[ https://issues.apache.org/jira/browse/RANGER-3155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271135#comment-17271135 ]
Mahesh Hanumant Bandal commented on RANGER-3155: ------------------------------------------------ [~rujia1019] - Build succeeded with "mvn clean compile package test", I did not see any PMD issues though. *case 1 (role1 exists) :* curl -X GET -H "Content-Type:application/json" -iku admin:admin123 "http://localhost:6080/service/roles/roles/name/role1?execUser=non-admin" {code:java} <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vxResponse> <msgDesc>User non-admin does not have privilege to role role1</msgDesc> <statusCode>1</statusCode> </vxResponse> {code} *case 2 (role3 does not exist and logged-in user is admin) :* curl -X GET -H "Content-Type:application/json" -iku admin:admin123 "http://localhost:6080/service/roles/roles/name/role3?execUser=non-admin" {code:java} <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vxResponse> <msgDesc>Role with name: role3 does not exist</msgDesc> <statusCode>1</statusCode> </vxResponse> {code} *case 3 (role3 does not exist and ?execUser=non-admin removed from query param) :* curl -X GET -H "Content-Type:application/json" -iku admin:admin123 "http://localhost:6080/service/roles/roles/name/role3" {code:java} <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vxResponse> <msgDesc>Role with name: role3 does not exist</msgDesc> <statusCode>1</statusCode> </vxResponse> {code} *case 4 (role1 exists and logged-in user is non-admin) :* curl -X GET -H "Content-Type:application/json" -iku non-admin:nonadmin1 "http://localhost:6080/service/roles/roles/name/role1" {code:java} <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <vxResponse> <msgDesc>User doesn't have permissions to get details for role1</msgDesc> <statusCode>1</statusCode> </vxResponse> {code} > Roles are not accessible for Admin User through REST API > -------------------------------------------------------- > > Key: RANGER-3155 > URL: https://issues.apache.org/jira/browse/RANGER-3155 > Project: Ranger > Issue Type: Bug > Components: Ranger > Affects Versions: 3.0.0 > Reporter: Mahesh Hanumant Bandal > Assignee: Mahesh Hanumant Bandal > Priority: Major > Fix For: 3.0.0 > > > This issue is introduced by RANGER-3135. > Following is current observation : > I tried to access GET API > [http://localhost:6080/service/roles/roles/name/role1] with admin user and it > does not return roles which already exist, whereas select * from x_role > returns two roles. ie. role1, role2. > API returns following response : > {code:java} > <vxResponse> > <msgDesc>Role with name: role1 does not exist</msgDesc> > <statusCode>1</statusCode> > </vxResponse> > {code} > *With admin user it shows same response regardless of role's existence.* > ================================================================= > Resolution : > Admin user should get roles when accessed via REST API. This JIRA should also > focus on providing fix for RANGER-3135 where GET API /roles/name/\{name} > should provide proper message in case of the role does not exist. In case of > non-admin user, it should deny access to roles. -- This message was sent by Atlassian Jira (v8.3.4#803005)