RANGER-2708 Ranger public group check uses wrong comparison for equality
Signed-off-by: Pradeep <pradeep@apache.org>
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
index 21308b1..ebc72cf 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/RangerBizUtil.java
@@ -29,8 +29,8 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
-
import javax.servlet.http.HttpServletResponse;
+
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.io.IOCase;
@@ -905,10 +905,8 @@
private boolean checkUsrPermForPolicy(Long xUserId, int permission,
Long resourceId) {
// this snippet load user groups and permission map list from DB
- List<XXGroup> userGroups = new ArrayList<XXGroup>();
- List<XXPermMap> permMapList = new ArrayList<XXPermMap>();
- userGroups = daoManager.getXXGroup().findByUserId(xUserId);
- permMapList = daoManager.getXXPermMap().findByResourceId(resourceId);
+ List<XXGroup> userGroups = daoManager.getXXGroup().findByUserId(xUserId);
+ List<XXPermMap> permMapList = daoManager.getXXPermMap().findByResourceId(resourceId);
Long publicGroupId = getPublicGroupId();
boolean matchFound = false;
for (XXPermMap permMap : permMapList) {
@@ -916,9 +914,8 @@
if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_GROUP) {
// check whether permission is enabled for public group or a
// group to which user belongs
- matchFound = (publicGroupId != null && publicGroupId == permMap
- .getGroupId())
- || isGroupInList(permMap.getGroupId(), userGroups);
+ matchFound = (publicGroupId != null && publicGroupId.equals(permMap.getGroupId())) ||
+ isGroupInList(permMap.getGroupId(), userGroups);
} else if (permMap.getPermFor() == AppConstants.XA_PERM_FOR_USER) {
// check whether permission is enabled to user
matchFound = permMap.getUserId().equals(xUserId);