Repository: ambari Updated Branches: refs/heads/trunk 0d203448b -> 2ce7b6357
AMBARI-13791. Rename existing permissions to prepare for new roles (rlevas) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/2ce7b635 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/2ce7b635 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/2ce7b635 Branch: refs/heads/trunk Commit: 2ce7b6357b898f5fa3c5432d5efa9d95ca4d6fdc Parents: 0d20344 Author: Robert Levas <rle...@hortonworks.com> Authored: Thu Nov 12 12:43:36 2015 -0500 Committer: Robert Levas <rle...@hortonworks.com> Committed: Thu Nov 12 12:43:58 2015 -0500 ---------------------------------------------------------------------- .../ui/admin-web/app/scripts/i18n.config.js | 6 +-- ambari-server/docs/api/v1/permission-get.md | 2 +- .../AmbariManagementControllerImpl.java | 2 +- .../ClusterPrivilegeResourceProvider.java | 12 +++--- .../internal/ViewPrivilegeResourceProvider.java | 6 +-- .../internal/WidgetResourceProvider.java | 4 +- .../ambari/server/orm/dao/PermissionDAO.java | 20 +++++----- .../server/orm/entities/PermissionEntity.java | 16 ++++---- .../AmbariAuthorizationFilter.java | 18 ++++----- .../server/security/authorization/User.java | 2 +- .../server/security/authorization/Users.java | 10 ++--- .../internal/InternalAuthenticationToken.java | 4 +- .../server/state/cluster/ClusterImpl.java | 6 +-- .../server/state/cluster/ClustersImpl.java | 2 +- .../server/upgrade/UpgradeCatalog220.java | 39 ++++++++++++++----- .../apache/ambari/server/view/ViewRegistry.java | 6 +-- .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 8 ++-- .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 8 ++-- .../resources/Ambari-DDL-Postgres-CREATE.sql | 8 ++-- .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 8 ++-- .../resources/Ambari-DDL-SQLAnywhere-CREATE.sql | 8 ++-- .../resources/Ambari-DDL-SQLServer-CREATE.sql | 8 ++-- .../AmbariPrivilegeResourceProviderTest.java | 16 ++++---- .../ClusterPrivilegeResourceProviderTest.java | 6 +-- .../PermissionResourceProviderTest.java | 4 +- .../internal/UserResourceProviderTest.java | 6 +-- .../ViewPrivilegeResourceProviderTest.java | 6 +-- .../AmbariAuthorizationFilterTest.java | 20 +++++----- .../authorization/AuthorizationHelperTest.java | 8 ++-- .../security/authorization/TestUsers.java | 4 +- .../server/upgrade/UpgradeCatalog220Test.java | 40 ++++++++++++++++---- .../ambari/server/view/ViewRegistryTest.java | 4 +- ambari-views/docs/index.md | 2 +- .../app/assets/data/users/privileges.json | 2 +- .../app/assets/data/users/privileges_admin.json | 2 +- .../app/assets/data/users/user_admin.json | 2 +- ambari-web/app/mappers/users_mapper.js | 4 +- ambari-web/app/models/user.js | 8 ++-- ambari-web/app/router.js | 6 +-- ambari-web/test/mappers/users_mapper_test.js | 8 ++-- ambari-web/test/router_test.js | 8 ++-- .../capacityscheduler/ConfigurationService.java | 6 +-- 42 files changed, 204 insertions(+), 161 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js ---------------------------------------------------------------------- diff --git a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js index d9f5eb5..a2ead48 100644 --- a/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js +++ b/ambari-admin/src/main/resources/ui/admin-web/app/scripts/i18n.config.js @@ -20,9 +20,9 @@ angular.module('ambariAdminConsole') .config(['$translateProvider', function($translateProvider) { $translateProvider.translations('en',{ - 'CLUSTER.OPERATE': 'Operator', - 'CLUSTER.READ': 'Read-Only', - 'VIEW.USE': 'Use' + 'CLUSTER.ADMINISTRATOR': 'Operator', + 'CLUSTER.USER': 'Read-Only', + 'VIEW.USER': 'Use' }); $translateProvider.preferredLanguage('en'); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/docs/api/v1/permission-get.md ---------------------------------------------------------------------- diff --git a/ambari-server/docs/api/v1/permission-get.md b/ambari-server/docs/api/v1/permission-get.md index 0781fbd..d949344 100644 --- a/ambari-server/docs/api/v1/permission-get.md +++ b/ambari-server/docs/api/v1/permission-get.md @@ -71,7 +71,7 @@ Get the permission with the permission_id of 1. "href" : "http://your.ambari.server/api/v1/permissions/1", "PermissionInfo" : { "permission_id" : 1, - "permission_name" : "AMBARI.ADMIN", + "permission_name" : "AMBARI.ADMINISTRATOR", "permission_label" : "Administrator", "resource_name" : "AMBARI" } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java index 8dd7a04..2001a7d 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariManagementControllerImpl.java @@ -4419,7 +4419,7 @@ public class AmbariManagementControllerImpl implements AmbariManagementControlle PrivilegeEntity privilegeEntity = authority.getPrivilegeEntity(); Integer permissionId = privilegeEntity.getPermission().getId(); - if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) { + if (permissionId.equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)) { isAuthorized = true; break; } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java index c9e2a83..b2d8018 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProvider.java @@ -73,12 +73,12 @@ public class ClusterPrivilegeResourceProvider extends PrivilegeResourceProvider< } /** - * The built-in VIEW.USE permission. + * The built-in VIEW.USER permission. */ private final PermissionEntity clusterReadPermission; /** - * The built-in VIEW.USE permission. + * The built-in VIEW.USER permission. */ private final PermissionEntity clusterOperatePermission; @@ -90,8 +90,8 @@ public class ClusterPrivilegeResourceProvider extends PrivilegeResourceProvider< */ public ClusterPrivilegeResourceProvider() { super(propertyIds, keyPropertyIds, Resource.Type.ClusterPrivilege); - clusterReadPermission = permissionDAO.findById(PermissionEntity.CLUSTER_READ_PERMISSION); - clusterOperatePermission = permissionDAO.findById(PermissionEntity.CLUSTER_OPERATE_PERMISSION); + clusterReadPermission = permissionDAO.findById(PermissionEntity.CLUSTER_USER_PERMISSION); + clusterOperatePermission = permissionDAO.findById(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); } @@ -163,8 +163,8 @@ public class ClusterPrivilegeResourceProvider extends PrivilegeResourceProvider< @Override protected PermissionEntity getPermission(String permissionName, ResourceEntity resourceEntity) throws AmbariException { - return (permissionName.equals(PermissionEntity.CLUSTER_READ_PERMISSION_NAME)) ? clusterReadPermission : - permissionName.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION_NAME) ? clusterOperatePermission : + return (permissionName.equals(PermissionEntity.CLUSTER_USER_PERMISSION_NAME)) ? clusterReadPermission : + permissionName.