diff --git a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java index 00062f3e24..620d1e6193 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/AssetMgr.java @@ -19,8 +19,6 @@ package org.apache.ranger.biz; -import java.io.File; -import java.io.IOException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Date; @@ -68,8 +66,6 @@ import org.apache.ranger.view.*; import org.apache.ranger.view.VXTrxLogV2.AttributeChangeInfo; import org.apache.ranger.view.VXTrxLogV2.ObjectChangeInfo; -import com.fasterxml.jackson.core.JsonGenerationException; -import com.fasterxml.jackson.databind.JsonMappingException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -165,53 +161,6 @@ public void init() { logger.info("<== AssetMgr.init()"); } - public File getXResourceFile(Long id, String fileType) { - VXResource xResource = xResourceService.readResource(id); - if (xResource == null) { - throw this.restErrorUtil.createRESTException( - "serverMsg.datasourceIdEmpty" + "id " + id, - MessageEnums.DATA_NOT_FOUND, id, "dataSourceId", - "DataSource not found with " + "id " + id); - } - - return getXResourceFile(xResource, fileType); - } - - public File getXResourceFile(VXResource xResource, String fileType) { - File file = null; - try { - if (fileType != null) { - if ("json".equalsIgnoreCase(fileType)) { - file = jsonUtil.writeJsonToFile(xResource, - xResource.getName()); - } else { - throw restErrorUtil.createRESTException( - "Please send the supported filetype.", - MessageEnums.INVALID_INPUT_DATA); - } - } else { - throw restErrorUtil - .createRESTException( - "Please send the file format in which you want to export.", - MessageEnums.DATA_NOT_FOUND); - } - } catch (JsonGenerationException e) { - throw this.restErrorUtil.createRESTException( - "serverMsg.jsonGeneration" + " : " + e.getMessage(), - MessageEnums.ERROR_SYSTEM); - } catch (JsonMappingException e) { - throw this.restErrorUtil.createRESTException( - "serverMsg.jsonMapping" + " : " + e.getMessage(), - MessageEnums.ERROR_SYSTEM); - } catch (IOException e) { - throw this.restErrorUtil.createRESTException( - "serverMsg.ioException" + " : " + e.getMessage(), - MessageEnums.ERROR_SYSTEM); - } - - return file; - } - public String getLatestRepoPolicy(VXAsset xAsset, List xResourceList, Long updatedTime, X509Certificate[] certchain, boolean httpEnabled, String epoch, String ipAddress, boolean isSecure, String count, String agentId) { @@ -1396,6 +1345,9 @@ public VXUgsyncAuditInfoList getUgsyncAudits(SearchCriteria searchCriteria) { } public VXUgsyncAuditInfoList getUgsyncAuditsBySyncSource(String syncSource) { + if (!msBizUtil.hasModuleAccess(RangerConstants.MODULE_AUDIT)) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User is not having permissions on the "+RangerConstants.MODULE_AUDIT+" module.", true); + } if(syncSource!=null && !syncSource.trim().isEmpty()){ return xUgsyncAuditInfoService.searchXUgsyncAuditInfoBySyncSource(syncSource); }else{ diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java index c934fdd7ca..ec4a30a136 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java @@ -5067,9 +5067,11 @@ public int compare(RangerPolicy c1, RangerPolicy c2) { // fetch policies maintained for the roles and groups belonging to the group String groupName = searchFilter.getParam("group"); + if (StringUtils.isBlank(groupName)) { + groupName = RangerConstants.GROUP_PUBLIC; + } if (!StringUtils.isEmpty(groupName)) { Set groupNames = daoMgr.getXXGroupGroup().findGroupNamesByGroupName(groupName); - groupNames.add(RangerConstants.GROUP_PUBLIC); groupNames.add(groupName); Set processedSvcIdsForGroup = new HashSet<>(); Set processedGroupsName = new HashSet<>(); diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java index 0e723d9c4b..07119dee39 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java @@ -259,6 +259,10 @@ public XXPortalUser updateUser(VXPortalUser userProfile) { userProfile.setPublicScreenName(gjUser.getLoginId()); } + if (rangerBizUtil.isKeyAdmin() && userProfile.getStatus() != gjUser.getStatus()) { + throw restErrorUtil.createRESTException("Status update is not permitted to logged in user.", MessageEnums.INVALID_INPUT_DATA); + } + // userRoleList updateRoles(userProfile.getId(), userProfile.getUserRoleList()); @@ -338,17 +342,10 @@ public void setUserRoles(Long userId, List vStringRolesList) { /** * @param pwdChange - * @return - */ - public VXResponse changePassword(VXPasswordChange pwdChange) { - - VXResponse ret = new VXResponse(); - - // First let's get the XXPortalUser for the current logged in user - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - XXPortalUser gjUserCurrent = daoManager.getXXPortalUser().findByLoginId(currentUserLoginId); - checkAccessForUpdate(gjUserCurrent); - + * @return + */ + public VXResponse changePassword(VXPasswordChange pwdChange) { + VXResponse ret = new VXResponse(); // Get the user of whom we want to change the password XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(pwdChange.getLoginId()); if (gjUser == null) { @@ -362,8 +359,8 @@ public VXResponse changePassword(VXPasswordChange pwdChange) { vXResponse.setMsgDesc("SECURITY:changePassword().Ranger External Users cannot change password. LoginId=" + pwdChange.getLoginId()); throw restErrorUtil.generateRESTException(vXResponse); } - - String currentPassword = gjUser.getPassword(); + checkAccess(gjUser); + String currentPassword = gjUser.getPassword(); //check current password and provided old password is same or not if (this.isFipsEnabled) { if (!isPasswordValid(pwdChange.getLoginId(), currentPassword, pwdChange.getOldPassword())) { @@ -436,8 +433,7 @@ private void updateOldPasswords(XXPortalUser gjUser, List oldPasswords) * @return */ public VXPortalUser changeEmailAddress(XXPortalUser gjUser, VXPasswordChange changeEmail) { - checkAccessForUpdate(gjUser); - rangerBizUtil.blockAuditorRoleUser(); + checkAccess(gjUser); if (StringUtils.isEmpty(changeEmail.getEmailAddress())) { changeEmail.setEmailAddress(null); } @@ -625,33 +621,24 @@ protected void gjUserToUserProfile(XXPortalUser user, VXPortalUser userProfile) } userProfile.setId(user.getId()); - List xUserPermissions = daoManager - .getXXUserPermission().findByUserPermissionIdAndIsAllowed( - userProfile.getId()); - List xxGroupPermissions = daoManager - .getXXGroupPermission().findbyVXPortalUserId( - userProfile.getId()); - - List groupPermissions = new ArrayList(); - List vxUserPermissions = new ArrayList(); - for (XXGroupPermission xxGroupPermission : xxGroupPermissions) { - VXGroupPermission groupPermission = xGroupPermissionService - .populateViewBean(xxGroupPermission); - groupPermission.setModuleName(daoManager.getXXModuleDef() - .findByModuleId(groupPermission.getModuleId()) - .getModule()); - groupPermissions.add(groupPermission); - } - for (XXUserPermission xUserPermission : xUserPermissions) { - VXUserPermission vXUserPermission = xUserPermissionService - .populateViewBean(xUserPermission); - vXUserPermission.setModuleName(daoManager.getXXModuleDef() - .findByModuleId(vXUserPermission.getModuleId()) - .getModule()); - vxUserPermissions.add(vXUserPermission); + if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { + List xUserPermissions = daoManager.getXXUserPermission().findByUserPermissionIdAndIsAllowed(userProfile.getId()); + List xxGroupPermissions = daoManager.getXXGroupPermission().findbyVXPortalUserId(userProfile.getId()); + List groupPermissions = new ArrayList(); + List vxUserPermissions = new ArrayList(); + for (XXGroupPermission xxGroupPermission : xxGroupPermissions) { + VXGroupPermission groupPermission = xGroupPermissionService.populateViewBean(xxGroupPermission); + groupPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(groupPermission.getModuleId()).getModule()); + groupPermissions.add(groupPermission); + } + for (XXUserPermission xUserPermission : xUserPermissions) { + VXUserPermission vXUserPermission = xUserPermissionService.populateViewBean(xUserPermission); + vXUserPermission.setModuleName(daoManager.getXXModuleDef().findByModuleId(vXUserPermission.getModuleId()).getModule()); + vxUserPermissions.add(vXUserPermission); + } + userProfile.setGroupPermissions(groupPermissions); + userProfile.setUserPermList(vxUserPermissions); } - userProfile.setGroupPermissions(groupPermissions); - userProfile.setUserPermList(vxUserPermissions); userProfile.setFirstName(user.getFirstName()); userProfile.setLastName(user.getLastName()); userProfile.setPublicScreenName(user.getPublicScreenName()); @@ -765,14 +752,20 @@ public VXPortalUserList searchUsers(SearchCriteria searchCriteria) { @SuppressWarnings("rawtypes") List resultList = query.getResultList(); // Iterate over the result list and create the return list + int adminCount = 0; for (Object object : resultList) { XXPortalUser gjUser = (XXPortalUser) object; VXPortalUser userProfile = new VXPortalUser(); gjUserToUserProfile(gjUser, userProfile); - objectList.add(userProfile); + if (rangerBizUtil.isKeyAdmin() && (userProfile.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || userProfile.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR))) { + adminCount++; + continue; + } else { + objectList.add(userProfile); + } } - returnList.setResultSize(resultSize); + returnList.setResultSize(resultSize-adminCount); returnList.setPageSize(query.getMaxResults()); returnList.setSortBy(sortBy); returnList.setSortType(querySortType); @@ -1007,9 +1000,7 @@ public XXPortalUserRole addUserRole(Long userId, String userRole) { public void checkAccess(Long userId) { XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId); if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser: " - + userId); + throw restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser: " + userId); } checkAccess(gjUser); @@ -1021,58 +1012,14 @@ public void checkAccess(Long userId) { */ public void checkAccess(XXPortalUser gjUser) { if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser"); + throw restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser"); } - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null) { - - // Admin - if (sess.isUserAdmin() || sess.isKeyAdmin()) { - return; - } - - // Self - if (sess.getXXPortalUser().getId().equals(gjUser.getId())) { - return; - } - - } - throw restErrorUtil.create403RESTException("User " - + " access denied. loggedInUser=" - + (sess != null ? sess.getXXPortalUser().getId() - : "Not Logged In") + ", accessing user=" - + gjUser.getId()); - - } - - public void checkAccessForUpdate(XXPortalUser gjUser) { - if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser"); - } - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null) { - - // Admin - if (sess.isUserAdmin()) { - return; - } - - // Self - if (sess.getXXPortalUser().getId().equals(gjUser.getId())) { - return; - } - + VXPortalUser requestedVXUser = getUserProfileByLoginId(gjUser.getLoginId()); + if (requestedVXUser !