This is an automated email from the ASF dual-hosted git repository.
pradeep pushed a commit to branch RANGER-4607_master
in repository https://gitbox.apache.org/repos/asf/ranger.git
commit 3d04d9a3adf603ae93273d5b17675428e8709ced
Author: Pradeep Agrawal <prad...@apache.org>
AuthorDate: Wed Nov 22 11:40:58 2023 +0530
RANGER-4607: Ranger REST API improvements
RANGER-4545: DELETE /assets/resources/{resource_id} API should return
proper status code for non admin users
RANGER-4546: /assets/ugsyncAudits/{sync_source} API is accessible by user
without permission on audit module
RANGER-4548: Return proper error message in the response for /tags/tags,
/tags/resources and /tags/types API for non admin users
RANGER-4547: The reponse metrics (pagination values) for the
/assets/ugsyncAudits/{sync_source} API is not proper
RANGER-4549: Non admin users cannot access /public/v2/api/roles/names and
/public/v2/api/roles/name/{name} API, but can access /public/v2/api/roles API
RANGER-4551: No response returned for /assets/policyList/{service_name} API
RANGER-4550: API request to /assets/resource/{id} returns no response
RANGER-4552: Response metrics for /assets/report is not proper, and
pagination does not work
RANGER-4553: Response metrics for /xaudit/trx_log not proper
RANGER-4554: Response metrics for /assets/resources not proper
RANGER-4555: Response metrics for /assets/assets API not proper
RANGER-4573: /xaudit/trx_log API not accessible by keyadmin user
RANGER-4578: /xuser/groupgroups and /xuser/groupusers APIs allow creation
of entities even without groupId / userId fields in the request
RANGER-4574: /public/v2/api/service/{service_name}/policy/{policy_name} API
returns policies for users without access to the policy
RANGER-4575: /plugins/policy/{policy_id}/version/{version_number} API
returns policies for users without access to the policy
RANGER-4576: User without access to policy is able to fetch policy details
using /plugins/policies/{service_type}/for-resource API endpoint
RANGER-4577: UI and API behaviour for fetching users not consistent for
keyadmin users
RANGER-4589: keyadmin user can update the user password via UI but cannot
update the user password using /users/{user_id}/passwordchange API
RANGER-4588: /xaudit/trx_log/{trx_log_id} is not accessible by keyadmin user
RANGER-4591: keyadmin user can access non kms related admin audits using
/assets/report/{transaction_id} API
RANGER-4594: keyadmin user can mark ROLE_USER users as disabled by setting
status to 0 using /users API
RANGER-4595: keyadmin user able to view the user permission objects via
/users API
RANGER-4596: keyadmin can fetch the details of admin and auditor users
through /users API endpoint
RANGER-4598: ROLE_USER cannot acccess /xusers/groups API but can access
/xusers/groups/groupName/{group_name} API
RANGER-4586: XUserREST and UserREST API improvement for keyadmin users
Change-Id: I1fa52a99049d81e58c40d071211d62b278ff8ef1
---
.../main/java/org/apache/ranger/biz/AssetMgr.java | 54 +---
.../java/org/apache/ranger/biz/ServiceDBStore.java | 4 +-
.../main/java/org/apache/ranger/biz/UserMgr.java | 162 +++++-------
.../main/java/org/apache/ranger/biz/XAuditMgr.java | 22 +-
.../java/org/apache/ranger/biz/XAuditMgrBase.java | 8 +-
.../main/java/org/apache/ranger/biz/XUserMgr.java | 93 +++----
.../java/org/apache/ranger/rest/AssetREST.java | 87 +------
.../main/java/org/apache/ranger/rest/RoleREST.java | 1 +
.../java/org/apache/ranger/rest/ServiceREST.java | 17 +-
.../main/java/org/apache/ranger/rest/TagREST.java | 18 +-
.../main/java/org/apache/ranger/rest/UserREST.java | 2 -
.../java/org/apache/ranger/rest/XUserREST.java | 123 ++++-----
.../org/apache/ranger/service/XGroupService.java | 4 +
.../ranger/service/XUgsyncAuditInfoService.java | 2 +
.../org/apache/ranger/biz/TestServiceDBStore.java | 89 ++++++-
.../java/org/apache/ranger/biz/TestUserMgr.java | 280 ++++++++++++++-------
.../java/org/apache/ranger/biz/TestXUserMgr.java | 151 ++++++-----
.../java/org/apache/ranger/rest/TestAssetREST.java | 120 ---------
.../java/org/apache/ranger/rest/TestRoleREST.java | 1 +
.../org/apache/ranger/rest/TestServiceREST.java | 11 +-
.../java/org/apache/ranger/rest/TestTagREST.java | 9 +-
.../java/org/apache/ranger/rest/TestUserREST.java | 4 +-
.../java/org/apache/ranger/rest/TestXUserREST.java | 102 +-------
23 files changed, 595 insertions(+), 769 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
index 00062f3e2..620d1e619 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java
@@ -19,8 +19,6 @@
package org.apache.ranger.biz;
-import java.io.File;
-import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
@@ -68,8 +66,6 @@ import org.apache.ranger.util.RestUtil;
import org.apache.ranger.view.*;
import org.apache.ranger.view.VXTrxLogV2.AttributeChangeInfo;
import org.apache.ranger.view.VXTrxLogV2.ObjectChangeInfo;
-import com.fasterxml.jackson.core.JsonGenerationException;
-import com.fasterxml.jackson.databind.JsonMappingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -165,53 +161,6 @@ public class AssetMgr extends AssetMgrBase {
logger.info("<== AssetMgr.init()");
}
- public File getXResourceFile(Long id, String fileType) {
- VXResource xResource = xResourceService.readResource(id);
- if (xResource == null) {
- throw this.restErrorUtil.createRESTException(
- "serverMsg.datasourceIdEmpty" + "id " +
id,
- MessageEnums.DATA_NOT_FOUND, id,
"dataSourceId",
- "DataSource not found with " + "id " +
id);
- }
-
- return getXResourceFile(xResource, fileType);
- }
-
- public File getXResourceFile(VXResource xResource, String fileType) {
- File file = null;
- try {
- if (fileType != null) {
- if ("json".equalsIgnoreCase(fileType)) {
- file =
jsonUtil.writeJsonToFile(xResource,
- xResource.getName());
- } else {
- throw restErrorUtil.createRESTException(
- "Please send the
supported filetype.",
-
MessageEnums.INVALID_INPUT_DATA);
- }
- } else {
- throw restErrorUtil
- .createRESTException(
- "Please send
the file format in which you want to export.",
-
MessageEnums.DATA_NOT_FOUND);
- }
- } catch (JsonGenerationException e) {
- throw this.restErrorUtil.createRESTException(
- "serverMsg.jsonGeneration" + " : " +
e.getMessage(),
- MessageEnums.ERROR_SYSTEM);
- } catch (JsonMappingException e) {
- throw this.restErrorUtil.createRESTException(
- "serverMsg.jsonMapping" + " : " +
e.getMessage(),
- MessageEnums.ERROR_SYSTEM);
- } catch (IOException e) {
- throw this.restErrorUtil.createRESTException(
- "serverMsg.ioException" + " : " +
e.getMessage(),
- MessageEnums.ERROR_SYSTEM);
- }
-
- return file;
- }
-
public String getLatestRepoPolicy(VXAsset xAsset, List<VXResource>
xResourceList, Long updatedTime,
X509Certificate[] certchain, boolean httpEnabled, String epoch,
String ipAddress, boolean isSecure, String count, String agentId) {
@@ -1396,6 +1345,9 @@ public class AssetMgr extends AssetMgrBase {
}
public VXUgsyncAuditInfoList getUgsyncAuditsBySyncSource(String
syncSource) {
+ if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_AUDIT)) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is
not having permissions on the "+RangerConstants.MODULE_AUDIT+" module.", true);
+ }
if(syncSource!=null && !syncSource.trim().isEmpty()){
return
xUgsyncAuditInfoService.searchXUgsyncAuditInfoBySyncSource(syncSource);
}else{
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
index c934fdd7c..ec4a30a13 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java
@@ -5067,9 +5067,11 @@ public class ServiceDBStore extends AbstractServiceStore
{
// fetch policies maintained for the roles and groups belonging
to the group
String groupName = searchFilter.getParam("group");
+ if (StringUtils.isBlank(groupName)) {
+ groupName = RangerConstants.GROUP_PUBLIC;
+ }
if (!StringUtils.isEmpty(groupName)) {
Set<String> groupNames =
daoMgr.getXXGroupGroup().findGroupNamesByGroupName(groupName);
- groupNames.add(RangerConstants.GROUP_PUBLIC);
groupNames.add(groupName);
Set<Long> processedSvcIdsForGroup = new HashSet<>();
Set<String> processedGroupsName = new HashSet<>();
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index 0e723d9c4..07119dee3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -259,6 +259,10 @@ public class UserMgr {
userProfile.setPublicScreenName(gjUser.getLoginId());
}
+ if (rangerBizUtil.isKeyAdmin() && userProfile.getStatus() !=
gjUser.getStatus()) {
+ throw restErrorUtil.createRESTException("Status update
is not permitted to logged in user.", MessageEnums.INVALID_INPUT_DATA);
+ }
+
// userRoleList
updateRoles(userProfile.getId(), userProfile.getUserRoleList());
@@ -338,17 +342,10 @@ public class UserMgr {
/**
* @param pwdChange
- * @return
- */
- public VXResponse changePassword(VXPasswordChange pwdChange) {
-
- VXResponse ret = new VXResponse();
-
- // First let's get the XXPortalUser for the current logged in
user
- String currentUserLoginId = ContextUtil.getCurrentUserLoginId();
- XXPortalUser gjUserCurrent =
daoManager.getXXPortalUser().findByLoginId(currentUserLoginId);
- checkAccessForUpdate(gjUserCurrent);
-
+ * @return
+ */
+ public VXResponse changePassword(VXPasswordChange pwdChange) {
+ VXResponse ret = new VXResponse();
// Get the user of whom we want to change the password
XXPortalUser gjUser =
daoManager.getXXPortalUser().findByLoginId(pwdChange.getLoginId());
if (gjUser == null) {
@@ -362,8 +359,8 @@ public class UserMgr {
vXResponse.setMsgDesc("SECURITY:changePassword().Ranger External
Users cannot change password. LoginId=" + pwdChange.getLoginId());
throw restErrorUtil.generateRESTException(vXResponse);
}
-
- String currentPassword = gjUser.getPassword();
+ checkAccess(gjUser);
+ String currentPassword = gjUser.getPassword();
//check current password and provided old password is same or
not
if (this.isFipsEnabled) {
if (!isPasswordValid(pwdChange.getLoginId(),
currentPassword, pwdChange.getOldPassword())) {
@@ -436,8 +433,7 @@ public class UserMgr {
* @return
*/
public VXPortalUser changeEmailAddress(XXPortalUser gjUser,
VXPasswordChange changeEmail) {
- checkAccessForUpdate(gjUser);
- rangerBizUtil.blockAuditorRoleUser();
+ checkAccess(gjUser);
if (StringUtils.isEmpty(changeEmail.getEmailAddress())) {
changeEmail.setEmailAddress(null);
}
@@ -625,33 +621,24 @@ public class UserMgr {
}
userProfile.setId(user.getId());
- List<XXUserPermission> xUserPermissions = daoManager
-
.getXXUserPermission().findByUserPermissionIdAndIsAllowed(
- userProfile.getId());
- List<XXGroupPermission> xxGroupPermissions = daoManager
-
.getXXGroupPermission().findbyVXPortalUserId(
- userProfile.getId());
-
- List<VXGroupPermission> groupPermissions = new
ArrayList<VXGroupPermission>();
- List<VXUserPermission> vxUserPermissions = new
ArrayList<VXUserPermission>();
- for (XXGroupPermission xxGroupPermission :
xxGroupPermissions) {
- VXGroupPermission groupPermission =
xGroupPermissionService
-
.populateViewBean(xxGroupPermission);
-
groupPermission.setModuleName(daoManager.getXXModuleDef()
-
.findByModuleId(groupPermission.getModuleId())
- .getModule());
- groupPermissions.add(groupPermission);
- }
- for (XXUserPermission xUserPermission :
xUserPermissions) {
- VXUserPermission vXUserPermission =
xUserPermissionService
-
.populateViewBean(xUserPermission);
-
vXUserPermission.setModuleName(daoManager.getXXModuleDef()
-
.findByModuleId(vXUserPermission.getModuleId())
- .getModule());
- vxUserPermissions.add(vXUserPermission);
+ if (sess.isUserAdmin() ||
sess.getXXPortalUser().getId().equals(user.getId())) {
+ List<XXUserPermission> xUserPermissions =
daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId());
+ List<XXGroupPermission> xxGroupPermissions =
daoManager.getXXGroupPermission().findbyVXPortalUserId(userProfile.getId());
+ List<VXGroupPermission> groupPermissions = new
ArrayList<VXGroupPermission>();
+ List<VXUserPermission> vxUserPermissions = new
ArrayList<VXUserPermission>();
+ for (XXGroupPermission xxGroupPermission :
xxGroupPermissions) {
+ VXGroupPermission groupPermission =
xGroupPermissionService.populateViewBean(xxGroupPermission);
+
groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule());
+ groupPermissions.add(groupPermission);
+ }
+ for (XXUserPermission xUserPermission :
xUserPermissions) {
+ VXUserPermission vXUserPermission =
xUserPermissionService.populateViewBean(xUserPermission);
+
vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule());
+ vxUserPermissions.add(vXUserPermission);
+ }
+
userProfile.setGroupPermissions(groupPermissions);
+ userProfile.setUserPermList(vxUserPermissions);
