diff --git a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql index debcc9422a..0bd93caae6 100644 --- a/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql +++ b/security-admin/db/mysql/optimized/current/ranger_core_db_mysql.sql @@ -13,6 +13,7 @@ -- See the License for the specific language governing permissions and -- limitations under the License. +DROP VIEW IF EXISTS `vx_security_zone_user`; DROP VIEW IF EXISTS `vx_principal`; DROP TABLE IF EXISTS `x_rms_mapping_provider`; DROP TABLE IF EXISTS `x_rms_resource_mapping`; @@ -1614,6 +1615,33 @@ CREATE INDEX x_policy_label_label_map_id ON x_policy_label_map(id); CREATE VIEW vx_principal as (SELECT u.user_name AS principal_name, 0 AS principal_type, u.status status, u.is_visible is_visible, u.other_attributes other_attributes, u.create_time create_time, u.update_time update_time, u.added_by_id added_by_id, u.upd_by_id upd_by_id FROM x_user u) UNION (SELECT g.group_name principal_name, 1 AS principal_type, g.status status, g.is_visible is_visible, g.other_attributes other_attributes, g.create_time create_time, g.update_time update_time, g.added_by_id added_by_id, g.upd_by_id upd_by_id FROM x_group g) UNION (SELECT r.name principal_name, 2 AS principal_name, 1 status, 1 is_visible, null other_attributes, r.create_time create_time, r.update_time update_time, r.added_by_id added_by_id, r.upd_by_id upd_by_id FROM x_role r); +DROP VIEW IF EXISTS `vx_security_zone_user`; +CREATE VIEW vx_security_zone_user AS +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, refu.user_id AS user_id, 0 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id +WHERE refu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 1 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id +INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id +WHERE gu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, rru.user_id AS user_id, 2 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id +INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id +WHERE rru.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 3 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id +INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id +INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id +WHERE gu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, u.id AS user_id, 4 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id +CROSS JOIN x_user u +WHERE refg.group_name = 'public'; + DELIMITER $$ DROP PROCEDURE if exists getXportalUIdByLoginId$$ CREATE PROCEDURE `getXportalUIdByLoginId`(IN input_val VARCHAR(100), OUT myid BIGINT) diff --git a/security-admin/db/mysql/patches/077-create-view-security-zone-user.sql b/security-admin/db/mysql/patches/077-create-view-security-zone-user.sql new file mode 100644 index 0000000000..7004146b25 --- /dev/null +++ b/security-admin/db/mysql/patches/077-create-view-security-zone-user.sql @@ -0,0 +1,41 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +DROP VIEW IF EXISTS `vx_security_zone_user`; +CREATE VIEW vx_security_zone_user AS +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, refu.user_id AS user_id, 0 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id +WHERE refu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 1 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id +INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id +WHERE gu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, rru.user_id AS user_id, 2 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id +INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id +WHERE rru.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 3 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id +INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id +INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id +WHERE gu.user_id IS NOT NULL +UNION +SELECT DISTINCT sz.id AS zone_id, sz.name AS zone_name, u.id AS user_id, 4 AS access_type +FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id +CROSS JOIN x_user u +WHERE refg.group_name = 'public'; diff --git a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql index 0e9f5dc36d..04e86a1e71 100644 --- a/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql +++ b/security-admin/db/oracle/optimized/current/ranger_core_db_oracle.sql @@ -2145,6 +2145,29 @@ CREATE VIEW vx_principal as (SELECT g.group_name AS principal_name, 1 AS principal_type, g.status AS status, g.is_visible AS is_visible, g.other_attributes AS other_attributes, g.create_time AS create_time, g.update_time AS update_time, g.added_by_id AS added_by_id, g.upd_by_id AS upd_by_id FROM x_group g) UNION ALL (SELECT r.name AS principal_name, 2 AS principal_type, 1 AS status, 1 AS is_visible, null AS other_attributes, r.create_time AS create_time, r.update_time AS update_time, r.added_by_id AS added_by_id, r.upd_by_id AS upd_by_id FROM x_role r); +DROP VIEW vx_security_zone_user; +CREATE OR REPLACE VIEW vx_security_zone_user AS + (SELECT sz.id AS zone_id, sz.name AS zone_name, refu.user_id AS user_id, 0 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id + WHERE refu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 1 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, rru.user_id AS user_id, 2 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id + WHERE rru.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 3 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id + INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, u.id AS user_id, 4 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + CROSS JOIN x_user u + WHERE refg.group_name = 'public'); + commit; insert into x_portal_user (id,CREATE_TIME, UPDATE_TIME,FIRST_NAME, LAST_NAME, PUB_SCR_NAME, LOGIN_ID, PASSWORD, EMAIL, STATUS) values (X_PORTAL_USER_SEQ.NEXTVAL, sys_extract_utc(systimestamp), sys_extract_utc(systimestamp), 'Admin', '', 'Admin', 'admin', 'ceb4f32325eda6142bd65215f4c0f371', '', 1); diff --git a/security-admin/db/oracle/patches/077-create-view-security-zone-user.sql b/security-admin/db/oracle/patches/077-create-view-security-zone-user.sql new file mode 100644 index 0000000000..246f70c309 --- /dev/null +++ b/security-admin/db/oracle/patches/077-create-view-security-zone-user.sql @@ -0,0 +1,37 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +CREATE OR REPLACE VIEW vx_security_zone_user AS + (SELECT sz.id AS zone_id, sz.name AS zone_name, refu.user_id AS user_id, 0 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id + WHERE refu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 1 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, rru.user_id AS user_id, 2 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id + WHERE rru.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, gu.user_id AS user_id, 3 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id + INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL) UNION + (SELECT sz.id AS zone_id, sz.name AS zone_name, u.id AS user_id, 4 AS access_type + FROM x_security_zone sz INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + CROSS JOIN x_user u + WHERE refg.group_name = 'public'); +exit; diff --git a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql index 49a956ebf4..02115092cc 100644 --- a/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql +++ b/security-admin/db/postgres/optimized/current/ranger_core_db_postgres.sql @@ -2260,3 +2260,64 @@ INSERT INTO x_db_version_h (version,inst_at,inst_by,updated_at,updated_by,active DROP VIEW IF EXISTS vx_principal; CREATE VIEW vx_principal as (SELECT u.user_name AS principal_name, 0 AS principal_type, u.status status, u.is_visible is_visible, u.other_attributes other_attributes, u.create_time create_time, u.update_time update_time, u.added_by_id added_by_id, u.upd_by_id upd_by_id FROM x_user u) UNION (SELECT g.group_name principal_name, 1 AS principal_type, g.status status, g.is_visible is_visible, g.other_attributes other_attributes, g.create_time create_time, g.update_time update_time, g.added_by_id added_by_id, g.upd_by_id upd_by_id FROM x_group g) UNION (SELECT r.name principal_name, 2 AS principal_name, 1 status, 1 is_visible, null other_attributes, r.create_time create_time, r.update_time update_time, r.added_by_id added_by_id, r.upd_by_id upd_by_id FROM x_role r); + +CREATE VIEW vx_security_zone_user AS +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + refu.user_id AS user_id, + 0 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id + WHERE refu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + gu.user_id AS user_id, + 1 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + rru.user_id AS user_id, + 2 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id + WHERE rru.