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION_NAME) ? clusterOperatePermission : super.getPermission(permissionName, resourceEntity); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java index 2c016e4..090805e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProvider.java @@ -74,7 +74,7 @@ public class ViewPrivilegeResourceProvider extends PrivilegeResourceProvider<Vie } /** - * The built-in VIEW.USE permission. + * The built-in VIEW.USER permission. */ private final PermissionEntity viewUsePermission; @@ -86,7 +86,7 @@ public class ViewPrivilegeResourceProvider extends PrivilegeResourceProvider<Vie */ public ViewPrivilegeResourceProvider() { super(propertyIds, keyPropertyIds, Resource.Type.ViewPrivilege); - viewUsePermission = permissionDAO.findById(PermissionEntity.VIEW_USE_PERMISSION); + viewUsePermission = permissionDAO.findById(PermissionEntity.VIEW_USER_PERMISSION); } @@ -202,7 +202,7 @@ public class ViewPrivilegeResourceProvider extends PrivilegeResourceProvider<Vie @Override protected PermissionEntity getPermission(String permissionName, ResourceEntity resourceEntity) throws AmbariException { - return (permissionName.equals(PermissionEntity.VIEW_USE_PERMISSION_NAME)) ? + return (permissionName.equals(PermissionEntity.VIEW_USER_PERMISSION_NAME)) ? viewUsePermission : super.getPermission(permissionName, resourceEntity); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/WidgetResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/WidgetResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/WidgetResourceProvider.java index 5fc20fb..e6953a9 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/WidgetResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/WidgetResourceProvider.java @@ -382,9 +382,9 @@ public class WidgetResourceProvider extends AbstractControllerResourceProvider { boolean hasPermissionForClusterScope = false; for (GrantedAuthority grantedAuthority : securityContext.getAuthentication().getAuthorities()) { if (((AmbariGrantedAuthority) grantedAuthority).getPrivilegeEntity().getPermission().getId() - == PermissionEntity.AMBARI_ADMIN_PERMISSION || + == PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION || ((AmbariGrantedAuthority) grantedAuthority).getPrivilegeEntity().getPermission().getId() - == PermissionEntity.CLUSTER_OPERATE_PERMISSION) { + == PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION) { hasPermissionForClusterScope = true; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java index bf6ec3a..5d1a04a 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java @@ -90,8 +90,8 @@ public class PermissionDAO { */ @RequiresSession public PermissionEntity findPermissionByNameAndType(String name, ResourceTypeEntity resourceType) { - if (name.equals(PermissionEntity.VIEW_USE_PERMISSION_NAME)) { - // VIEW.USE permission should be available for any type of views + if (name.equals(PermissionEntity.VIEW_USER_PERMISSION_NAME)) { + // VIEW.USER permission should be available for any type of views return findViewUsePermission(); } TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT p FROM PermissionEntity p WHERE p.permissionName=:permissionname AND p.resourceType=:resourcetype", PermissionEntity.class); @@ -101,42 +101,42 @@ public class PermissionDAO { } /** - * Find AMBARI.ADMIN permission. + * Find AMBARI.ADMINISTRATOR permission. * * @return a matching permission entity or null */ @RequiresSession public PermissionEntity findAmbariAdminPermission() { - return findById(PermissionEntity.AMBARI_ADMIN_PERMISSION); + return findById(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); } /** - * Find VIEW.USE permission. + * Find VIEW.USER permission. * * @return a matching permission entity or null */ @RequiresSession public PermissionEntity findViewUsePermission() { - return findById(PermissionEntity.VIEW_USE_PERMISSION); + return findById(PermissionEntity.VIEW_USER_PERMISSION); } /** - * Find CLUSTER.OPERATE permission. + * Find CLUSTER.ADMINISTRATOR permission. * * @return a matching permission entity or null */ @RequiresSession public PermissionEntity findClusterOperatePermission() { - return findById(PermissionEntity.CLUSTER_OPERATE_PERMISSION); + return findById(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); } /** - * Find CLUSTER.READ permission. + * Find CLUSTER.USER permission. * * @return a matching permission entity or null */ @RequiresSession public PermissionEntity findClusterReadPermission() { - return findById(PermissionEntity.CLUSTER_READ_PERMISSION); + return findById(PermissionEntity.CLUSTER_USER_PERMISSION); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java index 650b0db..976aecc 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java @@ -45,18 +45,18 @@ public class PermissionEntity { /** * Admin permission id constants. */ - public static final int AMBARI_ADMIN_PERMISSION = 1; - public static final int CLUSTER_READ_PERMISSION = 2; - public static final int CLUSTER_OPERATE_PERMISSION = 3; - public static final int VIEW_USE_PERMISSION = 4; + public static final int AMBARI_ADMINISTRATOR_PERMISSION = 1; + public static final int CLUSTER_USER_PERMISSION = 2; + public static final int CLUSTER_ADMINISTRATOR_PERMISSION = 3; + public static final int VIEW_USER_PERMISSION = 4; /** * Admin permission name constants. */ - public static final String AMBARI_ADMIN_PERMISSION_NAME = "AMBARI.ADMIN"; - public static final String CLUSTER_READ_PERMISSION_NAME = "CLUSTER.READ"; - public static final String CLUSTER_OPERATE_PERMISSION_NAME = "CLUSTER.OPERATE"; - public static final String VIEW_USE_PERMISSION_NAME = "VIEW.USE"; + public static final String AMBARI_ADMINISTRATOR_PERMISSION_NAME = "AMBARI.ADMINISTRATOR"; + public static final String CLUSTER_USER_PERMISSION_NAME = "CLUSTER.USER"; + public static final String CLUSTER_ADMINISTRATOR_PERMISSION_NAME = "CLUSTER.ADMINISTRATOR"; + public static final String VIEW_USER_PERMISSION_NAME = "VIEW.USER"; /** * The permission id. http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java index 46b751d..81794d8 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilter.java @@ -118,7 +118,7 @@ public class AmbariAuthorizationFilter implements Filter { Integer permissionId = privilegeEntity.getPermission().getId(); // admin has full access - if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) { + if (permissionId.equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } @@ -126,36 +126,36 @@ public class AmbariAuthorizationFilter implements Filter { // clusters require permission if (!"GET".equalsIgnoreCase(httpRequest.getMethod()) && requestURI.matches(API_CREDENTIALS_AMBARI_PATTERN)) { // Only the administrator can operate on credentials where the alias starts with "ambari." - if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) { + if (permissionId.equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } } else if (requestURI.matches(API_CREDENTIALS_ALL_PATTERN)) { - if (permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } } else if (requestURI.matches(API_CLUSTERS_ALL_PATTERN)) { - if (permissionId.equals(PermissionEntity.CLUSTER_READ_PERMISSION) || - permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.CLUSTER_USER_PERMISSION) || + permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } } else if (STACK_ADVISOR_REGEX.matcher(requestURI).matches()) { //TODO permissions model doesn't manage stacks api, but we need access to stack advisor to save configs - if (permissionId.equals(PermissionEntity.CLUSTER_READ_PERMISSION) || - permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.CLUSTER_USER_PERMISSION) || + permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } } else if (requestURI.matches(API_VIEWS_ALL_PATTERN)) { // views require permission - if (permissionId.equals(PermissionEntity.VIEW_USE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.VIEW_USER_PERMISSION)) { authorized = true; break; } } else if (requestURI.matches(API_PERSIST_ALL_PATTERN)) { - if (permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { authorized = true; break; } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java index ab48ddd..720918b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/User.java @@ -53,7 +53,7 @@ public class User { groups.add(memberEntity.getGroup().getGroupName()); } for (PrivilegeEntity privilegeEntity: userEntity.getPrincipal().getPrivileges()) { - if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME)) { + if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) { admin = true; break; } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java index 29b9ec3..de4a0d0 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/Users.java @@ -138,7 +138,7 @@ public class Users { boolean isCurrentUserAdmin = false; for (PrivilegeEntity privilegeEntity: currentUserEntity.getPrincipal().getPrivileges()) { - if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME)) { + if (privilegeEntity.