect: false, @@ -324,7 +325,13 @@ define(function(require){ App.vZone.vZoneName = e.val; if(e.added){ App.vZone.vZoneId = e.added.zoneId; - XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName); + XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName); + that.zoneServiceList.fetch({ + cache : false, + async : false, + url : "service/public/v2/api/zones/"+e.added.zoneId+"/service-headers", + }) + } else { App.vZone.vZoneId = null; //for url change on UI @@ -338,10 +345,10 @@ define(function(require){ }); }, - componentCollectionModels: function(zoneName) { + componentCollectionModels: function(zoneName, zoneID) { var that = this; if (!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && this.type !== XAEnums.ServiceType.SERVICE_TAG.label) { - var serviceType = _.keys(that.componentServicesModels(zoneName)); + var serviceType = _.keys(that.componentServicesModels(zoneName, zoneID)); return that.collection.filter(function(model) { return serviceType.indexOf(model.get("name")) !== -1; }) @@ -350,28 +357,28 @@ define(function(require){ } }, - componentServicesModels: function(zoneName) { + componentServicesModels: function(zoneName, zoneID) { var that = this; - if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && that.rangerZoneList.length > 0){ - var selectedZone = that.rangerZoneList.find(function(m) { - return zoneName === m.get('name'); - }); - } - if (selectedZone && !_.isEmpty(selectedZone)) { + if (zoneName && !_.isEmpty(zoneName)) { var selectedZoneServices = [], model; - if(this.type !== XAEnums.ServiceType.SERVICE_TAG.label){ - _.each(selectedZone.get('services'), function(value, key) { - model = that.services.find(function(m) { - return m.get('name') == key - }); - if (model) { - selectedZoneServices.push(model); - } - }); - }else{ - _.each(selectedZone.get('tagServices'), function(value){ + if (_.isEmpty(zoneID)) { + var zoneModal = _.find(that.rangerZoneList.attributes, function (m){ + return m.name == zoneName; + }) + zoneID = zoneModal.id; + App.vZone.vZoneId = zoneID; + } + if (_.isEmpty(this.zoneServiceList.attributes)) { + this.zoneServiceList.fetch({ + cache : false, + async : false, + url : "service/public/v2/api/zones/"+zoneID+"/service-headers", + }) + } + if(!_.isEmpty(this.zoneServiceList.attributes)) { + _.filter(this.zoneServiceList.attributes, function(obj) { model = that.services.find(function(m) { - return m.get('name') == value + return m.get('name') == obj.name; }); if (model) { selectedZoneServices.push(model); @@ -382,7 +389,7 @@ define(function(require){ return m.get('type') }); } else { - return that.services.groupBy("type") + return that.services.groupBy("type"); } }, diff --git a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js index 67a577c..e6a47ab 100644 --- a/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js +++ b/security-admin/src/main/webapp/scripts/views/policymanager/ServiceLayoutSidebar.js @@ -36,7 +36,7 @@ define(function(require){ var RangerServiceViewDetail = require('views/service/RangerServiceViewDetail'); var RangerServiceDefList = require('collections/RangerServiceDefList'); var RangerServiceDef = require('models/RangerServiceDef'); - var RangerZoneList = require('collections/RangerZoneList'); + var RangerZoneList = require('model_bases/RangerZoneBase'); require('Backbone.BootstrapModal'); return Backbone.Marionette.Layout.extend( @@ -49,8 +49,8 @@ define(function(require){ templateHelpers: function(){ return { operation : SessionMgr.isSystemAdmin() || SessionMgr.isKeyAdmin(), - serviceDefs : _.sortBy(this.componentCollectionModels(App.vZone.vZoneName), function(m) {return m.get('name')}), - services : this.componentServicesModels(App.vZone.vZoneName), + serviceDefs : _.sortBy(this.componentCollectionModels(App.vZone.vZoneName, App.vZone.vZoneId), function(m) {return m.get('name')}), + services : this.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId), showImportExportBtn : (SessionMgr.isUser() || XAUtil.isAuditorOrKMSAuditor(SessionMgr)) ? false : true, isZoneAdministration : (SessionMgr.isSystemAdmin()|| SessionMgr.isUser() || SessionMgr.isAuditor()) ? true : false, isServiceManager : (App.vZone && _.isEmpty(App.vZone.vZoneName)) ? true : false, @@ -150,7 +150,8 @@ define(function(require){ // this.initializeServices(); if (!App.vZone) { App.vZone = { - vZoneName: "" + vZoneName: "", + vZoneId: "", } } if (!