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + gu.user_id AS user_id, + 3 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id + INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + u.id AS user_id, + 4 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + CROSS JOIN x_user u + WHERE refg.group_name = 'public' +); diff --git a/security-admin/db/postgres/patches/077-create-view-security-zone-user.sql b/security-admin/db/postgres/patches/077-create-view-security-zone-user.sql new file mode 100644 index 0000000000..833f8d47ad --- /dev/null +++ b/security-admin/db/postgres/patches/077-create-view-security-zone-user.sql @@ -0,0 +1,76 @@ +-- Licensed to the Apache Software Foundation (ASF) under one or more +-- contributor license agreements. See the NOTICE file distributed with +-- this work for additional information regarding copyright ownership. +-- The ASF licenses this file to You under the Apache License, Version 2.0 +-- (the "License"); you may not use this file except in compliance with +-- the License. You may obtain a copy of the License at +-- +-- http://www.apache.org/licenses/LICENSE-2.0 +-- +-- Unless required by applicable law or agreed to in writing, software +-- distributed under the License is distributed on an "AS IS" BASIS, +-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +-- See the License for the specific language governing permissions and +-- limitations under the License. + +DROP VIEW IF EXISTS vx_security_zone_user; +CREATE VIEW vx_security_zone_user AS +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + refu.user_id AS user_id, + 0 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_user refu ON sz.id = refu.zone_id + WHERE refu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + gu.user_id AS user_id, + 1 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + INNER JOIN x_group_users gu ON refg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + rru.user_id AS user_id, + 2 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_user rru ON refr.role_id = rru.role_id + WHERE rru.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + gu.user_id AS user_id, + 3 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_role refr ON sz.id = refr.zone_id + INNER JOIN x_role_ref_group rrg ON refr.role_id = rrg.role_id + INNER JOIN x_group_users gu ON rrg.group_id = gu.p_group_id + WHERE gu.user_id IS NOT NULL +) +UNION +( + SELECT DISTINCT + sz.id AS zone_id, + sz.name AS zone_name, + u.id AS user_id, + 4 AS access_type + FROM x_security_zone sz + INNER JOIN x_security_zone_ref_group refg ON sz.id = refg.zone_id + CROSS JOIN x_user u + WHERE refg.group_name = 'public' +); diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java index faa84ce2bd..97ca9aba05 100755 --- a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java +++ b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java @@ -20,6 +20,7 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections4.MapUtils; import org.apache.commons.lang3.StringUtils; +import org.apache.ranger.common.ContextUtil; import org.apache.ranger.common.MessageEnums; import org.apache.ranger.common.RESTErrorUtil; import org.apache.ranger.common.RangerConstants; @@ -181,12 +182,25 @@ public RangerSecurityZone getSecurityZoneByName(String name) { @Override public List getSecurityZones(SearchFilter filter) { - List ret = new ArrayList<>(); - List xxSecurityZones = daoMgr.getXXSecurityZoneDao().getAll(); + List ret = new ArrayList<>(); + List zones; - for (XXSecurityZone xxSecurityZone : xxSecurityZones) { - if (!xxSecurityZone.getId().equals(RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID)) { - ret.add(securityZoneService.read(xxSecurityZone.getId())); + if (bizUtil.isAdmin()) { + zones = daoMgr.getXXSecurityZoneDao().findAllZoneForAdmin(); + } else { + Long xUserId = daoMgr.getXXUser().findIdByUserName(ContextUtil.getCurrentUserLoginId()); + if (xUserId == null) { + return Collections.emptyList(); + } + zones = daoMgr.getXXSecurityZoneDao().findAllZoneForUser(xUserId); + } + + for (Long zone : zones) { + RangerSecurityZone securityzone = securityZoneService.read(zone); + if (securityzone != null) { + ret.add(securityzone); + } else { + LOG.warn("Security zone not found for Id Number: {}", zone); } } @@ -239,12 +253,27 @@ public List getSecurityZoneHeaderInfoList(HttpServ String namePrefix = request.getParameter(SearchFilter.ZONE_NAME_PREFIX); boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); - List ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos(); + List ret; - if (!ret.isEmpty() && filterByNamePrefix) { - ret.removeIf(zoneHeader -> !StringUtils.startsWithIgnoreCase(zoneHeader.getName(), namePrefix)); - } + if (bizUtil.isAdmin()) { + if (filterByNamePrefix) { + ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosWithNamePrefix(namePrefix); + } else { + ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfos(); + } + } else { + Long xUserId = daoMgr.getXXUser().findIdByUserName(ContextUtil.getCurrentUserLoginId()); + + if (xUserId == null) { + return Collections.emptyList(); + } + if (filterByNamePrefix) { + ret = daoMgr.getXXSecurityZoneDao().findZoneHeaderInfosForUserWithNamePrefix(xUserId, namePrefix); + } else { + ret = daoMgr.getXXSecurityZoneDao().findZoneHeaderInfosForUser(xUserId); + } + } return ret; } @@ -272,16 +301,32 @@ public List getServiceHeaderInfoListByZoneId(Long zoneI public List getSecurityZoneHeaderInfoListByServiceId(Long serviceId, Boolean isTagService, HttpServletRequest request) { if (serviceId == null) { - throw restErrorUtil.createRESTException("Invalid value for serviceId", MessageEnums.INVALID_INPUT_DATA); + return Collections.emptyList(); } String namePrefix = request.getParameter(SearchFilter.ZONE_NAME_PREFIX); boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix); - List ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId, isTagService); + List ret; - if (!ret.isEmpty() && filterByNamePrefix) { - ret.removeIf(zoneHeader -> !StringUtils.startsWithIgnoreCase(zoneHeader.getName(), namePrefix)); + if (bizUtil.isAdmin()) { + if (filterByNamePrefix) { + ret = daoMgr.getXXSecurityZoneDao().findZoneHeaderInfosByServiceIdWithNamePrefix(serviceId, isTagService, namePrefix); + } else { + ret = daoMgr.getXXSecurityZoneDao().findAllZoneHeaderInfosByServiceId(serviceId, isTagService); + } + } else { + Long xUserId = daoMgr.getXXUser().findIdByUserName(ContextUtil.getCurrentUserLoginId()); + + if (xUserId == null) { + return Collections.emptyList(); + } + + if (filterByNamePrefix) { + ret = daoMgr.getXXSecurityZoneDao().findZoneHeaderInfosByServiceIdForUserWithNamePrefix(serviceId, isTagService, xUserId, namePrefix); + } else { + ret = daoMgr.getXXSecurityZoneDao().findZoneHeaderInfosByServiceIdForUser(serviceId, isTagService, xUserId); + } } return ret; diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java index 9ff812d608..ad09d2d0ad 100644 --- a/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXSecurityZoneDao.java @@ -133,6 +133,20 @@ public List findAllZoneHeaderInfos() { return securityZoneList; } + public List findAllZoneForAdmin() { + List results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneForAdmin", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .getResultList(); + + List zoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + zoneList.add((Long) result[0]); + } + + return zoneList; + } + public List findAllZoneHeaderInfosByServiceId(Long serviceId, Boolean isTagService) { if (serviceId == null) { return Collections.emptyList(); @@ -173,4 +187,185 @@ public List getAllZoneIdNames() { return securityZoneList; } + + public List findZoneHeaderInfosForUser(Long userId) { + if (userId == null) { + return Collections.emptyList(); + } + + List results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosForUserO", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("userId", userId) + .getResultList(); + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findZoneHeaderInfosForUserWithNamePrefix(Long