Ticket #263: .

2025-09-06 13:17:41 +00:00 · 2013-08-07 18:48:25 -07:00
parent bdc7a3db96
commit 010b5886db
1 changed files with 132 additions and 0 deletions
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -48,18 +48,23 @@ import net.sourceforge.guacamole.GuacamoleClientException;
 import net.sourceforge.guacamole.GuacamoleException;
 import net.sourceforge.guacamole.GuacamoleSecurityException;
 import net.sourceforge.guacamole.net.auth.Directory;
+import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionExample;
+import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionKey;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionExample;
 import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionExample;
 import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionKey;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionExample;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserPermissionKey;
+import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
 import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
 import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
 import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
+import net.sourceforge.guacamole.net.auth.permission.ConnectionGroupPermission;
 import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
 import net.sourceforge.guacamole.net.auth.permission.Permission;
 import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
@@ -90,6 +95,12 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
    @Inject
    private ConnectionService connectionService;

+    /**
+     * Service for accessing connection groups.
+     */
+    @Inject
+    private ConnectionGroupService connectionGroupService;
+
    /**
     * DAO for accessing user permissions, which will be injected.
     */
@@ -102,6 +113,12 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
    @Inject
    private ConnectionPermissionMapper connectionPermissionDAO;

+    /**
+     * DAO for accessing connection group permissions, which will be injected.
+     */
+    @Inject
+    private ConnectionGroupPermissionMapper connectionGroupPermissionDAO;
+
    /**
     * DAO for accessing system permissions, which will be injected.
     */
@@ -210,6 +227,7 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
        // Partition given permissions by permission type
        List<UserPermission> newUserPermissions = new ArrayList<UserPermission>();
        List<ConnectionPermission> newConnectionPermissions = new ArrayList<ConnectionPermission>();
+        List<ConnectionGroupPermission> newConnectionGroupPermissions = new ArrayList<ConnectionGroupPermission>();
        List<SystemPermission> newSystemPermissions = new ArrayList<SystemPermission>();

        for (Permission permission : permissions) {
@@ -220,6 +238,9 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
            else if (permission instanceof ConnectionPermission)
                newConnectionPermissions.add((ConnectionPermission) permission);

+            else if (permission instanceof ConnectionGroupPermission)
+                newConnectionGroupPermissions.add((ConnectionGroupPermission) permission);
+
            else if (permission instanceof SystemPermission)
                newSystemPermissions.add((SystemPermission) permission);
        }
@@ -227,6 +248,7 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
        // Create the new permissions
        createUserPermissions(user_id, newUserPermissions);
        createConnectionPermissions(user_id, newConnectionPermissions);
+        createConnectionGroupPermissions(user_id, newConnectionGroupPermissions);
        createSystemPermissions(user_id, newSystemPermissions);

    }
@@ -247,6 +269,7 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
        // Partition given permissions by permission type
        List<UserPermission> removedUserPermissions = new ArrayList<UserPermission>();
        List<ConnectionPermission> removedConnectionPermissions = new ArrayList<ConnectionPermission>();
+        List<ConnectionGroupPermission> removedConnectionGroupPermissions = new ArrayList<ConnectionGroupPermission>();
        List<SystemPermission> removedSystemPermissions = new ArrayList<SystemPermission>();

        for (Permission permission : permissions) {
@@ -257,6 +280,9 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
            else if (permission instanceof ConnectionPermission)
                removedConnectionPermissions.add((ConnectionPermission) permission);

+            else if (permission instanceof ConnectionGroupPermission)
+                removedConnectionGroupPermissions.add((ConnectionGroupPermission) permission);
+
            else if (permission instanceof SystemPermission)
                removedSystemPermissions.add((SystemPermission) permission);
        }
@@ -264,6 +290,7 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
        // Delete the removed permissions.
        deleteUserPermissions(user_id, removedUserPermissions);
        deleteConnectionPermissions(user_id, removedConnectionPermissions);
+        deleteConnectionGroupPermissions(user_id, removedConnectionGroupPermissions);
        deleteSystemPermissions(user_id, removedSystemPermissions);

    }
@@ -426,6 +453,59 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
        }
    }