}
- userProfile.setGroupPermissions(groupPermissions);
- userProfile.setUserPermList(vxUserPermissions);
userProfile.setFirstName(user.getFirstName());
userProfile.setLastName(user.getLastName());
userProfile.setPublicScreenName(user.getPublicScreenName());
@@ -765,14 +752,20 @@ public class UserMgr {
@SuppressWarnings("rawtypes")
List resultList = query.getResultList();
// Iterate over the result list and create the return list
+ int adminCount = 0;
for (Object object : resultList) {
XXPortalUser gjUser = (XXPortalUser) object;
VXPortalUser userProfile = new VXPortalUser();
gjUserToUserProfile(gjUser, userProfile);
- objectList.add(userProfile);
+ if (rangerBizUtil.isKeyAdmin() &&
(userProfile.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
userProfile.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR))) {
+ adminCount++;
+ continue;
+ } else {
+ objectList.add(userProfile);
+ }
}
- returnList.setResultSize(resultSize);
+ returnList.setResultSize(resultSize-adminCount);
returnList.setPageSize(query.getMaxResults());
returnList.setSortBy(sortBy);
returnList.setSortType(querySortType);
@@ -1007,9 +1000,7 @@ public class UserMgr {
public void checkAccess(Long userId) {
XXPortalUser gjUser =
daoManager.getXXPortalUser().getById(userId);
if (gjUser == null) {
- throw restErrorUtil
-
.create403RESTException("serverMsg.userMgrWrongUser: "
- + userId);
+ throw
restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser: " + userId);
}
checkAccess(gjUser);
@@ -1021,58 +1012,14 @@ public class UserMgr {
*/
public void checkAccess(XXPortalUser gjUser) {
if (gjUser == null) {
- throw restErrorUtil
-
.create403RESTException("serverMsg.userMgrWrongUser");
+ throw
restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser");
}
- UserSessionBase sess = ContextUtil.getCurrentUserSession();
- if (sess != null) {
-
- // Admin
- if (sess.isUserAdmin() || sess.isKeyAdmin()) {
- return;
- }
-
- // Self
- if
(sess.getXXPortalUser().getId().equals(gjUser.getId())) {
- return;
- }
-
- }
- throw restErrorUtil.create403RESTException("User "
- + " access denied. loggedInUser="
- + (sess != null ? sess.getXXPortalUser().getId()
- : "Not Logged In") + ",
accessing user="
- + gjUser.getId());
-
- }
-
- public void checkAccessForUpdate(XXPortalUser gjUser) {
- if (gjUser == null) {
- throw restErrorUtil
-
.create403RESTException("serverMsg.userMgrWrongUser");
- }
- UserSessionBase sess = ContextUtil.getCurrentUserSession();
- if (sess != null) {
-
- // Admin
- if (sess.isUserAdmin()) {
- return;
- }
-
- // Self
- if
(sess.getXXPortalUser().getId().equals(gjUser.getId())) {
- return;
- }
-
+ VXPortalUser requestedVXUser =
getUserProfileByLoginId(gjUser.getLoginId());
+ if (requestedVXUser !=null &&
CollectionUtils.isNotEmpty(requestedVXUser.getUserRoleList()) &&
hasAccessToGetUserInfo(requestedVXUser)) {
+ return;
}
- VXResponse vXResponse = new VXResponse();
- vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
- vXResponse.setMsgDesc("User "
- + " access denied. loggedInUser="
- + (sess != null ? sess.getXXPortalUser().getId()
- : "Not Logged In") + ",
accessing user="
- + gjUser.getId());
- throw restErrorUtil.generateRESTException(vXResponse);
+ logger.info("Logged-In user is not allowed to access requested
user data.");
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In
user is not allowed to access requested user data", true);
}
@@ -1460,4 +1407,27 @@ public class UserMgr {
throw restErrorUtil.createRESTException("algorithm `" +
algorithm + "' not supported");
}
}
+
+ private boolean hasAccessToGetUserInfo(VXPortalUser requestedVXUser) {
+ UserSessionBase userSession =
ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null) {
+ VXPortalUser loggedInVXUser =
getUserProfileByLoginId(userSession.getLoginId());
+ if (loggedInVXUser != null &&
loggedInVXUser.getUserRoleList().size() == 1) {
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ return
requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false;
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))
{
+ if
(requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) ||
requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)
|| requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ return true;
+ }
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) {
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) &&
"rangerusersync".equalsIgnoreCase(userSession.getLoginId())) {
+ return true;
+ } else if
(requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)
|| requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ return true;
+ }
+ }
+ }
+ }
+ return false;
+ }
}
\ No newline at end of file
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
index 2fde68de1..f7c0481d6 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java
@@ -52,8 +52,11 @@ public class XAuditMgr extends XAuditMgrBase {
RangerBizUtil rangerBizUtil;
public VXTrxLog getXTrxLog(Long id) {
- checkAdminAccess();
- return super.getXTrxLog(id);
+ if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() ||
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) {
+ return super.getXTrxLog(id);
+ } else {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
}
public VXTrxLog createXTrxLog(VXTrxLog vXTrxLog) {
@@ -75,13 +78,20 @@ public class XAuditMgr extends XAuditMgrBase {
}
public VXTrxLogList searchXTrxLogs(SearchCriteria searchCriteria) {
- checkAdminAccess();
- return super.searchXTrxLogs(searchCriteria);
+ if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() ||
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) {
+ return super.searchXTrxLogs(searchCriteria);
+ } else {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
+
}
public VXLong getXTrxLogSearchCount(SearchCriteria searchCriteria) {
- checkAdminAccess();
- return super.getXTrxLogSearchCount(searchCriteria);
+ if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() ||
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) {
+ return super.getXTrxLogSearchCount(searchCriteria);
+ } else {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
}
public VXAccessAudit createXAccessAudit(VXAccessAudit vXAccessAudit) {
diff --git
a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java
b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java
index c53db99f3..02b2e59a3 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java
@@ -19,12 +19,15 @@
package org.apache.ranger.biz;
+import java.util.List;
+import java.util.stream.Collectors;
+
import org.apache.ranger.common.MessageEnums;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.plugin.store.PList;
-import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.service.RangerTrxLogV2Service;
+import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.view.VXAccessAudit;
import org.apache.ranger.view.VXAccessAuditList;
import org.apache.ranger.view.VXLong;
@@ -33,9 +36,6 @@ import org.apache.ranger.view.VXTrxLogList;
import org.apache.ranger.view.VXTrxLogV2;
import org.springframework.beans.factory.annotation.Autowired;
-import java.util.List;
-import java.util.stream.Collectors;
-
public class XAuditMgrBase {
@Autowired
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
index 5ba6c14b9..962139d99 100755
--- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java
@@ -165,6 +165,10 @@ public class XUserMgr extends XUserMgrBase {
public VXUser getXUserByUserName(String userName) {
VXUser vXUser=null;
vXUser=xUserService.getXUserByUserName(userName);
+ if(vXUser != null && !hasAccessToGetUserInfo(vXUser)) {
+ logger.info("Logged-In user is not allowed to access
requested user data.");
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In
user is not allowed to access requested user data", true);
+ }
if(vXUser!=null &&
!hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
vXUser=getMaskedVXUser(vXUser);
}
@@ -381,7 +385,7 @@ public class XUserMgr extends XUserMgrBase {
throw restErrorUtil.createRESTException("Please provide
a valid first name.", MessageEnums.INVALID_INPUT_DATA);
}
- checkAccess(vXUser.getName());
+ checkAccess(vXUser);
xaBizUtil.blockAuditorRoleUser();
VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser
.getName());
@@ -792,11 +796,9 @@ public class XUserMgr extends XUserMgrBase {
public VXUser getXUser(Long id) {
VXUser vXUser=null;
vXUser=xUserService.readResourceWithOutLogin(id);
- if(vXUser != null){
- if(!hasAccessToGetUserInfo(vXUser)){
- logger.info("Logged-In user is not allowed to
access requested user data.");
- throw
restErrorUtil.create403RESTException("Logged-In user is not allowed to access
requested user data.");
- }
+ if(vXUser != null && !hasAccessToGetUserInfo(vXUser)){
+ logger.info("Logged-In user is not allowed to access
requested user data.");
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In
user is not allowed to access requested user data", true);
}
if(vXUser!=null &&
!hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){
@@ -808,17 +810,20 @@ public class XUserMgr extends XUserMgrBase {
private boolean hasAccessToGetUserInfo(VXUser requestedVXUser) {
UserSessionBase userSession =
ContextUtil.getCurrentUserSession();
if (userSession != null && userSession.getLoginId() != null) {
- VXUser loggedInVXUser =
xUserService.getXUserByUserName(userSession
- .getLoginId());
- if (loggedInVXUser != null) {
- if (loggedInVXUser.getUserRoleList().size() == 1
- &&
loggedInVXUser.getUserRoleList().contains(
- RangerConstants.ROLE_USER)) {
-
+ VXUser loggedInVXUser =
xUserService.getXUserByUserName(userSession.getLoginId());
+ if (requestedVXUser != null &&
CollectionUtils.isNotEmpty(requestedVXUser.getUserRoleList()) && loggedInVXUser
!= null && loggedInVXUser.getUserRoleList().size() == 1) {
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
return
requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false;
-
- }else{
- return true;
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))
{
+ if
(requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) ||
requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)
|| requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ return true;
+ }
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) {
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) &&
"rangerusersync".equalsIgnoreCase(userSession.getLoginId())) {
+ return true;
+ } else if
(requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)
|| requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ return true;
+ }
}
}
}
@@ -1374,12 +1379,11 @@ public class XUserMgr extends XUserMgrBase {
}
}
- public void checkAccess(String loginID) {
+ public void checkAccess(VXUser vxUser) {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null) {
- if (!session.isUserAdmin() && !session.isKeyAdmin() &&
!session.getLoginId().equalsIgnoreCase(loginID)) {
- throw
restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" +
(session != null ? session.getXXPortalUser().getId() : "Not Logged In")
- + " ,isn't permitted to perform
the action.");
+ if (!hasAccessToGetUserInfo(vxUser)) {
+ throw
restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" +
(session != null ? session.getXXPortalUser().getId() : "Not Logged In") + "
,isn't permitted to perform the action.");
}
} else {
VXResponse vXResponse = new VXResponse();
@@ -1482,37 +1486,14 @@ public class XUserMgr extends XUserMgrBase {
UserSessionBase session = ContextUtil.getCurrentUserSession();
if (session != null && stringRolesList != null) {
if (!session.isUserAdmin() && !session.isKeyAdmin()) {
- throw
restErrorUtil.create403RESTException("Permission"
- + " denied. LoggedInUser="
- + (session != null ?
session.getXXPortalUser().getId()
- : "Not Logged In")
- + " ,isn't permitted to perform
the action.");
+ throw
restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" +
(session != null ? session.getXXPortalUser().getId() : "Not Logged In") + "
,isn't permitted to perform the action.");
} else {
- if
(!"rangerusersync".equals(session.getXXPortalUser()
- .getLoginId())) {// new logic
for rangerusersync user
- if (session.isUserAdmin()
- && stringRolesList
-
.contains(RangerConstants.ROLE_KEY_ADMIN)) {
- throw
restErrorUtil.create403RESTException("Permission"
- + " denied.
LoggedInUser="
- + (session !=
null ? session.getXXPortalUser()
- .getId() : "")
- + " isn't
permitted to perform the action.");
- }
- if (session.isKeyAdmin()
- && stringRolesList
-
.contains(RangerConstants.ROLE_SYS_ADMIN)) {
- throw
restErrorUtil.create403RESTException("Permission"
- + " denied.