userId, String namePrefix) { + if (userId == null || StringUtils.isBlank(namePrefix)) { + return Collections.emptyList(); + } + + String namePrefixLower = namePrefix.toLowerCase() + "%"; + + List results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosForUserWithNamePrefixO", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .setParameter("userId", userId) + .getResultList(); + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findAllZoneHeaderInfosWithNamePrefix(String namePrefix) { + if (StringUtils.isBlank(namePrefix)) { + return findAllZoneHeaderInfos(); + } + String namePrefixLower = namePrefix.toLowerCase() + "%"; + + List results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfosWithNamePrefix", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .getResultList(); + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findZoneHeaderInfosByServiceIdWithNamePrefix(Long serviceId, Boolean isTagService, String namePrefix) { + if (serviceId == null || StringUtils.isBlank(namePrefix)) { + return Collections.emptyList(); + } + + String namePrefixLower = namePrefix.toLowerCase() + "%"; + List results; + + if (isTagService) { + results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfosByTagServiceIdWithNamePrefix", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .setParameter("tagServiceId", serviceId) + .getResultList(); + } else { + results = getEntityManager().createNamedQuery("XXSecurityZone.findAllZoneHeaderInfosByServiceIdWithNamePrefix", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .setParameter("serviceId", serviceId) + .getResultList(); + } + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findZoneHeaderInfosByServiceIdForUser(Long serviceId, Boolean isTagService, Long userId) { + if (serviceId == null || userId == null) { + return Collections.emptyList(); + } + + List results; + + if (isTagService) { + results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosByTagServiceIdForUser", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("tagServiceId", serviceId) + .setParameter("userId", userId) + .getResultList(); + } else { + results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosByServiceIdForUser", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("serviceId", serviceId) + .setParameter("userId", userId) + .getResultList(); + } + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findZoneHeaderInfosByServiceIdForUserWithNamePrefix(Long serviceId, Boolean isTagService, Long userId, String namePrefix) { + if (serviceId == null || userId == null || StringUtils.isBlank(namePrefix)) { + return Collections.emptyList(); + } + + String namePrefixLower = namePrefix.toLowerCase() + "%"; + List results; + + if (isTagService) { + results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosByTagServiceIdForUserWithNamePrefix", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .setParameter("tagServiceId", serviceId) + .setParameter("userId", userId) + .getResultList(); + } else { + results = getEntityManager() + .createNamedQuery("XXSecurityZone.findZoneHeaderInfosByServiceIdForUserWithNamePrefix", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("namePrefix", namePrefixLower) + .setParameter("serviceId", serviceId) + .setParameter("userId", userId) + .getResultList(); + } + + List securityZoneList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + securityZoneList.add(new RangerSecurityZoneHeaderInfo((Long) result[0], (String) result[1])); + } + + return securityZoneList; + } + + public List findAllZoneForUser(Long userId) { + if (userId == null) { + return Collections.emptyList(); + } + + List results = getEntityManager() + .createNamedQuery("XXSecurityZone.findAllZoneForUser", Object[].class) + .setParameter("unzoneId", RangerSecurityZone.RANGER_UNZONED_SECURITY_ZONE_ID) + .setParameter("userId", userId) + .getResultList(); + + List zoneIdList = new ArrayList<>(results.size()); + + for (Object[] result : results) { + zoneIdList.add((Long) result[0]); + } + + return zoneIdList; + } } diff --git a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java index 520241268f..2b43d16102 100755 --- a/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java +++ b/security-admin/src/main/java/org/apache/ranger/db/XXUserDao.java @@ -68,6 +68,18 @@ public XXUser findByUserName(String name) { return null; } + public Long findIdByUserName(String userName) { + if (daoManager.getStringUtil().isEmpty(userName)) { + return null; + } + + try { + return getEntityManager().createNamedQuery("XXUser.findIdByUserName", Long.class).setParameter("name", userName).getSingleResult(); + } catch (NoResultException e) { + return null; + } + } + public XXUser findByPortalUserId(Long portalUserId) { if (portalUserId == null) { return null; diff --git a/security-admin/src/main/java/org/apache/ranger/entity/view/VXSecurityZoneUser.java b/security-admin/src/main/java/org/apache/ranger/entity/view/VXSecurityZoneUser.java new file mode 100644 index 0000000000..bdd0796060 --- /dev/null +++ b/security-admin/src/main/java/org/apache/ranger/entity/view/VXSecurityZoneUser.java @@ -0,0 +1,164 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ranger.entity.view; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import javax.persistence.IdClass; +import javax.persistence.Table; + +import java.io.Serializable; +import java.util.Objects; + +@Entity +@Table(name = "vx_security_zone_user") +@IdClass(VXSecurityZoneUser.VXSecurityZoneUserId.class) +public class VXSecurityZoneUser implements Serializable { + /** + * Access Type Constants: + * 0 = Direct User Access + * 1 = Group Membership Access + * 2 = Role Membership Access + * 3 = Role-Group Access + * 4 = Public Group Access + */ + public static final int ACCESS_TYPE_DIRECT_USER = 0; + public static final int ACCESS_TYPE_GROUP_MEMBER = 1; + public static final int ACCESS_TYPE_ROLE_MEMBER = 2; + public static final int ACCESS_TYPE_ROLE_GROUP_MEMBER = 3; + public static final int ACCESS_TYPE_PUBLIC_GROUP = 4; + private static final long serialVersionUID = 1L; + @Id + @Column(name = "ZONE_ID", nullable = false) + protected Long zoneId; + @Column(name = "ZONE_NAME", nullable = false) + protected String zoneName; + @Id + @Column(name = "USER_ID", nullable = false) + protected Long userId; + @Id + @Column(name = "ACCESS_TYPE", nullable = false) + protected Integer accessType; + + /** + * @return the zoneId + */ + public Long getZoneId() { + return zoneId; + } + + /** + * @param zoneId the zoneId to set + */ + public void setZoneId(Long zoneId) { + this.zoneId = zoneId; + } + + /** + * @return the zoneName + */ + public String getZoneName() { + return zoneName; + } + + /** + * @param zoneName the zoneName to set + */ + public void setZoneName(String zoneName) { + this.zoneName = zoneName; + } + + /** + * @return the userId + */ + public Long getUserId() { + return userId; + } + + /** + * @param userId the userId to set + */ + public void setUserId(Long userId) { + this.userId = userId; + } + + /** + * @return the accessType + */ + public Integer getAccessType() { + return accessType; + } + + /** + * @param accessType the accessType to set + */ + public void setAccessType(Integer accessType) { + this.accessType = accessType; + } + + /** + * Composite Primary Key class for VXSecurityZoneUser + */ + public static class VXSecurityZoneUserId implements Serializable { + private static final long serialVersionUID = 1L; + + protected Long zoneId; + protected Long userId; + protected Integer accessType; + + public VXSecurityZoneUserId() { + } + + public VXSecurityZoneUserId(Long zoneId, Long userId, Integer accessType) { + this.zoneId = zoneId; + this.userId = userId; + this.accessType = accessType; + } + + @Override + public int hashCode() { + int result = zoneId != null ? zoneId.hashCode() : 0; + result = 31 * result + (userId != null ? userId.hashCode() : 0); + result = 31 * result + (accessType != null ? accessType.hashCode() : 0); + return result; + } + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (o == null || getClass() != o.getClass()) { + return false; + } + + VXSecurityZoneUserId that = (VXSecurityZoneUserId) o; + + if (!Objects.equals(zoneId, that.zoneId)) { + return false; + } + if (!Objects.equals(userId, that.userId)) { + return false; + } + return Objects.equals(accessType, that.accessType); + } + } +} diff --git