_.isUndefined(XAUtil.urlQueryParams())) { @@ -160,6 +161,7 @@ define(function(require){ } } this.initialCall = true; + this.zoneServiceList = new RangerService(); }, /** all events binding here */ @@ -206,7 +208,7 @@ define(function(require){ onRender: function() { var that = this; this.$('[data-id="r_tableSpinner"]').removeClass('loading').addClass('display-none'); - if (this.rangerZoneList.length > 0) { + if (!_.isUndefined(this.rangerZoneList.attributes) && !_.isEmpty(this.rangerZoneList.attributes)) { this.ui.selectZoneName.removeAttr('disabled'); this.$el.find('.zoneEmptyMsg').removeAttr('title'); } @@ -219,7 +221,7 @@ define(function(require){ this.ui.resource.removeClass("btn-primary"); this.ui.tag.addClass("btn-primary"); } - this.setupZoneList(this.rangerZoneList.models); + this.setupZoneList(this.rangerZoneList.attributes); // if(this.selectedService) { // this.ui.serviceActive.each(function() { // if($(this).data('id') == that.selectedService) { @@ -270,6 +272,7 @@ define(function(require){ this.rangerZoneList.fetch({ cache : false, async : false, + url: "service/public/v2/api/zone-headers", }) }, @@ -382,8 +385,8 @@ define(function(require){ selectZoneName : function(){ var that = this; - var zoneName = _.map(this.rangerZoneList.models, function(m){ - return { 'id':m.get('name'), 'text':m.get('name'), 'zoneId' : m.get('id')} + var zoneName = _.map(this.rangerZoneList.attributes, function(m){ + return { 'id':m.name, 'text':m.name, 'zoneId' : m.id} }); if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)){ this.ui.selectZoneName.val(App.vZone.vZoneName); @@ -400,6 +403,11 @@ define(function(require){ App.vZone.vZoneName = e.val; if(e.added){ App.vZone.vZoneId = e.added.zoneId; + that.zoneServiceList.fetch({ + cache : false, + async : false, + url : "service/public/v2/api/zones/"+e.added.zoneId+"/service-headers", + }) XAUtil.changeParamToUrlFragment({"securityZone" : e.val}, that.collection.modelName); } else { App.vZone.vZoneId = null; @@ -424,7 +432,7 @@ define(function(require){ selectComponet : function(){ var that = this, options; if(!_.isEmpty(App.vZone.vZoneName) && !_.isUndefined(App.vZone.vZoneName)) { - var serviceType = _.keys(that.componentServicesModels(App.vZone.vZoneName)); + var serviceType = _.keys(that.componentServicesModels(App.vZone.vZoneName, App.vZone.vZoneId)); options = serviceType.map(function(m){ return { 'id' : m, 'text' : m.toUpperCase()}}) } else { options = this.collection.map(function(m){ return { 'id' : (m.get('name')), 'text' : (m.get('name')).toUpperCase()}}); @@ -448,10 +456,10 @@ define(function(require){ }); }, - componentCollectionModels: function(zoneName) { + componentCollectionModels: function(zoneName, zoneID) { var that = this; if (!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && this.type !== XAEnums.ServiceType.SERVICE_TAG.label) { - var serviceType = _.keys(that.componentServicesModels(zoneName)); + var serviceType = _.keys(that.componentServicesModels(zoneName, zoneID)); if(!_.isEmpty(that.selectedComponets)) { serviceType = _.intersection(serviceType,that.selectedComponets); } @@ -469,30 +477,31 @@ define(function(require){ } }, - componentServicesModels: function(zoneName) { + componentServicesModels: function(zoneName, zoneID) { var that = this; this.initializeServices(); this.zoneCollection(); - if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && that.rangerZoneList.length > 0){ - var selectedZone = that.rangerZoneList.find(function(m) { - return zoneName === m.get('name'); - }); - } - if (selectedZone && !_.isEmpty(selectedZone)) { + if(!_.isEmpty(zoneName) && !_.isUndefined(zoneName) && !_.isEmpty(that.rangerZoneList.attributes)){ var selectedZoneServices = [], model; - if(this.type !== XAEnums.ServiceType.SERVICE_TAG.label){ - _.each(selectedZone.get('services'), function(value, key) { - model = that.services.find(function(m) { - return m.get('name') == key - }); - if (model) { - selectedZoneServices.push(model); - } - }); - }else{ - _.each(selectedZone.get('tagServices'), function(value){ + if (_.isEmpty(zoneID)) { + var zoneModal = _.find(that.rangerZoneList.attributes, function (m){ + return m.name == zoneName; + }) + zoneID = zoneModal.id; + App.vZone.vZoneId = zoneID; + } + if (_.isEmpty(this.zoneServiceList.attributes)) { + this.zoneServiceList.fetch({ + cache : false, + async : false, + url : "/service/zones/service/list", + data : {"zoneId" : zoneID}, + }) + } + if(!