in security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java [1216:1484]
public synchronized void deleteXUser(Long id, boolean force) {
checkAdminAccess();
xaBizUtil.blockAuditorRoleUser();
XXUserDao xXUserDao = daoManager.getXXUser();
XXUser xXUser = xXUserDao.getById(id);
if (xXUser == null) {
throw restErrorUtil.create404RESTException("Data Not Found for given Id", MessageEnums.DATA_NOT_FOUND, id, null, "readResource : No Object found with given id.");
}
VXUser vXUser = xUserService.populateViewBean(xXUser);
if (vXUser == null || StringUtils.isEmpty(vXUser.getName())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
XXPortalUserDao xXPortalUserDao = daoManager.getXXPortalUser();
XXPortalUser xXPortalUser = xXPortalUserDao.findByLoginId(vXUser.getName().trim());
VXPortalUser vXPortalUser = null;
if (xXPortalUser != null) {
vXPortalUser = xPortalUserService.populateViewBean(xXPortalUser);
}
if (vXPortalUser == null || StringUtils.isEmpty(vXPortalUser.getLoginId())) {
throw restErrorUtil.createRESTException("No user found with id=" + id);
}
logger.debug("Force delete status={} for user={}", force, vXUser.getName());
restrictSelfAccountDeletion(vXUser.getName().trim());
blockIfZoneUser(id);
this.blockIfRoleUser(id);
SearchCriteria searchCriteria = new SearchCriteria();
searchCriteria.addParam("xUserId", id);
VXGroupUserList vxGroupUserList = searchXGroupUsers(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXPermMapList vXPermMapList = searchXPermMaps(searchCriteria);
searchCriteria = new SearchCriteria();
searchCriteria.addParam("userId", id);
VXAuditMapList vXAuditMapList = searchXAuditMaps(searchCriteria);
long xXPortalUserId = vXPortalUser.getId();
XXAuthSessionDao xXAuthSessionDao = daoManager.getXXAuthSession();
XXUserPermissionDao xXUserPermissionDao = daoManager.getXXUserPermission();
XXPortalUserRoleDao xXPortalUserRoleDao = daoManager.getXXPortalUserRole();
List<Long> xXAuthSessionIds = xXAuthSessionDao.getAuthSessionIdsByUserId(xXPortalUserId);
List<XXUserPermission> xXUserPermissions = xXUserPermissionDao.findByUserPermissionId(xXPortalUserId);
List<XXPortalUserRole> xXPortalUserRoles = xXPortalUserRoleDao.findByUserId(xXPortalUserId);
XXPolicyDao xXPolicyDao = daoManager.getXXPolicy();
logger.warn("Deleting User : {}", vXUser.getName());
if (force) {
//delete XXGroupUser mapping
XXGroupUserDao xGroupUserDao = daoManager.getXXGroupUser();
for (VXGroupUser groupUser : vxGroupUserList.getList()) {
if (groupUser != null) {
logger.warn("Removing user '{}' from group '{}'", vXUser.getName(), groupUser.getName());
xGroupUserDao.remove(groupUser.getId());
}
}
//delete XXPermMap records of user
XXPermMapDao xXPermMapDao = daoManager.getXXPermMap();
for (VXPermMap vXPermMap : vXPermMapList.getList()) {
if (vXPermMap != null) {
logger.warn("Deleting '{}' permission from policy ID='{}' for user '{}'", AppConstants.getLabelFor_XAPermType(vXPermMap.getPermType()), vXPermMap.getResourceId(), vXPermMap.getUserName());
xXPermMapDao.remove(vXPermMap.getId());
}
}
//delete XXAuditMap records of user
XXAuditMapDao xXAuditMapDao = daoManager.getXXAuditMap();
for (VXAuditMap vXAuditMap : vXAuditMapList.getList()) {
if (vXAuditMap != null) {
xXAuditMapDao.remove(vXAuditMap.getId());
}
}
//delete XXPortalUser references
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
if (CollectionUtils.isNotEmpty(xXAuthSessionIds)) {
logger.warn("Deleting {} login session records for user '{}'", xXAuthSessionIds.size(), vXPortalUser.getLoginId());
xXAuthSessionDao.deleteAuthSessionsByIds(xXAuthSessionIds);
}
for (XXUserPermission xXUserPermission : xXUserPermissions) {
if (xXUserPermission != null) {
XXModuleDef xXModuleDef = daoManager.getXXModuleDef().findByModuleId(xXUserPermission.getModuleId());
if (xXModuleDef != null) {
logger.warn("Deleting '{}' module permission for user '{}'", xXModuleDef.getModule(), vXPortalUser.getLoginId());
}
xXUserPermissionDao.remove(xXUserPermission.getId());
}
}
for (XXPortalUserRole xXPortalUserRole : xXPortalUserRoles) {
if (xXPortalUserRole != null) {
logger.warn("Deleting '{}' role for user '{}'", xXPortalUserRole.getUserRole(), vXPortalUser.getLoginId());
xXPortalUserRoleDao.remove(xXPortalUserRole.getId());
}
}
//delete XXPolicyItemUserPerm records of user
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
for (XXPolicy xXPolicy : xXPolicyList) {
RangerPolicy rangerPolicy = policyService.getPopulatedViewObject(xXPolicy);