=null && CollectionUtils.isNotEmpty(requestedVXUser.getUserRoleList()) && hasAccessToGetUserInfo(requestedVXUser)) { + return; } - VXResponse vXResponse = new VXResponse(); - vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN); - vXResponse.setMsgDesc("User " - + " access denied. loggedInUser=" - + (sess != null ? sess.getXXPortalUser().getId() - : "Not Logged In") + ", accessing user=" - + gjUser.getId()); - throw restErrorUtil.generateRESTException(vXResponse); + logger.info("Logged-In user is not allowed to access requested user data."); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true); } @@ -1460,4 +1407,27 @@ private String encodeString(String text, String salt, String algorithm) { throw restErrorUtil.createRESTException("algorithm `" + algorithm + "' not supported"); } } + + private boolean hasAccessToGetUserInfo(VXPortalUser requestedVXUser) { + UserSessionBase userSession = ContextUtil.getCurrentUserSession(); + if (userSession != null && userSession.getLoginId() != null) { + VXPortalUser loggedInVXUser = getUserProfileByLoginId(userSession.getLoginId()); + if (loggedInVXUser != null && loggedInVXUser.getUserRoleList().size() == 1) { + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + return requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false; + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) { + if (requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + return true; + } + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) { + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) && "rangerusersync".equalsIgnoreCase(userSession.getLoginId())) { + return true; + } else if (requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + return true; + } + } + } + } + return false; + } } \ No newline at end of file diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java index 2fde68de11..f7c0481d6b 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgr.java @@ -52,8 +52,11 @@ public class XAuditMgr extends XAuditMgrBase { RangerBizUtil rangerBizUtil; public VXTrxLog getXTrxLog(Long id) { - checkAdminAccess(); - return super.getXTrxLog(id); + if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() || rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) { + return super.getXTrxLog(id); + } else { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } } public VXTrxLog createXTrxLog(VXTrxLog vXTrxLog) { @@ -75,13 +78,20 @@ public void deleteXTrxLog(Long id, boolean force) { } public VXTrxLogList searchXTrxLogs(SearchCriteria searchCriteria) { - checkAdminAccess(); - return super.searchXTrxLogs(searchCriteria); + if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() || rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) { + return super.searchXTrxLogs(searchCriteria); + } else { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } + } public VXLong getXTrxLogSearchCount(SearchCriteria searchCriteria) { - checkAdminAccess(); - return super.getXTrxLogSearchCount(searchCriteria); + if (rangerBizUtil.isAdmin() || rangerBizUtil.isKeyAdmin() || rangerBizUtil.isAuditAdmin() || rangerBizUtil.isAuditKeyAdmin()) { + return super.getXTrxLogSearchCount(searchCriteria); + } else { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } } public VXAccessAudit createXAccessAudit(VXAccessAudit vXAccessAudit) { diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java index c53db99f3b..02b2e59a3f 100644 --- a/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XAuditMgrBase.java @@ -19,12 +19,15 @@ package org.apache.ranger.biz; +import java.util.List; +import java.util.stream.Collectors; + import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.plugin.store.PList; -import org.apache.ranger.service.XAccessAuditService; import org.apache.ranger.service.RangerTrxLogV2Service; +import org.apache.ranger.service.XAccessAuditService; import org.apache.ranger.view.VXAccessAudit; import org.apache.ranger.view.VXAccessAuditList; import org.apache.ranger.view.VXLong; @@ -33,9 +36,6 @@ import org.apache.ranger.view.VXTrxLogV2; import org.springframework.beans.factory.annotation.Autowired; -import java.util.List; -import java.util.stream.Collectors; - public class XAuditMgrBase { @Autowired diff --git a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java index 5ba6c14b90..962139d999 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java @@ -165,6 +165,10 @@ public class XUserMgr extends XUserMgrBase { public VXUser getXUserByUserName(String userName) { VXUser vXUser=null; vXUser=xUserService.getXUserByUserName(userName); + if(vXUser != null && !hasAccessToGetUserInfo(vXUser)) { + logger.info("Logged-In user is not allowed to access requested user data."); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true); + } if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ vXUser=getMaskedVXUser(vXUser); } @@ -381,7 +385,7 @@ public VXUser updateXUser(VXUser vXUser) { throw restErrorUtil.createRESTException("Please provide a valid first name.", MessageEnums.INVALID_INPUT_DATA); } - checkAccess(vXUser.getName()); + checkAccess(vXUser); xaBizUtil.blockAuditorRoleUser(); VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser .getName()); @@ -792,11 +796,9 @@ public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) { public VXUser getXUser(Long id) { VXUser vXUser=null; vXUser=xUserService.readResourceWithOutLogin(id); - if(vXUser != null){ - if(!hasAccessToGetUserInfo(vXUser)){ - logger.info("Logged-In user is not allowed to access requested user data."); - throw restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data."); - } + if(vXUser != null && !hasAccessToGetUserInfo(vXUser)){ + logger.info("Logged-In user is not allowed to access requested user data."); + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true); } if(vXUser!=null && !hasAccessToModule(RangerConstants.MODULE_USER_GROUPS)){ @@ -808,17 +810,20 @@ public VXUser getXUser(Long id) { private boolean hasAccessToGetUserInfo(VXUser requestedVXUser) { UserSessionBase userSession = ContextUtil.getCurrentUserSession(); if (userSession != null && userSession.getLoginId() != null) { - VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession - .getLoginId()); - if (loggedInVXUser != null) { - if (loggedInVXUser.getUserRoleList().size() == 1 - && loggedInVXUser.getUserRoleList().contains( - RangerConstants.ROLE_USER)) { - + VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId()); + if (requestedVXUser != null && CollectionUtils.isNotEmpty(requestedVXUser.getUserRoleList()) && loggedInVXUser != null && loggedInVXUser.getUserRoleList().size() == 1) { + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { return requestedVXUser.getId().equals(loggedInVXUser.getId()) ? true : false; - - }else{ - return true; + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) { + if (requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + return true; + } + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) { + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) && "rangerusersync".equalsIgnoreCase(userSession.getLoginId())) { + return true; + } else if (requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR) || requestedVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + return true; + } } } } @@ -1374,12 +1379,11 @@ public void checkAdminAccess() { } } - public void checkAccess(String loginID) { + public void checkAccess(VXUser vxUser) { UserSessionBase session = ContextUtil.getCurrentUserSession(); if (session != null) { - if (!session.isUserAdmin() && !session.isKeyAdmin() && !session.getLoginId().equalsIgnoreCase(loginID)) { - throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") - + " ,isn't permitted to perform the action."); + if (!hasAccessToGetUserInfo(vxUser)) { + throw restErrorUtil.create403RESTException("Operation" + " denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action."); } } else { VXResponse vXResponse = new VXResponse(); @@ -1482,37 +1486,14 @@ public void checkAccessRoles(List stringRolesList) { UserSessionBase session = ContextUtil.getCurrentUserSession(); if (session != null && stringRolesList != null) { if (!session.isUserAdmin() && !session.isKeyAdmin()) { - throw restErrorUtil.create403RESTException("Permission" - + " denied. LoggedInUser=" - + (session != null ? session.getXXPortalUser().getId() - : "Not Logged In") - + " ,isn't permitted to perform the action."); + throw restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "Not Logged In") + " ,isn't permitted to perform the action."); } else { - if (!"rangerusersync".equals(session.getXXPortalUser() - .getLoginId())) {// new logic for rangerusersync user - if (session.isUserAdmin() - && stringRolesList - .contains(RangerConstants.ROLE_KEY_ADMIN)) { - throw restErrorUtil.create403RESTException("Permission" - + " denied. LoggedInUser=" - + (session != null ? session.getXXPortalUser() - .getId() : "") - + " isn't permitted to perform the action."); - } - if (session.isKeyAdmin() - && stringRolesList - .contains(RangerConstants.ROLE_SYS_ADMIN)) { - throw restErrorUtil.create403RESTException("Permission" - + " denied. LoggedInUser=" - + (session != null ? session.getXXPortalUser() - .getId() : "") - + " isn't permitted to perform the action."); + if (!"rangerusersync".equals(session.getXXPortalUser().getLoginId())) {// new logic for rangerusersync user + if (session.isUserAdmin() && (stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) || stringRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR))) { + throw restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action."); + } else if (session.isKeyAdmin() && (stringRolesList.contains(RangerConstants.ROLE_SYS_ADMIN) || stringRolesList.contains(RangerConstants.ROLE_ADMIN_AUDITOR))) { + throw restErrorUtil.create403RESTException("Permission denied. LoggedInUser=" + (session != null ? session.getXXPortalUser().getId() : "") + " isn't permitted to perform the action."); } - } else { - logger.info("LoggedInUser=" - + (session != null ? session.getXXPortalUser() - .getId() : "") - + " is permitted to perform the action."); } } } else { @@ -1531,8 +1512,8 @@ public VXStringList setUserRolesByExternalID(Long userId, List vString roleListNewProfile.add(vXString.getValue()); } } - checkAccessRoles(roleListNewProfile); VXUser vXUser=getXUser(userId); + checkAccessRoles(roleListNewProfile); List portalUserRoleList =null; if(vXUser!=null && roleListNewProfile.size()>0){ VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName()); @@ -1557,9 +1538,10 @@ public VXStringList setUserRolesByName(String userName, List vStringRo roleListNewProfile.add(vXString.getValue()); } } + VXUser vXUser=getXUserByUserName(userName); checkAccessRoles(roleListNewProfile); - if(userName!=null && roleListNewProfile.size()>0){ - VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(userName); + if(vXUser!=null && roleListNewProfile.size()>0){ + VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName()); if(oldUserProfile!=null){ denySelfRoleChange(oldUserProfile.getLoginId()); updateUserRolesPermissions(oldUserProfile,roleListNewProfile); @@ -1579,7 +1561,7 @@ public VXStringList getUserRolesByExternalID(Long userId) { if(vXUser==null){ throw restErrorUtil.createRESTException("Please provide a valid ID", MessageEnums.INVALID_INPUT_DATA); } - checkAccess(vXUser.getName()); + checkAccess(vXUser); List portalUserRoleList =null; VXPortalUser oldUserProfile = userMgr.getUserProfileByLoginId(vXUser.getName()); if(oldUserProfile!=null){ @@ -1593,7 +1575,8 @@ public VXStringList getUserRolesByExternalID(Long userId) { public VXStringList getUserRolesByName(String userName) { VXPortalUser vXPortalUser=null; if(userName!=null && !userName.trim().isEmpty()){ - checkAccess(userName); + VXUser vXUser=xUserService.getXUserByUserName(userName); + checkAccess(vXUser); vXPortalUser = userMgr.getUserProfileByLoginId(userName); if(vXPortalUser!=null && vXPortalUser.getUserRoleList()!=null){ List portalUserRoleList = daoManager.getXXPortalUserRole().findByUserId(vXPortalUser.getId()); @@ -2780,7 +2763,7 @@ public int createOrUpdateXUsers(VXUserList users) { continue; } - checkAccess(userName); + checkAccess(vXUser); TransactionTemplate txTemplate = new TransactionTemplate(txManager); txTemplate.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRES_NEW); try { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java index 93672662df..21af0636de 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/AssetREST.java @@ -19,8 +19,6 @@ package org.apache.ranger.rest; -import java.io.File; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -39,14 +37,9 @@ import javax.ws.rs.Produces; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - -import org.apache.commons.lang.StringUtils; import org.apache.ranger.admin.client.datatype.RESTResponse; import org.apache.ranger.biz.AssetMgr; import org.apache.ranger.biz.RangerBizUtil; -import org.apache.ranger.common.PropertiesUtil; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerSearchUtil; import org.apache.ranger.common.SearchCriteria; @@ -61,7 +54,6 @@ import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.security.context.RangerAPIList; import org.apache.ranger.service.XAccessAuditService; import org.apache.ranger.service.XAssetService; @@ -251,7 +243,6 @@ public VXAssetList searchXAssets(@Context HttpServletRequest request) { if(services != null) { List assets = new ArrayList(); - for(RangerService service : services) { VXAsset asset = serviceUtil.toVXAsset(service); @@ -261,6 +252,8 @@ public VXAssetList searchXAssets(@Context HttpServletRequest request) { } ret.setVXAssets(assets); + ret.setTotalCount(assets.size()); + ret.setResultSize(assets.size()); } if(logger.isDebugEnabled()) { @@ -388,7 +381,6 @@ public VXResource updateXResource(VXResource vXResource , @PathParam("id") Long @DELETE @Path("/resources/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") @RangerAnnotationClassName(class_name = VXResource.class) public void deleteXResource(@PathParam("id") Long id, @Context HttpServletRequest request) { @@ -419,7 +411,6 @@ public VXResourceList searchXResources(@Context HttpServletRequest request) { if(policies != null) { List resources = new ArrayList(); - for(RangerPolicy policy : policies) { RangerService service = serviceREST.getServiceByName(policy.getService()); @@ -431,6 +422,8 @@ public VXResourceList searchXResources(@Context HttpServletRequest request) { } ret.setVXResources(resources); + ret.setTotalCount(resources.size()); + ret.setResultSize(resources.size()); } if(logger.isDebugEnabled()) { @@ -540,78 +533,6 @@ public VXLong countXCredentialStores(@Context HttpServletRequest request) { return assetMgr.getXCredentialStoreSearchCount(searchCriteria); } - @GET - @Path("/resource/{id}") - @Produces({ "application/json" }) - public Response getXResourceFile(@Context HttpServletRequest request, - @PathParam("id") Long id) { - String fileType = searchUtil.extractString(request, - new SearchCriteria(), "fileType", "File type", - StringUtil.VALIDATION_TEXT); - - VXResource resource = getXResource(id); - - - Response response=null; - if(resource!