a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml index 30db0eacb1..c5edec755f 100755 --- a/security-admin/src/main/resources/META-INF/jpa_named_queries.xml +++ b/security-admin/src/main/resources/META-INF/jpa_named_queries.xml @@ -290,6 +290,10 @@ + + SELECT obj.id FROM XXUser obj WHERE obj.name = :name + + SELECT Obj FROM XXGroup obj WHERE obj.name=:name @@ -1874,18 +1878,115 @@ + + + SELECT obj.id, obj.name FROM XXSecurityZone obj WHERE obj.id != :unzoneId + + + - select obj.id, obj.name from XXSecurityZone obj where obj.id in (select ref.zoneId from XXSecurityZoneRefService ref where ref.serviceId = :serviceId) + SELECT DISTINCT obj.id, obj.name FROM XXSecurityZone obj INNER JOIN XXSecurityZoneRefService ref ON obj.id = ref.zoneId WHERE ref.serviceId = :serviceId - select obj.id, obj.name from XXSecurityZone obj where obj.id in (select ref.zoneId from XXSecurityZoneRefTagService ref where ref.tagServiceId = :tagServiceId) + SELECT DISTINCT obj.id, obj.name FROM XXSecurityZone obj INNER JOIN XXSecurityZoneRefTagService ref ON obj.id = ref.zoneId WHERE ref.tagServiceId = :tagServiceId + + + + + + SELECT obj.id, obj.name FROM XXSecurityZone obj WHERE obj.id != :unzoneId AND LOWER(obj.name) LIKE :namePrefix + + + + + + SELECT DISTINCT obj.id, obj.name FROM XXSecurityZone obj INNER JOIN XXSecurityZoneRefService ref ON obj.id = ref.zoneId WHERE obj.id != :unzoneId AND LOWER(obj.name) LIKE :namePrefix AND ref.serviceId = :serviceId + + + + + + SELECT DISTINCT obj.id, obj.name FROM XXSecurityZone obj + INNER JOIN XXSecurityZoneRefTagService ref + ON obj.id = ref.zoneId WHERE obj.id != :unzoneId AND + LOWER(obj.name) LIKE :namePrefix AND ref.tagServiceId = :tagServiceId + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN XXSecurityZoneRefService ref ON obj.id = ref.zoneId AND ref.serviceId = :serviceId + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN XXSecurityZoneRefTagService ref ON obj.id = ref.zoneId AND ref.tagServiceId = :tagServiceId + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN XXSecurityZoneRefService ref ON obj.id = ref.zoneId AND ref.serviceId = :serviceId + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + AND LOWER(obj.name) LIKE :namePrefix + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN XXSecurityZoneRefTagService ref ON obj.id = ref.zoneId AND ref.tagServiceId = :tagServiceId + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + AND LOWER(obj.name) LIKE :namePrefix + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + AND LOWER(obj.name) LIKE :namePrefix + + + + + + SELECT DISTINCT obj.id, obj.name + FROM XXSecurityZone obj + INNER JOIN VXSecurityZoneUser vxzu ON obj.id = vxzu.zoneId AND vxzu.userId = :userId + WHERE obj.id != :unzoneId + + + select obj from XXGlobalState obj where obj.id = :stateId diff --git a/security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java b/security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java index bf9d7c9fbc..3958d0aeb4 100644 --- a/security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java +++ b/security-admin/src/test/java/org/apache/ranger/biz/TestSecurityZoneDBStore.java @@ -26,6 +26,7 @@ import org.apache.ranger.db.XXSecurityZoneRefTagServiceDao; import org.apache.ranger.db.XXServiceDao; import org.apache.ranger.db.XXServiceDefDao; +import org.apache.ranger.db.XXUserDao; import org.apache.ranger.entity.XXSecurityZone; import org.apache.ranger.entity.XXService; import org.apache.ranger.entity.XXServiceDef; @@ -58,29 +59,29 @@ import static org.mockito.Mockito.times; /** -* @generated by Cursor -* @description -*/ + * @generated by Cursor + * @description + */ @ExtendWith(MockitoExtension.class) @TestMethodOrder(MethodOrderer.MethodName.class) public class TestSecurityZoneDBStore { private static final String RANGER_GLOBAL_STATE_NAME = "RangerSecurityZone"; @InjectMocks - SecurityZoneDBStore securityZoneDBStore = new SecurityZoneDBStore(); + SecurityZoneDBStore securityZoneDBStore = new SecurityZoneDBStore(); @Mock RangerSecurityZoneServiceService securityZoneService; @Mock - SecurityZoneRefUpdater securityZoneRefUpdater; + SecurityZoneRefUpdater securityZoneRefUpdater; @Mock - RangerDaoManager daoManager; + RangerDaoManager daoManager; @Mock - ServicePredicateUtil predicateUtil; + ServicePredicateUtil predicateUtil; @Mock - RESTErrorUtil restErrorUtil; + RESTErrorUtil restErrorUtil; @Mock - RangerBizUtil bizUtil; + RangerBizUtil bizUtil; @Mock - ServiceMgr serviceMgr; + ServiceMgr serviceMgr; @Test public void test1createSecurityZone() throws Exception { @@ -202,70 +203,132 @@ public void test5getSecurityZoneByName() throws Exception { } @Test - public void test6getSecurityZones() throws Exception { + public void test6getSecurityZones_adminUser() throws Exception { SearchFilter filter = new SearchFilter(); filter.setParam(SearchFilter.ZONE_NAME, "sz1"); - List ret = new ArrayList<>(); - List xxSecurityZones = new ArrayList<>(); - XXSecurityZone xxSecurityZone = new XXSecurityZone(); - xxSecurityZone.setId(2L); - xxSecurityZone.setName("sz1"); - xxSecurityZones.add(xxSecurityZone); + List zoneIds = Arrays.asList(2L, 3L); + RangerSecurityZone rangerSecurityZone1 = new RangerSecurityZone(); + rangerSecurityZone1.setId(2L); + rangerSecurityZone1.setName("sz1"); + RangerSecurityZone rangerSecurityZone2 = new RangerSecurityZone(); + rangerSecurityZone2.setId(3L); + rangerSecurityZone2.setName("sz2"); + + XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao); + Mockito.when(xXSecurityZoneDao.findAllZoneForAdmin()).thenReturn(zoneIds); + Mockito.when(securityZoneService.read(2L)).thenReturn(rangerSecurityZone1); + Mockito.when(securityZoneService.read(3L)).thenReturn(rangerSecurityZone2); + + List result = securityZoneDBStore.getSecurityZones(filter); + + Assertions.assertNotNull(result); + Assertions.assertEquals(2, result.size()); + Mockito.verify(xXSecurityZoneDao).findAllZoneForAdmin(); + Mockito.verify(securityZoneService).read(2L); + Mockito.verify(securityZoneService).read(3L); + } + @Test + public void test6aGetSecurityZones_nonAdminUser() throws Exception { + SearchFilter filter = new SearchFilter(); + Long userId = 100L; + List zoneIds = Arrays.asList(5L); RangerSecurityZone rangerSecurityZone = new RangerSecurityZone(); - rangerSecurityZone.setId(3L); - ret.add(rangerSecurityZone); - List copy = new ArrayList<>(ret); + rangerSecurityZone.setId(5L); + rangerSecurityZone.setName("userZone"); XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao); - Mockito.when(xXSecurityZoneDao.getAll()).thenReturn(xxSecurityZones); - Mockito.when(securityZoneService.read(xxSecurityZone.getId())).thenReturn(rangerSecurityZone); - Mockito.doNothing().when(predicateUtil).applyFilter(copy, filter); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(xXSecurityZoneDao.findAllZoneForUser(userId)).thenReturn(zoneIds); + Mockito.when(securityZoneService.read(5L)).thenReturn(rangerSecurityZone); - securityZoneDBStore.getSecurityZones(filter); + List result = securityZoneDBStore.getSecurityZones(filter); - Assertions.assertNotNull(xxSecurityZone); - Assertions.assertNotNull(xxSecurityZones); - Mockito.verify(daoManager).getXXSecurityZoneDao(); - Mockito.verify(securityZoneService).read(xxSecurityZone.getId()); - Mockito.verify(predicateUtil).applyFilter(copy, filter); + Assertions.assertNotNull(result); + Assertions.assertEquals(1, result.size()); + Assertions.assertEquals("userZone", result.get(0).getName()); + Mockito.verify(xXUserDao).findIdByUserName(Mockito.anyString()); + Mockito.verify(xXSecurityZoneDao).findAllZoneForUser(userId); + Mockito.verify(securityZoneService).read(5L); + } + + @Test + public void test6bGetSecurityZones_nonAdminUserWithNullUserId() throws Exception { + SearchFilter filter = new SearchFilter(); + + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(null); + + List result = securityZoneDBStore.getSecurityZones(filter); + + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); } @Test - public void test7getSecurityZonesForService() { + public void test7getSecurityZonesForService_withMatchingZones() throws Exception { String serviceName = "hdfs_service"; - Map retMap; - SearchFilter filter = new SearchFilter(); - filter.setParam(SearchFilter.ZONE_NAME, "sz1"); - filter.setParam(SearchFilter.SERVICE_NAME, serviceName); - List ret = new ArrayList<>(); - List xxSecurityZones = new