LoggedInUser="
- + (session !=
null ? session.getXXPortalUser()
- .getId() : "")
- + " isn't
permitted to perform the action.");
+ if
(!"rangerusersync".equals(session.getXXPortalUser().getLoginId())) {// new
logic for rangerusersync user
+ if (session.isUserAdmin() &&
(stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ||
stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))) {
+ throw
restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" +
(session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted
to perform the action.");
+ } else if (session.isKeyAdmin() &&
(stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN) ||
stringRolesList.contains(RangerConstants.ROLE_ADMIN_AUDITOR))) {
+ throw
restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" +
(session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted
to perform the action.");
}
- } else {
- logger.info("LoggedInUser="
- + (session != null ?
session.getXXPortalUser()
- .getId() : "")
- + " is permitted to
perform the action.");
}
}
} else {
@@ -1531,8 +1512,8 @@ public class XUserMgr extends XUserMgrBase {
roleListNewProfile.add(vXString.getValue());
}
}
- checkAccessRoles(roleListNewProfile);
VXUser vXUser=getXUser(userId);
+ checkAccessRoles(roleListNewProfile);
List<XXPortalUserRole> portalUserRoleList =null;
if(vXUser!=null && roleListNewProfile.size()>0){
VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser.getName());
@@ -1557,9 +1538,10 @@ public class XUserMgr extends XUserMgrBase {
roleListNewProfile.add(vXString.getValue());
}
}
+ VXUser vXUser=getXUserByUserName(userName);
checkAccessRoles(roleListNewProfile);
- if(userName!=null && roleListNewProfile.size()>0){
- VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(userName);
+ if(vXUser!=null && roleListNewProfile.size()>0){
+ VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser.getName());
if(oldUserProfile!=null){
denySelfRoleChange(oldUserProfile.getLoginId());
updateUserRolesPermissions(oldUserProfile,roleListNewProfile);
@@ -1579,7 +1561,7 @@ public class XUserMgr extends XUserMgrBase {
if(vXUser==null){
throw restErrorUtil.createRESTException("Please provide
a valid ID", MessageEnums.INVALID_INPUT_DATA);
}
- checkAccess(vXUser.getName());
+ checkAccess(vXUser);
List<XXPortalUserRole> portalUserRoleList =null;
VXPortalUser oldUserProfile =
userMgr.getUserProfileByLoginId(vXUser.getName());
if(oldUserProfile!=null){
@@ -1593,7 +1575,8 @@ public class XUserMgr extends XUserMgrBase {
public VXStringList getUserRolesByName(String userName) {
VXPortalUser vXPortalUser=null;
if(userName!=null && !userName.trim().isEmpty()){
- checkAccess(userName);
+ VXUser vXUser=xUserService.getXUserByUserName(userName);
+ checkAccess(vXUser);
vXPortalUser =
userMgr.getUserProfileByLoginId(userName);
if(vXPortalUser!=null &&
vXPortalUser.getUserRoleList()!=null){
List<XXPortalUserRole> portalUserRoleList =
daoManager.getXXPortalUserRole().findByUserId(vXPortalUser.getId());
@@ -2780,7 +2763,7 @@ public class XUserMgr extends XUserMgrBase {
continue;
}
- checkAccess(userName);
+ checkAccess(vXUser);
TransactionTemplate txTemplate = new
TransactionTemplate(txManager);
txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW);
try {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
index 93672662d..21af0636d 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java
@@ -19,8 +19,6 @@
package org.apache.ranger.rest;
-import java.io.File;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -39,14 +37,9 @@ import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
import org.apache.ranger.biz.AssetMgr;
import org.apache.ranger.biz.RangerBizUtil;
-import org.apache.ranger.common.PropertiesUtil;
import org.apache.ranger.common.RESTErrorUtil;
import org.apache.ranger.common.RangerSearchUtil;
import org.apache.ranger.common.SearchCriteria;
@@ -61,7 +54,6 @@ import org.apache.ranger.plugin.model.RangerService;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.security.context.RangerAPIList;
import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.service.XAssetService;
@@ -251,7 +243,6 @@ public class AssetREST {
if(services != null) {
List<VXAsset> assets = new ArrayList<VXAsset>();
-
for(RangerService service : services) {
VXAsset asset = serviceUtil.toVXAsset(service);
@@ -261,6 +252,8 @@ public class AssetREST {
}
ret.setVXAssets(assets);
+ ret.setTotalCount(assets.size());
+ ret.setResultSize(assets.size());
}
if(logger.isDebugEnabled()) {
@@ -388,7 +381,6 @@ public class AssetREST {
@DELETE
@Path("/resources/{id}")
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
@RangerAnnotationClassName(class_name = VXResource.class)
public void deleteXResource(@PathParam("id") Long id,
@Context HttpServletRequest request) {
@@ -419,7 +411,6 @@ public class AssetREST {
if(policies != null) {
List<VXResource> resources = new
ArrayList<VXResource>();
-
for(RangerPolicy policy : policies) {
RangerService service =
serviceREST.getServiceByName(policy.getService());
@@ -431,6 +422,8 @@ public class AssetREST {
}
ret.setVXResources(resources);
+ ret.setTotalCount(resources.size());
+ ret.setResultSize(resources.size());
}
if(logger.isDebugEnabled()) {
@@ -540,78 +533,6 @@ public class AssetREST {
return assetMgr.getXCredentialStoreSearchCount(searchCriteria);
}
- @GET
- @Path("/resource/{id}")
- @Produces({ "application/json" })
- public Response getXResourceFile(@Context HttpServletRequest request,
- @PathParam("id") Long id) {
- String fileType = searchUtil.extractString(request,
- new SearchCriteria(), "fileType", "File type",
- StringUtil.VALIDATION_TEXT);
-
- VXResource resource = getXResource(id);
-
-
- Response response=null;
- if(resource!=null && StringUtils.isNotEmpty(fileType)){
- File file = null;
- file=assetMgr.getXResourceFile(resource, fileType);
- if(file!=null){
- response=Response.ok(file,
MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition","attachment;filename="
+ file.getName()).build();
- file=null;
- }
- }
- return response;
- }
-
- @GET
- @Path("/policyList/{repository}")
- @Produces({ "application/json" })
- @Encoded
- public String getResourceJSON(@Context HttpServletRequest request,
- @PathParam("repository") String repository) {
-
- String epoch = request.getParameter("epoch");
- X509Certificate[] certchain = (X509Certificate[])
request.getAttribute("javax.servlet.request.X509Certificate");
- String ipAddress =
request.getHeader("X-FORWARDED-FOR");
- boolean isSecure = request.isSecure();
- String policyCount =
request.getParameter("policyCount");
- String agentId = request.getParameter("agentId");
- Long lastKnowPolicyVersion = Long.valueOf(-1);
- String capabilityVector = "0";
-
- if (ipAddress == null) {
- ipAddress = request.getRemoteAddr();
- }
-
- boolean httpEnabled =
PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true);
-
- ServicePolicies servicePolicies = null;
-
- try {
- servicePolicies =
serviceREST.getServicePoliciesIfUpdated(repository, lastKnowPolicyVersion, 0L,
agentId, "", "", false, capabilityVector, request);
- } catch(Exception excp) {
- logger.error("failed to retrieve policies for
repository " + repository, excp);
- }
-
- RangerService service =
serviceUtil.getServiceByName(repository);
- List<RangerPolicy> policies = servicePolicies != null ?
servicePolicies.getPolicies() : null;
- long policyUpdTime = (servicePolicies != null &&
servicePolicies.getPolicyUpdateTime() != null) ?
servicePolicies.getPolicyUpdateTime().getTime() : 0l;
- VXAsset vAsset =
serviceUtil.toVXAsset(service);
- List<VXResource> vResourceList = new ArrayList<VXResource>();
-
- if(policies != null) {
- for(RangerPolicy policy : policies) {
-
vResourceList.add(serviceUtil.toVXResource(policy, service));
- }
- }
-
- String file = assetMgr.getLatestRepoPolicy(vAsset,
vResourceList, policyUpdTime,
- certchain, httpEnabled, epoch, ipAddress,
isSecure, policyCount, agentId);
-
- return file;
- }
-
@GET
@Path("/exportAudit")
@Produces({ "application/json" })
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 7be7127cb..d8e30b516 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -374,6 +374,7 @@ public class RoleREST {
}
SearchFilter filter = searchUtil.getSearchFilter(request,
roleService.sortFields);
try {
+ ensureAdminAccess(null, null);
roleStore.getRoles(filter,ret);
} catch(WebApplicationException excp) {
throw excp;
diff --git
a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
index be56c487f..3be2fb864 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java
@@ -621,6 +621,7 @@ public class ServiceREST {
if (policyAdmin != null) {
ret = policyAdmin.getMatchingPolicies(new
RangerAccessResourceImpl(resource));
+ ret = applyAdminAccessFilter(ret);
}
}
@@ -674,7 +675,7 @@ public class ServiceREST {
LOG.error("Invalid
service-name:[" + serviceName + "]");
}
if (service == null ||
!StringUtils.equals(service.getType(), serviceDefName)) {
- ret = "Invalid
service-name:[" + serviceName + "] or service-name is not of service-type:[" +
serviceDefName + "]";
+ ret = "Invalid
service-name:[" + serviceName + "] or service-type:[" + serviceDefName + "]";
} else {
services.add(service);
ret = StringUtils.EMPTY;
@@ -3507,7 +3508,11 @@ public class ServiceREST {
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.GET_POLICY_FOR_VERSION_NO + "\")")
public RangerPolicy getPolicyForVersionNumber(@PathParam("policyId")
Long policyId,
@PathParam("versionNo") int versionNo) {
- return svcStore.getPolicyForVersionNumber(policyId, versionNo);
+ RangerPolicy policy =
svcStore.getPolicyForVersionNumber(policyId, versionNo);
+ if (policy != null) {
+ ensureAdminAndAuditAccess(policy);
+ }
+ return policy;
}
@GET
@@ -4133,7 +4138,7 @@ public class ServiceREST {
VXUser vxUser = null;
if (grantor != null) {
try {
- vxUser = userMgr.getXUserByUserName(grantor);
+ vxUser =
xUserService.getXUserByUserName(grantor);
if (vxUser == null) {
throw
restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + "
doesn't exist");
}
@@ -4147,7 +4152,7 @@ public class ServiceREST {
VXUser vxUser = null;
for (String userName : grantees) {
try {
- vxUser = userMgr.getXUserByUserName(userName);
+ vxUser =
xUserService.getXUserByUserName(userName);
if (vxUser == null) {
throw
restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + "
doesn't exist");
}
@@ -4469,6 +4474,10 @@ public class ServiceREST {
if (dbPolicy != null) {
ret = policyService.getPopulatedViewObject(dbPolicy);
}
+
+ if (ret != null) {
+ ensureAdminAndAuditAccess(ret);
+ }
}
if (LOG.isDebugEnabled()) {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
index 2adf0b0a2..6675d71a6 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java
@@ -409,12 +409,16 @@ public class TagREST {
@GET
@Path(TagRESTConstants.TAGTYPES_RESOURCE)
@Produces({ "application/json" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
public List<String> getTagTypes() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.getTagTypes()");
}
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
+
List<String> ret = null;
try {
@@ -638,12 +642,16 @@ public class TagREST {
@GET
@Path(TagRESTConstants.TAGS_RESOURCE)
@Produces({ "application/json" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
public List<RangerTag> getAllTags() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.getAllTags()");
}
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
+
List<RangerTag> ret;
try {
@@ -1042,12 +1050,16 @@ public class TagREST {
@GET
@Path(TagRESTConstants.RESOURCES_RESOURCE)
@Produces({ "application/json" })
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
public List<RangerServiceResource> getAllServiceResources() {
if(LOG.isDebugEnabled()) {
LOG.debug("==> TagREST.getAllServiceResources()");
}
+ // check for ADMIN access
+ if (!bizUtil.isAdmin()) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't
have permission to perform this action", true);
+ }
+
List<RangerServiceResource> ret;
try {
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java
index c6557b11c..4708b8638 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java
@@ -323,7 +323,6 @@ public class UserREST {
throw
restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND,
null, null, changePassword.getLoginId());
}
- userManager.checkAccessForUpdate(gjUser);
changePassword.setId(gjUser.getId());
VXResponse ret = userManager.changePassword(changePassword);
return ret;
@@ -358,7 +357,6 @@ public class UserREST {
throw
restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND,
null, null, changeEmail.getLoginId());
}
- userManager.checkAccessForUpdate(gjUser);
changeEmail.setId(gjUser.getId());
VXPortalUser ret = userManager.changeEmailAddress(gjUser,
changeEmail);
return ret;
diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
index 0a3c524b5..bd71c00b2 100755
--- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java
@@ -60,6 +60,7 @@ import org.apache.ranger.common.UserSessionBase;
import org.apache.ranger.common.annotation.RangerAnnotationClassName;
import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName;
import org.apache.ranger.db.RangerDaoManager;
+import org.apache.ranger.entity.XXGroup;
import org.apache.ranger.entity.XXService;
import org.apache.ranger.entity.XXServiceDef;
import org.apache.ranger.plugin.model.RangerPluginInfo;
@@ -71,7 +72,6 @@ import org.apache.ranger.plugin.util.RangerUserStore;
import org.apache.ranger.security.context.RangerAPIList;
import org.apache.ranger.service.AuthSessionService;
import org.apache.ranger.service.XAuditMapService;
-import org.apache.ranger.service.XGroupGroupService;
import org.apache.ranger.service.XGroupPermissionService;
import org.apache.ranger.service.XGroupService;
import org.apache.ranger.service.XGroupUserService;
@@ -129,9 +129,6 @@ public class XUserREST {
@Autowired
XGroupUserService xGroupUserService;
- @Autowired
- XGroupGroupService xGroupGroupService;
-
@Autowired
XPermMapService xPermMapService;
@@ -146,16 +143,16 @@ public class XUserREST {
@Autowired
SessionMgr sessionMgr;
-
+
@Autowired
AuthSessionService authSessionService;
@Autowired
RangerBizUtil bizUtil;
-
+
@Autowired
XResourceService xResourceService;
-
+
@Autowired
StringUtil stringUtil;
@@ -423,12 +420,23 @@ public class XUserREST {
UserSessionBase userSession =
ContextUtil.getCurrentUserSession();
if (userSession != null && userSession.getLoginId() != null) {
- VXUser loggedInVXUser =
xUserService.getXUserByUserName(userSession
- .getLoginId());
- if (loggedInVXUser != null) {
- if (loggedInVXUser.getUserRoleList().size() == 1
- &&
loggedInVXUser.getUserRoleList().contains(
-
RangerConstants.ROLE_USER)) {
+ VXUser loggedInVXUser =
xUserService.getXUserByUserName(userSession.getLoginId());
+ if (loggedInVXUser != null &&
loggedInVXUser.getUserRoleList().size() == 1) {
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) {
+ boolean hasRole = false;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_SYS_ADMIN) ?
