RANGER-3551: Analyze & optimize module permissions related API (Part-1)

Created new API /permissionlist to reduce response object size of the permission listing page.
Also, optimized code for GET API /permission/{id}

Signed-off-by: pradeep <[email protected]>

Author: Mahesh Bandal

security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java

@@ -1126,44 +1126,25 @@ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
 		if(!StringUtils.equals(xModuleDef.getModule(), vXModuleDef.getModule())) {
 			throw restErrorUtil.createRESTException("Module name change is not allowed!", MessageEnums.DATA_NOT_UPDATABLE);
 		}
-		VXModuleDef vModuleDefPopulateOld = xModuleDefService.populateViewBean(xModuleDef);
 
-		List<XXGroupPermission> xgroupPermissionList = daoManager.getXXGroupPermission().findByModuleId(vXModuleDef.getId(), true);
-		Map<Long, XXGroup> xXGroupMap=xGroupService.getXXGroupIdXXGroupMap();
-		if(xXGroupMap==null || xXGroupMap.isEmpty()){
-			for (XXGroupPermission xGrpPerm : xgroupPermissionList) {
-				VXGroupPermission vXGrpPerm = xGroupPermissionService.populateViewBean(xGrpPerm);
-				groupPermListOld.add(vXGrpPerm);
-			}
-		}else{
-			groupPermListOld=xGroupPermissionService.getPopulatedVXGroupPermissionList(xgroupPermissionList,xXGroupMap,vModuleDefPopulateOld);
-		}
-		vModuleDefPopulateOld.setGroupPermList(groupPermListOld);
+		Map<Long, Object[]> xXPortalUserIdXXUserMap = xUserService.getXXPortalUserIdXXUserNameMap();
+		Map<Long, String> xXGroupMap = xGroupService.getXXGroupIdNameMap();
+		VXModuleDef vModuleDefPopulateOld = xModuleDefService.populateViewBean(xModuleDef, xXPortalUserIdXXUserMap, xXGroupMap, true);
+		groupPermListOld = vModuleDefPopulateOld.getGroupPermList();
+		userPermListOld = vModuleDefPopulateOld.getUserPermList();
+		Map<Long, VXUserPermission> userPermMapOld = xUserPermissionService.convertVListToVMap(userPermListOld);
+		Map<Long, VXGroupPermission> groupPermMapOld = xGroupPermissionService.convertVListToVMap(groupPermListOld);
 
-		List<XXUserPermission> xuserPermissionList = daoManager.getXXUserPermission().findByModuleId(vXModuleDef.getId(), true);
-		Map<Long, XXUser> xXPortalUserIdXXUserMap=xUserService.getXXPortalUserIdXXUserMap();
-		if(xXPortalUserIdXXUserMap==null || xXPortalUserIdXXUserMap.isEmpty()){
-			for (XXUserPermission xUserPerm : xuserPermissionList) {
-				VXUserPermission vUserPerm = xUserPermissionService.populateViewBean(xUserPerm);
-				userPermListOld.add(vUserPerm);
-			}
-		}else{
-			userPermListOld=xUserPermissionService.getPopulatedVXUserPermissionList(xuserPermissionList,xXPortalUserIdXXUserMap,vModuleDefPopulateOld);
-		}
-		vModuleDefPopulateOld.setUserPermList(userPermListOld);
-
-		if (groupPermListOld != null && groupPermListNew != null) {
+		if (groupPermMapOld != null && groupPermListNew != null) {
 			for (VXGroupPermission newVXGroupPerm : groupPermListNew) {
-
 				boolean isExist = false;
-
-				for (VXGroupPermission oldVXGroupPerm : groupPermListOld) {
-					if (newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId()) && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())) {
-						if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
-							oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
-							oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
-						}
-						isExist = true;
+				VXGroupPermission oldVXGroupPerm = groupPermMapOld.get(newVXGroupPerm.getGroupId());
+				if (oldVXGroupPerm != null && newVXGroupPerm.getGroupId().equals(oldVXGroupPerm.getGroupId())
+						&& newVXGroupPerm.getModuleId().equals(oldVXGroupPerm.getModuleId())) {
+					isExist = true;
+					if (!newVXGroupPerm.getIsAllowed().equals(oldVXGroupPerm.getIsAllowed())) {
+						oldVXGroupPerm.setIsAllowed(newVXGroupPerm.getIsAllowed());
+						oldVXGroupPerm = this.updateXGroupPermission(oldVXGroupPerm);
 					}
 				}
 				if (!isExist) {
@@ -1172,17 +1153,17 @@ public VXModuleDef updateXModuleDefPermission(VXModuleDef vXModuleDef) {
 			}
 		}
 