List<RangerPolicyItem> policyItems = rangerPolicy.getPolicyItems();
removeUserGroupReferences(policyItems, vXUser.getName(), null);
rangerPolicy.setPolicyItems(policyItems);
List<RangerPolicyItem> denyPolicyItems = rangerPolicy.getDenyPolicyItems();
removeUserGroupReferences(denyPolicyItems, vXUser.getName(), null);
rangerPolicy.setDenyPolicyItems(denyPolicyItems);
List<RangerPolicyItem> allowExceptions = rangerPolicy.getAllowExceptions();
removeUserGroupReferences(allowExceptions, vXUser.getName(), null);
rangerPolicy.setAllowExceptions(allowExceptions);
List<RangerPolicyItem> denyExceptions = rangerPolicy.getDenyExceptions();
removeUserGroupReferences(denyExceptions, vXUser.getName(), null);
rangerPolicy.setDenyExceptions(denyExceptions);
List<RangerDataMaskPolicyItem> dataMaskItems = rangerPolicy.getDataMaskPolicyItems();
removeUserGroupReferences(dataMaskItems, vXUser.getName(), null);
rangerPolicy.setDataMaskPolicyItems(dataMaskItems);
List<RangerRowFilterPolicyItem> rowFilterItems = rangerPolicy.getRowFilterPolicyItems();
removeUserGroupReferences(rowFilterItems, vXUser.getName(), null);
rangerPolicy.setRowFilterPolicyItems(rowFilterItems);
try {
if (StringUtils.equals(rangerPolicy.getServiceType(), EmbeddedServiceDefsUtil.EMBEDDED_SERVICEDEF_GDS_NAME)) {
Map<String, RangerPolicyResource> resources = rangerPolicy.getResources();
if (MapUtils.isEmpty(resources)) {
continue;
}
if (resources.containsKey(GdsDBStore.RESOURCE_NAME_DATASET_ID)) {
RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_DATASET_ID);
List<String> resValues = policyRes != null ? policyRes.getValues() : null;
if (CollectionUtils.isNotEmpty(resValues)) {
gdsStore.updateDatasetPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
}
} else if (resources.containsKey(GdsDBStore.RESOURCE_NAME_PROJECT_ID)) {
RangerPolicyResource policyRes = resources.get(GdsDBStore.RESOURCE_NAME_PROJECT_ID);
List<String> resValues = policyRes != null ? policyRes.getValues() : null;
if (CollectionUtils.isNotEmpty(resValues)) {
gdsStore.updateProjectPolicy(Long.valueOf(resValues.get(0)), rangerPolicy);
}
}
} else {
svcStore.updatePolicy(rangerPolicy);
}
} catch (Throwable excp) {
logger.error("updatePolicy({}) failed", rangerPolicy, excp);
throw restErrorUtil.createRESTException(excp.getMessage());
}
}
//delete user from audit filter configs
svcStore.updateServiceAuditConfig(vXUser.getName(), REMOVE_REF_TYPE.USER);
//delete gdsObject mapping of user
gdsStore.deletePrincipalFromGdsAcl(REMOVE_REF_TYPE.USER.toString(), vXUser.getName());
//delete XXUser entry of user
xXUserDao.remove(id);
//delete XXPortal entry of user
logger.warn("Deleting Portal User : {}", vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
xUserService.createTransactionLog(xUserService.populateViewBean(xXUser), null, OPERATION_DELETE_CONTEXT);
xPortalUserService.createTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), null, OPERATION_DELETE_CONTEXT);
} else {
boolean hasReferences = false;
List<XXPolicy> xXPolicyList = xXPolicyDao.findByUserId(id);
if (vxGroupUserList != null && vxGroupUserList.getListSize() > 0) {
hasReferences = true;
}
if (!hasReferences && xXPolicyList != null && !xXPolicyList.isEmpty()) {
hasReferences = true;
}
if (!hasReferences && vXPermMapList != null && vXPermMapList.getListSize() > 0) {
hasReferences = true;
}
if (!hasReferences && vXAuditMapList != null && vXAuditMapList.getListSize() > 0) {
hasReferences = true;
}
if (!hasReferences && CollectionUtils.isNotEmpty(xXAuthSessionIds)) {
hasReferences = true;
}
if (!hasReferences && xXUserPermissions != null && !xXUserPermissions.isEmpty()) {
hasReferences = true;
}
if (!hasReferences && xXPortalUserRoles != null && !xXPortalUserRoles.isEmpty()) {
hasReferences = true;
}
if (hasReferences) {
if (vXUser.getIsVisible() != RangerCommonEnums.IS_HIDDEN) {
logger.info("Updating visibility of user '{}' to Hidden!", vXUser.getName());
vXUser.setIsVisible(RangerCommonEnums.IS_HIDDEN);
xUserService.updateResource(vXUser);
}
} else {
xPortalUserService.updateXXPortalUserReferences(xXPortalUserId);
//delete XXUser entry of user
xXUserDao.remove(id);
//delete XXPortal entry of user
logger.warn("Deleting Portal User : {}", vXPortalUser.getLoginId());
xXPortalUserDao.remove(xXPortalUserId);
xUserService.createTransactionLog(xUserService.populateViewBean(xXUser), null, OPERATION_DELETE_CONTEXT);
xPortalUserService.createTransactionLog(xPortalUserService.populateViewBean(xXPortalUser), null, OPERATION_DELETE_CONTEXT);
}
}
}