RANGER-4875: Improve API /api/zones/{zoneId}/service-headers to filte…

…r services based on zone module access. Signed-off-by: Dineshkumar Yadav <[email protected]>
apache · Jan 15, 2025 · 2050b48 · 2050b48
1 parent e31eeb3
commit 2050b48
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java b/security-admin/src/main/java/org/apache/ranger/biz/SecurityZoneDBStore.java
@@ -22,6 +22,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.ranger.common.MessageEnums;
 import org.apache.ranger.common.RESTErrorUtil;
+import org.apache.ranger.common.RangerConstants;
 import org.apache.ranger.db.RangerDaoManager;
 import org.apache.ranger.entity.XXSecurityZone;
 import org.apache.ranger.entity.XXService;
@@ -38,6 +39,7 @@
 import org.apache.ranger.plugin.store.SecurityZonePredicateUtil;
 import org.apache.ranger.plugin.store.SecurityZoneStore;
 import org.apache.ranger.plugin.util.SearchFilter;
+import org.apache.ranger.rest.SecurityZoneREST;
 import org.apache.ranger.service.RangerBaseModelService;
 import org.apache.ranger.service.RangerSecurityZoneServiceService;
 import org.slf4j.Logger;
@@ -247,6 +249,10 @@ public List<RangerSecurityZoneHeaderInfo> getSecurityZoneHeaderInfoList(HttpServ
     }
 
     public List<RangerServiceHeaderInfo> getServiceHeaderInfoListByZoneId(Long zoneId, HttpServletRequest request) {
+        if (!bizUtil.hasModuleAccess(RangerConstants.MODULE_SECURITY_ZONE)) {
+            throw restErrorUtil.createRESTException(SecurityZoneREST.STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE, MessageEnums.OPER_NO_PERMISSION);
+        }
+
         String  namePrefix         = request.getParameter(SearchFilter.SERVICE_NAME_PREFIX);
         boolean filterByNamePrefix = StringUtils.isNotBlank(namePrefix);
 

diff --git a/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java b/security-admin/src/main/java/org/apache/ranger/rest/SecurityZoneREST.java
@@ -90,7 +90,7 @@
 public class SecurityZoneREST {
     private static final Logger LOG = LoggerFactory.getLogger(SecurityZoneREST.class);
 
-    private static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s).";
+    public static final String STR_USER_NOT_AUTHORIZED_TO_ACCESS_ZONE = "User is not authorized to access zone(s).";
     private static final String ERR_ANOTHER_SEC_ZONE_OPER_IN_PROGRESS  = "Another security zone operation is already in progress";
 
     @Autowired