kumaab commented on code in PR #393:
URL: https://github.com/apache/ranger/pull/393#discussion_r1792913986
##########
security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java:
##########
@@ -52,8 +52,11 @@ public class XAuditMgr extends XAuditMgrBase {
RangerBizUtil rangerBizUtil;
public VXTrxLog getXTrxLog(Long id) {
- checkAdminAccess();
- return super.getXTrxLog(id);
+ if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() ||
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) {
Review Comment:
Please see if a private function can be re-used at lines 55, 81 and 90, for
eg:
```
private boolean checkAdminAccess(){
if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() ||
rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()){
return true;
} else {
throw
restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User
doesn't have permissions to perform this action", true);
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