userRolesList.add(RangerConstants.ROLE_SYS_ADMIN) : hasRole;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_ADMIN_AUDITOR) ?
userRolesList.add(RangerConstants.ROLE_ADMIN_AUDITOR) : hasRole;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_USER) ?
userRolesList.add(RangerConstants.ROLE_USER) : hasRole;
+ if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) &&
"rangerusersync".equalsIgnoreCase(userSession.getLoginId())) {
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN) : hasRole;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) : hasRole;
+ }
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) ||
loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))
{
+ boolean hasRole = false;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN) : hasRole;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) ?
userRolesList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) : hasRole;
+ hasRole =
!userRolesList.contains(RangerConstants.ROLE_USER) ?
userRolesList.add(RangerConstants.ROLE_USER) : hasRole;
+ } else if
(loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
logger.info("Logged-In user having user
role will be able to fetch his own user details.");
if
(!searchCriteria.getParamList().containsKey("name")) {
searchCriteria.addParam("name",
loggedInVXUser.getName());
@@ -545,6 +553,9 @@ public class XUserREST {
@Produces({ "application/json" })
@PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) {
+ if (vXGroupUser == null ||
StringUtils.isBlank(vXGroupUser.getName()) || vXGroupUser.getUserId() == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Group
name or UserId is empty or null", true);
+ }
return xUserMgr.createXGroupUser(vXGroupUser);
}
@@ -553,6 +564,9 @@ public class XUserREST {
@Consumes({ "application/json" })
@Produces({ "application/json" })
public VXGroupUser updateXGroupUser(VXGroupUser vXGroupUser) {
+ if (vXGroupUser == null ||
StringUtils.isBlank(vXGroupUser.getName()) || vXGroupUser.getUserId() == null) {
+ throw
restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Group
name or UserId is empty or null", true);
+ }
return xUserMgr.updateXGroupUser(vXGroupUser);
}
@@ -608,69 +622,6 @@ public class XUserREST {
return xUserMgr.getXGroupUserSearchCount(searchCriteria);
}
- // Handle XGroupGroup
- @GET
- @Path("/groupgroups/{id}")
- @Produces({ "application/json" })
- @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.GET_X_GROUP_GROUP + "\")")
- public VXGroupGroup getXGroupGroup(@PathParam("id") Long id) {
- return xUserMgr.getXGroupGroup(id);
- }
-
- @POST
- @Path("/groupgroups")
- @Consumes({ "application/json" })
- @Produces({ "application/json" })
- public VXGroupGroup createXGroupGroup(VXGroupGroup vXGroupGroup) {
- return xUserMgr.createXGroupGroup(vXGroupGroup);
- }
-
- @PUT
- @Path("/groupgroups")
- @Consumes({ "application/json" })
- @Produces({ "application/json" })
- public VXGroupGroup updateXGroupGroup(VXGroupGroup vXGroupGroup) {
- return xUserMgr.updateXGroupGroup(vXGroupGroup);
- }
-
- @DELETE
- @Path("/groupgroups/{id}")
- @PreAuthorize("hasRole('ROLE_SYS_ADMIN')")
- @RangerAnnotationClassName(class_name = VXGroupGroup.class)
- public void deleteXGroupGroup(@PathParam("id") Long id,
- @Context HttpServletRequest request) {
- boolean force = false;
- xUserMgr.deleteXGroupGroup(id, force);
- }
-
- /**
- * Implements the traditional search functionalities for XGroupGroups
- *
- * @param request
- * @return
- */
- @GET
- @Path("/groupgroups")
- @Produces({ "application/json" })
- @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.SEARCH_X_GROUP_GROUPS + "\")")
- public VXGroupGroupList searchXGroupGroups(
- @Context HttpServletRequest request) {
- SearchCriteria searchCriteria =
searchUtil.extractCommonCriterias(
- request, xGroupGroupService.sortFields);
- return xUserMgr.searchXGroupGroups(searchCriteria);
- }
-
- @GET
- @Path("/groupgroups/count")
- @Produces({ "application/json" })
- @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.COUNT_X_GROUP_GROUPS + "\")")
- public VXLong countXGroupGroups(@Context HttpServletRequest request) {
- SearchCriteria searchCriteria =
searchUtil.extractCommonCriterias(
- request, xGroupGroupService.sortFields);
-
- return xUserMgr.getXGroupGroupSearchCount(searchCriteria);
- }
-
// Handle XPermMap
@GET
@Path("/permmaps/{id}")
@@ -865,7 +816,25 @@ public class XUserREST {
@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" +
RangerAPIList.GET_X_GROUP_BY_GROUP_NAME + "\")")
public VXGroup getXGroupByGroupName(@Context HttpServletRequest request,
@PathParam("groupName") String groupName) {
- return xGroupService.getGroupByGroupName(groupName);
+ VXGroup vXGroup = xGroupService.getGroupByGroupName(groupName);
+ UserSessionBase userSession =
ContextUtil.getCurrentUserSession();
+ if (userSession != null && userSession.getLoginId() != null &&
userSession.getUserRoleList().contains(RangerConstants.ROLE_USER)) {
+ VXUser loggedInVXUser =
xUserService.getXUserByUserName(userSession.getLoginId());
+ boolean isMatch = false;
+ if (loggedInVXUser != null && vXGroup != null) {
+ List<XXGroup> userGroups =
xGroupService.getGroupsByUserId(loggedInVXUser.getId());
+ for (XXGroup xXGroup: userGroups) {
+ if (xXGroup != null &&
StringUtils.equals(xXGroup.getName(), vXGroup.getName())) {
+ isMatch = true;
+ break;
+ }
+ }
+ }
+ if (!isMatch) {
+ vXGroup = null;
+ }
+ }
+ return vXGroup;
}
@DELETE
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
index 98ee62612..46484e706 100644
--- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
+++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java
@@ -168,4 +168,8 @@ public class XGroupService extends
XGroupServiceBase<XXGroup, VXGroup> {
public Long getAllGroupCount() {
return daoManager.getXXGroup().getAllCount();
}
+
+ public List<XXGroup> getGroupsByUserId(Long userId) {
+ return daoManager.getXXGroup().findByUserId(userId);
+ }
}
diff --git
a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
index 942d53e91..6a4f533cd 100644
---
a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
+++
b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
@@ -134,6 +134,8 @@ public class XUgsyncAuditInfoService extends
XUgsyncAuditInfoServiceBase<XXUgsyn
}
returnList.setVxUgsyncAuditInfoList(xUgsyncAuditInfoList);
+ returnList.setTotalCount(xUgsyncAuditInfoList.size());
+ returnList.setResultSize(xUgsyncAuditInfoList.size());
return returnList;
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
index 2b4ba0d15..671b80de5 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java
@@ -25,12 +25,14 @@ import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import org.apache.commons.collections.ListUtils;
import org.apache.ranger.common.ContextUtil;
import org.apache.ranger.common.GUIDUtil;
import org.apache.ranger.common.JSONUtil;
import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
import org.apache.ranger.common.RangerFactory;
import org.apache.ranger.common.SearchCriteria;
import org.apache.ranger.common.StringUtil;
@@ -69,6 +71,7 @@ import org.apache.ranger.service.XUserService;
import org.apache.ranger.view.RangerPolicyList;
import org.apache.ranger.view.RangerServiceDefList;
import org.apache.ranger.view.RangerServiceList;
+import org.apache.ranger.view.VXGroup;
import org.apache.ranger.view.VXGroupList;
import org.apache.ranger.view.VXString;
import org.apache.ranger.view.VXUser;
@@ -167,6 +170,15 @@ public class TestServiceDBStore {
@Rule
public ExpectedException thrown = ExpectedException.none();
+ private VXGroup vxGroup() {
+ VXGroup vXGroup = new VXGroup();
+ vXGroup.setId(Id);
+ vXGroup.setDescription("group test working");
+ vXGroup.setName(RangerConstants.GROUP_PUBLIC);
+ vXGroup.setIsVisible(1);
+ return vXGroup;
+ }
+
public void setup() {
RangerSecurityContext context = new RangerSecurityContext();
context.setUserSession(new UserSessionBase());
@@ -1999,6 +2011,25 @@ public class TestServiceDBStore {
policyListObj.setSortType("1");
policyListObj.setStartIndex(0);
policyListObj.setTotalCount(10);
+
+ Set<String> groupNames = new
HashSet<String>(){{add(RangerConstants.GROUP_PUBLIC);}};
+ XXGroupGroupDao xXGroupGroupDao =
Mockito.mock(XXGroupGroupDao.class);
+
Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao);
+ XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class);
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ VXGroup vxGroup = vxGroup();
+ XXGroup xxGroup = new XXGroup();
+ xxGroup.setId(vxGroup.getId());
+ xxGroup.setName(vxGroup.getName());
+ xxGroup.setDescription(vxGroup.getDescription());
+ xxGroup.setIsVisible(vxGroup.getIsVisible());
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+
Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup);
+
Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames);
+ List<XXRole> xxRoles = new ArrayList<XXRole>();
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+ Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao);
+
Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles);
List<RangerPolicy> dbRangerPolicy =
serviceDBStore.getPolicies(filter);
Assert.assertNotNull(dbRangerPolicy);
@@ -2017,6 +2048,25 @@ public class TestServiceDBStore {
policyListObj.setSortType("1");
policyListObj.setStartIndex(0);
policyListObj.setTotalCount(10);
+
+ Set<String> groupNames = new
HashSet<String>(){{add(RangerConstants.GROUP_PUBLIC);}};
+ XXGroupGroupDao xXGroupGroupDao =
Mockito.mock(XXGroupGroupDao.class);
+
Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao);
+ XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class);
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ VXGroup vxGroup = vxGroup();
+ XXGroup xxGroup = new XXGroup();
+ xxGroup.setId(vxGroup.getId());
+ xxGroup.setName(vxGroup.getName());
+ xxGroup.setDescription(vxGroup.getDescription());
+ xxGroup.setIsVisible(vxGroup.getIsVisible());
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+
Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup);
+
Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames);
+ List<XXRole> xxRoles = new ArrayList<XXRole>();
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+ Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao);
+
Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles);
PList<RangerPolicy> dbRangerPolicyList = serviceDBStore
.getPaginatedPolicies(filter);
@@ -2113,6 +2163,25 @@ public class TestServiceDBStore {
SearchFilter filter = new SearchFilter();
filter.setParam(SearchFilter.POLICY_NAME, "policyName");
filter.setParam(SearchFilter.SERVICE_NAME, "serviceName");
+
+ Set<String> groupNames = new
HashSet<String>(){{add(RangerConstants.GROUP_PUBLIC);}};
+ XXGroupGroupDao xXGroupGroupDao =
Mockito.mock(XXGroupGroupDao.class);
+
Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao);
+ XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class);
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ VXGroup vxGroup = vxGroup();
+ XXGroup xxGroup = new XXGroup();
+ xxGroup.setId(vxGroup.getId());
+ xxGroup.setName(vxGroup.getName());
+ xxGroup.setDescription(vxGroup.getDescription());
+ xxGroup.setIsVisible(vxGroup.getIsVisible());
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+
Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup);
+
Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames);
+ List<XXRole> xxRoles = new ArrayList<XXRole>();
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+ Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao);
+
Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles);
PList<RangerPolicy> dbRangerPolicyList = serviceDBStore
.getPaginatedServicePolicies(serviceName,
filter);
@@ -2132,6 +2201,25 @@ public class TestServiceDBStore {
Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao);
Mockito.when(xServiceDao.getById(Id)).thenReturn(xService);
+ Set<String> groupNames = new
HashSet<String>(){{add(RangerConstants.GROUP_PUBLIC);}};
+ XXGroupGroupDao xXGroupGroupDao =
Mockito.mock(XXGroupGroupDao.class);
+
Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao);
+ XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class);
+ XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class);
+ VXGroup vxGroup = vxGroup();
+ XXGroup xxGroup = new XXGroup();
+ xxGroup.setId(vxGroup.getId());
+ xxGroup.setName(vxGroup.getName());
+ xxGroup.setDescription(vxGroup.getDescription());
+ xxGroup.setIsVisible(vxGroup.getIsVisible());
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+
Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup);
+
Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames);
+ List<XXRole> xxRoles = new ArrayList<XXRole>();
+ Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao);
+ Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao);
+
Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles);
+
//PList<RangerPolicy> dbRangerPolicyList =
serviceDBStore.getPaginatedServicePolicies(rangerService.getId(),
filter);
}
@@ -2325,7 +2413,6 @@ public void test44getMetricByTypePolicies() throws
Exception {
String type = "policies";
RangerServiceList svcList = new RangerServiceList();
svcList.setTotalCount(10l);
-
Mockito.when(svcService.searchRangerServices(Mockito.any(SearchFilter.class))).thenReturn(svcList);
serviceDBStore.getMetricByType(ServiceDBStore.METRIC_TYPE.getMetricTypeByName(type));
