[
https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271135#comment-17271135
]
Mahesh Hanumant Bandal commented on RANGER-3155:
------------------------------------------------
[~rujia1019] - Build succeeded with "mvn clean compile package test", I did not
see any PMD issues though.
*case 1 (role1 exists) :*
curl -X GET -H "Content-Type:application/json" -iku admin:admin123
"http://localhost:6080/service/roles/roles/name/role1?execUser=non-admin";
{code:java}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vxResponse>
<msgDesc>User non-admin does not have privilege to role role1</msgDesc>
<statusCode>1</statusCode>
</vxResponse>
{code}
*case 2 (role3 does not exist and logged-in user is admin) :*
curl -X GET -H "Content-Type:application/json" -iku admin:admin123
"http://localhost:6080/service/roles/roles/name/role3?execUser=non-admin";
{code:java}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vxResponse>
<msgDesc>Role with name: role3 does not exist</msgDesc>
<statusCode>1</statusCode>
</vxResponse>
{code}
*case 3 (role3 does not exist and ?execUser=non-admin removed from query param)
:*
curl -X GET -H "Content-Type:application/json" -iku admin:admin123
"http://localhost:6080/service/roles/roles/name/role3";
{code:java}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vxResponse>
<msgDesc>Role with name: role3 does not exist</msgDesc>
<statusCode>1</statusCode>
</vxResponse>
{code}
*case 4 (role1 exists and logged-in user is non-admin) :*
curl -X GET -H "Content-Type:application/json" -iku non-admin:nonadmin1
"http://localhost:6080/service/roles/roles/name/role1";
{code:java}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<vxResponse>
<msgDesc>User doesn't have permissions to get details for role1</msgDesc>
<statusCode>1</statusCode>
</vxResponse>
{code}
> Roles are not accessible for Admin User through REST API
> --------------------------------------------------------
>
> Key: RANGER-3155
> URL: https://issues.apache.org/jira/browse/RANGER-3155
> Project: Ranger
> Issue Type: Bug
> Components: Ranger
> Affects Versions: 3.0.0
> Reporter: Mahesh Hanumant Bandal
> Assignee: Mahesh Hanumant Bandal
> Priority: Major
> Fix For: 3.0.0
>
>
> This issue is introduced by RANGER-3135.
> Following is current observation :
> I tried to access GET API
> [http://localhost:6080/service/roles/roles/name/role1] with admin user and it
> does not return roles which already exist, whereas select * from x_role
> returns two roles. ie. role1, role2.
> API returns following response :
> {code:java}
> <vxResponse>
> <msgDesc>Role with name: role1 does not exist</msgDesc>
> <statusCode>1</statusCode>
> </vxResponse>
> {code}
> *With admin user it shows same response regardless of role's existence.*
> =================================================================
> Resolution :
> Admin user should get roles when accessed via REST API. This JIRA should also
> focus on providing fix for RANGER-3135 where GET API /roles/name/\{name}
> should provide proper message in case of the role does not exist. In case of
> non-admin user, it should deny access to roles.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