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) { isCurrentUserAdmin = true; break; } @@ -424,7 +424,7 @@ public class Users { } /** - * Grants AMBARI.ADMIN privilege to provided user. + * Grants AMBARI.ADMINISTRATOR privilege to provided user. * * @param user user */ @@ -443,14 +443,14 @@ public class Users { } /** - * Revokes AMBARI.ADMIN privilege from provided user. + * Revokes AMBARI.ADMINISTRATOR privilege from provided user. * * @param user user */ public synchronized void revokeAdminPrivilege(Integer userId) { final UserEntity user = userDAO.findByPK(userId); for (PrivilegeEntity privilege: user.getPrincipal().getPrivileges()) { - if (privilege.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME)) { + if (privilege.getPermission().getPermissionName().equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME)) { user.getPrincipal().getPrivileges().remove(privilege); principalDAO.merge(user.getPrincipal()); //explicit merge for Derby support userDAO.merge(user); @@ -528,7 +528,7 @@ public class Users { * @return true if user can be removed */ public synchronized boolean isUserCanBeRemoved(UserEntity userEntity){ - List<PrincipalEntity> adminPrincipals = principalDAO.findByPermissionId(PermissionEntity.AMBARI_ADMIN_PERMISSION); + List<PrincipalEntity> adminPrincipals = principalDAO.findByPermissionId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); Set<UserEntity> userEntitysSet = new HashSet<UserEntity>(userDAO.findUsersByPrincipal(adminPrincipals)); return (userEntitysSet.contains(userEntity) && userEntitysSet.size() < 2) ? false : true; } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java index 4494697..6d7a573 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/security/authorization/internal/InternalAuthenticationToken.java @@ -50,8 +50,8 @@ public class InternalAuthenticationToken implements Authentication { private static void createAdminPrivilegeEntity(PrivilegeEntity entity) { PermissionEntity pe = new PermissionEntity(); - pe.setId(PermissionEntity.AMBARI_ADMIN_PERMISSION); - pe.setPermissionName(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME); + pe.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); + pe.setPermissionName(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME); entity.setPermission(pe); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java index c9ffee0..24c7bce 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClusterImpl.java @@ -2840,10 +2840,10 @@ public class ClusterImpl implements Cluster { ResourceEntity resourceEntity = clusterEntity.getResource(); if (resourceEntity != null) { Integer permissionId = privilegeEntity.getPermission().getId(); - // CLUSTER.READ or CLUSTER.OPERATE for the given cluster resource. + // CLUSTER.USER or CLUSTER.ADMINISTRATOR for the given cluster resource. if (privilegeEntity.getResource().equals(resourceEntity)) { - if ((readOnly && permissionId.equals(PermissionEntity.CLUSTER_READ_PERMISSION)) || - permissionId.equals(PermissionEntity.CLUSTER_OPERATE_PERMISSION)) { + if ((readOnly && permissionId.equals(PermissionEntity.CLUSTER_USER_PERMISSION)) || + permissionId.equals(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)) { return true; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java index 9ea9581..310de34 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/cluster/ClustersImpl.java @@ -930,7 +930,7 @@ public class ClustersImpl implements Clusters { Integer permissionId = privilegeEntity.getPermission().getId(); // admin has full access - if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) { + if (permissionId.equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)) { return true; } if (cluster != null) { http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java index 30cb1ca..4251111 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/upgrade/UpgradeCatalog220.java @@ -20,18 +20,16 @@ package org.apache.ambari.server.upgrade; import java.sql.SQLException; -import com.google.inject.Provider; import org.apache.ambari.server.AmbariException; import org.apache.ambari.server.orm.DBAccessor.DBColumnInfo; import org.apache.ambari.server.orm.dao.DaoUtils; +import org.apache.ambari.server.orm.entities.PermissionEntity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.inject.Inject; import com.google.inject.Injector; -import javax.persistence.EntityManager; - /** * Upgrade catalog for version 2.2.0. @@ -44,6 +42,8 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog { private static final String USER_TYPE_COL = "user_type"; private static final String ADMIN_PERMISSION_TABLE = "adminpermission"; + private static final String PERMISSION_ID_COL = "permission_id"; + private static final String PERMISSION_NAME_COL = "permission_name"; private static final String PERMISSION_LABEL_COL = "permission_label"; @Inject @@ -111,6 +111,7 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog { @Override protected void executeDMLUpdates() throws AmbariException, SQLException { setPermissionLabels(); + updatePermissionNames(); } @@ -122,14 +123,32 @@ public class UpgradeCatalog220 extends AbstractUpgradeCatalog { } private void setPermissionLabels() throws SQLException { - String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_LABEL_COL + "='%s' WHERE permission_id=%d"; - - dbAccessor.executeUpdate(String.format(updateStatement, "Administrator", 1)); - dbAccessor.executeUpdate(String.format(updateStatement, "Read-Only", 2)); - dbAccessor.executeUpdate(String.format(updateStatement, "Operator", 3)); - dbAccessor.executeUpdate(String.format(updateStatement, "Use View", 4)); + String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_LABEL_COL + "='%s' WHERE " + PERMISSION_ID_COL + "=%d"; + + LOG.info("Setting permission labels"); + dbAccessor.executeUpdate(String.format(updateStatement, + "Administrator", PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + "Cluster User", PermissionEntity.CLUSTER_USER_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + "Cluster Administrator", PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + "View User", PermissionEntity.VIEW_USER_PERMISSION)); } - + private void updatePermissionNames() throws SQLException { + String updateStatement = "UPDATE " + ADMIN_PERMISSION_TABLE + " SET " + PERMISSION_NAME_COL + "='%s' WHERE " + PERMISSION_ID_COL + "=%d"; + + // Update permissions names + LOG.info("Updating permission names"); + dbAccessor.executeUpdate(String.format(updateStatement, + PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME, PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + PermissionEntity.CLUSTER_USER_PERMISSION_NAME, PermissionEntity.CLUSTER_USER_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION_NAME, PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION)); + dbAccessor.executeUpdate(String.format(updateStatement, + PermissionEntity.VIEW_USER_PERMISSION_NAME, PermissionEntity.VIEW_USER_PERMISSION)); + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java index 1cf4323..c1c554c 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java @@ -1391,13 +1391,13 @@ public class ViewRegistry { Integer permissionId = privilegeEntity.getPermission().getId(); // admin has full access - if (permissionId.equals(PermissionEntity.AMBARI_ADMIN_PERMISSION)) { + if (permissionId.equals(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION)) { return true; } if (resourceEntity != null) { - // VIEW.USE for the given view instance resource. + // VIEW.USER for the given view instance resource. if (privilegeEntity.getResource().equals(resourceEntity)) { - if (permissionId.equals(PermissionEntity.VIEW_USE_PERMISSION)) { + if (permissionId.equals(PermissionEntity.VIEW_USER_PERMISSION)) { return true; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index fb2f568..65dacd1 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -992,13 +992,13 @@ insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label) - select 1, 'AMBARI.ADMIN', 1, 'Administrator' + select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator' union all - select 2, 'CLUSTER.READ', 2, 'Read-Only' + select 2, 'CLUSTER.USER', 2, 'Cluster User' union all - select 3, 'CLUSTER.OPERATE', 2, 'Operator' + select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' union all - select 4, 'VIEW.USE', 3, 'Use View'; + select 4, 'VIEW.USER', 3, 'View User'; insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id) select 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index 162ef33..626b47a 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -984,13 +984,13 @@ insert into users(user_id, principal_id, user_name, user_password) select 1,1,'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00' from dual; insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label) - select 1, 'AMBARI.ADMIN', 1, 'Administrator' from dual + select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator' from dual union all - select 2, 'CLUSTER.READ', 2, 'Read-Only' from dual + select 2, 'CLUSTER.USER', 2, 'Cluster User' from dual union all - select 3, 'CLUSTER.OPERATE', 2, 'Operator' from dual + select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' from dual union all - select 4, 'VIEW.USE', 3, 'Use View' from dual; + select 4, 'VIEW.USER', 3, 'View User' from dual; insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id) select 1, 1, 1, 1 from dual; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index fe58235..d42fc9f 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -1028,13 +1028,13 @@ INSERT INTO Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label) - SELECT 1, 'AMBARI.ADMIN', 1, 'Administrator' + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator' UNION ALL - SELECT 2, 'CLUSTER.READ', 2, 'Read-Only' + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User' UNION ALL - SELECT 3, 'CLUSTER.OPERATE', 2, 'Operator' + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' UNION ALL - SELECT 4, 'VIEW.USE', 3, 'Use View'; + SELECT 4, 'VIEW.USER', 3, 'View User'; INSERT INTO adminprivilege (privilege_id, permission_id, resource_id, principal_id) SELECT 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index 7e145c4..3981ab2 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -1124,13 +1124,13 @@ INSERT INTO ambari.Users (user_id, principal_id, user_name, user_password) SELECT 1, 1, 'admin', '538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; insert into ambari.adminpermission(permission_id, permission_name, resource_type_id, permission_label) - SELECT 1, 'AMBARI.ADMIN', 1, 'Administrator' + SELECT 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator' UNION ALL - SELECT 2, 'CLUSTER.READ', 2, 'Read-Only' + SELECT 2, 'CLUSTER.USER', 2, 'Cluster User' UNION ALL - SELECT 3, 'CLUSTER.OPERATE', 2, 'Operator' + SELECT 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' UNION ALL - SELECT 4, 'VIEW.USE', 3, 'Use View'; + SELECT 4, 'VIEW.USER', 3, 'View User'; INSERT INTO ambari.adminprivilege (privilege_id, permission_id, resource_id, principal_id) SELECT 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql index 0080e46..1e64394 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLAnywhere-CREATE.sql @@ -980,13 +980,13 @@ insert into users(user_id, principal_id, user_name, user_password) select 1, 1, 'admin','538916f8943ec225d97a9a86a2c6ec0818c1cd400e09e03b660fdaaec4af29ddbb6f2b1033b81b00'; insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label) - select 1, 'AMBARI.ADMIN', 1, 'Administrator' + select 1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator' union all - select 2, 'CLUSTER.READ', 2, 'Read-Only' + select 2, 'CLUSTER.USER', 2, 'Cluster User' union all - select 3, 'CLUSTER.OPERATE', 2, 'Operator' + select 3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator' union all - select 4, 'VIEW.USE', 3, 'Use View'; + select 4, 'VIEW.USER', 3, 'View User'; insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id) select 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql index 6bfe344..9cde02c 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-SQLServer-CREATE.sql @@ -1097,10 +1097,10 @@ BEGIN TRANSACTION insert into adminpermission(permission_id, permission_name, resource_type_id, permission_label) values - (1, 'AMBARI.ADMIN', 1, 'Administrator'), - (2, 'CLUSTER.READ', 2, 'Read-Only'), - (3, 'CLUSTER.OPERATE', 2, 'Operator'), - (4, 'VIEW.USE', 3, 'Use View'); + (1, 'AMBARI.ADMINISTRATOR', 1, 'Administrator'), + (2, 'CLUSTER.USER', 2, 'Cluster User'), + (3, 'CLUSTER.ADMINISTRATOR', 2, 'Cluster Administrator'), + (4, 'VIEW.USER', 3, 'View User'); insert into adminprivilege (privilege_id, permission_id, resource_id, principal_id) select 1, 1, 1, 1; http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java index a6536c7..6286aea 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/AmbariPrivilegeResourceProviderTest.java @@ -133,7 +133,7 @@ public class AmbariPrivilegeResourceProviderTest { expect(principalEntity.getId()).andReturn(1L).anyTimes(); expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); expect(userEntity.getUserName()).andReturn("joe").anyTimes(); - expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMIN").anyTimes(); + expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMINISTRATOR").anyTimes(); expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); expect(principalTypeEntity.getName()).andReturn("USER").anyTimes(); @@ -152,7 +152,7 @@ public class AmbariPrivilegeResourceProviderTest { Resource resource = resources.iterator().next(); - Assert.assertEquals("AMBARI.ADMIN", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("AMBARI.ADMINISTRATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("joe", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); @@ -179,7 +179,7 @@ public class AmbariPrivilegeResourceProviderTest { expect(ambariPrincipalEntity.getId()).andReturn(1L).anyTimes(); expect(ambariUserEntity.getPrincipal()).andReturn(ambariPrincipalEntity).anyTimes(); expect(ambariUserEntity.getUserName()).andReturn("joe").anyTimes(); - expect(ambariPermissionEntity.getPermissionName()).andReturn("AMBARI.ADMIN").anyTimes(); + expect(ambariPermissionEntity.getPermissionName()).andReturn("AMBARI.ADMINISTRATOR").anyTimes(); expect(ambariPrincipalEntity.getPrincipalType()).andReturn(ambariPrincipalTypeEntity).anyTimes(); expect(ambariPrincipalTypeEntity.getName()).andReturn("USER").anyTimes(); @@ -208,7 +208,7 @@ public class AmbariPrivilegeResourceProviderTest { expect(viewInstanceEntity.getResource()).andReturn(viewResourceEntity).anyTimes(); expect(viewUserEntity.getPrincipal()).andReturn(viewPrincipalEntity).anyTimes(); expect(viewUserEntity.getUserName()).andReturn("bob").anyTimes(); - expect(viewPermissionEntity.getPermissionName()).andReturn("VIEW.USE").anyTimes(); + expect(viewPermissionEntity.getPermissionName()).andReturn("VIEW.USER").anyTimes(); expect(viewPrincipalEntity.getPrincipalType()).andReturn(viewPrincipalTypeEntity).anyTimes(); expect(viewPrincipalTypeEntity.getName()).andReturn("USER").anyTimes(); @@ -230,7 +230,7 @@ public class AmbariPrivilegeResourceProviderTest { expect(clusterPrincipalEntity.getId()).andReturn(8L).anyTimes(); expect(clusterUserEntity.getPrincipal()).andReturn(clusterPrincipalEntity).anyTimes(); expect(clusterUserEntity.getUserName()).andReturn("jeff").anyTimes(); - expect(clusterPermissionEntity.getPermissionName()).andReturn("CLUSTER.READ").anyTimes(); + expect(clusterPermissionEntity.getPermissionName()).andReturn("CLUSTER.USER").anyTimes(); expect(clusterPrincipalEntity.getPrincipalType()).andReturn(clusterPrincipalTypeEntity).anyTimes(); expect(clusterPrincipalTypeEntity.getName()).andReturn("USER").anyTimes(); expect(clusterEntity.getResource()).andReturn(clusterResourceEntity).anyTimes(); @@ -275,7 +275,7 @@ public class AmbariPrivilegeResourceProviderTest { Resource resource1 = resourceMap.get(31); Assert.assertEquals(5, resource1.getPropertiesMap().get("PrivilegeInfo").size()); - Assert.assertEquals("AMBARI.ADMIN", resource1.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("AMBARI.ADMINISTRATOR", resource1.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("joe", resource1.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource1.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); Assert.assertEquals(31, resource1.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_ID_PROPERTY_ID)); @@ -284,7 +284,7 @@ public class AmbariPrivilegeResourceProviderTest { Resource resource2 = resourceMap.get(32); Assert.assertEquals(6, resource2.getPropertiesMap().get("PrivilegeInfo").size()); - Assert.assertEquals("CLUSTER.READ", resource2.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("CLUSTER.USER", resource2.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("jeff", resource2.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource2.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); Assert.assertEquals(32, resource2.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_ID_PROPERTY_ID)); @@ -294,7 +294,7 @@ public class AmbariPrivilegeResourceProviderTest { Resource resource3 = resourceMap.get(33); Assert.assertEquals(8, resource3.getPropertiesMap().get("PrivilegeInfo").size()); - Assert.assertEquals("VIEW.USE", resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("VIEW.USER", resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("bob", resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); Assert.assertEquals(33, resource3.getPropertyValue(AmbariPrivilegeResourceProvider.PRIVILEGE_ID_PROPERTY_ID)); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java index 148c139..62ff60d 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ClusterPrivilegeResourceProviderTest.java @@ -105,7 +105,7 @@ public class ClusterPrivilegeResourceProviderTest { expect(principalEntity.getId()).andReturn(20L).anyTimes(); expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); expect(userEntity.getUserName()).andReturn("joe").anyTimes(); - expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.OPERATE").anyTimes(); + expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").anyTimes(); expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); expect(principalTypeEntity.getName()).andReturn("USER").anyTimes(); expect(clusterEntity.getResource()).andReturn(resourceEntity); @@ -131,7 +131,7 @@ public class ClusterPrivilegeResourceProviderTest { Resource resource = resources.iterator().next(); - Assert.assertEquals("CLUSTER.OPERATE", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("CLUSTER.ADMINISTRATOR", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("joe", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); @@ -145,7 +145,7 @@ public class ClusterPrivilegeResourceProviderTest { PermissionEntity permissionEntity = createNiceMock(PermissionEntity.class); Request request = createNiceMock(Request.class); - expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.OPERATE").anyTimes(); + expect(permissionEntity.getPermissionName()).andReturn("CLUSTER.ADMINISTRATOR").anyTimes(); expect(permissionDAO.findById(2)).andReturn(permissionEntity); expect(permissionDAO.findById(3)).andReturn(permissionEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java index 5737b7c..7658c0f 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/PermissionResourceProviderTest.java @@ -82,7 +82,7 @@ public class PermissionResourceProviderTest { expect(dao.findAll()).andReturn(permissionEntities); expect(permissionEntity.getId()).andReturn(99); - expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMIN"); + expect(permissionEntity.getPermissionName()).andReturn("AMBARI.ADMINISTRATOR"); expect(permissionEntity.getPermissionLabel()).andReturn("Administrator"); expect(permissionEntity.getResourceType()).andReturn(resourceTypeEntity); expect(resourceTypeEntity.getName()).andReturn("AMBARI"); @@ -95,7 +95,7 @@ public class PermissionResourceProviderTest { Resource resource = resources.iterator().next(); Assert.assertEquals(99, resource.getPropertyValue(PermissionResourceProvider.PERMISSION_ID_PROPERTY_ID)); - Assert.assertEquals("AMBARI.ADMIN", resource.getPropertyValue(PermissionResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("AMBARI.ADMINISTRATOR", resource.getPropertyValue(PermissionResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("Administrator", resource.getPropertyValue(PermissionResourceProvider.PERMISSION_LABEL_PROPERTY_ID)); Assert.assertEquals("AMBARI", resource.getPropertyValue(PermissionResourceProvider.RESOURCE_NAME_PROPERTY_ID)); verify(dao, permissionEntity, resourceTypeEntity); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java index a84cc3f..94f6fd7 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/UserResourceProviderTest.java @@ -189,7 +189,7 @@ public class UserResourceProviderTest { expect(user.getUserId()).andReturn(1000).once(); expect(privilegeEntity.getPermission()).andReturn(permissionEntity).once(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMIN_PERMISSION).once(); + expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).once(); securityHelper.getCurrentAuthorities(); expectLastCall().andReturn(currentAuthorities).once(); @@ -293,7 +293,7 @@ public class UserResourceProviderTest { expect(user.getUserName()).andReturn("User100").once(); expect(privilegeEntity.getPermission()).andReturn(permissionEntity).once(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMIN_PERMISSION).once(); + expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).once(); securityHelper.getCurrentAuthorities(); expectLastCall().andReturn(currentAuthorities).once(); @@ -397,7 +397,7 @@ public class UserResourceProviderTest { expect(user.getUserName()).andReturn("User100").once(); expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMIN_PERMISSION).anyTimes(); + expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION).anyTimes(); securityHelper.getCurrentAuthorities(); expectLastCall().andReturn(currentAuthorities).anyTimes(); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java index ed8aed0..c156a38 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/controller/internal/ViewPrivilegeResourceProviderTest.java @@ -136,11 +136,11 @@ public class ViewPrivilegeResourceProviderTest { expect(principalEntity.getId()).andReturn(20L).anyTimes(); expect(userEntity.getPrincipal()).andReturn(principalEntity).anyTimes(); expect(userEntity.getUserName()).andReturn("joe").anyTimes(); - expect(permissionEntity.getPermissionName()).andReturn("VIEW.USE").anyTimes(); + expect(permissionEntity.getPermissionName()).andReturn("VIEW.USER").anyTimes(); expect(principalEntity.getPrincipalType()).andReturn(principalTypeEntity).anyTimes(); expect(principalTypeEntity.getName()).andReturn("USER").anyTimes(); - expect(permissionDAO.findById(PermissionEntity.VIEW_USE_PERMISSION)).andReturn(permissionEntity); + expect(permissionDAO.findById(PermissionEntity.VIEW_USER_PERMISSION)).andReturn(permissionEntity); expect(userDAO.findUsersByPrincipal(principalEntities)).andReturn(userEntities); expect(groupDAO.findGroupsByPrincipal(principalEntities)).andReturn(Collections.<GroupEntity>emptyList()); @@ -155,7 +155,7 @@ public class ViewPrivilegeResourceProviderTest { Resource resource = resources.iterator().next(); - Assert.assertEquals("VIEW.USE", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); + Assert.assertEquals("VIEW.USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PERMISSION_NAME_PROPERTY_ID)); Assert.assertEquals("joe", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_NAME_PROPERTY_ID)); Assert.assertEquals("USER", resource.getPropertyValue(AmbariPrivilegeResourceProvider.PRINCIPAL_TYPE_PROPERTY_ID)); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java index 251692f..2efab89 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AmbariAuthorizationFilterTest.java @@ -96,7 +96,7 @@ public class AmbariAuthorizationFilterTest { } }); - expect(permission.getId()).andReturn(PermissionEntity.CLUSTER_OPERATE_PERMISSION); + expect(permission.getId()).andReturn(PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION); // expect continue filtering chain.doFilter(request, response); @@ -137,7 +137,7 @@ public class AmbariAuthorizationFilterTest { expect(request.getMethod()).andReturn("POST").anyTimes(); - expect(permission.getId()).andReturn(PermissionEntity.VIEW_USE_PERMISSION); + expect(permission.getId()).andReturn(PermissionEntity.VIEW_USER_PERMISSION); // expect permission denial response.setHeader("WWW-Authenticate", "Basic realm=\"AuthFilter\""); @@ -184,7 +184,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", true); - performGeneralDoFilterTest("admin", new int[] {PermissionEntity.AMBARI_ADMIN_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("admin", new int[] {PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION}, urlTests, false); } @Test @@ -217,7 +217,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", false); - performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_READ_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_USER_PERMISSION}, urlTests, false); } @Test @@ -250,7 +250,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", false); - performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_OPERATE_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("user1", new int[] {PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION}, urlTests, false); } @Test @@ -283,7 +283,7 @@ public class AmbariAuthorizationFilterTest { urlTests.put("/any/other/URL", "GET", true); urlTests.put("/any/other/URL", "POST", false); - performGeneralDoFilterTest("user1", new int[] {PermissionEntity.VIEW_USE_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("user1", new int[] {PermissionEntity.VIEW_USER_PERMISSION}, urlTests, false); } @Test @@ -331,9 +331,9 @@ public class AmbariAuthorizationFilterTest { final Table<String, String, Boolean> urlTests = HashBasedTable.create(); urlTests.put("/api/v1/stacks/HDP/versions/2.3/validations", "POST", true); urlTests.put("/api/v1/stacks/HDP/versions/2.3/recommendations", "POST", true); - performGeneralDoFilterTest("user1", new int[] { PermissionEntity.CLUSTER_OPERATE_PERMISSION }, urlTests, false); - performGeneralDoFilterTest("user2", new int[] { PermissionEntity.CLUSTER_READ_PERMISSION }, urlTests, false); - performGeneralDoFilterTest("admin", new int[] { PermissionEntity.AMBARI_ADMIN_PERMISSION }, urlTests, false); + performGeneralDoFilterTest("user1", new int[] { PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("user2", new int[] { PermissionEntity.CLUSTER_USER_PERMISSION}, urlTests, false); + performGeneralDoFilterTest("admin", new int[] { PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION}, urlTests, false); } /** @@ -382,7 +382,7 @@ public class AmbariAuthorizationFilterTest { @Override public Boolean answer() throws Throwable { for (int permissionGranted: permissionsGranted) { - if (permissionGranted == PermissionEntity.VIEW_USE_PERMISSION) { + if (permissionGranted == PermissionEntity.VIEW_USER_PERMISSION) { return true; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java index 6858d8d..c094934 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/AuthorizationHelperTest.java @@ -63,13 +63,13 @@ public class AuthorizationHelperTest { permissionEntity1.setPermissionName("Permission1"); permissionEntity1.setResourceType(resourceTypeEntity); permissionEntity1.setId(2); - permissionEntity1.setPermissionName("CLUSTER.READ"); + permissionEntity1.setPermissionName("CLUSTER.USER"); PermissionEntity permissionEntity2 = new PermissionEntity(); permissionEntity2.setPermissionName("Permission1"); permissionEntity2.setResourceType(resourceTypeEntity); permissionEntity2.setId(3); - permissionEntity2.setPermissionName("CLUSTER.OPERATE"); + permissionEntity2.setPermissionName("CLUSTER.ADMINISTRATOR"); PrivilegeEntity privilegeEntity1 = new PrivilegeEntity(); privilegeEntity1.setId(1); @@ -95,8 +95,8 @@ public class AuthorizationHelperTest { for (GrantedAuthority authority : authorities) { authorityNames.add(authority.getAuthority()); } - Assert.assertTrue(authorityNames.contains("CLUSTER.READ@1")); - Assert.assertTrue(authorityNames.contains("CLUSTER.OPERATE@1")); + Assert.assertTrue(authorityNames.contains("CLUSTER.USER@1")); + Assert.assertTrue(authorityNames.contains("CLUSTER.ADMINISTRATOR@1")); } @Test http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java index d3eb071..a2a94ed 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/security/authorization/TestUsers.java @@ -109,8 +109,8 @@ public class TestUsers { resourceDAO.create(resourceEntity); PermissionEntity adminPermissionEntity = new PermissionEntity(); - adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMIN_PERMISSION); - adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMIN_PERMISSION_NAME); + adminPermissionEntity.setId(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); + adminPermissionEntity.setPermissionName(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME); adminPermissionEntity.setResourceType(resourceTypeEntity); permissionDAO.create(adminPermissionEntity); } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java index 44ad1a6..87dbe03 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/upgrade/UpgradeCatalog220Test.java @@ -31,6 +31,7 @@ import java.lang.reflect.Field; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.orm.DBAccessor; +import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.state.stack.OsFamily; import org.easymock.Capture; import org.easymock.EasyMock; @@ -87,14 +88,37 @@ public class UpgradeCatalog220Test { final DBAccessor dbAccessor = createNiceMock(DBAccessor.class); UpgradeCatalog220 upgradeCatalog = (UpgradeCatalog220) getUpgradeCatalog(dbAccessor); - expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Administrator' WHERE permission_id=1")) - .andReturn(1).once(); - expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Read-Only' WHERE permission_id=2")) - .andReturn(1).once(); - expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Operator' WHERE permission_id=3")) - .andReturn(1).once(); - expect(dbAccessor.executeUpdate("UPDATE adminpermission SET permission_label='Use View' WHERE permission_id=4")) - .andReturn(1).once(); + String updateQueryPattern; + + // Set permission labels + updateQueryPattern = "UPDATE adminpermission SET permission_label='%s' WHERE permission_id=%d"; + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + "Administrator", PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + "Cluster User", PermissionEntity.CLUSTER_USER_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + "Cluster Administrator", PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + "View User", PermissionEntity.VIEW_USER_PERMISSION))) + .andReturn(1).once(); + + // Update permissions names + updateQueryPattern = "UPDATE adminpermission SET permission_name='%s' WHERE permission_id=%d"; + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION_NAME, PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + PermissionEntity.CLUSTER_USER_PERMISSION_NAME, PermissionEntity.CLUSTER_USER_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION_NAME, PermissionEntity.CLUSTER_ADMINISTRATOR_PERMISSION))) + .andReturn(1).once(); + expect(dbAccessor.executeUpdate(String.format(updateQueryPattern, + PermissionEntity.VIEW_USER_PERMISSION_NAME, PermissionEntity.VIEW_USER_PERMISSION))) + .andReturn(1).once(); replay(dbAccessor); upgradeCatalog.executeDMLUpdates(); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java index f9dadcd..bac556e 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java @@ -1247,7 +1247,7 @@ public class ViewRegistryTest { EasyMock.expectLastCall().andReturn(authorities); expect(adminAuthority.getPrivilegeEntity()).andReturn(privilegeEntity); expect(privilegeEntity.getPermission()).andReturn(permissionEntity); - expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMIN_PERMISSION); + expect(permissionEntity.getId()).andReturn(PermissionEntity.AMBARI_ADMINISTRATOR_PERMISSION); expect(configuration.getApiAuthentication()).andReturn(true); replay(securityHelper, adminAuthority, privilegeEntity, permissionEntity, configuration); @@ -1299,7 +1299,7 @@ public class ViewRegistryTest { expect(viewUseAuthority.getPrivilegeEntity()).andReturn(privilegeEntity).anyTimes(); expect(privilegeEntity.getPermission()).andReturn(permissionEntity).anyTimes(); expect(privilegeEntity.getResource()).andReturn(resourceEntity).anyTimes(); - expect(permissionEntity.getId()).andReturn(PermissionEntity.VIEW_USE_PERMISSION).anyTimes(); + expect(permissionEntity.getId()).andReturn(PermissionEntity.VIEW_USER_PERMISSION).anyTimes(); securityHelper.getCurrentAuthorities(); EasyMock.expectLastCall().andReturn(authorities).anyTimes(); expect(configuration.getApiAuthentication()).andReturn(true); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-views/docs/index.md ---------------------------------------------------------------------- diff --git a/ambari-views/docs/index.md b/ambari-views/docs/index.md index 18f1fb3..302d6a7 100644 --- a/ambari-views/docs/index.md +++ b/ambari-views/docs/index.md @@ -376,7 +376,7 @@ For example ⦠} ###Permissions -The permission VIEW.USE can be granted on any view instance by an administrator. A user that has VIEW.USE privilege on a view instance will be able to access the view instance. See [API](#api). +The permission VIEW.USER can be granted on any view instance by an administrator. A user that has VIEW.USER privilege on a view instance will be able to access the view instance. See [API](#api). ###Custom Permissions A view can define permissions in the view.xml descriptor. http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/assets/data/users/privileges.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/users/privileges.json b/ambari-web/app/assets/data/users/privileges.json index a461206..3c60252 100644 --- a/ambari-web/app/assets/data/users/privileges.json +++ b/ambari-web/app/assets/data/users/privileges.json @@ -4,7 +4,7 @@ { "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1", "PrivilegeInfo" : { - "permission_name" : "AMBARI.ADMIN", + "permission_name" : "AMBARI.ADMINISTRATOR", "principal_name" : "admin", "principal_type" : "USER", "privilege_id" : 1 http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/assets/data/users/privileges_admin.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/users/privileges_admin.json b/ambari-web/app/assets/data/users/privileges_admin.json index a461206..3c60252 100644 --- a/ambari-web/app/assets/data/users/privileges_admin.json +++ b/ambari-web/app/assets/data/users/privileges_admin.json @@ -4,7 +4,7 @@ { "href" : "http://c6401.ambari.apache.org:8080/api/v1/privileges/1", "PrivilegeInfo" : { - "permission_name" : "AMBARI.ADMIN", + "permission_name" : "AMBARI.ADMINISTRATOR", "principal_name" : "admin", "principal_type" : "USER", "privilege_id" : 1 http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/assets/data/users/user_admin.json ---------------------------------------------------------------------- diff --git a/ambari-web/app/assets/data/users/user_admin.json b/ambari-web/app/assets/data/users/user_admin.json index 72cd945..b85ce6d 100644 --- a/ambari-web/app/assets/data/users/user_admin.json +++ b/ambari-web/app/assets/data/users/user_admin.json @@ -9,7 +9,7 @@ "privileges" : [ { "PrivilegeInfo" : { - "permission_name" : "AMBARI.ADMIN", + "permission_name" : "AMBARI.ADMINISTRATOR", "privilege_id" : 1, "user_name" : "admin" } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/mappers/users_mapper.