ranger-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nitin Galave <nitin.gal...@gmail.com>
Subject Review Request 62024: RANGER-1756: User is able to see "Admin" role user details.
Date Fri, 01 Sep 2017 06:06:34 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/62024/
-----------------------------------------------------------

Review request for ranger, Ankita Sinha, Fatima Khan, Gautam Borad, Mehul Parikh, and Velmurugan
Periasamy.


Bugs: RANGER-1756
    https://issues.apache.org/jira/browse/RANGER-1756


Repository: ranger


Description
-------

A 'USER' role user is able to see details of 'ADMIN' role users.
Steps-
1.Create a user 'testuser4'.
2.Give user/group page permission to the user 'testuser4'.
3.Login with 'testuser4'.
4.Go to user/group page and check the list of users.

Expected result: It should just show USER role users.
Actual result: It is showing USER role users and ADMIN role users


Diffs
-----

  security-admin/src/main/webapp/scripts/utils/XAUtils.js 1979847 


Diff: https://reviews.apache.org/r/62024/diff/1/


Testing
-------

Verified scenario's :
1. A user with ROLE_ADMIN able to see users which has USER_ROLE/ADMIN_ROLE.
2. A user with ROLE_KEYADMIN able to see users which has USER_ROLE/KEYADMIN_ROLE.
3. A user with role ROLE_USER able to see which has USER_ROLE.


Thanks,

Nitin Galave


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message