-		if (userPermListOld != null && userPermListNew != null) {
+		if (userPermMapOld != null && userPermListNew != null) {
 			for (VXUserPermission newVXUserPerm : userPermListNew) {
 
 				boolean isExist = false;
-				for (VXUserPermission oldVXUserPerm : userPermListOld) {
-					if (newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId()) && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())) {
-						if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
-							oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
-							oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
-						}
-						isExist = true;
+				VXUserPermission oldVXUserPerm = userPermMapOld.get(newVXUserPerm.getUserId());
+				if (oldVXUserPerm != null && newVXUserPerm.getUserId().equals(oldVXUserPerm.getUserId())
+						&& newVXUserPerm.getModuleId().equals(oldVXUserPerm.getModuleId())) {
+					isExist = true;
+					if (!newVXUserPerm.getIsAllowed().equals(oldVXUserPerm.getIsAllowed())) {
+						oldVXUserPerm.setIsAllowed(newVXUserPerm.getIsAllowed());
+						oldVXUserPerm = this.updateXUserPermission(oldVXUserPerm);
 					}
 				}
 				if (!isExist) {

security-admin/src/main/java/org/apache/ranger/biz/XUserMgrBase.java

@@ -45,6 +45,7 @@
 import org.apache.ranger.view.VXPermMap;
 import org.apache.ranger.view.VXPermMapList;
 import org.apache.ranger.view.VXUser;
+import org.apache.ranger.view.VXModulePermissionList;
 import org.apache.ranger.view.VXUserList;
 import org.apache.ranger.view.VXUserPermissionList;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -280,6 +281,9 @@ public VXLong getXAuditMapSearchCount(SearchCriteria searchCriteria) {
 	public VXModuleDefList searchXModuleDef(SearchCriteria searchCriteria) {
 		return xModuleDefService.searchModuleDef(searchCriteria);
 	}
+	public VXModulePermissionList searchXModuleDefList(SearchCriteria searchCriteria) {
+		return xModuleDefService.searchModuleDefList(searchCriteria);
+	}
 
 	public VXUserPermissionList searchXUserPermission(SearchCriteria searchCriteria) {
 		return xUserPermissionService.searchXUserPermission(searchCriteria);

security-admin/src/main/java/org/apache/ranger/common/SearchCriteria.java

@@ -28,7 +28,6 @@
 import java.util.List;
 import java.util.Set;
 
-import org.apache.ranger.biz.RangerBizUtil;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -188,12 +187,12 @@ public boolean isDistinct() {
 	 */
 	public void setDistinct(boolean isDistinct) {
 
-		int dbFlavor = RangerBizUtil.getDBFlavor();
-		if (isDistinct && dbFlavor == AppConstants.DB_FLAVOR_ORACLE) {
-			isDistinct = false;
-			logger.debug("Database flavor is `ORACLE` so ignoring DISTINCT "
-					+ "clause from select statement.");
-		}
+//		int dbFlavor = RangerBizUtil.getDBFlavor();
+//		if (isDistinct && dbFlavor == AppConstants.DB_FLAVOR_ORACLE) {
+//			isDistinct = false;
+//			logger.debug("Database flavor is `ORACLE` so ignoring DISTINCT "
+//					+ "clause from select statement.");
+//		}
 		this.isDistinct = isDistinct;
 	}
 

security-admin/src/main/java/org/apache/ranger/db/XXGroupPermissionDao.java

@@ -45,13 +45,13 @@ public List<XXGroupPermission> findByModuleId(Long moduleId,
 				if (isUpdate) {
 					return getEntityManager()
 							.createNamedQuery(
-									"XXGroupPermissionUpdate.findByModuleId",
+									"XXGroupPermissionUpdates.findByModuleId",
 									XXGroupPermission.class)
 							.setParameter("moduleId", moduleId).getResultList();
 				}
 				return getEntityManager()
 						.createNamedQuery(
-								"XXGroupPermissionUpdates.findByModuleId",
+								"XXGroupPermission.findByModuleId",
 								XXGroupPermission.class)
 						.setParameter("moduleId", moduleId)
 						.setParameter("isAllowed", RangerCommonEnums.IS_ALLOWED)
@@ -131,4 +131,19 @@ public void deleteByModuleId(Long moduleId) {
 		}
 	}
 
+	public List<String> findModuleGroupsByModuleId(Long moduleId) {
+		if (moduleId != null) {
+			try {
+				return getEntityManager().createNamedQuery("XXGroupPermission.findModuleGroupsByModuleId", String.class)
+				.setParameter("moduleId", moduleId)
+				.setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+				.getResultList();
+			} catch (Exception e) {
+				logger.debug(e.getMessage());
+			}
+		} else {
+			logger.debug("ModuleId not provided.");
+		}
+		return null;
+	}
 }

security-admin/src/main/java/org/apache/ranger/db/XXUserPermissionDao.java

@@ -132,4 +132,21 @@ public void deleteByModuleId(Long moduleId) {
 			logger.debug("ModuleId not provided.");
 		}
 	}
+
+	@SuppressWarnings("unchecked")
+	public List<String> findModuleUsersByModuleId(Long moduleId) {
+		if (moduleId != null) {
+			try {
+				return getEntityManager().createNamedQuery("XXUserPermission.findModuleUsersByModuleId", String.class)
+				.setParameter("moduleId", moduleId)
+				.setParameter("isAllowed",RangerCommonEnums.IS_ALLOWED)
+				.getResultList();
+			} catch (Exception e) {
+				logger.debug(e.getMessage());
+			}
+		} else {
+			logger.debug("ModuleId not provided.");
+		}
+		return null;
+	}
 }

security-admin/src/main/java/org/apache/ranger/rest/XUserREST.java

@@ -977,6 +977,27 @@ public VXModuleDefList searchXModuleDef(@Context HttpServletRequest request) {
 		return xUserMgr.searchXModuleDef(searchCriteria);
 	}
 
