Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-4122

[RangerAdmin] Reorganize authorization/access check logic

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.3.0
    • 3.0.0
    • admin
    • None

    Description

      1. Reorganize authorization logic
        Recently when I was sorting out the authorization logic of ranger admin, I saw confusion.
        For example: At ServiceREST I saw the following, similar logic been implemented in a distributed fasion.

      2. I think these method should be in the same class for easy maintainance. A  Better way is to create a new class for authorization logic instead of putting everythiong into bizUtil because it's responsible for many thing.
      3. To sum up, I want to put these method into A new class named "RangerAuthorizationHelper".

      RangerBizUtil.isUserAllowed
      RangerBizUtil.checkAdminAccess
      RangerBizUtil.isUserRangerAdmin
      RangerBizUtil.isUserServiceAdmin
      RoleREST.userIsSrvAdmOrSrvUser
      svcStore.isServiceAdminUser
      XUserMgr.hasAccessToModule
      RangerBizUtil.hasModuleAccess
      RoleDBStore.ensureRoleAccess
      RangerBizUtil.blockAuditorRoleUser
      ... and many.

      Attachments

        1. Pasted image 20230305134707 1.png
          78 kB
          KyrieG
        2. image-2023-03-05-22-17-35-210.png
          65 kB
          KyrieG
        3. image-2023-03-05-22-17-00-698.png
          103 kB
          KyrieG
        4. image-2023-03-05-22-16-17-927.png
          78 kB
          KyrieG

        Activity

          People

            KyrieG KyrieG
            KyrieG KyrieG
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: