in security-admin/src/main/java/org/apache/ranger/biz/ServiceDBStore.java [5374:5636]
private RangerPolicyList searchRangerPolicies(SearchFilter searchFilter) {
List<RangerPolicy> policyList = new ArrayList<>();
RangerPolicyList retList = new RangerPolicyList();
Map<Long, RangerPolicy> policyMap = new HashMap<>();
Set<Long> processedServices = new HashSet<>();
Set<Long> processedSvcIdsForRole = new HashSet<>();
Set<Long> processedPolicies = new HashSet<>();
List<XXPolicy> xPolList = null;
String serviceName = searchFilter.getParam(ServiceREST.PARAM_SERVICE_NAME);
if (StringUtils.isNotBlank(serviceName)) {
Long serviceId = getRangerServiceByName(serviceName.trim());
if (serviceId != null) {
loadRangerPolicies(serviceId, processedServices, policyMap, searchFilter);
}
} else {
xPolList = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList)) {
for (XXPolicy xXPolicy : xPolList) {
if (!processedServices.contains(xXPolicy.getService())) {
loadRangerPolicies(xXPolicy.getService(), processedServices, policyMap, searchFilter);
}
}
}
}
String userName = searchFilter.getParam("user");
if (!StringUtils.isEmpty(userName)) {
searchFilter.setParam("user", RangerPolicyEngine.USER_CURRENT);
List<XXPolicy> xPolListForMacroUser = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
Set<Long> processedSvcIdsForMacroUser = new HashSet<>();
if (!CollectionUtils.isEmpty(xPolListForMacroUser)) {
for (XXPolicy xXPolicy : xPolListForMacroUser) {
if (!processedPolicies.contains(xXPolicy.getId())) {
if (!processedSvcIdsForMacroUser.contains(xXPolicy.getService())) {
loadRangerPolicies(xXPolicy.getService(), processedSvcIdsForMacroUser, policyMap, searchFilter);
}
if (policyMap.get(xXPolicy.getId()) != null) {
policyList.add(policyMap.get(xXPolicy.getId()));
processedPolicies.add(xXPolicy.getId());
}
}
}
}
searchFilter.removeParam("user");
Set<String> groupNames = daoMgr.getXXGroupUser().findGroupNamesByUserName(userName);
groupNames.add(RangerConstants.GROUP_PUBLIC);
Set<Long> processedSvcIdsForGroup = new HashSet<>();
Set<String> processedGroupsName = new HashSet<>();
for (String groupName : groupNames) {
searchFilter.setParam("group", groupName);
List<XXPolicy> xPolList2 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList2)) {
for (XXPolicy xPol2 : xPolList2) {
if (xPol2 != null) {
if (!processedPolicies.contains(xPol2.getId())) {
if (!processedSvcIdsForGroup.contains(xPol2.getService()) || !processedGroupsName.contains(groupName)) {
loadRangerPolicies(xPol2.getService(), processedSvcIdsForGroup, policyMap, searchFilter);
processedGroupsName.add(groupName);
}
if (policyMap.containsKey(xPol2.getId())) {
policyList.add(policyMap.get(xPol2.getId()));
processedPolicies.add(xPol2.getId());
}
}
}
}
}
}
// fetch policies maintained for the roles belonging to the user
searchFilter.removeParam("group");
XXUser xxUser = daoMgr.getXXUser().findByUserName(userName);
if (xxUser != null) {
Set<Long> allContainedRoles = new HashSet<>();
List<XXRole> xxRoles = daoMgr.getXXRole().findByUserId(xxUser.getId());
for (XXRole xxRole : xxRoles) {
getContainingRoles(xxRole.getId(), allContainedRoles);
}
Set<String> roleNames = getRoleNames(allContainedRoles);
Set<String> processedRoleName = new HashSet<>();
for (String roleName : roleNames) {
searchFilter.setParam("role", roleName);
List<XXPolicy> xPolList3 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList3)) {
for (XXPolicy xPol3 : xPolList3) {
if (xPol3 != null) {
if (!processedPolicies.contains(xPol3.getId())) {
if (!processedSvcIdsForRole.contains(xPol3.getService()) || !processedRoleName.contains(roleName)) {