=null && StringUtils.isNotEmpty(fileType)){ - File file = null; - file=assetMgr.getXResourceFile(resource, fileType); - if(file!=null){ - response=Response.ok(file, MediaType.APPLICATION_OCTET_STREAM).header("Content-Disposition","attachment;filename=" + file.getName()).build(); - file=null; - } - } - return response; - } - - @GET - @Path("/policyList/{repository}") - @Produces({ "application/json" }) - @Encoded - public String getResourceJSON(@Context HttpServletRequest request, - @PathParam("repository") String repository) { - - String epoch = request.getParameter("epoch"); - X509Certificate[] certchain = (X509Certificate[]) request.getAttribute("javax.servlet.request.X509Certificate"); - String ipAddress = request.getHeader("X-FORWARDED-FOR"); - boolean isSecure = request.isSecure(); - String policyCount = request.getParameter("policyCount"); - String agentId = request.getParameter("agentId"); - Long lastKnowPolicyVersion = Long.valueOf(-1); - String capabilityVector = "0"; - - if (ipAddress == null) { - ipAddress = request.getRemoteAddr(); - } - - boolean httpEnabled = PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true); - - ServicePolicies servicePolicies = null; - - try { - servicePolicies = serviceREST.getServicePoliciesIfUpdated(repository, lastKnowPolicyVersion, 0L, agentId, "", "", false, capabilityVector, request); - } catch(Exception excp) { - logger.error("failed to retrieve policies for repository " + repository, excp); - } - - RangerService service = serviceUtil.getServiceByName(repository); - List policies = servicePolicies != null ? servicePolicies.getPolicies() : null; - long policyUpdTime = (servicePolicies != null && servicePolicies.getPolicyUpdateTime() != null) ? servicePolicies.getPolicyUpdateTime().getTime() : 0l; - VXAsset vAsset = serviceUtil.toVXAsset(service); - List vResourceList = new ArrayList(); - - if(policies != null) { - for(RangerPolicy policy : policies) { - vResourceList.add(serviceUtil.toVXResource(policy, service)); - } - } - - String file = assetMgr.getLatestRepoPolicy(vAsset, vResourceList, policyUpdTime, - certchain, httpEnabled, epoch, ipAddress, isSecure, policyCount, agentId); - - return file; - } - @GET @Path("/exportAudit") @Produces({ "application/json" }) diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java index 7be7127cb9..d8e30b516a 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java @@ -374,6 +374,7 @@ public RangerRoleList getAllRoles(@Context HttpServletRequest request) { } SearchFilter filter = searchUtil.getSearchFilter(request, roleService.sortFields); try { + ensureAdminAccess(null, null); roleStore.getRoles(filter,ret); } catch(WebApplicationException excp) { throw excp; diff --git a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java index be56c487fa..3be2fb8640 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java @@ -621,6 +621,7 @@ public List getPoliciesForResource(@PathParam("serviceDefName") St if (policyAdmin != null) { ret = policyAdmin.getMatchingPolicies(new RangerAccessResourceImpl(resource)); + ret = applyAdminAccessFilter(ret); } } @@ -674,7 +675,7 @@ private String validateResourcePoliciesRequest(String serviceDefName, String ser LOG.error("Invalid service-name:[" + serviceName + "]"); } if (service == null || !StringUtils.equals(service.getType(), serviceDefName)) { - ret = "Invalid service-name:[" + serviceName + "] or service-name is not of service-type:[" + serviceDefName + "]"; + ret = "Invalid service-name:[" + serviceName + "] or service-type:[" + serviceDefName + "]"; } else { services.add(service); ret = StringUtils.EMPTY; @@ -3507,7 +3508,11 @@ public VXString getPolicyVersionList(@PathParam("policyId") Long policyId) { @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_POLICY_FOR_VERSION_NO + "\")") public RangerPolicy getPolicyForVersionNumber(@PathParam("policyId") Long policyId, @PathParam("versionNo") int versionNo) { - return svcStore.getPolicyForVersionNumber(policyId, versionNo); + RangerPolicy policy = svcStore.getPolicyForVersionNumber(policyId, versionNo); + if (policy != null) { + ensureAdminAndAuditAccess(policy); + } + return policy; } @GET @@ -4133,7 +4138,7 @@ private void validateGrantor(String grantor) { VXUser vxUser = null; if (grantor != null) { try { - vxUser = userMgr.getXUserByUserName(grantor); + vxUser = xUserService.getXUserByUserName(grantor); if (vxUser == null) { throw restErrorUtil.createGrantRevokeRESTException("Grantor user " + grantor + " doesn't exist"); } @@ -4147,7 +4152,7 @@ private void validateGrantees(Set grantees) { VXUser vxUser = null; for (String userName : grantees) { try { - vxUser = userMgr.getXUserByUserName(userName); + vxUser = xUserService.getXUserByUserName(userName); if (vxUser == null) { throw restErrorUtil.createGrantRevokeRESTException("Grantee user " + userName + " doesn't exist"); } @@ -4469,6 +4474,10 @@ public RangerPolicy getPolicyByName(String serviceName, String policyName, Strin if (dbPolicy != null) { ret = policyService.getPopulatedViewObject(dbPolicy); } + + if (ret != null) { + ensureAdminAndAuditAccess(ret); + } } if (LOG.isDebugEnabled()) { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java index 2adf0b0a27..6675d71a6d 100755 --- a/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/TagREST.java @@ -409,12 +409,16 @@ public PList getTagDefs(@Context HttpServletRequest request) { @GET @Path(TagRESTConstants.TAGTYPES_RESOURCE) @Produces({ "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public List getTagTypes() { if(LOG.isDebugEnabled()) { LOG.debug("==> TagREST.getTagTypes()"); } + // check for ADMIN access + if (!bizUtil.isAdmin()) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } + List ret = null; try { @@ -638,12 +642,16 @@ public List getTagsByType(@PathParam("type") String type) { @GET @Path(TagRESTConstants.TAGS_RESOURCE) @Produces({ "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public List getAllTags() { if(LOG.isDebugEnabled()) { LOG.debug("==> TagREST.getAllTags()"); } + // check for ADMIN access + if (!bizUtil.isAdmin()) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } + List ret; try { @@ -1042,12 +1050,16 @@ public RangerServiceResource getServiceResourceByResource(@PathParam("serviceNam @GET @Path(TagRESTConstants.RESOURCES_RESOURCE) @Produces({ "application/json" }) - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public List getAllServiceResources() { if(LOG.isDebugEnabled()) { LOG.debug("==> TagREST.getAllServiceResources()"); } + // check for ADMIN access + if (!bizUtil.isAdmin()) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "User don't have permission to perform this action", true); + } + List ret; try { diff --git a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java index c6557b11c1..4708b86387 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/UserREST.java @@ -323,7 +323,6 @@ public VXResponse changePassword(@PathParam("userId") Long userId, throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changePassword.getLoginId()); } - userManager.checkAccessForUpdate(gjUser); changePassword.setId(gjUser.getId()); VXResponse ret = userManager.changePassword(changePassword); return ret; @@ -358,7 +357,6 @@ public VXPortalUser changeEmailAddress(@PathParam("userId") Long userId, throw restErrorUtil.createRESTException("serverMsg.userRestUser",MessageEnums.DATA_NOT_FOUND, null, null, changeEmail.getLoginId()); } - userManager.checkAccessForUpdate(gjUser); changeEmail.setId(gjUser.getId()); VXPortalUser ret = userManager.changeEmailAddress(gjUser, changeEmail); return ret; diff --git a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java index 0a3c524b5f..bd71c00b28 100755 --- a/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java @@ -60,6 +60,7 @@ import org.apache.ranger.common.annotation.RangerAnnotationClassName; import org.apache.ranger.common.annotation.RangerAnnotationJSMgrName; import org.apache.ranger.db.RangerDaoManager; +import org.apache.ranger.entity.XXGroup; import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceDef; import org.apache.ranger.plugin.model.RangerPluginInfo; @@ -71,7 +72,6 @@ import org.apache.ranger.security.context.RangerAPIList; import org.apache.ranger.service.AuthSessionService; import org.apache.ranger.service.XAuditMapService; -import org.apache.ranger.service.XGroupGroupService; import org.apache.ranger.service.XGroupPermissionService; import org.apache.ranger.service.XGroupService; import org.apache.ranger.service.XGroupUserService; @@ -129,9 +129,6 @@ public class XUserREST { @Autowired XGroupUserService xGroupUserService; - @Autowired - XGroupGroupService xGroupGroupService; - @Autowired XPermMapService xPermMapService; @@ -146,16 +143,16 @@ public class XUserREST { @Autowired SessionMgr sessionMgr; - + @Autowired AuthSessionService authSessionService; @Autowired RangerBizUtil bizUtil; - + @Autowired XResourceService xResourceService; - + @Autowired StringUtil stringUtil; @@ -423,12 +420,23 @@ else if ((searchCriteria.getParamList().containsKey("name")) && userName!= null UserSessionBase userSession = ContextUtil.getCurrentUserSession(); if (userSession != null && userSession.getLoginId() != null) { - VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession - .getLoginId()); - if (loggedInVXUser != null) { - if (loggedInVXUser.getUserRoleList().size() == 1 - && loggedInVXUser.getUserRoleList().contains( - RangerConstants.ROLE_USER)) { + VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId()); + if (loggedInVXUser != null && loggedInVXUser.getUserRoleList().size() == 1) { + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_ADMIN_AUDITOR)) { + boolean hasRole = false; + hasRole = !userRolesList.contains(RangerConstants.ROLE_SYS_ADMIN) ? userRolesList.add(RangerConstants.ROLE_SYS_ADMIN) : hasRole; + hasRole = !userRolesList.contains(RangerConstants.ROLE_ADMIN_AUDITOR) ? userRolesList.add(RangerConstants.ROLE_ADMIN_AUDITOR) : hasRole; + hasRole = !userRolesList.contains(RangerConstants.ROLE_USER) ? userRolesList.add(RangerConstants.ROLE_USER) : hasRole; + if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_SYS_ADMIN) && "rangerusersync".equalsIgnoreCase(userSession.getLoginId())) { + hasRole = !userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ? userRolesList.add(RangerConstants.ROLE_KEY_ADMIN) : hasRole; + hasRole = !userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) ? userRolesList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) : hasRole; + } + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN) || loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR)) { + boolean hasRole = false; + hasRole = !userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN) ? userRolesList.add(RangerConstants.ROLE_KEY_ADMIN) : hasRole; + hasRole = !userRolesList.contains(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) ? userRolesList.add(RangerConstants.ROLE_KEY_ADMIN_AUDITOR) : hasRole; + hasRole = !userRolesList.contains(RangerConstants.ROLE_USER) ? userRolesList.add(RangerConstants.ROLE_USER) : hasRole; + } else if (loggedInVXUser.getUserRoleList().contains(RangerConstants.ROLE_USER)) { logger.info("Logged-In user having user role will be able to fetch his own user details."); if (!searchCriteria.getParamList().containsKey("name")) { searchCriteria.addParam("name", loggedInVXUser.getName()); @@ -545,6 +553,9 @@ public VXGroupUser getXGroupUser(@PathParam("id") Long id) { @Produces({ "application/json" }) @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) { + if (vXGroupUser == null || StringUtils.isBlank(vXGroupUser.getName()) || vXGroupUser.getUserId() == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Group name or UserId is empty or null", true); + } return xUserMgr.createXGroupUser(vXGroupUser); } @@ -553,6 +564,9 @@ public VXGroupUser