----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/71166/#review216922 -----------------------------------------------------------
security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java Lines 1480 (patched) <https://reviews.apache.org/r/71166/#comment304155> Adding creating user as a service-admin will grant the creator a lot more power/capabilities that are not needed for the this specific flow. Please review to see if this is necessary. Alternately, as the creator's identity is automatically recorded in the createdBy field (in the BaseMoObject), this can be checked against the identity of user trying to delete the service. If they match, then allow the delete service to go through. - Abhay Kulkarni On July 26, 2019, 5:19 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/71166/ > ----------------------------------------------------------- > > (Updated July 26, 2019, 5:19 a.m.) > > > Review request for ranger, Ankita Sinha, bhavik patel, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Nikhil P, Nitin Galave, Ramesh > Mani, Sailaja Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-2518 > https://issues.apache.org/jira/browse/RANGER-2518 > > > Repository: ranger > > > Description > ------- > > **Problem Statement:** Current service admin user can not delete the ranger > service. > > **Proposed Solution:** > > During service/repo creation, add the creating user as a service admin for > that service. improve the deleteService API to allow service admin user to > delete the service. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java > 77c91ab9d > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > 990fc2bba > security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java > b6f13f47e > security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java > 34be7e914 > > > Diff: https://reviews.apache.org/r/71166/diff/2/ > > > Testing > ------- > > Built, Installed and started ranger with the patch. > Login from admin user. > Create a user 'testuser1' with 'admin' role > Logout from admin user and login from 'testuser1' > create hive service 'hivedev' > opened the service edit page and can see 'testuser1' was added as service > admin user. > Logout from 'testuser1' user and login from 'admin' > Change the role of 'testuser1' user from 'admin' to 'user' > Logout from admin user > execute below curl command > curl -i --header "Accept:application/json" -H "Content-Type: > application/json" -u testuser1:user1234 -X DELETE > 'http://172.22.111.117:6080/service/plugins/services/5' > > > **Expected behaviour:** > service should get deleted and return http response code 204 with no content. > > **Actual behaviour:** > Response received: > > HTTP/1.1 204 No Content > Set-Cookie: RANGERADMINSESSIONID=3F481200366A0823073FFE27FF982A84; Path=/; > HttpOnly > X-Frame-Options: DENY > X-XSS-Protection: 1; mode=block > Strict-Transport-Security: max-age=31536000; includeSubDomains > Content-Security-Policy: default-src 'none'; script-src 'self' > 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src > 'self' 'unsafe-inline';font-src 'self' > Cache-Control: no-cache, no-store, max-age=0, must-revalidate > Pragma: no-cache > Expires: 0 > X-Content-Type-Options: nosniff > Content-Type: application/json > Date: Thu, 25 Jul 2019 13:50:13 GMT > Server: Apache Ranger > > > Thanks, > > Pradeep Agrawal > >