loadRangerPolicies(xPol3.getService(), processedSvcIdsForRole, policyMap, searchFilter);
processedRoleName.add(roleName);
}
if (policyMap.containsKey(xPol3.getId())) {
policyList.add(policyMap.get(xPol3.getId()));
processedPolicies.add(xPol3.getId());
}
}
}
}
}
}
}
}
// fetch policies maintained for the roles and groups belonging to the group
String groupName = searchFilter.getParam("group");
if (StringUtils.isBlank(groupName)) {
groupName = RangerConstants.GROUP_PUBLIC;
}
Set<String> groupNames = daoMgr.getXXGroupGroup().findGroupNamesByGroupName(groupName);
groupNames.add(groupName);
Set<Long> processedSvcIdsForGroup = new HashSet<>();
Set<String> processedGroupsName = new HashSet<>();
for (String grpName : groupNames) {
searchFilter.setParam("group", grpName);
List<XXPolicy> xPolList2 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList2)) {
for (XXPolicy xPol2 : xPolList2) {
if (xPol2 != null) {
if (!processedPolicies.contains(xPol2.getId())) {
if (!processedSvcIdsForGroup.contains(xPol2.getService()) || !processedGroupsName.contains(groupName)) {
loadRangerPolicies(xPol2.getService(), processedSvcIdsForGroup, policyMap, searchFilter);
processedGroupsName.add(groupName);
}
if (policyMap.containsKey(xPol2.getId())) {
policyList.add(policyMap.get(xPol2.getId()));
processedPolicies.add(xPol2.getId());
}
}
}
}
}
}
searchFilter.removeParam("group");
XXGroup xxGroup = daoMgr.getXXGroup().findByGroupName(groupName);
if (xxGroup != null) {
Set<Long> allContainedRoles = new HashSet<>();
List<XXRole> xxRoles = daoMgr.getXXRole().findByGroupId(xxGroup.getId());
for (XXRole xxRole : xxRoles) {
getContainingRoles(xxRole.getId(), allContainedRoles);
}
Set<String> roleNames = getRoleNames(allContainedRoles);
Set<String> processedRoleName = new HashSet<>();
for (String roleName : roleNames) {
searchFilter.setParam("role", roleName);
List<XXPolicy> xPolList3 = policyService.searchResources(searchFilter, policyService.searchFields, policyService.sortFields, retList);
if (!CollectionUtils.isEmpty(xPolList3)) {
for (XXPolicy xPol3 : xPolList3) {
if (xPol3 != null) {
if (!processedPolicies.contains(xPol3.getId())) {
if (!processedSvcIdsForRole.contains(xPol3.getService()) || !processedRoleName.contains(roleName)) {
loadRangerPolicies(xPol3.getService(), processedSvcIdsForRole, policyMap, searchFilter);
processedRoleName.add(roleName);
}
if (policyMap.containsKey(xPol3.getId())) {
policyList.add(policyMap.get(xPol3.getId()));
processedPolicies.add(xPol3.getId());
}
}
}
}
}
}
}
if (!CollectionUtils.isEmpty(xPolList)) {
if (isSearchQuerybyResource(searchFilter)) {
if (MapUtils.isNotEmpty(policyMap)) {
for (Entry<Long, RangerPolicy> entry : policyMap.entrySet()) {
if (!processedPolicies.contains(entry.getKey())) {
policyList.add(entry.getValue());
processedPolicies.add(entry.getKey());
}
}
}
} else {
for (XXPolicy xPol : xPolList) {
if (xPol != null) {
if (!processedPolicies.contains(xPol.getId())) {
if (!processedServices.contains(xPol.getService())) {
loadRangerPolicies(xPol.getService(), processedServices, policyMap, searchFilter);
}
if (policyMap.containsKey(xPol.getId())) {
policyList.add(policyMap.get(xPol.getId()));
processedPolicies.add(xPol.getId());
}
}
}
}
}
} else {
if (MapUtils.isNotEmpty(policyMap)) {
for (Entry<Long, RangerPolicy> entry : policyMap.entrySet()) {
if (!processedPolicies.contains(entry.getKey())) {
policyList.add(entry.getValue());
processedPolicies.add(entry.getKey());
}
}
}
}
Comparator<RangerPolicy> comparator = Comparator.comparing(RangerBaseModelObject::getId);
if (CollectionUtils.isNotEmpty(policyList)) {
policyList.sort(comparator);
}
retList.setPolicies(policyList);
return retList;
}