[ https://issues.apache.org/jira/browse/RANGER-4122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
KyrieG updated RANGER-4122: --------------------------- Attachment: image-2023-03-05-22-16-17-927.png > [RangerAdmin] Reorganize authorization check logic > -------------------------------------------------- > > Key: RANGER-4122 > URL: https://issues.apache.org/jira/browse/RANGER-4122 > Project: Ranger > Issue Type: Improvement > Components: admin > Affects Versions: 2.3.0 > Reporter: KyrieG > Priority: Major > Fix For: 2.4.0 > > Attachments: Pasted image 20230305134707 1.png, > image-2023-03-05-22-16-17-927.png > > > # Reorganize authorization logic > Recently when I was sorting out the authorization logic of ranger admin, I > saw confusion. > For example: At ServiceREST I saw the following, similar logic been > implemented in a distributed fasion. > ![[Pasted image 20230305134707.png]] > ![[Pasted image 20230305134449.png]] > ![[Pasted image 20230305140346.png]] > ![[Pasted image 20230305141025.png]] > I think these method should be in the same class for easy maintainance. A > Better way is to create a new class for authorization logic instead of > putting everythiong into bizUtil because it's responsible for many thing. > To sum up, I want to put these method into A new class named > "RangerAuthorizationHelper". > RangerBizUtil.isUserAllowed > RangerBizUtil.checkAdminAccess > RangerBizUtil.isUserRangerAdmin > RangerBizUtil.isUserServiceAdmin > RoleREST.userIsSrvAdmOrSrvUser > svcStore.isServiceAdminUser > XUserMgr.hasAccessToModule > RangerBizUtil.hasModuleAccess > RoleDBStore.ensureRoleAccess > RangerBizUtil.blockAuditorRoleUser > ... and many. -- This message was sent by Atlassian Jira (v8.20.10#820010)