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java
index 29f2ce802..cdf265b2d 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java
@@ -313,10 +313,24 @@ public class TestUserMgr {
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.findByLoginId(Mockito.nullable(String.class))).thenReturn(user);
- Mockito.when(stringUtil.equals(Mockito.anyString(),
Mockito.nullable(String.class))).thenReturn(true);
- Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
- Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(true);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+ XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
+
VXResponse dbVXResponse = userMgr.changePassword(pwdChange);
Assert.assertNotNull(dbVXResponse);
Assert.assertEquals(userProfile.getStatus(),dbVXResponse.getStatusCode());
@@ -369,6 +383,25 @@ public class TestUserMgr {
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(true);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+ XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+ List<XXUserPermission> xUserPermissionsList = new
ArrayList<XXUserPermission>();
+ List<XXGroupPermission> xGroupPermissionList = new
ArrayList<XXGroupPermission>();
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
VXResponse dbVXResponse = userMgr.changePassword(pwdChange);
Assert.assertNotNull(dbVXResponse);
Assert.assertEquals(userProfile.getStatus(),dbVXResponse.getStatusCode());
@@ -398,6 +431,26 @@ public class TestUserMgr {
Mockito.when(stringUtil.equals(Mockito.anyString(),
Mockito.nullable(String.class))).thenReturn(true);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(true);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+ List<XXUserPermission> xUserPermissionsList = new
ArrayList<XXUserPermission>();
+ List<XXGroupPermission> xGroupPermissionList = new
ArrayList<XXGroupPermission>();
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
+ XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
VXResponse dbVXResponse = userMgr.changePassword(pwdChange);
Assert.assertNotNull(dbVXResponse);
@@ -415,7 +468,16 @@ public class TestUserMgr {
XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
XXModuleDefDao xModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
- XXModuleDef xModuleDef = Mockito.mock(XXModuleDef.class);
+
+ XXModuleDef xModuleDef = new XXModuleDef();
+ xModuleDef.setUpdatedByUserId(userId);
+ xModuleDef.setAddedByUserId(userId);
+ xModuleDef.setCreateTime(new Date());
+ xModuleDef.setId(userId);
+ xModuleDef.setModule("Policy manager");
+ xModuleDef.setUpdateTime(new Date());
+ xModuleDef.setUrl("/policy manager");
+
VXPortalUser userProfile = userProfile();
XXPortalUser user = new XXPortalUser();
@@ -482,11 +544,8 @@ public class TestUserMgr {
groupPermission.setOwner("admin");
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
- Mockito.when(stringUtil.equals(Mockito.anyString(),
Mockito.anyString())).thenReturn(true);
-
Mockito.when(stringUtil.normalizeEmail(Mockito.anyString())).thenReturn(changeEmail.getEmailAddress());
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
- Mockito.when(userDao.update(user)).thenReturn(user);
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(list);
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
@@ -496,7 +555,28 @@ public class TestUserMgr {
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
+
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
+
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
+
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXPortalUser dbVXPortalUser =
userMgr.changeEmailAddress(user,changeEmail);
Assert.assertNotNull(dbVXPortalUser);
Assert.assertEquals(userId, dbVXPortalUser.getId());
@@ -521,10 +601,6 @@ public class TestUserMgr {
setupKeyAdmin();
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
- XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
- XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
- XXModuleDefDao xModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
- XXModuleDef xModuleDef = Mockito.mock(XXModuleDef.class);
VXPortalUser userProfile = userProfile();
XXPortalUser userKeyAdmin = new XXPortalUser();
@@ -596,15 +672,30 @@ public class TestUserMgr {
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(list);
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(userKeyAdmin);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
-
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
Mockito.when(xGroupPermissionService.populateViewBean(xGroupPermissionObj)).thenReturn(groupPermission);
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
+ XXModuleDefDao xModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
+ XXModuleDef xModuleDef = new XXModuleDef();
+ xModuleDef.setModule("Users/Groups");
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
-
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
+
Mockito.when(xModuleDefDao.findByModuleId(groupPermission.getModuleId())).thenReturn(xModuleDef);
VXPortalUser dbVXPortalUser =
userMgr.changeEmailAddress(userKeyAdmin,changeEmail);
Assert.assertNotNull(dbVXPortalUser);
Assert.assertEquals(userId, dbVXPortalUser.getId());
@@ -613,7 +704,6 @@ public class TestUserMgr {
Assert.assertEquals(changeEmail.getEmailAddress(),dbVXPortalUser.getEmailAddress());
}
-
@Test
public void test08ChangeEmailAddressAsUser() {
setupUser();
@@ -702,7 +792,23 @@ public class TestUserMgr {
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
+
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
+
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
VXPortalUser dbVXPortalUser =
userMgr.changeEmailAddress(user,changeEmail);
Assert.assertNotNull(dbVXPortalUser);
Assert.assertEquals(userId, dbVXPortalUser.getId());
@@ -934,10 +1040,8 @@ public class TestUserMgr {
user.setPassword(encryptedPwd);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
- Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(true);
- Mockito.when(userDao.update(user)).thenReturn(user);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
XXPortalUser dbXXPortalUser =
userMgr.updateUserWithPass(userProfile);
Assert.assertNotNull(dbXXPortalUser);
Assert.assertEquals(userId, dbXXPortalUser.getId());
@@ -1174,6 +1278,8 @@ public class TestUserMgr {
XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao);
Mockito.when(xPortalUserDao.getById(userId)).thenReturn(xPortalUser);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
userMgr.checkAccess(userId);
Mockito.when(xPortalUserDao.getById(userId)).thenReturn(null);
@@ -1187,10 +1293,6 @@ public class TestUserMgr {
setup();
XXPortalUserDao xPortalUserDao =
Mockito.mock(XXPortalUserDao.class);
XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class);
- XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
- XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
-
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
@@ -1224,10 +1326,8 @@ public class TestUserMgr {
Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao);
Mockito.when(xPortalUserDao.getById(userId)).thenReturn(null);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
-
-
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXPortalUser dbVXPortalUser = userMgr.getUserProfile(userId);
Mockito.when(xPortalUserDao.getById(userId)).thenReturn(xPortalUser);
dbVXPortalUser = userMgr.getUserProfile(userId);
@@ -1275,12 +1375,7 @@ public class TestUserMgr {
@Test
public void test23setUserRoles() {
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
- XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
- XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
- XXModuleDefDao xModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
-
VXPortalUser userProfile = userProfile();
XXPortalUser user = new XXPortalUser();
user.setEmailAddress(userProfile.getEmailAddress());
@@ -1354,21 +1449,10 @@ public class TestUserMgr {
userPermission.setUserId(userId);
userPermission.setUserName("xyz");
userPermission.setOwner("admin");
-
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(userId)).thenReturn(user);
-
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
-
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
-
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
-
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
-
Mockito.when(xGroupPermissionService.populateViewBean(xGroupPermissionObj)).thenReturn(groupPermission);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
-
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
-
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao);
-
Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
userMgr.checkAccess(userId);
userMgr.setUserRoles(userId, vStringRolesList);
@@ -1496,9 +1580,8 @@ public class TestUserMgr {
user.setPassword(encryptedPwd);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
-
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
XXPortalUser dbXXPortalUser = userMgr.updateUser(userProfile);
Assert.assertNotNull(dbXXPortalUser);
Assert.assertEquals(userId, dbXXPortalUser.getId());
@@ -1536,9 +1619,8 @@ public class TestUserMgr {
user.setFirstName("null");
user.setLastName("null");
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
-
Mockito.when(userDao.findByEmailAddress(Mockito.anyString())).thenReturn(user);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
dbXXPortalUser = userMgr.updateUser(userProfile);
Assert.assertNotNull(dbXXPortalUser);
Assert.assertEquals(userId, dbXXPortalUser.getId());
@@ -1661,7 +1743,11 @@ public class TestUserMgr {
@Test
public void test31checkAccess() {
setup();
+ XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
userMgr.checkAccess(xPortalUser);
destroySession();
VXPortalUser userProfile = userProfile();
@@ -1691,31 +1777,10 @@ public class TestUserMgr {
userMgr.checkAdminAccess();
}
- @Test
- public void test33checkAccessForUpdate() {
- setup();
- XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class);
- userMgr.checkAccessForUpdate(xPortalUser);
-
- destroySession();
- xPortalUser.setId(userId);
- VXResponse vXResponse = new VXResponse();
- vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN);
- vXResponse.setMsgDesc("User access denied. loggedInUser=Not
Logged In , accessing user="+ xPortalUser.getId());
- Mockito.when(restErrorUtil.generateRESTException((VXResponse)
Mockito.any())).thenThrow(new WebApplicationException());
- thrown.expect(WebApplicationException.class);
- userMgr.checkAccessForUpdate(xPortalUser);
- xPortalUser = null;
-
Mockito.when(restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser")).thenThrow(new
WebApplicationException());
- thrown.expect(WebApplicationException.class);
- userMgr.checkAccessForUpdate(xPortalUser);
- }
-
@Test
public void test34updateRoleForExternalUsers() {
setupRangerUserSyncUser();
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
- XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
Collection<String> existingRoleList = new ArrayList<String>();
existingRoleList.add(RangerConstants.ROLE_USER);
@@ -1749,13 +1814,11 @@ public class TestUserMgr {
xUserPermissionObj.setUserId(userId);
xUserPermissionsList.add(xUserPermissionObj);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
- Mockito.when(roleDao.findByUserId(userId)).thenReturn(list);
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
Mockito.when(xUserPermissionDao.findByUserPermissionId(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXPortalUser dbVXPortalUser =
userMgr.updateRoleForExternalUsers(reqRoleList,existingRoleList,userProfile);
Assert.assertNotNull(dbVXPortalUser);
Assert.assertEquals(userId, dbVXPortalUser.getId());
@@ -1822,13 +1885,12 @@ public class TestUserMgr {
user.setLoginId(userProfile.getLoginId());
userProfile.setFirstName("User");
userProfile.setLastName("User");
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
String encryptedPwd =
userMgr.encrypt(userProfile.getLoginId(),userProfile.getPassword());
user.setPassword(encryptedPwd);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
-
Mockito.when(stringUtil.toCamelCaseAllWords(Mockito.anyString())).thenReturn(userProfile.getFirstName());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
XXPortalUser dbXXPortalUser = userMgr.updateUser(userProfile);
Assert.assertNotNull(dbXXPortalUser);
Mockito.when(stringUtil.isEmpty(Mockito.anyString())).thenReturn(true);
@@ -1970,7 +2032,7 @@ public class TestUserMgr {
invalidpwdChange.setOldPassword("invalidOldPassword");
invalidpwdChange.setEmailAddress(userProfile.getEmailAddress());
invalidpwdChange.setUpdPassword(userProfile.getPassword());
-
Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrOldPassword",MessageEnums.INVALID_INPUT_DATA,
null, null, invalidpwdChange.getLoginId())).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
userMgr.changePassword(invalidpwdChange);
}
@@ -1980,8 +2042,8 @@ public class TestUserMgr {
destroySession();
setupUser();
VXPortalUser userProfile = userProfile();
- XXPortalUser user2 = new XXPortalUser();
- user2.setId(userId);
+ XXPortalUser gjUser = new XXPortalUser();
+ gjUser.setId(userId);
VXPasswordChange invalidpwdChange = new VXPasswordChange();
invalidpwdChange.setId(userProfile.getId());
invalidpwdChange.setLoginId(userProfile.getLoginId()+1);
@@ -1991,10 +2053,9 @@ public class TestUserMgr {
XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
-
Mockito.when(userDao.findByLoginId(userProfile.getLoginId())).thenReturn(user2);
-
Mockito.when(userDao.findByLoginId(invalidpwdChange.getLoginId())).thenReturn(null);
+
Mockito.when(userDao.findByLoginId(invalidpwdChange.getLoginId())).thenReturn(gjUser);
-
Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser",MessageEnums.DATA_NOT_FOUND,
null, null, invalidpwdChange.getLoginId())).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
userMgr.changePassword(invalidpwdChange);
}
@@ -2024,6 +2085,26 @@ public class TestUserMgr {
Mockito.when(stringUtil.equals(Mockito.anyString(),
Mockito.nullable(String.class))).thenReturn(true);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(true);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+ List<XXUserPermission> xUserPermissionsList = new
ArrayList<XXUserPermission>();
+ List<XXGroupPermission> xGroupPermissionList = new
ArrayList<XXGroupPermission>();
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
+ XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrOldPassword",MessageEnums.INVALID_INPUT_DATA,
user.getId(), "password", user.toString())).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
userMgr.changePassword(pwdChange);
@@ -2053,6 +2134,26 @@ public class TestUserMgr {
Mockito.when(stringUtil.equals(Mockito.anyString(),
Mockito.nullable(String.class))).thenReturn(true);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(false);
+
Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user);
+ XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
+ List<XXPortalUserRole> xPortalUserRoleList = new
ArrayList<XXPortalUserRole>();
+ XXPortalUserRole XXPortalUserRole = new XXPortalUserRole();
+ XXPortalUserRole.setId(userId);
+ XXPortalUserRole.setUserId(userId);
+ XXPortalUserRole.setUserRole("ROLE_USER");
+ xPortalUserRoleList.add(XXPortalUserRole);
+ XXUserPermissionDao xUserPermissionDao =
Mockito.mock(XXUserPermissionDao.class);
+ XXGroupPermissionDao xGroupPermissionDao =
Mockito.mock(XXGroupPermissionDao.class);
+
Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao);
+ List<XXUserPermission> xUserPermissionsList = new
ArrayList<XXUserPermission>();
+ List<XXGroupPermission> xGroupPermissionList = new
ArrayList<XXGroupPermission>();
+
Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList);
+
Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao);
+
Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList);
+ XXPortalUserRoleDao roleDao =
Mockito.mock(XXPortalUserRoleDao.class);
+
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao);
+
Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList);
Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrNewPassword",MessageEnums.INVALID_PASSWORD,
null, null, pwdChange.getLoginId())).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
userMgr.changePassword(pwdChange);
@@ -2139,10 +2240,7 @@ public class TestUserMgr {
user.setPassword(encryptedPwd);
Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user);
-
Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true);
- Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser();
- Mockito.when(stringUtil.validatePassword(Mockito.anyString(),
Mockito.any(String[].class))).thenReturn(false);
-
Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrNewPassword",
MessageEnums.INVALID_PASSWORD, null, null,
user.getId().toString())).thenThrow(new WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
userMgr.updateUserWithPass(userProfile);
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
index de342e994..83ec00520 100644
--- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
+++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java
@@ -643,7 +643,8 @@ public class TestXUserMgr {
loggedInUser.setName("testuser");
loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
-
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXUser dbvxUser = xUserMgr.getXUser(userId);
Mockito.verify(userMgr).createDefaultAccountUser((VXPortalUser)
Mockito.any());
Assert.assertNotNull(dbvxUser);
@@ -785,6 +786,13 @@ public class TestXUserMgr {
VXUserPermission vXUserPermission = vxUserPermission();
Mockito.when(xUserPermissionService.createResource((VXUserPermission)
Mockito.any())).thenReturn(vXUserPermission);
Mockito.when(sessionMgr.getActiveUserSessionsForPortalUserId(userId)).thenReturn(userSessions);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
VXUser dbvxUser = xUserMgr.updateXUser(vxUser);
Assert.assertNotNull(dbvxUser);
Assert.assertEquals(dbvxUser.getId(), vxUser.getId());
@@ -1678,9 +1686,7 @@ public class TestXUserMgr {
@Test
public void test37setUserRolesByExternalID() {
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
VXUser vXUser = vxUser();
- VXPortalUser userProfile = userProfile();
List<VXString> vStringRolesList = new ArrayList<VXString>();
VXString vXStringObj = new VXString();
vXStringObj.setValue("ROLE_USER");
@@ -1700,10 +1706,7 @@ public class TestXUserMgr {
List<VXGroupPermission> groupPermList = new
ArrayList<VXGroupPermission>();
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
-
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile);
List<String> permissionList = new ArrayList<String>();
permissionList.add(RangerConstants.MODULE_USER_GROUPS);
@@ -1715,11 +1718,9 @@ public class TestXUserMgr {
loggedInUser.setName("testuser");
loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
-
- XXModuleDefDao mockxxModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
-
Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L,
8L)).thenReturn(permissionList);
-
+
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXStringList vXStringList =
xUserMgr.setUserRolesByExternalID(userId,vStringRolesList);
Assert.assertNotNull(vXStringList);
}
@@ -1749,7 +1750,6 @@ public class TestXUserMgr {
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
-
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(null);
List<String> permissionList = new ArrayList<String>();
permissionList.add(RangerConstants.MODULE_USER_GROUPS);
@@ -1761,12 +1761,8 @@ public class TestXUserMgr {
loggedInUser.setName("testuser");
loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
-
- XXModuleDefDao mockxxModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
-
Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L,
8L)).thenReturn(permissionList);
-
- Mockito.when(restErrorUtil.createRESTException("User ID doesn't
exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
+
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.setUserRolesByExternalID(userId, vStringRolesList);
}
@@ -1806,7 +1802,6 @@ public class TestXUserMgr {
public void test40setUserRolesByName() {
destroySession();
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
VXPortalUser userProfile = userProfile();
List<VXString> vStringRolesList = new ArrayList<VXString>();
VXString vXStringObj = new VXString();
@@ -1827,13 +1822,10 @@ public class TestXUserMgr {
List<VXGroupPermission> groupPermList = new
ArrayList<VXGroupPermission>();
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
-
Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile);
- VXStringList vXStringList =
xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList);
- Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("Login ID
doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
+ VXStringList vXStringList =
xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList);
+ Assert.assertNotNull(vXStringList);
xUserMgr.setUserRolesByName(null, vStringRolesList);
}
@@ -1841,7 +1833,6 @@ public class TestXUserMgr {
public void test41setUserRolesByName() {
destroySession();
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
VXPortalUser userProfile = userProfile();
List<VXString> vStringRolesList = new ArrayList<VXString>();
VXString vXStringObj = new VXString();
@@ -1862,13 +1853,10 @@ public class TestXUserMgr {
List<VXGroupPermission> groupPermList = new
ArrayList<VXGroupPermission>();
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
-
Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile);
- VXStringList vXStringList =
xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList);
- Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("Login ID
doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
+ VXStringList vXStringList =
xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList);
+ Assert.assertNotNull(vXStringList);
xUserMgr.setUserRolesByName(null, vStringRolesList);
}
@@ -1876,9 +1864,7 @@ public class TestXUserMgr {
public void test42getUserRolesByExternalID() {
destroySession();
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
VXUser vXUser = vxUser();
- VXPortalUser userProfile = userProfile();
List<VXString> vStringRolesList = new ArrayList<VXString>();
VXString vXStringObj = new VXString();
vXStringObj.setValue("ROLE_USER");
@@ -1898,10 +1884,7 @@ public class TestXUserMgr {
List<VXGroupPermission> groupPermList = new
ArrayList<VXGroupPermission>();
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
-
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile);
List<String> permissionList = new ArrayList<String>();
permissionList.add(RangerConstants.MODULE_USER_GROUPS);
@@ -1913,11 +1896,8 @@ public class TestXUserMgr {
loggedInUser.setName("testuser");
loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
-
- XXModuleDefDao mockxxModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
-
Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L,
8L)).thenReturn(permissionList);
-
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXStringList vXStringList =
xUserMgr.getUserRolesByExternalID(userId);
Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("Please provide
a valid ID",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
@@ -1930,9 +1910,7 @@ public class TestXUserMgr {
public void test43getUserRolesByExternalID() {
destroySession();
setup();
- XXPortalUserRoleDao xPortalUserRoleDao =
Mockito.mock(XXPortalUserRoleDao.class);
VXUser vXUser = vxUser();
- VXPortalUser userProfile = userProfile();
List<VXString> vStringRolesList = new ArrayList<VXString>();
VXString vXStringObj = new VXString();
vXStringObj.setValue("ROLE_USER");
@@ -1952,10 +1930,7 @@ public class TestXUserMgr {
List<VXGroupPermission> groupPermList = new
ArrayList<VXGroupPermission>();
VXGroupPermission groupPermission = vxGroupPermission();
groupPermList.add(groupPermission);
-
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
-
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser);
-
Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile);
List<String> permissionList = new ArrayList<String>();
permissionList.add(RangerConstants.MODULE_USER_GROUPS);
@@ -1967,11 +1942,8 @@ public class TestXUserMgr {
loggedInUser.setName("testuser");
loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
-
- XXModuleDefDao mockxxModuleDefDao =
Mockito.mock(XXModuleDefDao.class);
-
Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao);
-
Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L,
8L)).thenReturn(permissionList);
-
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
+ thrown.expect(WebApplicationException.class);
VXStringList vXStringList =
xUserMgr.getUserRolesByExternalID(userId);
Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("User ID doesn't
exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
@@ -2011,6 +1983,15 @@ public class TestXUserMgr {
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("admin");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
+ VXUser testuser = vxUser();
+
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(testuser);
VXStringList vXStringList =
xUserMgr.getUserRolesByName(userProfile.getLoginId());
Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("Please provide
a valid userName",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
@@ -2050,6 +2031,15 @@ public class TestXUserMgr {
Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao);
Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList);
Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("admin");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
+ VXUser testuser = vxUser();
+
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(testuser);
VXStringList vXStringList =
xUserMgr.getUserRolesByName(userProfile.getLoginId());
Assert.assertNotNull(vXStringList);
Mockito.when(restErrorUtil.createRESTException("Please provide
a valid userName",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new
WebApplicationException());
@@ -2077,10 +2067,6 @@ public class TestXUserMgr {
testSearchCriteria.addParam("name", userName);
Mockito.when(xUserService.getXUserByUserName(userName)).thenReturn(vxUser);
Mockito.when(xUserService.searchXUsers(testSearchCriteria)).thenReturn(vXUserListSort);
- VXGroupUserList vxGroupUserList = vxGroupUserList();
-
Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria)
Mockito.any())).thenReturn(vxGroupUserList);
- VXGroup group = vxGroup();
-
Mockito.when(xGroupService.readResource(Mockito.anyLong())).thenReturn(group);
VXUserList dbVXUserList =
xUserMgr.searchXUsers(testSearchCriteria);
Assert.assertNotNull(dbVXUserList);
testSearchCriteria.addParam("isvisible", "true");