+	@GET
+	@Path("/permissionlist")
+	@Produces({ "application/xml", "application/json" })
+	@PreAuthorize("@rangerPreAuthSecurityHandler.isAPIAccessible(\"" + RangerAPIList.SEARCH_X_MODULE_DEF + "\")")
+	public VXModulePermissionList searchXModuleDefList(@Context HttpServletRequest request) {
+		SearchCriteria searchCriteria = searchUtil.extractCommonCriterias(
+				request, xModuleDefService.sortFields);
+
+		searchUtil.extractString(request, searchCriteria, "module",
+				"modulename", null);
+
+		searchUtil.extractString(request, searchCriteria, "moduleDefList",
+				"id", null);
+		searchUtil.extractString(request, searchCriteria, "userName",
+				"userName", null);
+		searchUtil.extractString(request, searchCriteria, "groupName",
+				"groupName", null);
+
+		return xUserMgr.searchXModuleDefList(searchCriteria);
+	}
+
 	@GET
 	@Path("/permission/count")
 	@Produces({ "application/xml", "application/json" })

security-admin/src/main/java/org/apache/ranger/service/AbstractBaseResourceService.java

@@ -821,4 +821,15 @@ public void setSortClause(SearchCriteria searchCriteria,
 
 		}
 	}
+
+	public Map<Long,V> convertVListToVMap(List<V> vObjList) {
+		Map<Long,V> ret = new HashMap<Long,V>();
+		if (vObjList == null) {
+			return ret;
+		}
+		for (V vObj : vObjList) {
+			ret.put(vObj.getId(), vObj);
+		}
+		return ret;
+	}
 }

security-admin/src/main/java/org/apache/ranger/service/XGroupPermissionService.java

@@ -18,6 +18,7 @@
 package org.apache.ranger.service;
 
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
@@ -76,28 +77,7 @@ public VXGroupPermission populateViewBean(XXGroupPermission xObj) {
 		return vObj;
 	}
 
-        public List<VXGroupPermission> getPopulatedVXGroupPermissionList(List<XXGroupPermission> xgroupPermissionList,Map<Long, XXGroup> xXGroupMap,VXModuleDef vModuleDef){
-                List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>();
-                XXGroup xXGroup=null;
-                for(XXGroupPermission xgroupPermission:xgroupPermissionList){
-                        if(xXGroupMap.containsKey(xgroupPermission.getGroupId())){
-                                xXGroup =xXGroupMap.get(xgroupPermission.getGroupId());
-                                VXGroupPermission vXGrpPerm=new VXGroupPermission();
-                                vXGrpPerm.setId(xgroupPermission.getId());
-                                vXGrpPerm.setGroupId(xgroupPermission.getGroupId());
-                                vXGrpPerm.setModuleId(xgroupPermission.getModuleId());
-                                vXGrpPerm.setIsAllowed(xgroupPermission.getIsAllowed());
-                                vXGrpPerm.setCreateDate(xgroupPermission.getCreateTime());
-                                vXGrpPerm.setUpdateDate(xgroupPermission.getUpdateTime());
-                                vXGrpPerm.setGroupName(xXGroup.getName());
-                                vXGrpPerm.setModuleName(vModuleDef.getModule());
-                                vXGroupPermissionList.add(vXGrpPerm);
-                        }
-                }
-                return vXGroupPermissionList;
-        }
-
-	public List<VXGroupPermission> getPopulatedVXGroupPermissionListNew(List<XXGroupPermission> xgroupPermissionList,
+	public List<VXGroupPermission> getPopulatedVXGroupPermissionList(List<XXGroupPermission> xgroupPermissionList,
 			Map<Long, String> xXGroupMap, VXModuleDef vModuleDef) {
 		List<VXGroupPermission> vXGroupPermissionList = new ArrayList<VXGroupPermission>();
 		for (XXGroupPermission xgroupPermission : xgroupPermissionList) {
@@ -116,4 +96,16 @@ public List<VXGroupPermission> getPopulatedVXGroupPermissionListNew(List<XXGroup
 		}
 		return vXGroupPermissionList;
 	}
+
+	@Override
+	public Map<Long, VXGroupPermission> convertVListToVMap(List<VXGroupPermission> vObjList) {
+		Map<Long, VXGroupPermission> ret = new HashMap<Long, VXGroupPermission>();
+		if (vObjList == null) {
+			return ret;
+		}
+		for (VXGroupPermission vObj : vObjList) {
+			ret.put(vObj.getGroupId(), vObj);
+		}
+		return ret;
+	}
 }