Review Request 71220: RANGER-2518: Allow service creator to delete the service

Wed, 31 Jul 2019 15:09:52 -0700 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/71220/
-----------------------------------------------------------

Review request for ranger, Madhan Neethiraj, Pradeep Agrawal, Ramesh Mani, and 
Velmurugan Periasamy.


Bugs: RANGER-2518
    https://issues.apache.org/jira/browse/RANGER-2518


Repository: ranger


Description
-------

Problem Statement: Current service admin user can not delete the ranger 
service. 


Proposed Solution: 


As during service/repo creation, creator reference get added in added_by_id 
field of x_service table. we can compare the logged in user id and service 
creator id. if both matches then no need to check the admin permissions. This 
will allow service creator user to delete the service.


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java 
0ad7df2dd 
  security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java 
84202335d 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
b06273cc5 
  security-admin/src/main/java/org/apache/ranger/service/XResourceService.java 
43a855e6d 
  
security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java
 d613c700a 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
34be7e914 


Diff: https://reviews.apache.org/r/71220/diff/1/


Testing
-------

Built, Installed and started ranger with the patch.
Login from admin user.
Create a user 'testuser1' with 'admin' role
Logout from admin user and login from 'testuser1'
create hive service 'hivedev'
Logout from 'testuser1' user and login from 'admin'
Change the role of 'testuser1' user from 'admin' to 'user'
Logout from admin user
execute below curl command by using 'testuser1' user's credential
curl -i --header "Accept:application/json" -H "Content-Type: application/json" 
-u testuser1:user1234 -X  DELETE 
'http://172.22.111.117:6080/service/plugins/services/5'


Expected behaviour:
service should get deleted and return http response code 204 with no content.


Actual behaviour:
Response received:


HTTP/1.1 204 No Content
Set-Cookie: RANGERADMINSESSIONID=3F481200366A0823073FFE27FF982A84; Path=/; 
HttpOnly
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 
'unsafe-eval'; connect-src 'self'; img-src 'self'; style-src 'self' 
'unsafe-inline';font-src 'self'
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
Content-Type: application/json
Date: Thu, 25 Jul 2019 13:50:13 GMT
Server: Apache Ranger


Thanks,

Abhay Kulkarni

Reply via email to