@@ -2477,10 +2463,6 @@ public class TestXUserMgr {
testSearchCriteria.addParam("name", userName);
Mockito.when(xUserService.getXUserByUserName(userName)).thenReturn(vxUser);
Mockito.when(xUserService.searchXUsers(testSearchCriteria)).thenReturn(vXUserListSort);
- VXGroupUserList vxGroupUserList = vxGroupUserList();
-
Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria)
Mockito.any())).thenReturn(vxGroupUserList);
- VXGroup vXGroup = vxGroup();
-
Mockito.when(xGroupService.readResource(Mockito.anyLong())).thenReturn(vXGroup);
VXUserList dbVXUserList =
xUserMgr.searchXUsers(testSearchCriteria);
Assert.assertNotNull(dbVXUserList);
testSearchCriteria.addParam("isvisible", "true");
@@ -2647,6 +2629,13 @@ public class TestXUserMgr {
UserSessionBase userSession =
Mockito.mock(UserSessionBase.class);
Set<UserSessionBase> userSessions = new
HashSet<UserSessionBase>();
userSessions.add(userSession);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
VXUser dbvxUser = xUserMgr.updateXUser(vxUser);
Assert.assertNotNull(dbvxUser);
Assert.assertEquals(dbvxUser.getId(), vxUser.getId());
@@ -2777,18 +2766,25 @@ public class TestXUserMgr {
public void test78checkAccess() {
destroySession();
setupUser();
+ VXUser vxUser = vxUser();
Mockito.when(restErrorUtil.create403RESTException(Mockito.anyString())).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
- xUserMgr.checkAccess("testuser2");
+ xUserMgr.checkAccess(vxUser);
}
@Test
public void test79checkAccess() {
destroySession();
+ VXUser vxUser = vxUser();
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("admin");
+ loggedInUser.setUserRoleList(loggedInUserRole);
Mockito.when(restErrorUtil.generateRESTException((VXResponse)Mockito.any())).thenThrow(new
WebApplicationException());
thrown.expect(WebApplicationException.class);
- VXPortalUser vXPortalUser = userProfile();
- xUserMgr.checkAccess(vXPortalUser.getLoginId());
+ xUserMgr.checkAccess(vxUser);
}
@Test
@@ -3396,7 +3392,7 @@ public class TestXUserMgr {
vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
- Mockito.when(restErrorUtil.create403RESTException("Logged-In
user is not allowed to access requested user data.")).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.getXUser(5L);
}
@@ -3431,7 +3427,7 @@ public class TestXUserMgr {
vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
- Mockito.when(restErrorUtil.create403RESTException("Logged-In
user is not allowed to access requested user data.")).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.getXUser(5L);
}
@@ -3466,7 +3462,7 @@ public class TestXUserMgr {
vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
- Mockito.when(restErrorUtil.create403RESTException("Logged-In
user is not allowed to access requested user data.")).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.getXUser(5L);
}
@@ -3501,7 +3497,7 @@ public class TestXUserMgr {
vxUser.setUserSource(RangerCommonEnums.USER_UNIX);
Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser);
Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser);
- Mockito.when(restErrorUtil.create403RESTException("Logged-In
user is not allowed to access requested user data.")).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.getXUser(5L);
}
@@ -3546,7 +3542,7 @@ public class TestXUserMgr {
Assert.assertNotNull(expectedVXUser);
Assert.assertEquals(expectedVXUser.getName(), vxUser.getName());
destroySession();
- Mockito.when(restErrorUtil.create403RESTException("Logged-In
user is not allowed to access requested user data.")).thenThrow(new
WebApplicationException());
+
Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN,
"Logged-In user is not allowed to access requested user data",
true)).thenThrow(new WebApplicationException());
thrown.expect(WebApplicationException.class);
xUserMgr.getXUser(8L);
}
@@ -3863,6 +3859,14 @@ public class TestXUserMgr {
Mockito.when(xUserPermissionDao.findByModuleIdAndPortalUserId(null,
null)).thenReturn(xUserPermissionObj);
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
Mockito.when(xUserPermissionService.updateResource((VXUserPermission)
Mockito.any())).thenReturn(userPermission);
+
Mockito.when(daoManager.getXXPortalUser()).thenReturn(xXPortalUserDao);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
int createdOrUpdatedUserCount =
xUserMgr.createOrUpdateXUsers(users);
Assert.assertEquals(createdOrUpdatedUserCount, 1);
}
@@ -3923,6 +3927,14 @@ public class TestXUserMgr {
Mockito.when(xUserService.createResource((VXUser)
Mockito.any())).thenReturn(vXUser);
Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission);
Mockito.when(xUserPermissionService.updateResource((VXUserPermission)
Mockito.any())).thenReturn(userPermission);
+ Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
xUserMgr.createOrUpdateXUsers(users);
vXUser.setPassword("*****");
@@ -3974,6 +3986,13 @@ public class TestXUserMgr {
xUserPermissionObj.setUserId(userId);
xUserPermissionsList.add(xUserPermissionObj);
Mockito.when(xUserPermissionDao.findByUserPermissionId(vXPortalUser.getId())).thenReturn(xUserPermissionsList);
+ VXUser loggedInUser = vxUser();
+ List<String> loggedInUserRole = new ArrayList<String>();
+ loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN);
+ loggedInUser.setId(8L);
+ loggedInUser.setName("testuser");
+ loggedInUser.setUserRoleList(loggedInUserRole);
+
Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser);
xUserMgr.createOrUpdateXUsers(users);
vXUserList.clear();
vXUser.setUserSource(RangerCommonEnums.USER_APP);
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
index fa14d93f9..20e9bc2e1 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java
@@ -18,8 +18,6 @@ package org.apache.ranger.rest;
import static org.junit.Assert.fail;
-import java.io.File;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
@@ -29,8 +27,6 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.ranger.admin.client.datatype.RESTResponse;
@@ -51,17 +47,9 @@ import
org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemAccess;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition;
import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource;
import org.apache.ranger.plugin.model.RangerService;
-import org.apache.ranger.plugin.model.RangerServiceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef;
-import
org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef;
-import
org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef;
-import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef;
import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil;
import org.apache.ranger.plugin.util.GrantRevokeRequest;
import org.apache.ranger.plugin.util.SearchFilter;
-import org.apache.ranger.plugin.util.ServicePolicies;
import org.apache.ranger.service.XAccessAuditService;
import org.apache.ranger.service.XAssetService;
import org.apache.ranger.service.XCredentialStoreService;
@@ -256,47 +244,6 @@ public class TestAssetREST {
return policy;
}
- private RangerServiceDef rangerServiceDef() {
- List<RangerServiceConfigDef> configs = new
ArrayList<RangerServiceConfigDef>();
- List<RangerResourceDef> resources = new
ArrayList<RangerResourceDef>();
- List<RangerAccessTypeDef> accessTypes = new
ArrayList<RangerAccessTypeDef>();
- List<RangerPolicyConditionDef> policyConditions = new
ArrayList<RangerPolicyConditionDef>();
- List<RangerContextEnricherDef> contextEnrichers = new
ArrayList<RangerContextEnricherDef>();
- List<RangerEnumDef> enums = new ArrayList<RangerEnumDef>();
-
- RangerServiceDef rangerServiceDef = new RangerServiceDef();
- rangerServiceDef.setId(Id);
- rangerServiceDef.setImplClass("RangerServiceHdfs");
- rangerServiceDef.setLabel("HDFS Repository");
- rangerServiceDef.setDescription("HDFS Repository");
- rangerServiceDef.setRbKeyDescription(null);
- rangerServiceDef.setUpdatedBy("Admin");
- rangerServiceDef.setUpdateTime(new Date());
- rangerServiceDef.setConfigs(configs);
- rangerServiceDef.setResources(resources);
- rangerServiceDef.setAccessTypes(accessTypes);
- rangerServiceDef.setPolicyConditions(policyConditions);
- rangerServiceDef.setContextEnrichers(contextEnrichers);
- rangerServiceDef.setEnums(enums);
-
- return rangerServiceDef;
- }
-
- private ServicePolicies servicePolicies() {
- RangerPolicy rangerPolicy = rangerPolicy(Id);
- RangerServiceDef rangerServiceDef = rangerServiceDef();
- ServicePolicies servicePolicies = new ServicePolicies();
- List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
- policies.add(rangerPolicy);
- servicePolicies.setServiceId(Id);
- servicePolicies.setServiceName("Hdfs_1");
- servicePolicies.setPolicyVersion(1L);
- servicePolicies.setPolicyUpdateTime(new Date());
- servicePolicies.setServiceDef(rangerServiceDef);
- servicePolicies.setPolicies(policies);
- return servicePolicies;
- }
-
private VXPolicy vXPolicy(RangerPolicy policy, RangerService service) {
VXPolicy ret = new VXPolicy();
ret.setPolicyName(StringUtils.trim(policy.getName()));
@@ -639,73 +586,6 @@ public class TestAssetREST {
Mockito.verify(assetMgr).getXCredentialStoreSearchCount(searchCriteria);
}
- @Test
- public void testGetXResourceFile() {
- File file = new File("testGetXResource");
- Response expectedResponse = Response.ok(file,
MediaType.APPLICATION_OCTET_STREAM)
- .header("Content-Disposition",
"attachment;filename=" + file.getName()).build();
- VXResource vxResource = vxResource(Id);
- Mockito.when(
- searchUtil.extractString((HttpServletRequest)
Mockito.any(), (SearchCriteria) Mockito.any(),
- (String) Mockito.any(),
(String) Mockito.any(), (String) Mockito.any()))
- .thenReturn("json");
- Mockito.when(assetREST.getXResource(Id)).thenReturn(vxResource);
- Mockito.when(assetMgr.getXResourceFile(vxResource,
"json")).thenReturn(file);
- Response reponse = assetREST.getXResourceFile(request, Id);
- Assert.assertEquals(expectedResponse.getStatus(),
reponse.getStatus());
- Mockito.verify(assetMgr).getXResourceFile(vxResource, "json");
- Mockito.verify(searchUtil).extractString((HttpServletRequest)
Mockito.any(),
- (SearchCriteria) Mockito.any(), (String)
Mockito.any(), (String) Mockito.any(),
- (String) Mockito.any());
- }
-
- @Test
- public void testGetResourceJSON() {
- RangerService rangerService = rangerService(Id);
- String file = "testGetResourceJSON";
- VXAsset vXAsset = vXAsset(Id);
- Date date = new Date();
- String strdt = date.toString();
- X509Certificate[] certchain = new X509Certificate[1];
- certchain[0] = Mockito.mock(X509Certificate.class);
- ServicePolicies servicePolicies = servicePolicies();
- RangerPolicy rangerPolicy = rangerPolicy(Id);
- List<RangerPolicy> policies = new ArrayList<RangerPolicy>();
- policies.add(rangerPolicy);
- Mockito.when(request.getParameter("epoch")).thenReturn(strdt);
-
Mockito.when(request.getAttribute("javax.servlet.request.X509Certificate")).thenReturn(certchain);
-
Mockito.when(request.getHeader("X-FORWARDED-FOR")).thenReturn("valid");
- Mockito.when(request.isSecure()).thenReturn(true);
-
Mockito.when(request.getParameter("policyCount")).thenReturn("4");
- Mockito.when(request.getParameter("agentId")).thenReturn("12");
- //
Mockito.when(PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true)).thenReturn(true);
- try {
-
Mockito.when(serviceREST.getServicePoliciesIfUpdated(Mockito.anyString(),
Mockito.anyLong(),
- Mockito.anyLong(), Mockito.anyString(),
Mockito.anyString() , Mockito.anyString() , Mockito.anyBoolean(),
Mockito.anyString(), (HttpServletRequest) Mockito.any()))
- .thenReturn(servicePolicies);
- } catch (Exception e) {
- fail("test failed due to: " + e.getMessage());
- }
-
Mockito.when(serviceUtil.getServiceByName("hdfs_dev")).thenReturn(rangerService);
-
Mockito.when(serviceUtil.toVXAsset(rangerService)).thenReturn(vXAsset);
- Mockito.when(assetMgr.getLatestRepoPolicy((VXAsset)
Mockito.any(), Mockito.<VXResource>anyList(), Mockito.anyLong(),
- (X509Certificate[]) Mockito.any(),
Mockito.anyBoolean(), Mockito.anyString(), Mockito.anyString(),
- Mockito.anyBoolean(), Mockito.anyString(),
Mockito.anyString())).thenReturn(file);
- String actualFile = assetREST.getResourceJSON(request,
"hdfs_dev");
- Assert.assertEquals(file, actualFile);
- Mockito.verify(serviceUtil).getServiceByName("hdfs_dev");
- Mockito.verify(serviceUtil).toVXAsset(rangerService);
- Mockito.verify(request).getParameter("epoch");
-
Mockito.verify(request).getAttribute("javax.servlet.request.X509Certificate");
- Mockito.verify(request).getHeader("X-FORWARDED-FOR");
- Mockito.verify(request).isSecure();
- Mockito.verify(request).getParameter("policyCount");
- Mockito.verify(request).getParameter("agentId");
- Mockito.verify(assetMgr).getLatestRepoPolicy((VXAsset)
Mockito.any(), Mockito.<VXResource>anyList(),
- Mockito.anyLong(), (X509Certificate[])
Mockito.any(), Mockito.anyBoolean(), Mockito.anyString(),
- Mockito.anyString(), Mockito.anyBoolean(),
Mockito.anyString(), Mockito.anyString());
- }
-
@Test
public void testSearchXPolicyExportAudits() {
SearchCriteria searchCriteria = new SearchCriteria();
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
index 3978fab1b..175af395f 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java
@@ -238,6 +238,7 @@ public class TestRoleREST {
RangerRoleList rangerRoleList = new RangerRoleList();
Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class),
eq(roleService.sortFields))).