+    /**
+     * Create any new permissions having to do with connection groups 
+     * for a given user.
+     *
+     * @param user_id The ID of the user to assign or remove permissions from.
+     * @param permissions The new permissions the user should have after this
+     *                    operation completes.
+     * @throws GuacamoleException If permission to alter the access permissions
+     *                            of affected objects is deniedD
+     */
+    private void createConnectionGroupPermissions(int user_id,
+            Collection<ConnectionGroupPermission> permissions)
+            throws GuacamoleException {
+
+        // If no permissions given, stop now
+        if(permissions.isEmpty())
+            return;
+
+        // Get list of administerable connection group IDs
+        List<Integer> administerableConnectionGroupIDs =
+            permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
+                MySQLConstants.CONNECTION_GROUP_ADMINISTER);
+
+        // Get set of names corresponding to administerable connection groups
+        Map<String, Integer> administerableConnectionGroups =
+                connectionGroupService.translateNames(administerableConnectionGroupIDs);
+
+        // Insert all given permissions
+        for (ConnectionGroupPermission permission : permissions) {
+
+            // Get original ID
+            Integer connection_group_id =
+                    administerableConnectionGroups.get(permission.getObjectIdentifier());
+
+            // Throw exception if permission to administer this connection group
+            // is not granted
+            if (connection_group_id == null)
+                throw new GuacamoleSecurityException(
+                      "User #" + this.user_id
+                    + " does not have permission to administrate connection group"
+                    + permission.getObjectIdentifier());
+
+
+            // Create new permission
+            ConnectionGroupPermissionKey newPermission = new ConnectionGroupPermissionKey();
+            newPermission.setUser_id(user_id);
+            newPermission.setPermission(MySQLConstants.getConnectionConstant(permission.getType()));
+            newPermission.setConnection_group_id(connection_group_id);
+            connectionGroupPermissionDAO.insert(newPermission);
+
+        }
+    }
+
    /**
     * Delete permissions having to do with connections for a given user.
     *
@@ -478,6 +558,58 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol

    }

+    /**
+     * Delete permissions having to do with connection groups for a given user.
+     *
+     * @param user_id The ID of the user to change the permissions of.
+     * @param permissions The permissions the given user should no longer have
+     *                    when this operation completes.
+     * @throws GuacamoleException If permission to alter the access permissions
+     *                            of affected objects is denied.
+     */
+    private void deleteConnectionGroupPermissions(int user_id,
+            Collection<ConnectionGroupPermission> permissions)
+            throws GuacamoleException {
+
+        // If no permissions given, stop now
+        if(permissions.isEmpty())
+            return;
+
+        // Get list of administerable connection group IDs
+        List<Integer> administerableConnectionGroupIDs =
+            permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
+                MySQLConstants.CONNECTION_GROUP_ADMINISTER);
+
+        // Get set of names corresponding to administerable connection groups
+        Map<String, Integer> administerableConnectionGroups =
+                connectionGroupService.translateNames(administerableConnectionGroupIDs);
+
+        // Delete requested permissions
+        for (ConnectionGroupPermission permission : permissions) {
+
+            // Get original ID
+            Integer connection_group_id =
+                    administerableConnectionGroups.get(permission.getObjectIdentifier());
+
+            // Verify that the user actually has permission to administrate
+            // every one of these connection groups
+            if (connection_group_id == null)
+                throw new GuacamoleSecurityException(
+                      "User #" + this.user_id
+                    + " does not have permission to administrate connection group"
+                    + permission.getObjectIdentifier());
+
+            ConnectionGroupPermissionExample connectionGroupPermissionExample = new ConnectionGroupPermissionExample();
+            connectionGroupPermissionExample.createCriteria()
+                .andUser_idEqualTo(user_id)
+                .andPermissionEqualTo(MySQLConstants.getConnectionGroupConstant(permission.getType()))
+                .andConnection_group_idEqualTo(connection_group_id);
+            connectionGroupPermissionDAO.deleteByExample(connectionGroupPermissionExample);
+
+        }
+
+    }
+
    /**
     * Create any new system permissions for a given user. All permissions in
     * the given list will be inserted.