ArrayList<>(); + RangerSecurityZone zone1 = new RangerSecurityZone(); + zone1.setId(1L); + zone1.setName("zone1"); + RangerSecurityZone.RangerSecurityZoneService zoneService1 = new RangerSecurityZone.RangerSecurityZoneService(); + Map services1 = new HashMap<>(); + services1.put(serviceName, zoneService1); + zone1.setServices(services1); + + RangerSecurityZone zone2 = new RangerSecurityZone(); + zone2.setId(2L); + zone2.setName("zone2"); + RangerSecurityZone.RangerSecurityZoneService zoneService2 = new RangerSecurityZone.RangerSecurityZoneService(); + Map services2 = new HashMap<>(); + services2.put(serviceName, zoneService2); + zone2.setServices(services2); - XXSecurityZone xxSecurityZone = new XXSecurityZone(); - xxSecurityZone.setId(2L); - xxSecurityZone.setName("sz1"); - xxSecurityZones.add(xxSecurityZone); + SecurityZoneDBStore spyStore = Mockito.spy(securityZoneDBStore); - RangerSecurityZone rangerSecurityZone = new RangerSecurityZone(); - rangerSecurityZone.setId(3L); - ret.add(rangerSecurityZone); + Mockito.doReturn(Arrays.asList(zone1, zone2)).when(spyStore).getSecurityZones(Mockito.any(SearchFilter.class)); - XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class); - Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao); - Mockito.when(xXSecurityZoneDao.getAll()).thenReturn(xxSecurityZones); - Mockito.when(securityZoneService.read(xxSecurityZone.getId())).thenReturn(rangerSecurityZone); - retMap = new HashMap<>(); - retMap.put(rangerSecurityZone.getName(), rangerSecurityZone.getServices().get(serviceName)); + Map result = spyStore.getSecurityZonesForService(serviceName); + + Assertions.assertNotNull(result); + Assertions.assertEquals(2, result.size()); + Assertions.assertTrue(result.containsKey("zone1")); + Assertions.assertTrue(result.containsKey("zone2")); + Assertions.assertEquals(zoneService1, result.get("zone1")); + Assertions.assertEquals(zoneService2, result.get("zone2")); + } - securityZoneDBStore.getSecurityZonesForService(serviceName); + @Test + public void test7aGetSecurityZonesForService_emptyZones() { + String serviceName = "hive_service"; + Long userId = 50L; - Assertions.assertNotNull(xxSecurityZone); - Assertions.assertNotNull(xxSecurityZones); - Mockito.verify(daoManager).getXXSecurityZoneDao(); - Mockito.verify(securityZoneService).read(xxSecurityZone.getId()); + List zoneIds = new ArrayList<>(); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + Mockito.when(xZoneDao.findAllZoneForUser(userId)).thenReturn(zoneIds); + + Map result = securityZoneDBStore.getSecurityZonesForService(serviceName); + + Assertions.assertNull(result); } @Test @@ -293,7 +356,6 @@ public void test9updateSecurityZoneByUnknownId() throws Exception { RangerSecurityZone securityZoneToUpdate = new RangerSecurityZone(); securityZoneToUpdate.setId(2L); - XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class); Mockito.when(restErrorUtil.createRESTException(Mockito.anyString())).thenThrow(new WebApplicationException()); XXGlobalStateDao xXGlobalStateDao = Mockito.mock(XXGlobalStateDao.class); @@ -340,8 +402,8 @@ public void test11getSecurityZoneByWrongName() throws Exception { @Test public void test12getSecurityZoneById() { - Long zoneId = 5L; - RangerSecurityZone zone = new RangerSecurityZone(); + Long zoneId = 5L; + RangerSecurityZone zone = new RangerSecurityZone(); zone.setId(zoneId); Mockito.when(securityZoneService.read(zoneId)).thenReturn(zone); @@ -353,11 +415,12 @@ public void test12getSecurityZoneById() { } @Test - public void test13getSecurityZoneHeaderInfoList_noPrefix() { + public void test13getSecurityZoneHeaderInfoList_adminNoPrefix() { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); List headers = new ArrayList<>(); @@ -372,22 +435,91 @@ public void test13getSecurityZoneHeaderInfoList_noPrefix() { } @Test - public void test14getSecurityZoneHeaderInfoList_withPrefix() { + public void test14getSecurityZoneHeaderInfoList_adminWithPrefix() { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn("sec"); XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); List headers = new ArrayList<>(); headers.add(new RangerSecurityZoneHeaderInfo(1L, "secA")); - headers.add(new RangerSecurityZoneHeaderInfo(2L, "abc")); - Mockito.when(xZoneDao.findAllZoneHeaderInfos()).thenReturn(headers); + headers.add(new RangerSecurityZoneHeaderInfo(2L, "secB")); + Mockito.when(xZoneDao.findAllZoneHeaderInfosWithNamePrefix("sec")).thenReturn(headers); List result = securityZoneDBStore.getSecurityZoneHeaderInfoList(request); - Assertions.assertEquals(1, result.size()); + Assertions.assertEquals(2, result.size()); Assertions.assertEquals("secA", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findAllZoneHeaderInfosWithNamePrefix("sec"); + } + + @Test + public void test14aGetSecurityZoneHeaderInfoList_nonAdminNoPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long userId = 50L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "userZone1")); + Mockito.when(xZoneDao.findZoneHeaderInfosForUser(userId)).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoList(request); + + Assertions.assertEquals(1, result.size()); + Assertions.assertEquals("userZone1", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findZoneHeaderInfosForUser(userId); + } + + @Test + public void test14bGetSecurityZoneHeaderInfoList_nonAdminWithPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long userId = 50L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn("usr"); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "usrZone")); + Mockito.when(xZoneDao.findZoneHeaderInfosForUserWithNamePrefix(userId, "usr")).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoList(request); + + Assertions.assertEquals(1, result.size()); + Assertions.assertEquals("usrZone", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findZoneHeaderInfosForUserWithNamePrefix(userId, "usr"); + } + + @Test + public void test14cGetSecurityZoneHeaderInfoList_nonAdminNullUserId() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); + + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(null); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoList(request); + + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); } @Test @@ -406,7 +538,7 @@ public void test16getServiceHeaderInfoListByZoneId_authorized_withPrefix() { Mockito.when(bizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true); Mockito.when(request.getParameter(SearchFilter.SERVICE_NAME_PREFIX)).thenReturn("s1"); - XXSecurityZoneRefServiceDao svcDao = Mockito.mock(XXSecurityZoneRefServiceDao.class); + XXSecurityZoneRefServiceDao svcDao = Mockito.mock(XXSecurityZoneRefServiceDao.class); XXSecurityZoneRefTagServiceDao tagSvcDao = Mockito.mock(XXSecurityZoneRefTagServiceDao.class); Mockito.when(daoManager.getXXSecurityZoneRefService()).thenReturn(svcDao); Mockito.when(daoManager.getXXSecurityZoneRefTagService()).thenReturn(tagSvcDao); @@ -427,31 +559,146 @@ public void test16getServiceHeaderInfoListByZoneId_authorized_withPrefix() { } @Test - public void test17getSecurityZoneHeaderInfoListByServiceId_invalid() { + public void test17getSecurityZoneHeaderInfoListByServiceId_nullServiceId() { HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(restErrorUtil.createRESTException(Mockito.anyString(), Mockito.eq(MessageEnums.INVALID_INPUT_DATA))) - .thenThrow(new WebApplicationException()); - Assertions.assertThrows(WebApplicationException.class, () -> securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(null, false, request)); + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(null, false, request); + + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); } @Test - public void test18getSecurityZoneHeaderInfoListByServiceId_valid_withPrefix() { - HttpServletRequest request = Mockito.mock(HttpServletRequest.class); - Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn("z"); + public void test18getSecurityZoneHeaderInfoListByServiceId_adminNoPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long serviceId = 10L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); List headers = new ArrayList<>(); headers.add(new RangerSecurityZoneHeaderInfo(1L, "zoneA")); - headers.add(new RangerSecurityZoneHeaderInfo(2L, "bzone")); - Mockito.when(xZoneDao.findAllZoneHeaderInfosByServiceId(10L, false)).thenReturn(headers); + headers.add(new RangerSecurityZoneHeaderInfo(2L, "zoneB")); + Mockito.when(xZoneDao.findAllZoneHeaderInfosByServiceId(serviceId, false)).