_.isEmpty(this.zoneServiceList.attributes)) { + _.filter(this.zoneServiceList.attributes, function(obj) { model = that.services.find(function(m) { - return m.get('name') == value + return m.get('name') == obj.name; }); if (model) { selectedZoneServices.push(model); @@ -518,13 +527,6 @@ define(function(require){ this.render(); }, - // serviceActive: function (e) { - // this.ui.serviceActive.parent().removeClass('selectedList') - // e.stopPropagation(); - // $(e.currentTarget).parent().addClass('selectedList'); - // this.selectedService = e.currentTarget.dataset.id - // }, - selectedList: function(target) { console.log(target); this.ui.viewManager.find('.selected').removeClass('selected') @@ -538,29 +540,29 @@ define(function(require){ that.zoneSearchList = []; if (!_.isEmpty(input)) { - that.zoneSearchList = this.rangerZoneList.filter( + that.zoneSearchList = _.filter(this.rangerZoneList.attributes, function(zone) { - return (zone.get('name').toLowerCase().indexOf(input.toLowerCase()) > -1) + return (zone.name.toLowerCase().indexOf(input.toLowerCase()) > -1) } ); this.setupZoneList(that.zoneSearchList); } else { - this.setupZoneList(this.rangerZoneList.models); + this.setupZoneList(this.rangerZoneList.attributes); } }, setupZoneList: function(zoneArray) { var that = this; this.ui.zoneUlList.empty(); - if(zoneArray.length > 0) { + if(!_.isEmpty(zoneArray)) { _.each(zoneArray, function(zone) { - if(that.rangerZoneList.models[0].get('name') == zone.get('name')) { - that.ui.zoneUlList.append('<li class="trim-containt" title="'+_.escape(zone.get('name'))+ - '" data-action="zoneListing" data-id="' + _.escape(zone.get('name')) + '"><a href="#!/zones/zone/'+zone.get('id')+'">' + _.escape(zone.get('name')) + '</a></li>'); + if(that.rangerZoneList.attributes[0].name == zone.name) { + that.ui.zoneUlList.append('<li class="trim-containt" title="'+_.escape(zone.name)+ + '" data-action="zoneListing" data-id="' + _.escape(zone.name) + '"><a href="#!/zones/zone/'+zone.id+'">' + _.escape(zone.name) + '</a></li>'); } else { that.ui.zoneUlList.append('<li class="trim-containt" data-action="zoneListing" title="' - +_.escape(zone.get('name'))+'" data-id="' + _.escape(zone.get('name')) + '"><a href="#!/zones/zone/'+zone.get('id')+'">' + _.escape(zone.get('name')) + '</a></li>'); + +_.escape(zone.name)+'" data-id="' + _.escape(zone.name) + '"><a href="#!/zones/zone/'+zone.id+'">' + _.escape(zone.name) + '</a></li>'); } } ); diff --git a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js index 2acf35f..972e785 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js +++ b/security-admin/src/main/webapp/scripts/views/reports/AuditLayout.js @@ -47,7 +47,7 @@ define(function(require) { var RangerPolicyRO = require('views/policies/RangerPolicyRO'); var vPlugableServiceDiffDetail = require('views/reports/PlugableServiceDiffDetail'); var vLoginSessionDetail = require('views/reports/LoginSessionDetail'); - var RangerZoneList = require('collections/RangerZoneList'); + var RangerZoneBase = require('model_bases/RangerZoneBase'); var AuditAccessLogDetail = require('views/reports/AuditAccessLogDetailView'); var moment = require('moment'); @@ -524,14 +524,17 @@ define(function(require) { XAUtils.displayDatepicker(that.ui.visualSearch, facet, startDate, callback); break; case 'Zone Name' : - var rangerZoneList = new RangerZoneList(), zoneList = []; + var rangerZoneList = new RangerZoneBase(), zoneList = []; rangerZoneList.fetch({ cache : false, - async : false + async : false, + url: "service/public/v2/api/zone-headers", }) - rangerZoneList.each(function(m){ - zoneList.push({'label' : m.get('name'), 'value' : m.get('name')}); - }); + if (rangerZoneList && rangerZoneList.attributes) { + _.map(rangerZoneList.attributes,function(m){ + zoneList.push({'label' : m.name, 'value' : m.name}); + }); + } callback(zoneList); break; } diff --git a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js index e6ec81f..08ef88b 100644 --- a/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js +++ b/security-admin/src/main/webapp/scripts/views/reports/UserAccessLayout.js @@ -35,7 +35,7 @@ define(function(require) {'use strict'; var RangerPolicyList = require('collections/RangerPolicyList'); var UseraccesslayoutTmpl= require('hbs!tmpl/reports/UserAccessLayout_tmpl'); var SessionMgr = require('mgrs/SessionMgr'); - var RangerZoneList = require('collections/RangerZoneList'); + var RangerZoneBase = require('model_bases/RangerZoneBase'); var UserAccessLayout = Backbone.Marionette.Layout.extend( /** @lends UserAccessLayout */ { @@ -143,10 +143,11 @@ define(function(require) {'use strict'; cache : false, async:false }); - this.rangerZoneList = new RangerZoneList(); + this.rangerZoneList = new RangerZoneBase(); this.rangerZoneList.fetch({ cache : false, async:false, + url: "service/public/v2/api/zone-headers", }) }, @@ -668,8 +669,8 @@ define(function(require) {'use strict'; var policyTypes = _.map(XAEnums.RangerPolicyType,function(m){ return {'id': m.value,'text': m.label}; }); - var zoneListOptions = _.map(this.rangerZoneList.models, function(m){ - return { 'id':m.get('name'), 'text':m.get('name')} + var zoneListOptions = _.map(this.rangerZoneList.attributes, function(m){ + return { 'id':m.name, 'text':m.name} }); var tags = []; if (this.urlParam && this.urlParam['policyLabelsPartial'] && !_.isEmpty(this.urlParam['policyLabelsPartial'])) { diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java index f9ea26a..1069f01 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java @@ -18,6 +18,7 @@ package org.apache.ranger.rest; import java.util.ArrayList; +import java.util.Collections; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -25,13 +26,16 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; +import org.apache.ranger.biz.SecurityZoneDBStore; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.common.UserSessionBase; import org.apache.ranger.plugin.model.RangerPolicy; +import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; import org.apache.ranger.plugin.model.RangerService; import org.apache.ranger.plugin.model.RangerServiceDef; +import org.apache.ranger.plugin.model.RangerServiceHeaderInfo; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItem; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; @@ -84,7 +88,10 @@ public class TestPublicAPIsv2 { @Mock RESTErrorUtil restErrorUtil; - + + @Mock + SecurityZoneDBStore securityZoneStore; + @Rule public ExpectedException thrown = ExpectedException.none(); @@ -606,4 +613,63 @@ public class TestPublicAPIsv2 { Assert.assertEquals(dbRangerPolicies.size(), rangerPolicies.size()); Mockito.verify(serviceREST).getPolicies(request); } + + @Test + public void testGetAllZoneNames() throws Exception { + List<RangerSecurityZoneHeaderInfo> zoneHeaderInfoList = new ArrayList<>(); + zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(2L, "zone-1")); + zoneHeaderInfoList.add(new RangerSecurityZoneHeaderInfo(3L, "zone-2")); + + Mockito.when(securityZoneStore.getSecurityZoneHeaderInfoList()).thenReturn(zoneHeaderInfoList); + + List<RangerSecurityZoneHeaderInfo> returnedZoneHeaderInfoList = publicAPIsv2.getSecurityZoneHeaderInfoList(); + Assert.assertEquals(returnedZoneHeaderInfoList.size(), zoneHeaderInfoList.size()); + Mockito.verify(securityZoneStore, Mockito.times(1)).getSecurityZoneHeaderInfoList(); + } + + @Test + public void testGetServiceNamesForZone() throws Exception { + Long zoneId1 = 2L; + Long zoneId2 = 3L; + Long nonExistingZondId = 101L; + + List<RangerServiceHeaderInfo> rangerServiceList1 = new ArrayList<RangerServiceHeaderInfo>(); + List<RangerServiceHeaderInfo> rangerServiceList2 = new ArrayList<RangerServiceHeaderInfo>(); + + rangerServiceList1.add(new RangerServiceHeaderInfo(1L, "hdfs_1", false)); + rangerServiceList1.add(new RangerServiceHeaderInfo(2L, "hive_1", false)); + rangerServiceList1.add(new RangerServiceHeaderInfo(3L, "hbase_1", false)); + rangerServiceList1.add(new RangerServiceHeaderInfo(4L, "tag_1", true)); + + rangerServiceList2.add(new RangerServiceHeaderInfo(5L, "yarn_1", false)); + + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(null)).thenReturn(Collections.emptyList()); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId1)).thenReturn(rangerServiceList1); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(zoneId2)).thenReturn(rangerServiceList2); + Mockito.when(securityZoneStore.getServiceHeaderInfoListByZoneId(nonExistingZondId)).thenReturn(Collections.emptyList()); + + // Null + List<RangerServiceHeaderInfo> returnedServicesNull = publicAPIsv2.getServiceHeaderInfoListByZoneId(null); + + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null); + Assert.assertEquals(returnedServicesNull.size(), 0); + + // Non existing zoneId + List<RangerServiceHeaderInfo> returnedServicesNonExisting = publicAPIsv2.getServiceHeaderInfoListByZoneId(nonExistingZondId); + + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(null); + Assert.assertEquals(returnedServicesNonExisting.size(), 0); + + // zoneId1 + List<RangerServiceHeaderInfo> returnedServicesZone1 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId1); + + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId1); + Assert.assertEquals(returnedServicesZone1.size(), rangerServiceList1.size()); + + // zoneId2 + List<RangerServiceHeaderInfo> returnedServicesZone2 = publicAPIsv2.getServiceHeaderInfoListByZoneId(zoneId2); + + Mockito.verify(securityZoneStore, Mockito.times(1)).getServiceHeaderInfoListByZoneId(zoneId2); + Assert.assertEquals(returnedServicesZone2.size(), rangerServiceList2.size()); + } } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java index d6384a6..cc530c6 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestSecurityZoneREST.java @@ -188,30 +188,44 @@ public class TestSecurityZoneREST { verify(validator, times(1)).validate(rangerSecurityZoneToUpdate, RangerValidator.Action.UPDATE); } - @Test + @Test(expected = WebApplicationException.class) public void testGetSecurityZoneById() throws Exception { RangerSecurityZone securityZone = createRangerSecurityZone(); Long securityZoneId = 2L; securityZone.setId(securityZoneId); when(securityZoneStore.getSecurityZone(securityZoneId)).thenReturn(securityZone); + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true); RangerSecurityZone rangerSecurityZone = securityZoneREST.getSecurityZone(securityZoneId); assertEquals(securityZoneId, rangerSecurityZone.getId()); verify(securityZoneStore, times(1)).getSecurityZone(securityZoneId); + + //No access + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false); + when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException()); + securityZoneREST.getSecurityZone(securityZoneId); + verify(securityZoneStore, times(0)).getSecurityZone(securityZoneId); } - @Test + @Test(expected = WebApplicationException.class) public void testGetSecurityZoneByName() throws Exception { RangerSecurityZone securityZone = createRangerSecurityZone(); Long securityZoneId = 2L; String securityZoneName = securityZone.getName(); securityZone.setId(securityZoneId); when(securityZoneStore.getSecurityZoneByName(securityZoneName)).thenReturn(securityZone); + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true); RangerSecurityZone rangerSecurityZone = securityZoneREST.getSecurityZone(securityZoneName); assertEquals(securityZoneName, rangerSecurityZone.getName()); verify(securityZoneStore, times(1)).getSecurityZoneByName(securityZoneName); + + //No access + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false); + when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException()); + securityZoneREST.getSecurityZone(securityZoneName); + verify(securityZoneStore, times(0)).getSecurityZoneByName(securityZoneName); } - @Test + @Test(expected = WebApplicationException.class) public void testGetAllSecurityZone() throws Exception { RangerSecurityZone securityZone = createRangerSecurityZone(); HttpServletRequest request = Mockito.mock(HttpServletRequest.class); @@ -227,9 +241,17 @@ public class TestSecurityZoneREST { rangerZoneList.setSecurityZoneList(zonesList); when(securityZoneStore.getSecurityZones(filter)).thenReturn(zonesList); + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true); + RangerSecurityZoneList returnedZonesList = securityZoneREST.getAllZones(request); assertEquals(returnedZonesList.getResultSize(), rangerZoneList.getList().size()); verify(securityZoneStore, times(1)).getSecurityZones(filter); + + //No access + when(rangerBizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(false); + when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.any())).thenReturn(new WebApplicationException()); + securityZoneREST.getAllZones(request); + verify(securityZoneStore, times(0)).getSecurityZones(filter); } @Test