[ https://issues.apache.org/jira/browse/RANGER-4122?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
KyrieG updated RANGER-4122: --------------------------- Description: # Reorganize authorization logic Recently when I was sorting out the authorization logic of ranger admin, I saw confusion. For example: At ServiceREST I saw the following, similar logic been implemented in a distributed fasion. !image-2023-03-05-22-16-17-927.png! !image-2023-03-05-22-17-00-698.png!!image-2023-03-05-22-17-35-210.png! # I think these method should be in the same class for easy maintainance. A Better way is to create a new class for authorization logic instead of putting everythiong into bizUtil because it's responsible for many thing. # To sum up, I want to put these method into A new class named "RangerAuthorizationHelper". {quote}RangerBizUtil.isUserAllowed RangerBizUtil.checkAdminAccess RangerBizUtil.isUserRangerAdmin RangerBizUtil.isUserServiceAdmin RoleREST.userIsSrvAdmOrSrvUser svcStore.isServiceAdminUser XUserMgr.hasAccessToModule RangerBizUtil.hasModuleAccess RoleDBStore.ensureRoleAccess RangerBizUtil.blockAuditorRoleUser ... and many. {quote} was: # Reorganize authorization logic Recently when I was sorting out the authorization logic of ranger admin, I saw confusion. For example: At ServiceREST I saw the following, similar logic been implemented in a distributed fasion. ![[Pasted image 20230305134707.png]] ![[Pasted image 20230305134449.png]] ![[Pasted image 20230305140346.png]] ![[Pasted image 20230305141025.png]] I think these method should be in the same class for easy maintainance. A Better way is to create a new class for authorization logic instead of putting everythiong into bizUtil because it's responsible for many thing. To sum up, I want to put these method into A new class named "RangerAuthorizationHelper". RangerBizUtil.isUserAllowed RangerBizUtil.checkAdminAccess RangerBizUtil.isUserRangerAdmin RangerBizUtil.isUserServiceAdmin RoleREST.userIsSrvAdmOrSrvUser svcStore.isServiceAdminUser XUserMgr.hasAccessToModule RangerBizUtil.hasModuleAccess RoleDBStore.ensureRoleAccess RangerBizUtil.blockAuditorRoleUser ... and many. > [RangerAdmin] Reorganize authorization check logic > -------------------------------------------------- > > Key: RANGER-4122 > URL: https://issues.apache.org/jira/browse/RANGER-4122 > Project: Ranger > Issue Type: Improvement > Components: admin > Affects Versions: 2.3.0 > Reporter: KyrieG > Priority: Major > Fix For: 2.4.0 > > Attachments: Pasted image 20230305134707 1.png, > image-2023-03-05-22-16-17-927.png, image-2023-03-05-22-17-00-698.png, > image-2023-03-05-22-17-35-210.png > > > # Reorganize authorization logic > Recently when I was sorting out the authorization logic of ranger admin, I > saw confusion. > For example: At ServiceREST I saw the following, similar logic been > implemented in a distributed fasion. > !image-2023-03-05-22-16-17-927.png! > !image-2023-03-05-22-17-00-698.png!!image-2023-03-05-22-17-35-210.png! > # I think these method should be in the same class for easy maintainance. A > Better way is to create a new class for authorization logic instead of > putting everythiong into bizUtil because it's responsible for many thing. > # To sum up, I want to put these method into A new class named > "RangerAuthorizationHelper". > {quote}RangerBizUtil.isUserAllowed > RangerBizUtil.checkAdminAccess > RangerBizUtil.isUserRangerAdmin > RangerBizUtil.isUserServiceAdmin > RoleREST.userIsSrvAdmOrSrvUser > svcStore.isServiceAdminUser > XUserMgr.hasAccessToModule > RangerBizUtil.hasModuleAccess > RoleDBStore.ensureRoleAccess > RangerBizUtil.blockAuditorRoleUser > ... and many. > {quote} -- This message was sent by Atlassian Jira (v8.20.10#820010)