This is an automated email from the ASF dual-hosted git repository. dineshkumar pushed a commit to branch ranger-2.6 in repository https://gitbox.apache.org/repos/asf/ranger.git
commit bfcdd19601c60fd16f0f53ad9c5e866b573246ae Author: Rakesh Gupta <[email protected]> AuthorDate: Mon Jan 13 19:46:40 2025 +0530 RANGER-4875: Improve API /api/zones/{zoneId}/service-headers to filter services based on zone module access. Signed-off-by: Dineshkumar Yadav <[email protected]> --- .../src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java | 6 ++++++ .../src/main/java/org/apache/ranger/rest/SecurityZoneREST.java | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java index 4d829619b..f02036744 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java @@ -27,6 +27,7 @@ import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang.StringUtils; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; +import org.apache.ranger.common.RangerConstants; import org.apache.ranger.db.RangerDaoManager; import org.apache.ranger.entity.XXSecurityZone; import org.apache.ranger.entity.XXService; @@ -43,6 +44,7 @@ import org.apache.ranger.plugin.store.PList; import org.apache.ranger.plugin.store.SecurityZonePredicateUtil; import org.apache.ranger.plugin.store.SecurityZoneStore; import org.apache.ranger.plugin.util.SearchFilter; +import org.apache.ranger.rest.SecurityZoneREST; import org.apache.ranger.service.RangerBaseModelService; import org.apache.ranger.service.RangerSecurityZoneServiceService; import org.slf4j.Logger; @@ -240,6 +242,10 @@ public class SecurityZoneDBStore implements SecurityZoneStore { } public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId, HttpServletRequest request) { + if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) { + throw restErrorUtil.createRESTException(SecurityZoneREST.STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION); + } + String namePrefix = request.getParameter(SearchFilter.SERVICE_NAME_PREFIX); boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java index 3a010ceec..a999b0843 100644 --- a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java +++ b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java @@ -91,7 +91,7 @@ import org.springframework.transaction.annotation.Transactional; @Transactional(propagation = Propagation.REQUIRES_NEW) public class SecurityZoneREST { private static final Logger LOG = LoggerFactory.getLogger(SecurityZoneREST.class); - private static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s)."; + public static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s)."; private static final String ERR_ANOTHER_SEC_ZONE_OPER_IN_PROGRESS = "Another security zone operation is already in progress"; @Autowired