createXGroupUser(VXGroupUser vXGroupUser) { @Consumes({ "application/json" }) @Produces({ "application/json" }) public VXGroupUser updateXGroupUser(VXGroupUser vXGroupUser) { + if (vXGroupUser == null || StringUtils.isBlank(vXGroupUser.getName()) || vXGroupUser.getUserId() == null) { + throw restErrorUtil.createRESTException(HttpServletResponse.SC_BAD_REQUEST , "Group name or UserId is empty or null", true); + } return xUserMgr.updateXGroupUser(vXGroupUser); } @@ -608,69 +622,6 @@ public VXLong countXGroupUsers(@Context HttpServletRequest request) { return xUserMgr.getXGroupUserSearchCount(searchCriteria); } - // Handle XGroupGroup - @GET - @Path("/groupgroups/{id}") - @Produces({ "application/json" }) - @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_X_GROUP_GROUP + "\")") - public VXGroupGroup getXGroupGroup(@PathParam("id") Long id) { - return xUserMgr.getXGroupGroup(id); - } - - @POST - @Path("/groupgroups") - @Consumes({ "application/json" }) - @Produces({ "application/json" }) - public VXGroupGroup createXGroupGroup(VXGroupGroup vXGroupGroup) { - return xUserMgr.createXGroupGroup(vXGroupGroup); - } - - @PUT - @Path("/groupgroups") - @Consumes({ "application/json" }) - @Produces({ "application/json" }) - public VXGroupGroup updateXGroupGroup(VXGroupGroup vXGroupGroup) { - return xUserMgr.updateXGroupGroup(vXGroupGroup); - } - - @DELETE - @Path("/groupgroups/{id}") - @PreAuthorize("hasRole('ROLE_SYS_ADMIN')") - @RangerAnnotationClassName(class_name = VXGroupGroup.class) - public void deleteXGroupGroup(@PathParam("id") Long id, - @Context HttpServletRequest request) { - boolean force = false; - xUserMgr.deleteXGroupGroup(id, force); - } - - /** - * Implements the traditional search functionalities for XGroupGroups - * - * @param request - * @return - */ - @GET - @Path("/groupgroups") - @Produces({ "application/json" }) - @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_GROUP_GROUPS + "\")") - public VXGroupGroupList searchXGroupGroups( - @Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupGroupService.sortFields); - return xUserMgr.searchXGroupGroups(searchCriteria); - } - - @GET - @Path("/groupgroups/count") - @Produces({ "application/json" }) - @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.COUNT_X_GROUP_GROUPS + "\")") - public VXLong countXGroupGroups(@Context HttpServletRequest request) { - SearchCriteria searchCriteria = searchUtil.extractCommonCriterias( - request, xGroupGroupService.sortFields); - - return xUserMgr.getXGroupGroupSearchCount(searchCriteria); - } - // Handle XPermMap @GET @Path("/permmaps/{id}") @@ -865,7 +816,25 @@ public VXUser getXUserByUserName(@Context HttpServletRequest request, @PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.GET_X_GROUP_BY_GROUP_NAME + "\")") public VXGroup getXGroupByGroupName(@Context HttpServletRequest request, @PathParam("groupName") String groupName) { - return xGroupService.getGroupByGroupName(groupName); + VXGroup vXGroup = xGroupService.getGroupByGroupName(groupName); + UserSessionBase userSession = ContextUtil.getCurrentUserSession(); + if (userSession != null && userSession.getLoginId() != null && userSession.getUserRoleList().contains(RangerConstants.ROLE_USER)) { + VXUser loggedInVXUser = xUserService.getXUserByUserName(userSession.getLoginId()); + boolean isMatch = false; + if (loggedInVXUser != null && vXGroup != null) { + List userGroups = xGroupService.getGroupsByUserId(loggedInVXUser.getId()); + for (XXGroup xXGroup: userGroups) { + if (xXGroup != null && StringUtils.equals(xXGroup.getName(), vXGroup.getName())) { + isMatch = true; + break; + } + } + } + if (!isMatch) { + vXGroup = null; + } + } + return vXGroup; } @DELETE diff --git a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java index 98ee626120..46484e706a 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XGroupService.java @@ -168,4 +168,8 @@ public Map getXXGroupIdNameMap() { public Long getAllGroupCount() { return daoManager.getXXGroup().getAllCount(); } + + public List getGroupsByUserId(Long userId) { + return daoManager.getXXGroup().findByUserId(userId); + } } diff --git a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java index 942d53e917..6a4f533cd9 100644 --- a/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java +++ b/security-admin/src/main/java/org/apache/ranger/service/XUgsyncAuditInfoService.java @@ -134,6 +134,8 @@ public VXUgsyncAuditInfoList searchXUgsyncAuditInfoBySyncSource(String syncSourc } returnList.setVxUgsyncAuditInfoList(xUgsyncAuditInfoList); + returnList.setTotalCount(xUgsyncAuditInfoList.size()); + returnList.setResultSize(xUgsyncAuditInfoList.size()); return returnList; } diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java index 2b4ba0d153..671b80de54 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestServiceDBStore.java @@ -25,12 +25,14 @@ import java.util.HashSet; import java.util.List; import java.util.Map; +import java.util.Set; import org.apache.commons.collections.ListUtils; import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.GUIDUtil; import org.apache.ranger.common.JSONUtil; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.common.RangerFactory; import org.apache.ranger.common.SearchCriteria; import org.apache.ranger.common.StringUtil; @@ -69,6 +71,7 @@ import org.apache.ranger.view.RangerPolicyList; import org.apache.ranger.view.RangerServiceDefList; import org.apache.ranger.view.RangerServiceList; +import org.apache.ranger.view.VXGroup; import org.apache.ranger.view.VXGroupList; import org.apache.ranger.view.VXString; import org.apache.ranger.view.VXUser; @@ -167,6 +170,15 @@ public class TestServiceDBStore { @Rule public ExpectedException thrown = ExpectedException.none(); + private VXGroup vxGroup() { + VXGroup vXGroup = new VXGroup(); + vXGroup.setId(Id); + vXGroup.setDescription("group test working"); + vXGroup.setName(RangerConstants.GROUP_PUBLIC); + vXGroup.setIsVisible(1); + return vXGroup; + } + public void setup() { RangerSecurityContext context = new RangerSecurityContext(); context.setUserSession(new UserSessionBase()); @@ -1999,6 +2011,25 @@ public void test30getPolicies() throws Exception { policyListObj.setSortType("1"); policyListObj.setStartIndex(0); policyListObj.setTotalCount(10); + + Set groupNames = new HashSet(){{add(RangerConstants.GROUP_PUBLIC);}}; + XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class); + Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao); + XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class); + XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class); + VXGroup vxGroup = vxGroup(); + XXGroup xxGroup = new XXGroup(); + xxGroup.setId(vxGroup.getId()); + xxGroup.setName(vxGroup.getName()); + xxGroup.setDescription(vxGroup.getDescription()); + xxGroup.setIsVisible(vxGroup.getIsVisible()); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup); + Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames); + List xxRoles = new ArrayList(); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao); + Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles); List dbRangerPolicy = serviceDBStore.getPolicies(filter); Assert.assertNotNull(dbRangerPolicy); @@ -2017,6 +2048,25 @@ public void test31getPaginatedPolicies() throws Exception { policyListObj.setSortType("1"); policyListObj.setStartIndex(0); policyListObj.setTotalCount(10); + + Set groupNames = new HashSet(){{add(RangerConstants.GROUP_PUBLIC);}}; + XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class); + Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao); + XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class); + XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class); + VXGroup vxGroup = vxGroup(); + XXGroup xxGroup = new XXGroup(); + xxGroup.setId(vxGroup.getId()); + xxGroup.setName(vxGroup.getName()); + xxGroup.setDescription(vxGroup.getDescription()); + xxGroup.setIsVisible(vxGroup.getIsVisible()); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup); + Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames); + List xxRoles = new ArrayList(); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao); + Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles); PList dbRangerPolicyList = serviceDBStore .getPaginatedPolicies(filter); @@ -2113,6 +2163,25 @@ public void test36getPaginatedServicePolicies() throws Exception { SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.POLICY_NAME, "policyName"); filter.setParam(SearchFilter.SERVICE_NAME, "serviceName"); + + Set groupNames = new HashSet(){{add(RangerConstants.GROUP_PUBLIC);}}; + XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class); + Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao); + XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class); + XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class); + VXGroup vxGroup = vxGroup(); + XXGroup xxGroup = new XXGroup(); + xxGroup.setId(vxGroup.getId()); + xxGroup.setName(vxGroup.getName()); + xxGroup.setDescription(vxGroup.getDescription()); + xxGroup.setIsVisible(vxGroup.getIsVisible()); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup); + Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames); + List xxRoles = new ArrayList(); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao); + Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles); PList dbRangerPolicyList = serviceDBStore .getPaginatedServicePolicies(serviceName, filter); @@ -2132,6 +2201,25 @@ public void test37getPaginatedServicePolicies() throws Exception { Mockito.when(daoManager.getXXService()).thenReturn(xServiceDao); Mockito.when(xServiceDao.getById(Id)).thenReturn(xService); + Set groupNames = new HashSet(){{add(RangerConstants.GROUP_PUBLIC);}}; + XXGroupGroupDao xXGroupGroupDao = Mockito.mock(XXGroupGroupDao.class); + Mockito.when(daoManager.getXXGroupGroup()).thenReturn(xXGroupGroupDao); + XXGroupDao xxGroupDao = Mockito.mock(XXGroupDao.class); + XXRoleDao xxRoleDao = Mockito.mock(XXRoleDao.class); + VXGroup vxGroup = vxGroup(); + XXGroup xxGroup = new XXGroup(); + xxGroup.setId(vxGroup.getId()); + xxGroup.setName(vxGroup.getName()); + xxGroup.setDescription(vxGroup.getDescription()); + xxGroup.setIsVisible(vxGroup.getIsVisible()); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(xxGroupDao.findByGroupName(vxGroup.getName())).thenReturn(xxGroup); + Mockito.when(xXGroupGroupDao.findGroupNamesByGroupName(Mockito.anyString())).thenReturn(groupNames); + List xxRoles = new ArrayList(); + Mockito.when(daoManager.getXXGroup()).thenReturn(xxGroupDao); + Mockito.when(daoManager.getXXRole()).thenReturn(xxRoleDao); + Mockito.when(xxRoleDao.findByGroupId(xxGroup.getId())).thenReturn(xxRoles); + //PList dbRangerPolicyList = serviceDBStore.getPaginatedServicePolicies(rangerService.getId(), filter); } @@ -2325,7 +2413,6 @@ public void test44getMetricByTypePolicies() throws Exception { String type = "policies"; RangerServiceList svcList = new RangerServiceList(); svcList.setTotalCount(10l); - Mockito.when(svcService.searchRangerServices(Mockito.any(SearchFilter.class))).thenReturn(svcList); serviceDBStore.getMetricByType(ServiceDBStore.METRIC_TYPE.getMetricTypeByName(type)); } diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java index 29f2ce802b..cdf265b2d9 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestUserMgr.java @@ -313,10 +313,24 @@ public void test03ChangePasswordAsAdmin() { Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.findByLoginId(Mockito.nullable(String.class))).thenReturn(user); - Mockito.when(stringUtil.equals(Mockito.anyString(), Mockito.nullable(String.class))).thenReturn(true); - Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); - Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(true); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); + VXResponse dbVXResponse = userMgr.changePassword(pwdChange); Assert.assertNotNull(dbVXResponse); Assert.assertEquals(userProfile.getStatus(),dbVXResponse.getStatusCode()); @@ -369,6 +383,25 @@ public void test04ChangePasswordAsKeyAdmin() { Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(true); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + List xUserPermissionsList = new ArrayList(); + List xGroupPermissionList = new ArrayList(); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); VXResponse dbVXResponse = userMgr.changePassword(pwdChange); Assert.assertNotNull(dbVXResponse); Assert.assertEquals(userProfile.getStatus(),dbVXResponse.getStatusCode()); @@ -398,6 +431,26 @@ public void test05ChangePasswordAsUser() { Mockito.when(stringUtil.equals(Mockito.anyString(), Mockito.nullable(String.class))).thenReturn(true); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(true); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + List xUserPermissionsList = new ArrayList(); + List xGroupPermissionList = new ArrayList(); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); + XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); VXResponse dbVXResponse = userMgr.changePassword(pwdChange); Assert.assertNotNull(dbVXResponse); @@ -415,7 +468,16 @@ public void test06ChangeEmailAddressAsAdmin() { XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); - XXModuleDef xModuleDef = Mockito.mock(XXModuleDef.class); + + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setUpdatedByUserId(userId); + xModuleDef.setAddedByUserId(userId); + xModuleDef.setCreateTime(new Date()); + xModuleDef.setId(userId); + xModuleDef.setModule("Policy manager"); + xModuleDef.setUpdateTime(new Date()); + xModuleDef.setUrl("/policy manager"); + VXPortalUser userProfile = userProfile(); XXPortalUser user = new XXPortalUser(); @@ -482,11 +544,8 @@ public void test06ChangeEmailAddressAsAdmin() { groupPermission.setOwner("admin"); Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - Mockito.when(stringUtil.equals(Mockito.anyString(), Mockito.anyString())).thenReturn(true); - Mockito.when(stringUtil.normalizeEmail(Mockito.anyString())).thenReturn(changeEmail.getEmailAddress()); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); - Mockito.when(userDao.update(user)).thenReturn(user); Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(list); Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); @@ -496,7 +555,28 @@ public void test06ChangeEmailAddressAsAdmin() { Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); + + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXPortalUser dbVXPortalUser = userMgr.changeEmailAddress(user,changeEmail); Assert.assertNotNull(dbVXPortalUser); Assert.assertEquals(userId, dbVXPortalUser.getId()); @@ -521,10 +601,6 @@ public void test07ChangeEmailAddressAsKeyAdmin() { setupKeyAdmin(); XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); - XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); - XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); - XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); - XXModuleDef xModuleDef = Mockito.mock(XXModuleDef.class); VXPortalUser userProfile = userProfile(); XXPortalUser userKeyAdmin = new XXPortalUser(); @@ -596,15 +672,30 @@ public void test07ChangeEmailAddressAsKeyAdmin() { Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(list); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(userKeyAdmin); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); - Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); Mockito.when(xGroupPermissionService.populateViewBean(xGroupPermissionObj)).thenReturn(groupPermission); Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); + XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); + XXModuleDef xModuleDef = new XXModuleDef(); + xModuleDef.setModule("Users/Groups"); Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); - Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); + Mockito.when(xModuleDefDao.findByModuleId(groupPermission.getModuleId())).thenReturn(xModuleDef); VXPortalUser dbVXPortalUser = userMgr.changeEmailAddress(userKeyAdmin,changeEmail); Assert.assertNotNull(dbVXPortalUser); Assert.assertEquals(userId, dbVXPortalUser.getId()); @@ -613,7 +704,6 @@ public void test07ChangeEmailAddressAsKeyAdmin() { Assert.assertEquals(changeEmail.getEmailAddress(),dbVXPortalUser.getEmailAddress()); } - @Test public void test08ChangeEmailAddressAsUser() { setupUser(); @@ -702,7 +792,23 @@ public void test08ChangeEmailAddressAsUser() { Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); + Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); + Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); VXPortalUser dbVXPortalUser = userMgr.changeEmailAddress(user,changeEmail); Assert.assertNotNull(dbVXPortalUser); Assert.assertEquals(userId, dbVXPortalUser.getId()); @@ -934,10 +1040,8 @@ public void test14UpdateUserWithPass() { user.setPassword(encryptedPwd); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); - Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(true); - Mockito.when(userDao.update(user)).thenReturn(user); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); XXPortalUser dbXXPortalUser = userMgr.updateUserWithPass(userProfile); Assert.assertNotNull(dbXXPortalUser); Assert.assertEquals(userId, dbXXPortalUser.getId()); @@ -1174,6 +1278,8 @@ public void test20checkAccess() { XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao); Mockito.when(xPortalUserDao.getById(userId)).thenReturn(xPortalUser); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); userMgr.checkAccess(userId); Mockito.when(xPortalUserDao.getById(userId)).thenReturn(null); @@ -1187,10 +1293,6 @@ public void test21getUserProfile() { setup(); XXPortalUserDao xPortalUserDao = Mockito.mock(XXPortalUserDao.class); XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); - XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); - XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); - - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); List xPortalUserRoleList = new ArrayList(); XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); @@ -1224,10 +1326,8 @@ public void test21getUserProfile() { Mockito.when(daoManager.getXXPortalUser()).thenReturn(xPortalUserDao); Mockito.when(xPortalUserDao.getById(userId)).thenReturn(null); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); - - Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXPortalUser dbVXPortalUser = userMgr.getUserProfile(userId); Mockito.when(xPortalUserDao.getById(userId)).thenReturn(xPortalUser); dbVXPortalUser = userMgr.getUserProfile(userId); @@ -1275,12 +1375,7 @@ public void test22getUserProfileByLoginId() { @Test public void test23setUserRoles() { setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); - XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); - XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); - XXModuleDefDao xModuleDefDao = Mockito.mock(XXModuleDefDao.class); - VXPortalUser userProfile = userProfile(); XXPortalUser user = new XXPortalUser(); user.setEmailAddress(userProfile.getEmailAddress()); @@ -1354,21 +1449,10 @@ public void test23setUserRoles() { userPermission.setUserId(userId); userPermission.setUserName("xyz"); userPermission.setOwner("admin"); - - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.getById(userId)).thenReturn(user); - Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); - Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); - Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); - Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); - Mockito.when(xGroupPermissionService.populateViewBean(xGroupPermissionObj)).thenReturn(groupPermission); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); - Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); - Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(xModuleDefDao); - Mockito.when(xModuleDefDao.findByModuleId(Mockito.anyLong())).thenReturn(xModuleDef); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); userMgr.checkAccess(userId); userMgr.setUserRoles(userId, vStringRolesList); @@ -1496,9 +1580,8 @@ public void test27UpdateUser() { user.setPassword(encryptedPwd); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); XXPortalUser dbXXPortalUser = userMgr.updateUser(userProfile); Assert.assertNotNull(dbXXPortalUser); Assert.assertEquals(userId, dbXXPortalUser.getId()); @@ -1536,9 +1619,8 @@ public void test28UpdateUser() { user.setFirstName("null"); user.setLastName("null"); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); - Mockito.when(userDao.findByEmailAddress(Mockito.anyString())).thenReturn(user); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); dbXXPortalUser = userMgr.updateUser(userProfile); Assert.assertNotNull(dbXXPortalUser); Assert.assertEquals(userId, dbXXPortalUser.getId()); @@ -1661,7 +1743,11 @@ public void test30getRolesByLoginId() { @Test public void test31checkAccess() { setup(); + XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); userMgr.checkAccess(xPortalUser); destroySession(); VXPortalUser userProfile = userProfile(); @@ -1691,31 +1777,10 @@ public void test32checkAdminAccess() { userMgr.checkAdminAccess(); } - @Test - public void test33checkAccessForUpdate() { - setup(); - XXPortalUser xPortalUser = Mockito.mock(XXPortalUser.class); - userMgr.checkAccessForUpdate(xPortalUser); - - destroySession(); - xPortalUser.setId(userId); - VXResponse vXResponse = new VXResponse(); - vXResponse.setStatusCode(HttpServletResponse.SC_FORBIDDEN); - vXResponse.setMsgDesc("User access denied. loggedInUser=Not Logged In , accessing user="+ xPortalUser.getId()); - Mockito.when(restErrorUtil.generateRESTException((VXResponse) Mockito.any())).thenThrow(new WebApplicationException()); - thrown.expect(WebApplicationException.class); - userMgr.checkAccessForUpdate(xPortalUser); - xPortalUser = null; - Mockito.when(restErrorUtil.create403RESTException("serverMsg.userMgrWrongUser")).thenThrow(new WebApplicationException()); - thrown.expect(WebApplicationException.class); - userMgr.checkAccessForUpdate(xPortalUser); - } - @Test public void test34updateRoleForExternalUsers() { setupRangerUserSyncUser(); XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); - XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); Collection existingRoleList = new ArrayList(); existingRoleList.add(RangerConstants.ROLE_USER); @@ -1749,13 +1814,11 @@ public void test34updateRoleForExternalUsers() { xUserPermissionObj.setUserId(userId); xUserPermissionsList.add(xUserPermissionObj); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); - Mockito.when(roleDao.findByUserId(userId)).thenReturn(list); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); Mockito.when(xUserPermissionDao.findByUserPermissionId(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXPortalUser dbVXPortalUser = userMgr.updateRoleForExternalUsers(reqRoleList,existingRoleList,userProfile); Assert.assertNotNull(dbVXPortalUser); Assert.assertEquals(userId, dbVXPortalUser.getId()); @@ -1822,13 +1885,12 @@ public void test36UpdateUser() { user.setLoginId(userProfile.getLoginId()); userProfile.setFirstName("User"); userProfile.setLastName("User"); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); String encryptedPwd = userMgr.encrypt(userProfile.getLoginId(),userProfile.getPassword()); user.setPassword(encryptedPwd); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); - Mockito.when(stringUtil.toCamelCaseAllWords(Mockito.anyString())).thenReturn(userProfile.getFirstName()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); XXPortalUser dbXXPortalUser = userMgr.updateUser(userProfile); Assert.assertNotNull(dbXXPortalUser); Mockito.when(stringUtil.isEmpty(Mockito.anyString())).thenReturn(true); @@ -1970,7 +2032,7 @@ public void test45ChangePassword() { invalidpwdChange.setOldPassword("invalidOldPassword"); invalidpwdChange.setEmailAddress(userProfile.getEmailAddress()); invalidpwdChange.setUpdPassword(userProfile.getPassword()); - Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrOldPassword",MessageEnums.INVALID_INPUT_DATA, null, null, invalidpwdChange.getLoginId())).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); userMgr.changePassword(invalidpwdChange); } @@ -1980,8 +2042,8 @@ public void test46ChangePassword() { destroySession(); setupUser(); VXPortalUser userProfile = userProfile(); - XXPortalUser user2 = new XXPortalUser(); - user2.setId(userId); + XXPortalUser gjUser = new XXPortalUser(); + gjUser.setId(userId); VXPasswordChange invalidpwdChange = new VXPasswordChange(); invalidpwdChange.setId(userProfile.getId()); invalidpwdChange.setLoginId(userProfile.getLoginId()+1); @@ -1991,10 +2053,9 @@ public void test46ChangePassword() { XXPortalUserDao userDao = Mockito.mock(XXPortalUserDao.class); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); - Mockito.when(userDao.findByLoginId(userProfile.getLoginId())).thenReturn(user2); - Mockito.when(userDao.findByLoginId(invalidpwdChange.getLoginId())).thenReturn(null); + Mockito.when(userDao.findByLoginId(invalidpwdChange.getLoginId())).thenReturn(gjUser); - Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrInvalidUser",MessageEnums.DATA_NOT_FOUND, null, null, invalidpwdChange.getLoginId())).