This is an automated email from the ASF dual-hosted git repository.
madhan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ranger.git
The following commit(s) were added to refs/heads/master by this push:
new b97073eba RANGER-4288: user with ROLE_ADMIN_AUDITOR not able to view
zone policy
b97073eba is described below
commit b97073eba4951012313218efb9c4e92e9abf14c8
Author: Madhan Neethiraj <[email protected]>
AuthorDate: Thu Jun 15 08:29:18 2023 -0700
RANGER-4288: user with ROLE_ADMIN_AUDITOR not able to view zone policy
---
security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
index be360a66e..7e071ba0e 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/ServiceMgr.java
@@ -550,12 +550,15 @@ public class ServiceMgr {
if (rangerRoles != null) {
RangerRolesUtil rolesUtil = new
RangerRolesUtil(rangerRoles);
+ Set<String> userRoles =
rolesUtil.getUserRoleMapping().get(userId);
- ret = CollectionUtils.containsAny(roles,
rolesUtil.getUserRoleMapping().get(userId));
+ ret = userRoles != null &&
CollectionUtils.containsAny(roles, userRoles);
if (!ret && userGroups != null) {
for (String userGroup : userGroups) {
- ret =
CollectionUtils.containsAny(roles,
rolesUtil.getGroupRoleMapping().get(userGroup));
+ Set<String> groupRoles =
rolesUtil.getGroupRoleMapping().get(userGroup);
+
+ ret = groupRoles != null &&
CollectionUtils.containsAny(roles, groupRoles);
if (ret) {
break;