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, false, request); + + Assertions.assertEquals(2, result.size()); + Mockito.verify(xZoneDao, times(1)).findAllZoneHeaderInfosByServiceId(serviceId, false); + } + + @Test + public void test18aGetSecurityZoneHeaderInfoListByServiceId_adminWithPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long serviceId = 10L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn("zone"); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "zoneA")); + headers.add(new RangerSecurityZoneHeaderInfo(2L, "zoneB")); + Mockito.when(xZoneDao.findZoneHeaderInfosByServiceIdWithNamePrefix(serviceId, false, "zone")).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, false, request); + + Assertions.assertEquals(2, result.size()); + Mockito.verify(xZoneDao, times(1)).findZoneHeaderInfosByServiceIdWithNamePrefix(serviceId, false, "zone"); + } + + @Test + public void test18bGetSecurityZoneHeaderInfoListByServiceId_nonAdminNoPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long serviceId = 10L; + Long userId = 100L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "userZoneA")); + Mockito.when(xZoneDao.findZoneHeaderInfosByServiceIdForUser(serviceId, false, userId)).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, false, request); + + Assertions.assertEquals(1, result.size()); + Assertions.assertEquals("userZoneA", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findZoneHeaderInfosByServiceIdForUser(serviceId, false, userId); + } + + @Test + public void test18cGetSecurityZoneHeaderInfoListByServiceId_nonAdminWithPrefix() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long serviceId = 10L; + Long userId = 100L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn("user"); - List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(10L, false, request); + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(userId); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "userZoneA")); + Mockito.when(xZoneDao.findZoneHeaderInfosByServiceIdForUserWithNamePrefix(serviceId, false, userId, "user")).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, false, request); Assertions.assertEquals(1, result.size()); - Assertions.assertEquals("zoneA", result.get(0).getName()); + Assertions.assertEquals("userZoneA", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findZoneHeaderInfosByServiceIdForUserWithNamePrefix(serviceId, false, userId, "user"); + } + + @Test + public void test18dGetSecurityZoneHeaderInfoListByServiceId_tagService() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long tagServiceId = 20L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); + + XXSecurityZoneDao xZoneDao = Mockito.mock(XXSecurityZoneDao.class); + Mockito.when(bizUtil.isAdmin()).thenReturn(true); + Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xZoneDao); + + List headers = new ArrayList<>(); + headers.add(new RangerSecurityZoneHeaderInfo(1L, "tagZone")); + Mockito.when(xZoneDao.findAllZoneHeaderInfosByServiceId(tagServiceId, true)).thenReturn(headers); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(tagServiceId, true, request); + + Assertions.assertEquals(1, result.size()); + Assertions.assertEquals("tagZone", result.get(0).getName()); + Mockito.verify(xZoneDao, times(1)).findAllZoneHeaderInfosByServiceId(tagServiceId, true); + } + + @Test + public void test18eGetSecurityZoneHeaderInfoListByServiceId_nonAdminNullUserId() { + HttpServletRequest request = Mockito.mock(HttpServletRequest.class); + Long serviceId = 10L; + Mockito.when(request.getParameter(SearchFilter.ZONE_NAME_PREFIX)).thenReturn(null); + + XXUserDao xXUserDao = Mockito.mock(XXUserDao.class); + + Mockito.when(bizUtil.isAdmin()).thenReturn(false); + Mockito.when(daoManager.getXXUser()).thenReturn(xXUserDao); + Mockito.when(xXUserDao.findIdByUserName(Mockito.anyString())).thenReturn(null); + + List result = securityZoneDBStore.getSecurityZoneHeaderInfoListByServiceId(serviceId, false, request); + + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); } @Test @@ -473,7 +720,7 @@ public void test19getZonesSummary_pagination_and_permissions() throws Exception zone.setTagServices(Arrays.asList("t1")); RangerSecurityZone.RangerSecurityZoneService zoneService = new RangerSecurityZone.RangerSecurityZoneService(); - List>> resources = new ArrayList<>(); + List>> resources = new ArrayList<>(); resources.add(new HashMap<>()); resources.add(new HashMap<>()); zoneService.setResources(resources); @@ -486,9 +733,9 @@ public void test19getZonesSummary_pagination_and_permissions() throws Exception Mockito.when(bizUtil.isAdmin()).thenReturn(false); Mockito.when(serviceMgr.isZoneAdmin("zone1")).thenReturn(true); - XXServiceDao svcDao = Mockito.mock(XXServiceDao.class); + XXServiceDao svcDao = Mockito.mock(XXServiceDao.class); XXServiceDefDao svcDefDao = Mockito.mock(XXServiceDefDao.class); - XXService xService = new XXService(); + XXService xService = new XXService(); xService.setId(100L); xService.setType(5L); xService.setDisplayName("Service One"); @@ -544,7 +791,7 @@ public void test22createSecurityZone_createReturnsNull_exception() throws Except RangerSecurityZone securityZone = new RangerSecurityZone(); XXSecurityZoneDao xXSecurityZoneDao = Mockito.mock(XXSecurityZoneDao.class); - XXGlobalStateDao xXGlobalStateDao = Mockito.mock(XXGlobalStateDao.class); + XXGlobalStateDao xXGlobalStateDao = Mockito.mock(XXGlobalStateDao.class); Mockito.when(daoManager.getXXSecurityZoneDao()).thenReturn(xXSecurityZoneDao); Mockito.when(xXSecurityZoneDao.findByZoneName(securityZone.getName())).thenReturn(null); Mockito.when(daoManager.getXXGlobalState()).thenReturn(xXGlobalStateDao); @@ -581,7 +828,7 @@ public void test25getServiceHeaderInfoListByZoneId_authorized_noPrefix() { Mockito.when(bizUtil.hasModuleAccess(Mockito.anyString())).thenReturn(true); Mockito.when(request.getParameter(SearchFilter.SERVICE_NAME_PREFIX)).thenReturn(null); - XXSecurityZoneRefServiceDao svcDao = Mockito.mock(XXSecurityZoneRefServiceDao.class); + XXSecurityZoneRefServiceDao svcDao = Mockito.mock(XXSecurityZoneRefServiceDao.class); XXSecurityZoneRefTagServiceDao tagSvcDao = Mockito.mock(XXSecurityZoneRefTagServiceDao.class); Mockito.when(daoManager.getXXSecurityZoneRefService()).thenReturn(svcDao); Mockito.when(daoManager.getXXSecurityZoneRefTagService()).thenReturn(tagSvcDao); diff --git a/security-admin/src/test/java/org/apache/ranger/db/TestXXSecurityZoneDao.java b/security-admin/src/test/java/org/apache/ranger/db/TestXXSecurityZoneDao.java new file mode 100644 index 0000000000..69a061c921 --- /dev/null +++ b/security-admin/src/test/java/org/apache/ranger/db/TestXXSecurityZoneDao.java @@ -0,0 +1,243 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.db; + +import org.apache.ranger.entity.XXSecurityZone; +import org.apache.ranger.plugin.model.RangerSecurityZoneHeaderInfo; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.MethodOrderer; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestMethodOrder; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; + +import javax.persistence.EntityManager; +import javax.persistence.TypedQuery; + +import java.util.ArrayList; +import java.util.List; + +/** + * @generated by Cursor + * @description + */ +@ExtendWith(MockitoExtension.class) +@TestMethodOrder(MethodOrderer.MethodName.class) +public class TestXXSecurityZoneDao { + @Mock + RangerDaoManager daoManager; + + @Mock + EntityManager entityManager; + + @Test + public void test01findByZoneId_withNullId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + XXSecurityZone result = xxSecurityZoneDao.findByZoneId(null); + Assertions.assertNull(result); + } + + @Test + public void test02findByZoneName_withBlankName() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + XXSecurityZone result = xxSecurityZoneDao.findByZoneName(""); + Assertions.assertNull(result); + } + + @Test + public void test03findZonesByServiceName_withNullService() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZonesByServiceName(null); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test04findAllZoneForUser_withValidUserId() { + Long userId = 100L; + + XXSecurityZoneDao xxSecurityZoneDao = Mockito.spy(new XXSecurityZoneDao(daoManager)); + + @SuppressWarnings("unchecked") + TypedQuery query = Mockito.mock(TypedQuery.class); + List results = new ArrayList<>(); + results.add(new Object[] { + 1L, "zone1" + }); + results.add(new Object[] { + 2L, "zone2" + }); + + Mockito.doReturn(entityManager).when(xxSecurityZoneDao).getEntityManager(); + Mockito.when(entityManager.createNamedQuery("XXSecurityZone.findAllZoneForUser", Object[].class)).thenReturn(query); + Mockito.when(query.setParameter(Mockito.eq("unzoneId"), Mockito.anyLong())).thenReturn(query); + Mockito.when(query.setParameter(Mockito.eq("userId"), Mockito.eq(userId))).thenReturn(query); + Mockito.when(query.getResultList()).thenReturn(results); + + List result = xxSecurityZoneDao.findAllZoneForUser(userId); + + Assertions.assertNotNull(result); + Assertions.assertEquals(2, result.size()); + Assertions.assertTrue(result.contains(1L)); + Assertions.assertTrue(result.contains(2L)); + } + + @Test + public void test05findAllZoneForUser_withNullUserId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findAllZoneForUser(null); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test06findZoneHeaderInfosForUser_withValidUserId() { + Long userId = 100L; + + XXSecurityZoneDao xxSecurityZoneDao = Mockito.spy(new XXSecurityZoneDao(daoManager)); + + @SuppressWarnings("unchecked") + TypedQuery query = Mockito.mock(TypedQuery.class); + List results = new ArrayList<>(); + results.add(new Object[] { + 1L, "zone1" + }); + results.add(new Object[] { + 2L, "zone2" + }); + + Mockito.doReturn(entityManager).when(xxSecurityZoneDao).getEntityManager(); + Mockito.when(entityManager.createNamedQuery("XXSecurityZone.findZoneHeaderInfosForUserO", Object[].class)).thenReturn(query); + Mockito.when(query.setParameter(Mockito.eq("unzoneId"), Mockito.anyLong())).thenReturn(query); + Mockito.when(query.setParameter(Mockito.eq("userId"), Mockito.eq(userId))).thenReturn(query); + Mockito.when(query.getResultList()).thenReturn(results); + + List result = xxSecurityZoneDao.findZoneHeaderInfosForUser(userId); + + Assertions.assertNotNull(result); + Assertions.assertEquals(2, result.size()); + Assertions.assertEquals("zone1", result.get(0).getName()); + Assertions.assertEquals("zone2", result.get(1).getName()); + } + + @Test + public void test07findZoneHeaderInfosForUser_withNullUserId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosForUser(null); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test08findZoneHeaderInfosForUserWithNamePrefix_withNullUserId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosForUserWithNamePrefix(null, "test"); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test09findZoneHeaderInfosForUserWithNamePrefix_withBlankPrefix() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosForUserWithNamePrefix(100L, ""); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test10findZoneHeaderInfosByServiceIdForUser_withNullServiceId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdForUser(null, false, 100L); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test11findZoneHeaderInfosByServiceIdForUser_withNullUserId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdForUser(50L, false, null); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test12findZoneHeaderInfosByServiceIdWithNamePrefix_withNullServiceId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdWithNamePrefix(null, false, "zone"); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test13findZoneHeaderInfosByServiceIdForUserWithNamePrefix_withNullParams() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + + List result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdForUserWithNamePrefix(null, false, 100L, "zone"); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + + result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdForUserWithNamePrefix(50L, false, null, "zone"); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + + result = xxSecurityZoneDao.findZoneHeaderInfosByServiceIdForUserWithNamePrefix(50L, false, 100L, ""); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } + + @Test + public void test14findAllZoneForAdmin() { + XXSecurityZoneDao xxSecurityZoneDao = Mockito.spy(new XXSecurityZoneDao(daoManager)); + + @SuppressWarnings("unchecked") + TypedQuery query = Mockito.mock(TypedQuery.class); + List results = new ArrayList<>(); + results.add(new Object[] { + 1L, "zone1" + }); + results.add(new Object[] { + 2L, "zone2" + }); + results.add(new Object[] { + 3L, "zone3" + }); + + Mockito.doReturn(entityManager).when(xxSecurityZoneDao).getEntityManager(); + Mockito.when(entityManager.createNamedQuery("XXSecurityZone.findAllZoneForAdmin", Object[].class)).thenReturn(query); + Mockito.when(query.setParameter(Mockito.eq("unzoneId"), Mockito.anyLong())).thenReturn(query); + Mockito.when(query.getResultList()).thenReturn(results); + + List result = xxSecurityZoneDao.findAllZoneForAdmin(); + + Assertions.assertNotNull(result); + Assertions.assertEquals(3, result.size()); + Assertions.assertTrue(result.contains(1L)); + Assertions.assertTrue(result.contains(2L)); + Assertions.assertTrue(result.contains(3L)); + } + + @Test + public void test15findZoneNamesByUserId_withNullUserId() { + XXSecurityZoneDao xxSecurityZoneDao = new XXSecurityZoneDao(daoManager); + List result = xxSecurityZoneDao.findZoneNamesByUserId(null); + Assertions.assertNotNull(result); + Assertions.assertTrue(result.isEmpty()); + } +} diff --git a/security-admin/src/test/java/org/apache/ranger/db/TestXXUserDao.java b/security-admin/src/test/java/org/apache/ranger/db/TestXXUserDao.java new file mode 100644 index 0000000000..66810d6646 --- /dev/null +++ b/security-admin/src/test/java/org/apache/ranger/db/TestXXUserDao.java @@ -0,0 +1,95 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.db; + +import org.apache.ranger.entity.XXUser; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.MethodOrderer; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestMethodOrder; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; + +import javax.persistence.EntityManager; +import javax.persistence.NoResultException; +import javax.persistence.TypedQuery; + +/** + * @generated by Cursor + * @description + */ +@ExtendWith(MockitoExtension.class) +@TestMethodOrder(MethodOrderer.MethodName.class) +public class TestXXUserDao { + @Mock + RangerDaoManager daoManager; + + @Mock + EntityManager entityManager; + + @Test + public void test01findByPortalUserId_withValidId() { + Long portalUserId = 50L; + + XXUser xxUser = new XXUser(); + xxUser.setId(100L); + + XXUserDao xxUserDao = Mockito.spy(new XXUserDao(daoManager)); + + @SuppressWarnings("unchecked") + TypedQuery query = Mockito.mock(TypedQuery.class); + + Mockito.doReturn(entityManager).when(xxUserDao).getEntityManager(); + Mockito.when(entityManager.createNamedQuery("XXUser.findByPortalUserId", XXUser.class)).thenReturn(query); + Mockito.when(query.setParameter("portalUserId", portalUserId)).thenReturn(query); + Mockito.when(query.getSingleResult()).thenReturn(xxUser); + + XXUser result = xxUserDao.findByPortalUserId(portalUserId); + + Assertions.assertNotNull(result); + Assertions.assertEquals(100L, result.getId()); + } + + @Test + public void test02findByPortalUserId_withNullId() { + XXUserDao xxUserDao = new XXUserDao(daoManager); + XXUser result = xxUserDao.findByPortalUserId(null); + Assertions.assertNull(result); + } + + @Test + public void test03findByPortalUserId_withNoResult() { + Long portalUserId = 999L; + + XXUserDao xxUserDao = Mockito.spy(new XXUserDao(daoManager)); + + @SuppressWarnings("unchecked") + TypedQuery query = Mockito.mock(TypedQuery.class); + + Mockito.doReturn(entityManager).when(xxUserDao).getEntityManager(); + Mockito.when(entityManager.createNamedQuery("XXUser.findByPortalUserId", XXUser.class)).thenReturn(query); + Mockito.when(query.setParameter("portalUserId", portalUserId)).thenReturn(query); + Mockito.when(query.getSingleResult()).thenThrow(new NoResultException()); + + XXUser result = xxUserDao.findByPortalUserId(portalUserId); + + Assertions.assertNull(result); + } +} diff --git a/security-admin/src/test/java/org/apache/ranger/entity/view/TestVXSecurityZoneUser.java b/security-admin/src/test/java/org/apache/ranger/entity/view/TestVXSecurityZoneUser.java new file mode 100644 index 0000000000..836d373da7 --- /dev/null +++ b/security-admin/src/test/java/org/apache/ranger/entity/view/TestVXSecurityZoneUser.java @@ -0,0 +1,273 