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); userMgr.changePassword(invalidpwdChange); } @@ -2024,6 +2085,26 @@ public void test47ChangePasswordAsUser() { Mockito.when(stringUtil.equals(Mockito.anyString(), Mockito.nullable(String.class))).thenReturn(true); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(true); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + List xUserPermissionsList = new ArrayList(); + List xGroupPermissionList = new ArrayList(); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); + XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrOldPassword",MessageEnums.INVALID_INPUT_DATA, user.getId(), "password", user.toString())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); userMgr.changePassword(pwdChange); @@ -2053,6 +2134,26 @@ public void test48ChangePasswordAsUser() { Mockito.when(stringUtil.equals(Mockito.anyString(), Mockito.nullable(String.class))).thenReturn(true); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(false); + Mockito.when(userDao.findByLoginId(Mockito.anyString())).thenReturn(user); + XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); + List xPortalUserRoleList = new ArrayList(); + XXPortalUserRole XXPortalUserRole = new XXPortalUserRole(); + XXPortalUserRole.setId(userId); + XXPortalUserRole.setUserId(userId); + XXPortalUserRole.setUserRole("ROLE_USER"); + xPortalUserRoleList.add(XXPortalUserRole); + XXUserPermissionDao xUserPermissionDao = Mockito.mock(XXUserPermissionDao.class); + XXGroupPermissionDao xGroupPermissionDao = Mockito.mock(XXGroupPermissionDao.class); + Mockito.when(daoManager.getXXUserPermission()).thenReturn(xUserPermissionDao); + List xUserPermissionsList = new ArrayList(); + List xGroupPermissionList = new ArrayList(); + Mockito.when(xUserPermissionDao.findByUserPermissionIdAndIsAllowed(userProfile.getId())).thenReturn(xUserPermissionsList); + Mockito.when(daoManager.getXXGroupPermission()).thenReturn(xGroupPermissionDao); + Mockito.when(xGroupPermissionDao.findbyVXPortalUserId(userProfile.getId())).thenReturn(xGroupPermissionList); + XXPortalUserRoleDao roleDao = Mockito.mock(XXPortalUserRoleDao.class); + Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(roleDao); + Mockito.when(roleDao.findByParentId(Mockito.anyLong())).thenReturn(xPortalUserRoleList); Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrNewPassword",MessageEnums.INVALID_PASSWORD, null, null, pwdChange.getLoginId())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); userMgr.changePassword(pwdChange); @@ -2139,10 +2240,7 @@ public void test51UpdateUserWithPass() { user.setPassword(encryptedPwd); Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); Mockito.when(userDao.getById(userProfile.getId())).thenReturn(user); - Mockito.when(stringUtil.validateEmail(Mockito.anyString())).thenReturn(true); - Mockito.doNothing().when(rangerBizUtil).blockAuditorRoleUser(); - Mockito.when(stringUtil.validatePassword(Mockito.anyString(), Mockito.any(String[].class))).thenReturn(false); - Mockito.when(restErrorUtil.createRESTException("serverMsg.userMgrNewPassword", MessageEnums.INVALID_PASSWORD, null, null, user.getId().toString())).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); userMgr.updateUserWithPass(userProfile); } diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java index de342e994c..83ec00520e 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestXUserMgr.java @@ -643,7 +643,8 @@ public void test01CreateXUser() { loggedInUser.setName("testuser"); loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); - + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXUser dbvxUser = xUserMgr.getXUser(userId); Mockito.verify(userMgr).createDefaultAccountUser((VXPortalUser) Mockito.any()); Assert.assertNotNull(dbvxUser); @@ -785,6 +786,13 @@ public void test05UpdateXUser() { VXUserPermission vXUserPermission = vxUserPermission(); Mockito.when(xUserPermissionService.createResource((VXUserPermission) Mockito.any())).thenReturn(vXUserPermission); Mockito.when(sessionMgr.getActiveUserSessionsForPortalUserId(userId)).thenReturn(userSessions); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("testuser"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); VXUser dbvxUser = xUserMgr.updateXUser(vxUser); Assert.assertNotNull(dbvxUser); Assert.assertEquals(dbvxUser.getId(), vxUser.getId()); @@ -1678,9 +1686,7 @@ public void test36getGroupsForUser() { @Test public void test37setUserRolesByExternalID() { setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); VXUser vXUser = vxUser(); - VXPortalUser userProfile = userProfile(); List vStringRolesList = new ArrayList(); VXString vXStringObj = new VXString(); vXStringObj.setValue("ROLE_USER"); @@ -1700,10 +1706,7 @@ public void test37setUserRolesByExternalID() { List groupPermList = new ArrayList(); VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); - Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile); List permissionList = new ArrayList(); permissionList.add(RangerConstants.MODULE_USER_GROUPS); @@ -1715,11 +1718,9 @@ public void test37setUserRolesByExternalID() { loggedInUser.setName("testuser"); loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); - - XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao); - Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList); - + + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXStringList vXStringList = xUserMgr.setUserRolesByExternalID(userId,vStringRolesList); Assert.assertNotNull(vXStringList); } @@ -1749,7 +1750,6 @@ public void test38setUserRolesByExternalID() { VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); - Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(null); List permissionList = new ArrayList(); permissionList.add(RangerConstants.MODULE_USER_GROUPS); @@ -1761,12 +1761,8 @@ public void test38setUserRolesByExternalID() { loggedInUser.setName("testuser"); loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); - - XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao); - Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList); - - Mockito.when(restErrorUtil.createRESTException("User ID doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); + + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.setUserRolesByExternalID(userId, vStringRolesList); } @@ -1806,7 +1802,6 @@ public void test39setUserRolesByExternalID() { public void test40setUserRolesByName() { destroySession(); setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); VXPortalUser userProfile = userProfile(); List vStringRolesList = new ArrayList(); VXString vXStringObj = new VXString(); @@ -1827,13 +1822,10 @@ public void test40setUserRolesByName() { List groupPermList = new ArrayList(); VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); - Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile); - VXStringList vXStringList = xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList); - Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("Login ID doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); + VXStringList vXStringList = xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList); + Assert.assertNotNull(vXStringList); xUserMgr.setUserRolesByName(null, vStringRolesList); } @@ -1841,7 +1833,6 @@ public void test40setUserRolesByName() { public void test41setUserRolesByName() { destroySession(); setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); VXPortalUser userProfile = userProfile(); List vStringRolesList = new ArrayList(); VXString vXStringObj = new VXString(); @@ -1862,13 +1853,10 @@ public void test41setUserRolesByName() { List groupPermList = new ArrayList(); VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); - Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile); - VXStringList vXStringList = xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList); - Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("Login ID doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); + VXStringList vXStringList = xUserMgr.setUserRolesByName(userProfile.getLoginId(), vStringRolesList); + Assert.assertNotNull(vXStringList); xUserMgr.setUserRolesByName(null, vStringRolesList); } @@ -1876,9 +1864,7 @@ public void test41setUserRolesByName() { public void test42getUserRolesByExternalID() { destroySession(); setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); VXUser vXUser = vxUser(); - VXPortalUser userProfile = userProfile(); List vStringRolesList = new ArrayList(); VXString vXStringObj = new VXString(); vXStringObj.setValue("ROLE_USER"); @@ -1898,10 +1884,7 @@ public void test42getUserRolesByExternalID() { List groupPermList = new ArrayList(); VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); - Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile); List permissionList = new ArrayList(); permissionList.add(RangerConstants.MODULE_USER_GROUPS); @@ -1913,11 +1896,8 @@ public void test42getUserRolesByExternalID() { loggedInUser.setName("testuser"); loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); - - XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao); - Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList); - + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXStringList vXStringList = xUserMgr.getUserRolesByExternalID(userId); Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("Please provide a valid ID",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); @@ -1930,9 +1910,7 @@ public void test42getUserRolesByExternalID() { public void test43getUserRolesByExternalID() { destroySession(); setup(); - XXPortalUserRoleDao xPortalUserRoleDao = Mockito.mock(XXPortalUserRoleDao.class); VXUser vXUser = vxUser(); - VXPortalUser userProfile = userProfile(); List vStringRolesList = new ArrayList(); VXString vXStringObj = new VXString(); vXStringObj.setValue("ROLE_USER"); @@ -1952,10 +1930,7 @@ public void test43getUserRolesByExternalID() { List groupPermList = new ArrayList(); VXGroupPermission groupPermission = vxGroupPermission(); groupPermList.add(groupPermission); - Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); - Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); Mockito.when(xUserMgr.getXUser(userId)).thenReturn(vXUser); - Mockito.when(userMgr.getUserProfileByLoginId(vXUser.getName())).thenReturn(userProfile); List permissionList = new ArrayList(); permissionList.add(RangerConstants.MODULE_USER_GROUPS); @@ -1967,11 +1942,8 @@ public void test43getUserRolesByExternalID() { loggedInUser.setName("testuser"); loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); - - XXModuleDefDao mockxxModuleDefDao = Mockito.mock(XXModuleDefDao.class); - Mockito.when(daoManager.getXXModuleDef()).thenReturn(mockxxModuleDefDao); - Mockito.when(mockxxModuleDefDao.findAccessibleModulesByUserId(8L, 8L)).thenReturn(permissionList); - + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); + thrown.expect(WebApplicationException.class); VXStringList vXStringList = xUserMgr.getUserRolesByExternalID(userId); Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("User ID doesn't exist.",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); @@ -2011,6 +1983,15 @@ public void test44getUserRolesByName() { Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("admin"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); + VXUser testuser = vxUser(); + Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(testuser); VXStringList vXStringList = xUserMgr.getUserRolesByName(userProfile.getLoginId()); Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("Please provide a valid userName",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); @@ -2050,6 +2031,15 @@ public void test45getUserRolesByName() { Mockito.when(daoManager.getXXPortalUserRole()).thenReturn(xPortalUserRoleDao); Mockito.when(xPortalUserRoleDao.findByUserId(userId)).thenReturn(xPortalUserRoleList); Mockito.when(userMgr.getUserProfileByLoginId(userProfile.getLoginId())).thenReturn(userProfile); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("admin"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); + VXUser testuser = vxUser(); + Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(testuser); VXStringList vXStringList = xUserMgr.getUserRolesByName(userProfile.getLoginId()); Assert.assertNotNull(vXStringList); Mockito.when(restErrorUtil.createRESTException("Please provide a valid userName",MessageEnums.INVALID_INPUT_DATA)).thenThrow(new WebApplicationException()); @@ -2077,10 +2067,6 @@ public void test47searchXUsers() { testSearchCriteria.addParam("name", userName); Mockito.when(xUserService.getXUserByUserName(userName)).thenReturn(vxUser); Mockito.when(xUserService.searchXUsers(testSearchCriteria)).thenReturn(vXUserListSort); - VXGroupUserList vxGroupUserList = vxGroupUserList(); - Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList); - VXGroup