----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/59256/ -----------------------------------------------------------
Review request for Ambari, Alexandr Antonenko, Robert Levas, Richard Zang, and Yusaku Sako. Bugs: AMBARI-21016 https://issues.apache.org/jira/browse/AMBARI-21016 Repository: ambari Description ------- Steps to reproduce: 1.Login ambari with ambari administrator role and create a user named Test on host A. 2.Assign service administrator role(or any other one of five roles) to this user Test. 3.On host B, login ambari with user Test .Now it plays as a service administrato role. 4.On host A, unassign the role of user Test , or change the role to another one, or even delete this user. 5.On host B, we will find the user Test can continue to operate ambari with previous permissions as a service administrator which actually have already changed by step 4. Except for on two different hosts, we also can reproduce this problem between two different browsers on local host. One solution: Periodly schedule a task to update current user's authorization. If any error happens in this process, we should log off current user. Diffs ----- ambari-web/app/controllers/global/update_controller.js 8a3f984 ambari-web/app/utils/helper.js 4867c65 ambari-web/test/controllers/global/update_controller_test.js 2a9d020 Diff: https://reviews.apache.org/r/59256/diff/1/ Testing ------- 1.mvn test 20691 passing (30s) 128 pending 2.Tested in cluster Thanks, yao lei