RANGER-4771: Remove the calls to ensureAdminAccess() in grantAccess()… #703
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… and revokeAccess()
dhavalshah9131
requested review from
dhavalshah9131,
dineshkumar-yadav,
kishorgollapalliwar,
mneethiraj,
pradeepagrawal8184 and
vperiasamy
mneethiraj
reviewed
Oct 17, 2025
| boolean isAdmin = bizUtil.isAdmin(); | ||
| boolean isKeyAdmin = bizUtil.isKeyAdmin(); | ||
| String userName = bizUtil.getCurrentUserLoginId(); | ||
| String userName = bizUtil.getCurrentUserLoginId() != null ? bizUtil.getCurrentUserLoginId() : grantor; |
There was a problem hiding this comment.
When grantor is provided, that value should be used as userName, instead of bizUtil.getCurrentUserLoginId(). Also, shouldn't isAdmin and isKeyAdmin also be derived from grantor?
final String userName;
final boolean isAdmin;
final boolean isKeyAdmin;
if (StringUtils.isEmpty(grantor)) { // use currently logged-in user
userName = bizUtil.getCurrentUserLoginId();
isAdmin = bizUtil.isAdmin();
isKeyAdmin = bizUtil.isKeyAdmin();
} else {
// find role of the given grantor; logic from SessionMgr.setUserRoles(userSession)
Collection<String> userRoles = userMgr.getRolesByLoginId(grantor); // add @Autowired UserMgr userMgr;
userName = grantor;
isAdmin = userRoles.contains(RangerConstants.ROLE_SYS_ADMIN);
isKeyAdmin = userRoles.contains(RangerConstants.ROLE_KEY_ADMIN);
}
| validator.validate(policy, Action.UPDATE, bizUtil.isAdmin() || isServiceAdmin(policy.getService()) || isZoneAdmin(policy.getZoneName())); | ||
|
|
||
| ensureAdminAccess(policy); | ||
| ensureAdminAccess(policy, null); |
There was a problem hiding this comment.
To avoid updates to existing use of ensureAdminAccess(policy), I suggest adding following method:
void ensureAdminAccess(RangerPolicy policy) {
ensureAdminAccess(policy, null);
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
… and revokeAccess()
What changes were proposed in this pull request?
Added parameter in ensureAdminAccess() method to pass grantor in case userName is null.
How was this patch tested?
Build passed and checked if grant and revoke are working.