Description
- Reorganize authorization logic
Recently when I was sorting out the authorization logic of ranger admin, I saw confusion.
For example: At ServiceREST I saw the following, similar logic been implemented in a distributed fasion.
- I think these method should be in the same class for easy maintainance. A Better way is to create a new class for authorization logic instead of putting everythiong into bizUtil because it's responsible for many thing.
- To sum up, I want to put these method into A new class named "RangerAuthorizationHelper".
RangerBizUtil.isUserAllowed
RangerBizUtil.checkAdminAccess
RangerBizUtil.isUserRangerAdmin
RangerBizUtil.isUserServiceAdmin
RoleREST.userIsSrvAdmOrSrvUser
svcStore.isServiceAdminUser
XUserMgr.hasAccessToModule
RangerBizUtil.hasModuleAccess
RoleDBStore.ensureRoleAccess
RangerBizUtil.blockAuditorRoleUser
... and many.