[ranger] branch master updated: RANGER-4250: fixed getRoles() REST API to handle missing execUser parameter

[madhan]

This is an automated email from the ASF dual-hosted git repository.

madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git


The following commit(s) were added to refs/heads/master by this push:
     new c001652a4 RANGER-4250: fixed getRoles() REST API to handle missing 
execUser parameter
c001652a4 is described below

commit c001652a4a0b5e957c343af00934b7f79e085e11
Author: Ramachandran Krishnan <ramac...@gmail.com>
AuthorDate: Tue May 23 22:22:24 2023 +0530

    RANGER-4250: fixed getRoles() REST API to handle missing execUser parameter
    
    Signed-off-by: Madhan Neethiraj <mad...@apache.org>
---
 .../src/main/java/org/apache/ranger/rest/RoleREST.java       | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java 
b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
index 4f0edd2b0..7fb7d9c79 100644
--- a/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
+++ b/security-admin/src/main/java/org/apache/ranger/rest/RoleREST.java
@@ -286,11 +286,14 @@ public class RoleREST {
     @Produces({ "application/json" })
     public RangerRole getRole(@QueryParam("serviceName") String serviceName, 
@QueryParam("execUser") String execUser, @PathParam("name") String roleName) {
         if (LOG.isDebugEnabled()) {
-            LOG.debug("==> getRole(name=" + roleName + ")");
+            LOG.debug("==> getRole(name=" + roleName + ", execUser=" + 
execUser + ")");
         }
         RangerRole ret;
+
         try {
-            ret = getRoleIfAccessible(roleName, serviceName, execUser, 
userMgr.getGroupsForUser(execUser));
+            Set<String> userGroups = StringUtils.isNotEmpty(execUser) ? 
userMgr.getGroupsForUser(execUser) : new HashSet<>();
+
+            ret = getRoleIfAccessible(roleName, serviceName, execUser, 
userGroups);
             if (ret == null) {
                 throw restErrorUtil.createRESTException("User doesn't have 
permissions to get details for " + roleName);
             }
@@ -298,12 +301,11 @@ public class RoleREST {
         } catch(WebApplicationException excp) {
             throw excp;
         } catch(Throwable excp) {
-            LOG.error("getRole(" + roleName + ") failed", excp);
-
+            LOG.error("getRole(name=" + roleName + ", execUser=" + execUser + 
") failed", excp);
             throw restErrorUtil.createRESTException(excp.getMessage());
         }
         if (LOG.isDebugEnabled()) {
-            LOG.debug("<== getRole(name=" + roleName + "):" + ret);
+            LOG.debug("<== getRole(name=" + roleName + ", execUser=" + 
execUser + "):" + ret);
         }
         return ret;
     }