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/mappers/users_mapper.js b/ambari-web/app/mappers/users_mapper.js index cdc8022..4f8cd06 100644 --- a/ambari-web/app/mappers/users_mapper.js +++ b/ambari-web/app/mappers/users_mapper.js @@ -53,7 +53,7 @@ App.usersMapper = App.QuickDataMapper.create({ **/ isAdmin: function(permissionList) { //TODO: Separate cluster operator from admin - return permissionList.indexOf('AMBARI.ADMIN') > -1 || permissionList.indexOf('CLUSTER.OPERATE') > -1; + return permissionList.indexOf('AMBARI.ADMINISTRATOR') > -1 || permissionList.indexOf('CLUSTER.ADMINISTRATOR') > -1; }, /** @@ -62,6 +62,6 @@ App.usersMapper = App.QuickDataMapper.create({ * @return {Boolean} **/ isOperator: function(permissionList) { - return permissionList.indexOf('CLUSTER.OPERATE') > -1 && !(permissionList.indexOf('AMBARI.ADMIN') > -1); + return permissionList.indexOf('CLUSTER.ADMINISTRATOR') > -1 && !(permissionList.indexOf('AMBARI.ADMINISTRATOR') > -1); } }); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/models/user.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/models/user.js b/ambari-web/app/models/user.js index 8e73bcb..1b8359a 100644 --- a/ambari-web/app/models/user.js +++ b/ambari-web/app/models/user.js @@ -31,10 +31,10 @@ App.User = DS.Model.extend({ /** * List of permissions assigned to user * Available permissions: - * AMBARI.ADMIN - * CLUSTER.READ - * CLUSTER.OPERATE - * VIEW.USE + * AMBARI.ADMINISTRATOR + * CLUSTER.USER + * CLUSTER.ADMINISTRATOR + * VIEW.USER * @property {Array} permissions **/ permissions: DS.attr('array'), http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/app/router.js ---------------------------------------------------------------------- diff --git a/ambari-web/app/router.js b/ambari-web/app/router.js index d3343c8..ae7ae6a 100644 --- a/ambari-web/app/router.js +++ b/ambari-web/app/router.js @@ -331,7 +331,7 @@ App.Router = Em.Router.extend({ loginGetClustersSuccessCallback: function (clustersData, opt, params) { var privileges = params.loginData.privileges || []; var router = this; - var isAdmin = privileges.mapProperty('PrivilegeInfo.permission_name').contains('AMBARI.ADMIN'); + var isAdmin = privileges.mapProperty('PrivilegeInfo.permission_name').contains('AMBARI.ADMINISTRATOR'); App.set('isAdmin', isAdmin); @@ -342,13 +342,13 @@ App.Router = Em.Router.extend({ //cluster installed router.setClusterInstalled(clustersData); - if (clusterPermissions.contains('CLUSTER.OPERATE')) { + if (clusterPermissions.contains('CLUSTER.ADMINISTRATOR')) { App.setProperties({ isAdmin: true, isOperator: true }); } - if (isAdmin || clusterPermissions.contains('CLUSTER.READ') || clusterPermissions.contains('CLUSTER.OPERATE')) { + if (isAdmin || clusterPermissions.contains('CLUSTER.USER') || clusterPermissions.contains('CLUSTER.ADMINISTRATOR')) { router.transitionToApp(); } else { router.transitionToViews(); http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/test/mappers/users_mapper_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/mappers/users_mapper_test.js b/ambari-web/test/mappers/users_mapper_test.js index 767a002..2ff0cd7 100644 --- a/ambari-web/test/mappers/users_mapper_test.js +++ b/ambari-web/test/mappers/users_mapper_test.js @@ -26,10 +26,10 @@ describe('App.usersMapper', function () { describe('#isAdmin', function() { var tests = [ - {i:["AMBARI.ADMIN"],e:true,m:'has admin role'}, - {i:["CLUSTER.READ", "AMBARI.ADMIN"],e:true,m:'has admin role'}, - {i:["VIEW.USE"],e:false,m:'doesn\'t have admin role'}, - {i:["CLUSTER.OPERATE"],e:true,m:'has admin role'} + {i:["AMBARI.ADMINISTRATOR"],e:true,m:'has admin role'}, + {i:["CLUSTER.USER", "AMBARI.ADMINISTRATOR"],e:true,m:'has admin role'}, + {i:["VIEW.USER"],e:false,m:'doesn\'t have admin role'}, + {i:["CLUSTER.ADMINISTRATOR"],e:true,m:'has admin role'} ]; tests.forEach(function(test) { it(test.m, function() { http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/ambari-web/test/router_test.js ---------------------------------------------------------------------- diff --git a/ambari-web/test/router_test.js b/ambari-web/test/router_test.js index cbdf4ea..2beb51e 100644 --- a/ambari-web/test/router_test.js +++ b/ambari-web/test/router_test.js @@ -245,7 +245,7 @@ describe('App.Router', function () { privileges: [{ PrivilegeInfo: { cluster_name: 'c1', - permission_name: 'CLUSTER.OPERATE' + permission_name: 'CLUSTER.ADMINISTRATOR' } }] } @@ -271,7 +271,7 @@ describe('App.Router', function () { privileges: [{ PrivilegeInfo: { cluster_name: 'c1', - permission_name: 'CLUSTER.READ' + permission_name: 'CLUSTER.USER' } }] } @@ -297,7 +297,7 @@ describe('App.Router', function () { privileges: [{ PrivilegeInfo: { cluster_name: 'c1', - permission_name: 'AMBARI.ADMIN' + permission_name: 'AMBARI.ADMINISTRATOR' } }] } @@ -340,7 +340,7 @@ describe('App.Router', function () { privileges: [{ PrivilegeInfo: { cluster_name: 'c1', - permission_name: 'AMBARI.ADMIN' + permission_name: 'AMBARI.ADMINISTRATOR' } }] } http://git-wip-us.apache.org/repos/asf/ambari/blob/2ce7b635/contrib/views/capacity-scheduler/src/main/java/org/apache/ambari/view/capacityscheduler/ConfigurationService.java ---------------------------------------------------------------------- diff --git a/contrib/views/capacity-scheduler/src/main/java/org/apache/ambari/view/capacityscheduler/ConfigurationService.java b/contrib/views/capacity-scheduler/src/main/java/org/apache/ambari/view/capacityscheduler/ConfigurationService.java index 2769931..7f1d489 100644 --- a/contrib/views/capacity-scheduler/src/main/java/org/apache/ambari/view/capacityscheduler/ConfigurationService.java +++ b/contrib/views/capacity-scheduler/src/main/java/org/apache/ambari/view/capacityscheduler/ConfigurationService.java @@ -105,7 +105,7 @@ public class ConfigurationService { // Privilege Reading // ================================================================================ - private static final String CLUSTER_OPERATOR_PRIVILEGE_URL = "?privileges/PrivilegeInfo/permission_name=CLUSTER.OPERATE&privileges/PrivilegeInfo/principal_name=%s"; + private static final String CLUSTER_OPERATOR_PRIVILEGE_URL = "?privileges/PrivilegeInfo/permission_name=CLUSTER.ADMINISTRATOR&privileges/PrivilegeInfo/principal_name=%s"; private static final String AMBARI_ADMIN_PRIVILEGE_URL = "/api/v1/users/%s?Users/admin=true"; /** @@ -267,12 +267,12 @@ public class ConfigurationService { private boolean isOperator() { validateViewConfiguration(); - // first check if the user is an CLUSTER.OPERATOR + // first check if the user is an CLUSTER.ADMINISTRATOR String url = String.format(CLUSTER_OPERATOR_PRIVILEGE_URL, context.getUsername()); JSONObject json = readFromCluster(url); if (json == null || json.size() <= 0) { - // user is not a CLUSTER.OPERATOR but might be an AMBARI.ADMIN + // user is not a CLUSTER.ADMINISTRATOR but might be an AMBARI.ADMINISTRATOR url = String.format(AMBARI_ADMIN_PRIVILEGE_URL, context.getUsername()); String response = ambariApi.readFromAmbari(url, "GET", null, null); if (response == null || response.isEmpty()) {