group = vxGroup(); - Mockito.when(xGroupService.readResource(Mockito.anyLong())).thenReturn(group); VXUserList dbVXUserList = xUserMgr.searchXUsers(testSearchCriteria); Assert.assertNotNull(dbVXUserList); testSearchCriteria.addParam("isvisible", "true"); @@ -2477,10 +2463,6 @@ public void test63searchXUsers_Cases() { testSearchCriteria.addParam("name", userName); Mockito.when(xUserService.getXUserByUserName(userName)).thenReturn(vxUser); Mockito.when(xUserService.searchXUsers(testSearchCriteria)).thenReturn(vXUserListSort); - VXGroupUserList vxGroupUserList = vxGroupUserList(); - Mockito.when(xGroupUserService.searchXGroupUsers((SearchCriteria) Mockito.any())).thenReturn(vxGroupUserList); - VXGroup vXGroup = vxGroup(); - Mockito.when(xGroupService.readResource(Mockito.anyLong())).thenReturn(vXGroup); VXUserList dbVXUserList = xUserMgr.searchXUsers(testSearchCriteria); Assert.assertNotNull(dbVXUserList); testSearchCriteria.addParam("isvisible", "true"); @@ -2647,6 +2629,13 @@ public void test72UpdateXUser() { UserSessionBase userSession = Mockito.mock(UserSessionBase.class); Set userSessions = new HashSet(); userSessions.add(userSession); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("testuser"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); VXUser dbvxUser = xUserMgr.updateXUser(vxUser); Assert.assertNotNull(dbvxUser); Assert.assertEquals(dbvxUser.getId(), vxUser.getId()); @@ -2777,18 +2766,25 @@ public void test77updateUserRolesPermissions() { public void test78checkAccess() { destroySession(); setupUser(); + VXUser vxUser = vxUser(); Mockito.when(restErrorUtil.create403RESTException(Mockito.anyString())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); - xUserMgr.checkAccess("testuser2"); + xUserMgr.checkAccess(vxUser); } @Test public void test79checkAccess() { destroySession(); + VXUser vxUser = vxUser(); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("admin"); + loggedInUser.setUserRoleList(loggedInUserRole); Mockito.when(restErrorUtil.generateRESTException((VXResponse)Mockito.any())).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); - VXPortalUser vXPortalUser = userProfile(); - xUserMgr.checkAccess(vXPortalUser.getLoginId()); + xUserMgr.checkAccess(vxUser); } @Test @@ -3396,7 +3392,7 @@ public void test101getAdminUserDetailsWithUserHavingUSER_ROLE() { vxUser.setUserSource(RangerCommonEnums.USER_UNIX); Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser); Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser); - Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.getXUser(5L); } @@ -3431,7 +3427,7 @@ public void test102getKeyAdminUserDetailsWithUserHavingUSER_ROLE() { vxUser.setUserSource(RangerCommonEnums.USER_UNIX); Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser); Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser); - Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.getXUser(5L); } @@ -3466,7 +3462,7 @@ public void test103getAdminAuditorUserDetailsWithUserHavingUSER_ROLE() { vxUser.setUserSource(RangerCommonEnums.USER_UNIX); Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser); Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser); - Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.getXUser(5L); } @@ -3501,7 +3497,7 @@ public void test104getKeyAdminAuditorUserDetailsWithUserHavingUSER_ROLE() { vxUser.setUserSource(RangerCommonEnums.USER_UNIX); Mockito.when(xUserService.readResourceWithOutLogin(5L)).thenReturn(vxUser); Mockito.when(xUserService.getXUserByUserName("testuser")).thenReturn(loggedInUser); - Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.getXUser(5L); } @@ -3546,7 +3542,7 @@ public void test105getUserDetailsOfItsOwn() { Assert.assertNotNull(expectedVXUser); Assert.assertEquals(expectedVXUser.getName(), vxUser.getName()); destroySession(); - Mockito.when(restErrorUtil.create403RESTException("Logged-In user is not allowed to access requested user data.")).thenThrow(new WebApplicationException()); + Mockito.when(restErrorUtil.createRESTException(HttpServletResponse.SC_FORBIDDEN, "Logged-In user is not allowed to access requested user data", true)).thenThrow(new WebApplicationException()); thrown.expect(WebApplicationException.class); xUserMgr.getXUser(8L); } @@ -3863,6 +3859,14 @@ public void test111CreateOrUpdateXUsers() { Mockito.when(xUserPermissionDao.findByModuleIdAndPortalUserId(null, null)).thenReturn(xUserPermissionObj); Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); Mockito.when(xUserPermissionService.updateResource((VXUserPermission) Mockito.any())).thenReturn(userPermission); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(xXPortalUserDao); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("testuser"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); int createdOrUpdatedUserCount = xUserMgr.createOrUpdateXUsers(users); Assert.assertEquals(createdOrUpdatedUserCount, 1); } @@ -3923,6 +3927,14 @@ public void test112CreateOrUpdateXUsers() { Mockito.when(xUserService.createResource((VXUser) Mockito.any())).thenReturn(vXUser); Mockito.when(xUserPermissionService.populateViewBean(xUserPermissionObj)).thenReturn(userPermission); Mockito.when(xUserPermissionService.updateResource((VXUserPermission) Mockito.any())).thenReturn(userPermission); + Mockito.when(daoManager.getXXPortalUser()).thenReturn(userDao); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("testuser"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); xUserMgr.createOrUpdateXUsers(users); vXUser.setPassword("*****"); @@ -3974,6 +3986,13 @@ public void test113CreateOrUpdateXUsers() { xUserPermissionObj.setUserId(userId); xUserPermissionsList.add(xUserPermissionObj); Mockito.when(xUserPermissionDao.findByUserPermissionId(vXPortalUser.getId())).thenReturn(xUserPermissionsList); + VXUser loggedInUser = vxUser(); + List loggedInUserRole = new ArrayList(); + loggedInUserRole.add(RangerConstants.ROLE_SYS_ADMIN); + loggedInUser.setId(8L); + loggedInUser.setName("testuser"); + loggedInUser.setUserRoleList(loggedInUserRole); + Mockito.when(xUserService.getXUserByUserName("admin")).thenReturn(loggedInUser); xUserMgr.createOrUpdateXUsers(users); vXUserList.clear(); vXUser.setUserSource(RangerCommonEnums.USER_APP); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java index fa14d93f91..20e9bc2e12 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestAssetREST.java @@ -18,8 +18,6 @@ import static org.junit.Assert.fail; -import java.io.File; -import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Arrays; import java.util.Date; @@ -29,8 +27,6 @@ import javax.servlet.http.HttpServletRequest; import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; import org.apache.commons.lang.StringUtils; import org.apache.ranger.admin.client.datatype.RESTResponse; @@ -51,17 +47,9 @@ import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyItemCondition; import org.apache.ranger.plugin.model.RangerPolicy.RangerPolicyResource; import org.apache.ranger.plugin.model.RangerService; -import org.apache.ranger.plugin.model.RangerServiceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerAccessTypeDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerContextEnricherDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerEnumDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerPolicyConditionDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerResourceDef; -import org.apache.ranger.plugin.model.RangerServiceDef.RangerServiceConfigDef; import org.apache.ranger.plugin.store.EmbeddedServiceDefsUtil; import org.apache.ranger.plugin.util.GrantRevokeRequest; import org.apache.ranger.plugin.util.SearchFilter; -import org.apache.ranger.plugin.util.ServicePolicies; import org.apache.ranger.service.XAccessAuditService; import org.apache.ranger.service.XAssetService; import org.apache.ranger.service.XCredentialStoreService; @@ -256,47 +244,6 @@ private RangerPolicy rangerPolicy(Long id) { return policy; } - private RangerServiceDef rangerServiceDef() { - List configs = new ArrayList(); - List resources = new ArrayList(); - List accessTypes = new ArrayList(); - List policyConditions = new ArrayList(); - List contextEnrichers = new ArrayList(); - List enums = new ArrayList(); - - RangerServiceDef rangerServiceDef = new RangerServiceDef(); - rangerServiceDef.setId(Id); - rangerServiceDef.setImplClass("RangerServiceHdfs"); - rangerServiceDef.setLabel("HDFS Repository"); - rangerServiceDef.setDescription("HDFS Repository"); - rangerServiceDef.setRbKeyDescription(null); - rangerServiceDef.setUpdatedBy("Admin"); - rangerServiceDef.setUpdateTime(new Date()); - rangerServiceDef.setConfigs(configs); - rangerServiceDef.setResources(resources); - rangerServiceDef.setAccessTypes(accessTypes); - rangerServiceDef.setPolicyConditions(policyConditions); - rangerServiceDef.setContextEnrichers(contextEnrichers); - rangerServiceDef.setEnums(enums); - - return rangerServiceDef; - } - - private ServicePolicies servicePolicies() { - RangerPolicy rangerPolicy = rangerPolicy(Id); - RangerServiceDef rangerServiceDef = rangerServiceDef(); - ServicePolicies servicePolicies = new ServicePolicies(); - List policies = new ArrayList(); - policies.add(rangerPolicy); - servicePolicies.setServiceId(Id); - servicePolicies.setServiceName("Hdfs_1"); - servicePolicies.setPolicyVersion(1L); - servicePolicies.setPolicyUpdateTime(new Date()); - servicePolicies.setServiceDef(rangerServiceDef); - servicePolicies.setPolicies(policies); - return servicePolicies; - } - private VXPolicy vXPolicy(RangerPolicy policy, RangerService service) { VXPolicy ret = new VXPolicy(); ret.setPolicyName(StringUtils.trim(policy.getName())); @@ -639,73 +586,6 @@ public void testCountXCredentialStores() { Mockito.verify(assetMgr).getXCredentialStoreSearchCount(searchCriteria); } - @Test - public void testGetXResourceFile() { - File file = new File("testGetXResource"); - Response expectedResponse = Response.ok(file, MediaType.APPLICATION_OCTET_STREAM) - .header("Content-Disposition", "attachment;filename=" + file.getName()).build(); - VXResource vxResource = vxResource(Id); - Mockito.when( - searchUtil.extractString((HttpServletRequest) Mockito.any(), (SearchCriteria) Mockito.any(), - (String) Mockito.any(), (String) Mockito.any(), (String) Mockito.any())) - .thenReturn("json"); - Mockito.when(assetREST.getXResource(Id)).thenReturn(vxResource); - Mockito.when(assetMgr.getXResourceFile(vxResource, "json")).thenReturn(file); - Response reponse = assetREST.getXResourceFile(request, Id); - Assert.assertEquals(expectedResponse.getStatus(), reponse.getStatus()); - Mockito.verify(assetMgr).getXResourceFile(vxResource, "json"); - Mockito.verify(searchUtil).extractString((HttpServletRequest) Mockito.any(), - (SearchCriteria) Mockito.any(), (String) Mockito.any(), (String) Mockito.any(), - (String) Mockito.any()); - } - - @Test - public void testGetResourceJSON() { - RangerService rangerService = rangerService(Id); - String file = "testGetResourceJSON"; - VXAsset vXAsset = vXAsset(Id); - Date date = new Date(); - String strdt = date.toString(); - X509Certificate[] certchain = new X509Certificate[1]; - certchain[0] = Mockito.mock(X509Certificate.class); - ServicePolicies servicePolicies = servicePolicies(); - RangerPolicy rangerPolicy = rangerPolicy(Id); - List policies = new ArrayList(); - policies.add(rangerPolicy); - Mockito.when(request.getParameter("epoch")).thenReturn(strdt); - Mockito.when(request.getAttribute("javax.servlet.request.X509Certificate")).thenReturn(certchain); - Mockito.when(request.getHeader("X-FORWARDED-FOR")).thenReturn("valid"); - Mockito.when(request.isSecure()).thenReturn(true); - Mockito.when(request.getParameter("policyCount")).thenReturn("4"); - Mockito.when(request.getParameter("agentId")).thenReturn("12"); - // Mockito.when(PropertiesUtil.getBooleanProperty("ranger.service.http.enabled",true)).thenReturn(true); - try { - Mockito.when(serviceREST.getServicePoliciesIfUpdated(Mockito.anyString(), Mockito.anyLong(), - Mockito.anyLong(), Mockito.anyString(), Mockito.anyString() , Mockito.anyString() , Mockito.anyBoolean(), Mockito.anyString(), (HttpServletRequest) Mockito.any())) - .thenReturn(servicePolicies); - } catch (Exception e) { - fail("test failed due to: " + e.getMessage()); - } - Mockito.when(serviceUtil.getServiceByName("hdfs_dev")).thenReturn(rangerService); - Mockito.when(serviceUtil.toVXAsset(rangerService)).thenReturn(vXAsset); - Mockito.when(assetMgr.getLatestRepoPolicy((VXAsset) Mockito.any(), Mockito.anyList(), Mockito.anyLong(), - (X509Certificate[]) Mockito.any(), Mockito.anyBoolean(), Mockito.anyString(), Mockito.anyString(), - Mockito.anyBoolean(), Mockito.anyString(), Mockito.anyString())).thenReturn(file); - String