Re: Review Request 74189: POST/PUT REST API's work even when invalid user id or Id is used in the URL

Sun, 27 Nov 2022 20:05:32 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/74189/
-----------------------------------------------------------

(Updated Nov. 28, 2022, 4:05 a.m.)


Review request for ranger, Don Bosco Durai, Abhay Kulkarni, Madhan Neethiraj, 
Mehul Parikh, Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, Subhrat Chaudhary, and Velmurugan Periasamy.


Summary (updated)
-----------------

POST/PUT REST API's work even when invalid user id or Id is used in the URL


Bugs: RANGER-3883
    https://issues.apache.org/jira/browse/RANGER-3883


Repository: ranger


Description
-------

When a POST request is made to the following APIs return 200 status code even 
when the userId is invalid .

When a POST/PUT request is made to the following APIs return 200 status code 
even when the userId or id is invalid.

Ranger is not honouring Id
/service/users/{USER_ID}/passwordchange
/service/users/{USER_ID}/emailchange
/assets/{id}
/permission/{id}
/services/{id}
/definitions/{id}
/secure/groups/{id}
/policies/{id}

Ideally, the APIs must return 404 or Bad request(400) not found when using an 
invalid userid or id in the URL

But in this case, the POST/PUT request results in status code 200 instead of 400


Diffs
-----

  security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java a0ba3b750 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIs.java 2e7e90bb4 
  security-admin/src/main/java/org/apache/ranger/rest/PublicAPIsv2.java 
293107f24 
  security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java 
9bccf1089 
  security-admin/src/main/java/org/apache/ranger/rest/UserREST.java 5fc18034b 
  security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java dd12048ac 
  security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java 
abd4b1c1c 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIs.java 
2bf5ee6c9 
  security-admin/src/test/java/org/apache/ranger/rest/TestPublicAPIsv2.java 
1069f013d 
  security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java 
375135a5a 
  security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java 
48cd7face 
  security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java 
2b25ba813 


Diff: https://reviews.apache.org/r/74189/diff/2/


Testing
-------


Thanks,

Ramachandran Krishnan

Reply via email to