thenReturn(Mockito.mock(SearchFilter.class));
+
Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true);
RangerRoleList returnedRangerRoleList =
roleRest.getAllRoles(Mockito.mock(HttpServletRequest.class));
Assert.assertNotNull(returnedRangerRoleList);
Assert.assertEquals(returnedRangerRoleList.getListSize(),
rangerRoleList.getListSize());
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
index 40de07150..15011a34a 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java
@@ -1285,10 +1285,9 @@ public class TestServiceREST {
@Test
public void test33getPolicyForVersionNumber() throws Exception {
RangerPolicy rangerPolicy = rangerPolicy();
- Mockito.when(svcStore.getPolicyForVersionNumber(Id,
1)).thenReturn(
- rangerPolicy);
- RangerPolicy dbRangerPolicy =
serviceREST.getPolicyForVersionNumber(Id,
- 1);
+ Mockito.when(svcStore.getPolicyForVersionNumber(Id,
1)).thenReturn(rangerPolicy);
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
+ RangerPolicy dbRangerPolicy =
serviceREST.getPolicyForVersionNumber(Id, 1);
Assert.assertNotNull(dbRangerPolicy);
Mockito.verify(svcStore).getPolicyForVersionNumber(Id, 1);
}
@@ -2290,7 +2289,7 @@ public class TestServiceREST {
}
public void mockValidateGrantRevokeRequest(){
-
Mockito.when(userMgr.getXUserByUserName(Mockito.anyString())).thenReturn(Mockito.mock(VXUser.class));
+
Mockito.when(xUserService.getXUserByUserName(Mockito.anyString())).thenReturn(Mockito.mock(VXUser.class));
Mockito.when(userMgr.getGroupByGroupName(Mockito.anyString())).thenReturn(Mockito.mock(VXGroup.class));
Mockito.when(daoManager.getXXRole().findByRoleName(Mockito.anyString())).thenReturn(Mockito.mock(XXRole.class));
}
@@ -2779,6 +2778,7 @@ public class TestServiceREST {
Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao);
Mockito.when(daoManager.getXXPolicy().findPolicy(policyName,serviceName,zoneName)).thenReturn(xxPolicy);
Mockito.when(policyService.getPopulatedViewObject(xxPolicy)).thenReturn(rangerPolicy);
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
RangerPolicy dbRangerPolicy =
serviceREST.getPolicyByName(serviceName, policyName, zoneName);
Assert.assertNotNull(dbRangerPolicy);
Assert.assertEquals(dbRangerPolicy, rangerPolicy);
@@ -2797,6 +2797,7 @@ public class TestServiceREST {
Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao);
Mockito.when(daoManager.getXXPolicy().findPolicy(policyName,serviceName,null)).thenReturn(xxPolicy);
Mockito.when(policyService.getPopulatedViewObject(xxPolicy)).thenReturn(rangerPolicy);
+ Mockito.when(bizUtil.isAdmin()).thenReturn(true);
RangerPolicy dbRangerPolicy =
serviceREST.getPolicyByName(serviceName, policyName, null);
Assert.assertNotNull(dbRangerPolicy);
Assert.assertEquals(dbRangerPolicy, rangerPolicy);
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
index 7165a304d..34122dd79 100755
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java
@@ -499,10 +499,12 @@ public class TestTagREST {
@Test
public void test16getTagTypes(){
+ boolean isAdmin = true;
List<String> ret = new ArrayList<String>();
ret.add(name);
try {
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
Mockito.when(tagStore.getTagTypes()).thenReturn(ret);
} catch (Exception e) {
}
@@ -760,6 +762,7 @@ public class TestTagREST {
@Test
public void test26getAllTags() {
+ boolean isAdmin = true;
List<RangerTag> ret = new ArrayList<RangerTag>();
RangerTag rangerTag = new RangerTag();
rangerTag.setId(id);
@@ -767,6 +770,7 @@ public class TestTagREST {
ret.add(rangerTag);
try {
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
Mockito.when(tagStore.getTags((SearchFilter)Mockito.any())).thenReturn(ret);
} catch (Exception e) {
}
@@ -784,9 +788,10 @@ public class TestTagREST {
@Test
public void test60getAllTags() {
+ boolean isAdmin = true;
List<RangerTag> ret = new ArrayList<RangerTag>();
-
try {
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
Mockito.when(tagStore.getTags((SearchFilter)Mockito.any())).thenReturn(ret);
} catch (Exception e) {
}
@@ -1118,6 +1123,7 @@ public class TestTagREST {
@Test
public void test37getAllServiceResources() {
+ boolean isAdmin = true;
List<RangerServiceResource> ret = new
ArrayList<RangerServiceResource>();
RangerServiceResource rangerServiceResource = new
RangerServiceResource();
rangerServiceResource.setId(id);
@@ -1125,6 +1131,7 @@ public class TestTagREST {
ret.add(rangerServiceResource);
try {
+ Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin);
Mockito.when(tagStore.getServiceResources((SearchFilter)Mockito.any())).thenReturn(ret);
} catch (Exception e) {
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java
index cb2ccc47c..4af176976 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java
@@ -401,7 +401,7 @@ public class TestUserREST {
Mockito.verify(daoManager).getXXPortalUser();
Mockito.verify(xxPortalUserDao).getById(userId);
- Mockito.verify(userManager).checkAccessForUpdate(xxPUser);
+ Mockito.verify(userManager).checkAccess(xxPUser);
Mockito.verify(userManager).changePassword(vxPasswordChange);
}
@@ -440,7 +440,7 @@ public class TestUserREST {
Mockito.verify(daoManager).getXXPortalUser();
Mockito.verify(xxPortalUserDao).getById(userId);
- Mockito.verify(userManager).checkAccessForUpdate(xxPUser);
+ Mockito.verify(userManager).checkAccess(xxPUser);
Mockito.verify(userManager).changeEmailAddress(xxPUser,
changeEmail);
}
diff --git
a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
index 74744e6cf..5b478489c 100644
--- a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
+++ b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java
@@ -59,8 +59,6 @@ import org.apache.ranger.view.VXAuditMapList;
import org.apache.ranger.view.VXAuthSession;
import org.apache.ranger.view.VXAuthSessionList;
import org.apache.ranger.view.VXGroup;
-import org.apache.ranger.view.VXGroupGroup;
-import org.apache.ranger.view.VXGroupGroupList;
import org.apache.ranger.view.VXGroupList;
import org.apache.ranger.view.VXGroupPermission;
import org.apache.ranger.view.VXGroupPermissionList;
@@ -147,8 +145,6 @@ public class TestXUserREST {
@Mock VXGroupUser vXGroupUser;
@Mock XGroupUserService xGroupUserService;
@Mock VXGroupUserList vXGroupUserList;
- @Mock VXGroupGroup vXGroupGroup;
- @Mock VXGroupGroupList vXGroupGroupList;
@Mock XGroupGroupService xGroupGroupService;
@Mock VXPermMap vXPermMap;
@Mock RESTErrorUtil restErrorUtil;
@@ -647,92 +643,6 @@ public class TestXUserREST {
assertEquals(testvxLong.getClass(),vXLong.getClass());
}
@Test
- public void test32getXGroupGroup() {
- VXGroupGroup compareTestVXGroup=createVXGroupGroup();
-
-
Mockito.when(xUserMgr.getXGroupGroup(id)).thenReturn(compareTestVXGroup);
- VXGroupGroup retVxGroup= xUserRest.getXGroupGroup(id);
-
- assertNotNull(retVxGroup);
-
assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass());
- assertEquals(compareTestVXGroup.getId(),retVxGroup.getId());
- Mockito.verify(xUserMgr).getXGroupGroup(id);
- } @Test
- public void test33createXGroupGroup() {
- VXGroupGroup compareTestVXGroup=createVXGroupGroup();
-
-
Mockito.when(xUserMgr.createXGroupGroup(compareTestVXGroup)).thenReturn(compareTestVXGroup);
- VXGroupGroup retVxGroup=
xUserRest.createXGroupGroup(compareTestVXGroup);
-
- assertNotNull(retVxGroup);
-
assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass());
- assertEquals(compareTestVXGroup.getId(),retVxGroup.getId());
- Mockito.verify(xUserMgr).createXGroupGroup(compareTestVXGroup);
- }
- @Test
- public void test34updateXGroupGroup() {
- VXGroupGroup compareTestVXGroup=createVXGroupGroup();
-
-
Mockito.when(xUserMgr.updateXGroupGroup(compareTestVXGroup)).thenReturn(compareTestVXGroup);
- VXGroupGroup retVxGroup=
xUserRest.updateXGroupGroup(compareTestVXGroup);
-
- assertNotNull(retVxGroup);
-
assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass());
- assertEquals(compareTestVXGroup.getId(),retVxGroup.getId());
- Mockito.verify(xUserMgr).updateXGroupGroup(compareTestVXGroup);
- }
- @Test
- public void test35deleteXGroupGroup() {
- boolean forceDelete = false;
-
- Mockito.doNothing().when(xUserMgr).deleteXGroupGroup(id,
forceDelete);
- xUserRest.deleteXGroupGroup(id,request);
- Mockito.verify(xUserMgr).deleteXGroupGroup(id,forceDelete);
- }
- @SuppressWarnings("unchecked")
- @Test
- public void test36searchXGroupGroups() {
- VXGroupGroupList testvXGroupGroupList=new VXGroupGroupList();
- VXGroupGroup testVXGroup=createVXGroupGroup();
- List<VXGroupGroup> testVXGroupGroups= new
ArrayList<VXGroupGroup>();
- testVXGroupGroups.add(testVXGroup);
- testvXGroupGroupList.setVXGroupGroups(testVXGroupGroups);
-
- HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
- SearchCriteria testSearchCriteria=createsearchCriteria();
-
-
Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any()
,(List<SortField>)Mockito.any())).thenReturn(testSearchCriteria);
-
-
Mockito.when(xUserMgr.searchXGroupGroups(testSearchCriteria)).thenReturn(testvXGroupGroupList);
- VXGroupGroupList
outputvXGroupGroupList=xUserRest.searchXGroupGroups(request);
-
- Mockito.verify(xUserMgr).searchXGroupGroups(testSearchCriteria);
-
Mockito.verify(searchUtil).extractCommonCriterias((HttpServletRequest)Mockito.any()
,(List<SortField>)Mockito.any());
-
- assertNotNull(outputvXGroupGroupList);
-
assertEquals(outputvXGroupGroupList.getClass(),testvXGroupGroupList.getClass());
-
assertEquals(outputvXGroupGroupList.getResultSize(),testvXGroupGroupList.getResultSize());
- }
- @SuppressWarnings("unchecked")
- @Test
- public void test37countXGroupGroups() {
- HttpServletRequest request =
Mockito.mock(HttpServletRequest.class);
- SearchCriteria testSearchCriteria=createsearchCriteria();
-
-
Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any()
,(List<SortField>)Mockito.any())).thenReturn(testSearchCriteria);
-
- vXLong.setValue(1);
-
-
Mockito.when(xUserMgr.getXGroupGroupSearchCount(testSearchCriteria)).thenReturn(vXLong);
- VXLong testvxLong=xUserRest.countXGroupGroups(request);
-
Mockito.verify(xUserMgr).getXGroupGroupSearchCount(testSearchCriteria);
-
Mockito.verify(searchUtil).extractCommonCriterias((HttpServletRequest)Mockito.any()
,(List<SortField>)Mockito.any());
-
- assertNotNull(testvxLong);
- assertEquals(testvxLong.getClass(),vXLong.getClass());
- assertEquals(testvxLong.getValue(),vXLong.getValue());
- }
- @Test
public void test38getXPermMapVXResourceNull() throws Exception{
VXPermMap permMap = testcreateXPermMap();
@@ -2181,17 +2091,7 @@ public class TestXUserREST {
testVXGroupUser.setUserId(id);
return testVXGroupUser;
}
- private VXGroupGroup createVXGroupGroup() {
- VXGroupGroup testVXGroupGroup= new VXGroupGroup();
- testVXGroupGroup.setName("testGroup");
- testVXGroupGroup.setCreateDate(new Date());
- testVXGroupGroup.setUpdateDate(new Date());
- testVXGroupGroup.setUpdatedBy("Admin");
- testVXGroupGroup.setOwner("Admin");
- testVXGroupGroup.setId(id);
- testVXGroupGroup.setParentGroupId(id);
- return testVXGroupGroup;
- }
+
private VXPermMap testcreateXPermMap(){
VXPermMap testVXPermMap= new VXPermMap();
testVXPermMap.setCreateDate(new Date());