actualFile = assetREST.getResourceJSON(request, "hdfs_dev"); - Assert.assertEquals(file, actualFile); - Mockito.verify(serviceUtil).getServiceByName("hdfs_dev"); - Mockito.verify(serviceUtil).toVXAsset(rangerService); - Mockito.verify(request).getParameter("epoch"); - Mockito.verify(request).getAttribute("javax.servlet.request.X509Certificate"); - Mockito.verify(request).getHeader("X-FORWARDED-FOR"); - Mockito.verify(request).isSecure(); - Mockito.verify(request).getParameter("policyCount"); - Mockito.verify(request).getParameter("agentId"); - Mockito.verify(assetMgr).getLatestRepoPolicy((VXAsset) Mockito.any(), Mockito.anyList(), - Mockito.anyLong(), (X509Certificate[]) Mockito.any(), Mockito.anyBoolean(), Mockito.anyString(), - Mockito.anyString(), Mockito.anyBoolean(), Mockito.anyString(), Mockito.anyString()); - } - @Test public void testSearchXPolicyExportAudits() { SearchCriteria searchCriteria = new SearchCriteria(); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java index 3978fab1b1..175af395f5 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestRoleREST.java @@ -238,6 +238,7 @@ public void test7GetAllRoles(){ RangerRoleList rangerRoleList = new RangerRoleList(); Mockito.when(searchUtil.getSearchFilter(Mockito.any(HttpServletRequest.class), eq(roleService.sortFields))). thenReturn(Mockito.mock(SearchFilter.class)); + Mockito.when(bizUtil.isUserRangerAdmin(Mockito.anyString())).thenReturn(true); RangerRoleList returnedRangerRoleList = roleRest.getAllRoles(Mockito.mock(HttpServletRequest.class)); Assert.assertNotNull(returnedRangerRoleList); Assert.assertEquals(returnedRangerRoleList.getListSize(), rangerRoleList.getListSize()); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java index 40de07150a..15011a34ac 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestServiceREST.java @@ -1285,10 +1285,9 @@ public void test32getPolicyVersionList() throws Exception { @Test public void test33getPolicyForVersionNumber() throws Exception { RangerPolicy rangerPolicy = rangerPolicy(); - Mockito.when(svcStore.getPolicyForVersionNumber(Id, 1)).thenReturn( - rangerPolicy); - RangerPolicy dbRangerPolicy = serviceREST.getPolicyForVersionNumber(Id, - 1); + Mockito.when(svcStore.getPolicyForVersionNumber(Id, 1)).thenReturn(rangerPolicy); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); + RangerPolicy dbRangerPolicy = serviceREST.getPolicyForVersionNumber(Id, 1); Assert.assertNotNull(dbRangerPolicy); Mockito.verify(svcStore).getPolicyForVersionNumber(Id, 1); } @@ -2290,7 +2289,7 @@ public void test63getServices() throws Exception{ } public void mockValidateGrantRevokeRequest(){ - Mockito.when(userMgr.getXUserByUserName(Mockito.anyString())).thenReturn(Mockito.mock(VXUser.class)); + Mockito.when(xUserService.getXUserByUserName(Mockito.anyString())).thenReturn(Mockito.mock(VXUser.class)); Mockito.when(userMgr.getGroupByGroupName(Mockito.anyString())).thenReturn(Mockito.mock(VXGroup.class)); Mockito.when(daoManager.getXXRole().findByRoleName(Mockito.anyString())).thenReturn(Mockito.mock(XXRole.class)); } @@ -2779,6 +2778,7 @@ public void test80GetPolicyByNameAndServiceNameWithZoneName() throws Exception { Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao); Mockito.when(daoManager.getXXPolicy().findPolicy(policyName,serviceName,zoneName)).thenReturn(xxPolicy); Mockito.when(policyService.getPopulatedViewObject(xxPolicy)).thenReturn(rangerPolicy); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); RangerPolicy dbRangerPolicy = serviceREST.getPolicyByName(serviceName, policyName, zoneName); Assert.assertNotNull(dbRangerPolicy); Assert.assertEquals(dbRangerPolicy, rangerPolicy); @@ -2797,6 +2797,7 @@ public void test81GetPolicyByNameAndServiceNameWithZoneNameIsNull() throws Excep Mockito.when(daoManager.getXXPolicy()).thenReturn(xXPolicyDao); Mockito.when(daoManager.getXXPolicy().findPolicy(policyName,serviceName,null)).thenReturn(xxPolicy); Mockito.when(policyService.getPopulatedViewObject(xxPolicy)).thenReturn(rangerPolicy); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); RangerPolicy dbRangerPolicy = serviceREST.getPolicyByName(serviceName, policyName, null); Assert.assertNotNull(dbRangerPolicy); Assert.assertEquals(dbRangerPolicy, rangerPolicy); diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java index 7165a304da..34122dd799 100755 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestTagREST.java @@ -499,10 +499,12 @@ public void test15getAllTagDefs() { @Test public void test16getTagTypes(){ + boolean isAdmin = true; List ret = new ArrayList(); ret.add(name); try { + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); Mockito.when(tagStore.getTagTypes()).thenReturn(ret); } catch (Exception e) { } @@ -760,6 +762,7 @@ public void test25getTagsByType() { @Test public void test26getAllTags() { + boolean isAdmin = true; List ret = new ArrayList(); RangerTag rangerTag = new RangerTag(); rangerTag.setId(id); @@ -767,6 +770,7 @@ public void test26getAllTags() { ret.add(rangerTag); try { + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); Mockito.when(tagStore.getTags((SearchFilter)Mockito.any())).thenReturn(ret); } catch (Exception e) { } @@ -784,9 +788,10 @@ public void test26getAllTags() { @Test public void test60getAllTags() { + boolean isAdmin = true; List ret = new ArrayList(); - try { + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); Mockito.when(tagStore.getTags((SearchFilter)Mockito.any())).thenReturn(ret); } catch (Exception e) { } @@ -1118,6 +1123,7 @@ public void test36getServiceResourceByServiceAndResourceSignature() { @Test public void test37getAllServiceResources() { + boolean isAdmin = true; List ret = new ArrayList(); RangerServiceResource rangerServiceResource = new RangerServiceResource(); rangerServiceResource.setId(id); @@ -1125,6 +1131,7 @@ public void test37getAllServiceResources() { ret.add(rangerServiceResource); try { + Mockito.when(bizUtil.isAdmin()).thenReturn(isAdmin); Mockito.when(tagStore.getServiceResources((SearchFilter)Mockito.any())).thenReturn(ret); } catch (Exception e) { } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java index cb2ccc47c8..4af1769763 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestUserREST.java @@ -401,7 +401,7 @@ public void test16ChangePassword() { Mockito.verify(daoManager).getXXPortalUser(); Mockito.verify(xxPortalUserDao).getById(userId); - Mockito.verify(userManager).checkAccessForUpdate(xxPUser); + Mockito.verify(userManager).checkAccess(xxPUser); Mockito.verify(userManager).changePassword(vxPasswordChange); } @@ -440,7 +440,7 @@ public void test18ChangeEmailAddress() { Mockito.verify(daoManager).getXXPortalUser(); Mockito.verify(xxPortalUserDao).getById(userId); - Mockito.verify(userManager).checkAccessForUpdate(xxPUser); + Mockito.verify(userManager).checkAccess(xxPUser); Mockito.verify(userManager).changeEmailAddress(xxPUser, changeEmail); } diff --git a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java index 74744e6cff..5b478489cf 100644 --- a/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java +++ b/security-admin/src/test/java/org/apache/ranger/rest/TestXUserREST.java @@ -59,8 +59,6 @@ import org.apache.ranger.view.VXAuthSession; import org.apache.ranger.view.VXAuthSessionList; import org.apache.ranger.view.VXGroup; -import org.apache.ranger.view.VXGroupGroup; -import org.apache.ranger.view.VXGroupGroupList; import org.apache.ranger.view.VXGroupList; import org.apache.ranger.view.VXGroupPermission; import org.apache.ranger.view.VXGroupPermissionList; @@ -147,8 +145,6 @@ public class TestXUserREST { @Mock VXGroupUser vXGroupUser; @Mock XGroupUserService xGroupUserService; @Mock VXGroupUserList vXGroupUserList; - @Mock VXGroupGroup vXGroupGroup; - @Mock VXGroupGroupList vXGroupGroupList; @Mock XGroupGroupService xGroupGroupService; @Mock VXPermMap vXPermMap; @Mock RESTErrorUtil restErrorUtil; @@ -647,92 +643,6 @@ public void test31countXGroupUserst() { assertEquals(testvxLong.getClass(),vXLong.getClass()); } @Test - public void test32getXGroupGroup() { - VXGroupGroup compareTestVXGroup=createVXGroupGroup(); - - Mockito.when(xUserMgr.getXGroupGroup(id)).thenReturn(compareTestVXGroup); - VXGroupGroup retVxGroup= xUserRest.getXGroupGroup(id); - - assertNotNull(retVxGroup); - assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass()); - assertEquals(compareTestVXGroup.getId(),retVxGroup.getId()); - Mockito.verify(xUserMgr).getXGroupGroup(id); - } @Test - public void test33createXGroupGroup() { - VXGroupGroup compareTestVXGroup=createVXGroupGroup(); - - Mockito.when(xUserMgr.createXGroupGroup(compareTestVXGroup)).thenReturn(compareTestVXGroup); - VXGroupGroup retVxGroup= xUserRest.createXGroupGroup(compareTestVXGroup); - - assertNotNull(retVxGroup); - assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass()); - assertEquals(compareTestVXGroup.getId(),retVxGroup.getId()); - Mockito.verify(xUserMgr).createXGroupGroup(compareTestVXGroup); - } - @Test - public void test34updateXGroupGroup() { - VXGroupGroup compareTestVXGroup=createVXGroupGroup(); - - Mockito.when(xUserMgr.updateXGroupGroup(compareTestVXGroup)).thenReturn(compareTestVXGroup); - VXGroupGroup retVxGroup= xUserRest.updateXGroupGroup(compareTestVXGroup); - - assertNotNull(retVxGroup); - assertEquals(compareTestVXGroup.getClass(),retVxGroup.getClass()); - assertEquals(compareTestVXGroup.getId(),retVxGroup.getId()); - Mockito.verify(xUserMgr).updateXGroupGroup(compareTestVXGroup); - } - @Test - public void test35deleteXGroupGroup() { - boolean forceDelete = false; - - Mockito.doNothing().when(xUserMgr).deleteXGroupGroup(id, forceDelete); - xUserRest.deleteXGroupGroup(id,request); - Mockito.verify(xUserMgr).deleteXGroupGroup(id,forceDelete); - } - @SuppressWarnings("unchecked") - @Test - public void test36searchXGroupGroups() { - VXGroupGroupList testvXGroupGroupList=new VXGroupGroupList(); - VXGroupGroup testVXGroup=createVXGroupGroup(); - List testVXGroupGroups= new ArrayList(); - testVXGroupGroups.add(testVXGroup); - testvXGroupGroupList.setVXGroupGroups(testVXGroupGroups); - - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - SearchCriteria testSearchCriteria=createsearchCriteria(); - - Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any() ,(List)Mockito.any())).thenReturn(testSearchCriteria); - - Mockito.when(xUserMgr.searchXGroupGroups(testSearchCriteria)).thenReturn(testvXGroupGroupList); - VXGroupGroupList outputvXGroupGroupList=xUserRest.searchXGroupGroups(request); - - Mockito.verify(xUserMgr).searchXGroupGroups(testSearchCriteria); - Mockito.verify(searchUtil).extractCommonCriterias((HttpServletRequest)Mockito.any() ,(List)Mockito.any()); - - assertNotNull(outputvXGroupGroupList); - assertEquals(outputvXGroupGroupList.getClass(),testvXGroupGroupList.getClass()); - assertEquals(outputvXGroupGroupList.getResultSize(),testvXGroupGroupList.getResultSize()); - } - @SuppressWarnings("unchecked") - @Test - public void test37countXGroupGroups() { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - SearchCriteria testSearchCriteria=createsearchCriteria(); - - Mockito.when(searchUtil.extractCommonCriterias((HttpServletRequest)Mockito.any() ,(List)Mockito.any())).thenReturn(testSearchCriteria); - - vXLong.setValue(1); - - Mockito.when(xUserMgr.getXGroupGroupSearchCount(testSearchCriteria)).thenReturn(vXLong); - VXLong testvxLong=xUserRest.countXGroupGroups(request); - Mockito.verify(xUserMgr).getXGroupGroupSearchCount(testSearchCriteria); - Mockito.verify(searchUtil).extractCommonCriterias((HttpServletRequest)Mockito.any() ,(List)Mockito.any()); - - assertNotNull(testvxLong); - assertEquals(testvxLong.getClass(),vXLong.getClass()); - assertEquals(testvxLong.getValue(),vXLong.getValue()); - } - @Test public void test38getXPermMapVXResourceNull() throws Exception{ VXPermMap permMap = testcreateXPermMap(); @@ -2181,17 +2091,7 @@ private VXGroupUser createVXGroupUser(){ testVXGroupUser.setUserId(id); return testVXGroupUser; } - private VXGroupGroup createVXGroupGroup() { - VXGroupGroup testVXGroupGroup= new VXGroupGroup(); - testVXGroupGroup.setName("testGroup"); - testVXGroupGroup.setCreateDate(new Date()); - testVXGroupGroup.setUpdateDate(new Date()); - testVXGroupGroup.setUpdatedBy("Admin"); - testVXGroupGroup.setOwner("Admin"); - testVXGroupGroup.setId(id); - testVXGroupGroup.setParentGroupId(id); - return testVXGroupGroup; - } + private VXPermMap testcreateXPermMap(){ VXPermMap testVXPermMap= new VXPermMap(); testVXPermMap.setCreateDate(new Date());