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ranger.entity.view; + +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.MethodOrderer; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestMethodOrder; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.junit.jupiter.MockitoExtension; + +/** + * @generated by Cursor + * @description + */ +@ExtendWith(MockitoExtension.class) +@TestMethodOrder(MethodOrderer.MethodName.class) +public class TestVXSecurityZoneUser { + @Test + public void test01setAndGetZoneId() { + VXSecurityZoneUser vxSecurityZoneUser = new VXSecurityZoneUser(); + Long zoneId = 100L; + + vxSecurityZoneUser.setZoneId(zoneId); + + Assertions.assertEquals(zoneId, vxSecurityZoneUser.getZoneId()); + } + + @Test + public void test02setAndGetZoneName() { + VXSecurityZoneUser vxSecurityZoneUser = new VXSecurityZoneUser(); + String zoneName = "testZone"; + + vxSecurityZoneUser.setZoneName(zoneName); + + Assertions.assertEquals(zoneName, vxSecurityZoneUser.getZoneName()); + } + + @Test + public void test03setAndGetUserId() { + VXSecurityZoneUser vxSecurityZoneUser = new VXSecurityZoneUser(); + Long userId = 50L; + + vxSecurityZoneUser.setUserId(userId); + + Assertions.assertEquals(userId, vxSecurityZoneUser.getUserId()); + } + + @Test + public void test04setAndGetAccessType() { + VXSecurityZoneUser vxSecurityZoneUser = new VXSecurityZoneUser(); + Integer accessType = VXSecurityZoneUser.ACCESS_TYPE_DIRECT_USER; + + vxSecurityZoneUser.setAccessType(accessType); + + Assertions.assertEquals(accessType, vxSecurityZoneUser.getAccessType()); + } + + @Test + public void test05accessTypeConstants() { + Assertions.assertEquals(0, VXSecurityZoneUser.ACCESS_TYPE_DIRECT_USER); + Assertions.assertEquals(1, VXSecurityZoneUser.ACCESS_TYPE_GROUP_MEMBER); + Assertions.assertEquals(2, VXSecurityZoneUser.ACCESS_TYPE_ROLE_MEMBER); + Assertions.assertEquals(3, VXSecurityZoneUser.ACCESS_TYPE_ROLE_GROUP_MEMBER); + Assertions.assertEquals(4, VXSecurityZoneUser.ACCESS_TYPE_PUBLIC_GROUP); + } + + @Test + public void test06createVXSecurityZoneUserWithAllFields() { + VXSecurityZoneUser vxSecurityZoneUser = new VXSecurityZoneUser(); + + vxSecurityZoneUser.setZoneId(100L); + vxSecurityZoneUser.setZoneName("testZone"); + vxSecurityZoneUser.setUserId(50L); + vxSecurityZoneUser.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_GROUP_MEMBER); + + Assertions.assertEquals(100L, vxSecurityZoneUser.getZoneId()); + Assertions.assertEquals("testZone", vxSecurityZoneUser.getZoneName()); + Assertions.assertEquals(50L, vxSecurityZoneUser.getUserId()); + Assertions.assertEquals(Integer.valueOf(1), vxSecurityZoneUser.getAccessType()); + } + + @Test + public void test07compositeKeyDefaultConstructor() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(); + + Assertions.assertNull(compositeKey.zoneId); + Assertions.assertNull(compositeKey.userId); + Assertions.assertNull(compositeKey.accessType); + } + + @Test + public void test08compositeKeyParameterizedConstructor() { + Long zoneId = 100L; + Long userId = 50L; + Integer accessType = VXSecurityZoneUser.ACCESS_TYPE_ROLE_MEMBER; + + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(zoneId, userId, accessType); + + Assertions.assertEquals(zoneId, compositeKey.zoneId); + Assertions.assertEquals(userId, compositeKey.userId); + Assertions.assertEquals(accessType, compositeKey.accessType); + } + + @Test + public void test09compositeKeyEqualsWithSameObject() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + Assertions.assertEquals(compositeKey, compositeKey); + } + + @Test + public void test10compositeKeyEqualsWithEqualObjects() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + Assertions.assertEquals(compositeKey1, compositeKey2); + Assertions.assertEquals(compositeKey2, compositeKey1); + } + + @Test + public void test11compositeKeyEqualsWithDifferentZoneId() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(200L, 50L, 0); + + Assertions.assertNotEquals(compositeKey1, compositeKey2); + } + + @Test + public void test12compositeKeyEqualsWithDifferentUserId() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 60L, 0); + + Assertions.assertNotEquals(compositeKey1, compositeKey2); + } + + @Test + public void test13compositeKeyEqualsWithDifferentAccessType() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 1); + + Assertions.assertNotEquals(compositeKey1, compositeKey2); + } + + @Test + public void test14compositeKeyEqualsWithNull() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + Assertions.assertNotEquals(null, compositeKey); + } + + @Test + public void test15compositeKeyEqualsWithDifferentClass() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + String otherObject = "Not a VXSecurityZoneUserId"; + + Assertions.assertNotEquals(compositeKey, otherObject); + } + + @Test + public void test16compositeKeyHashCodeConsistency() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + int hashCode1 = compositeKey.hashCode(); + int hashCode2 = compositeKey.hashCode(); + + Assertions.assertEquals(hashCode1, hashCode2); + } + + @Test + public void test17compositeKeyHashCodeForEqualObjects() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + Assertions.assertEquals(compositeKey1.hashCode(), compositeKey2.hashCode()); + } + + @Test + public void test18compositeKeyHashCodeForDifferentObjects() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(200L, 50L, 0); + + Assertions.assertNotEquals(compositeKey1.hashCode(), compositeKey2.hashCode()); + } + + @Test + public void test19compositeKeyWithNullValues() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(null, null, null); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(null, null, null); + + Assertions.assertEquals(compositeKey1, compositeKey2); + Assertions.assertEquals(compositeKey1.hashCode(), compositeKey2.hashCode()); + } + + @Test + public void test20compositeKeyWithPartialNullValues() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, null, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, null, 0); + + Assertions.assertEquals(compositeKey1, compositeKey2); + } + + @Test + public void test21compositeKeyWithMixedNullAndNonNull() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey1 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, null, 0); + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey2 = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, 0); + + Assertions.assertNotEquals(compositeKey1, compositeKey2); + } + + @Test + public void test22vxSecurityZoneUserWithDifferentAccessTypes() { + VXSecurityZoneUser directUser = new VXSecurityZoneUser(); + directUser.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_DIRECT_USER); + + VXSecurityZoneUser groupMember = new VXSecurityZoneUser(); + groupMember.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_GROUP_MEMBER); + + VXSecurityZoneUser roleMember = new VXSecurityZoneUser(); + roleMember.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_ROLE_MEMBER); + + VXSecurityZoneUser roleGroupMember = new VXSecurityZoneUser(); + roleGroupMember.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_ROLE_GROUP_MEMBER); + + VXSecurityZoneUser publicGroup = new VXSecurityZoneUser(); + publicGroup.setAccessType(VXSecurityZoneUser.ACCESS_TYPE_PUBLIC_GROUP); + + Assertions.assertEquals(Integer.valueOf(0), directUser.getAccessType()); + Assertions.assertEquals(Integer.valueOf(1), groupMember.getAccessType()); + Assertions.assertEquals(Integer.valueOf(2), roleMember.getAccessType()); + Assertions.assertEquals(Integer.valueOf(3), roleGroupMember.getAccessType()); + Assertions.assertEquals(Integer.valueOf(4), publicGroup.getAccessType()); + } + + @Test + public void test23compositeKeyHashCodeWithNullZoneId() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(null, 50L, 0); + int hashCode = compositeKey.hashCode(); + + Assertions.assertNotEquals(0, hashCode); + } + + @Test + public void test24compositeKeyHashCodeWithNullUserId() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, null, 0); + int hashCode = compositeKey.hashCode(); + + Assertions.assertNotEquals(0, hashCode); + } + + @Test + public void test25compositeKeyHashCodeWithNullAccessType() { + VXSecurityZoneUser.VXSecurityZoneUserId compositeKey = new VXSecurityZoneUser.VXSecurityZoneUserId(100L, 50L, null); + int hashCode = compositeKey.hashCode(); + + Assertions.assertNotEquals(0, hashCode); + } +}