----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/54965/#review160067 -----------------------------------------------------------
Ship it! Ship It! - Gautam Borad On Dec. 22, 2016, 6 a.m., Pradeep Agrawal wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/54965/ > ----------------------------------------------------------- > > (Updated Dec. 22, 2016, 6 a.m.) > > > Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay > Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, > and Velmurugan Periasamy. > > > Bugs: RANGER-1213 > https://issues.apache.org/jira/browse/RANGER-1213 > > > Repository: ranger > > > Description > ------- > > ** Problem Statement :** The following curl command goes through ok but the > role is misspelled and as result the user disappears from the UI's user list: > %curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" -H > "Content-Type: application/json" > http://localhost:6080/service/xusers/secure/users/4 -d@hive_user.role_sys_adm > where the file of hive_user.role_sys_adm has the following contents: > {"id":4,"name":"hive","firstName":"hive","lastName":"hive","description":"hive > - add from Unix > box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]} > The issue is that XUserMgr.updateXUser does not check the validity of the > roles passed from client. > > ** Proposed Solution :** Provided user role will be validated in user > create/update call; if user will be having valid role then only create/update > call will be processed. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java 9885090 > > Diff: https://reviews.apache.org/r/54965/diff/ > > > Testing > ------- > > ** Steps performed(with patch) :** > Installed and started Ranger admin. > **Case-1 : User create request should fail if its having invalid role.** > 1. Tried to create a user with invalid role : > Request : curl -u admin:admin -v -i -s -X POST -H "Accept: application/json" > -H "Content-Type: application/json" > http://localhost:6080/service/xusers/secure/users -d > '{"name":"hive1","firstName":"hive1","lastName":"hive1","description":"hive - > add from Unix > box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]}' > > Expected Behaviour : User creation should fail with proper error message. > Actual Behaviour : User creation failed with following response code and > message. > **Response :** > HTTP/1.1 400 Bad Request > {"statusCode":1,"msgDesc":"Invalid user role, please provide valid user > role.","messageList":[{"name":"INVALID_INPUT_DATA","rbKey":"xa.validation.invalid_input_data","message":"Invalid > input data"}] > > **Case-2 : User update request should fail if its having invalid role. ** > 1. Created user 'hive2' with user role. > 2. Tried to update user 'hive2' role with an invalid role. > > Request : curl -u admin:admin -v -i -s -X PUT -H "Accept: application/json" > -H "Content-Type: application/json" > http://localhost:6080/service/xusers/secure/users/81 -d > '{"id":81,"name":"hive2","firstName":"hive2","lastName":"hive2","description":"hive2 > - add from Unix > box","status":1,"isVisible":1,"userSource":1,"userRoleList":["ROLE_SYS_ADM"]}' > > Expected Behaviour : User role update request should fail with proper error > message. > Actual Behaviour : User role update request failed with following response > code and message. > ** Response : ** > HTTP/1.1 400 Bad Request > {"statusCode":1,"msgDesc":"Invalid user role, please provide valid user > role.","messageList":[{"name":"INVALID_INPUT_DATA","rbKey":"xa.validation.invalid_input_data","message":"Invalid > input data"}]} > > > Thanks, > > Pradeep Agrawal > >
