diff --git a/extensions/guacamole-auth-mysql/schema/001-create-schema.sql b/extensions/guacamole-auth-mysql/schema/001-create-schema.sql index 6351dd6ff..c99f54938 100644 --- a/extensions/guacamole-auth-mysql/schema/001-create-schema.sql +++ b/extensions/guacamole-auth-mysql/schema/001-create-schema.sql @@ -1,17 +1,42 @@ +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE `guacamole_connection_group` ( + + `connection_group_id` int(11) NOT NULL AUTO_INCREMENT, + `parent_group_id` int(11), + `connection_group_name` varchar(128) NOT NULL, + + PRIMARY KEY (`connection_group_id`), + UNIQUE KEY `connection_group_name` (`connection_group_name`), + + CONSTRAINT `guacamole_connection_group_ibfk_1` + FOREIGN KEY (`parent_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -- -- Table of connections. Each connection has a name, protocol, and -- associated set of parameters. +-- A connection may belong to a connection group. -- CREATE TABLE `guacamole_connection` ( - `connection_id` int(11) NOT NULL AUTO_INCREMENT, - `connection_name` varchar(128) NOT NULL, - `protocol` varchar(32) NOT NULL, - + `connection_id` int(11) NOT NULL AUTO_INCREMENT, + `connection_name` varchar(128) NOT NULL, + `connection_group_id` int(11), + `protocol` varchar(32) NOT NULL, + PRIMARY KEY (`connection_id`), - UNIQUE KEY `connection_name` (`connection_name`) + UNIQUE KEY `connection_name` (`connection_name`), + + CONSTRAINT `guacamole_connection_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -77,6 +102,32 @@ CREATE TABLE `guacamole_connection_permission` ( ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +-- +-- Table of connection group permissions. Each group permission grants a user +-- specific access to a connection group. +-- + +CREATE TABLE `guacamole_connection_group_permission` ( + + `user_id` int(11) NOT NULL, + `connection_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`,`connection_group_id`,`permission`), + + CONSTRAINT `guacamole_connection_group_permission_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_connection_group_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + -- -- Table of system permissions. Each system permission grants a user a -- system-level privilege of some kind. @@ -86,6 +137,7 @@ CREATE TABLE `guacamole_system_permission` ( `user_id` int(11) NOT NULL, `permission` enum('CREATE_CONNECTION', + 'CREATE_GROUP', 'CREATE_USER', 'ADMINISTER') NOT NULL, diff --git a/extensions/guacamole-auth-mysql/schema/001a-update-schema.sql b/extensions/guacamole-auth-mysql/schema/001a-update-schema.sql new file mode 100644 index 000000000..09e6a85d7 --- /dev/null +++ b/extensions/guacamole-auth-mysql/schema/001a-update-schema.sql @@ -0,0 +1,62 @@ + +-- +-- Table of connection groups. Each connection group has a name. +-- + +CREATE TABLE `guacamole_connection_group` ( + + `connection_group_id` int(11) NOT NULL AUTO_INCREMENT, + `parent_group_id` int(11), + `connection_group_name` varchar(128) NOT NULL, + + PRIMARY KEY (`connection_group_id`), + UNIQUE KEY `connection_group_name` (`connection_group_name`), + + CONSTRAINT `guacamole_connection_group_ibfk_1` + FOREIGN KEY (`parent_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + + +-- +-- Changes to connection table to support grouping. +-- + +ALTER TABLE `guacamole_connection` ADD COLUMN `connection_group_id` int(11) AFTER `connection_name`; + +ALTER TABLE `guacamole_connection` ADD CONSTRAINT `guacamole_connection_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`); + +-- +-- Table of connection group permissions. Each group permission grants a user +-- specific access to a connection group. +-- + +CREATE TABLE `guacamole_connection_group_permission` ( + + `user_id` int(11) NOT NULL, + `connection_group_id` int(11) NOT NULL, + `permission` enum('READ', + 'UPDATE', + 'DELETE', + 'ADMINISTER') NOT NULL, + + PRIMARY KEY (`user_id`,`connection_group_id`,`permission`), + + CONSTRAINT `guacamole_connection_group_permission_ibfk_1` + FOREIGN KEY (`connection_group_id`) + REFERENCES `guacamole_connection_group` (`connection_group_id`) ON DELETE CASCADE, + + CONSTRAINT `guacamole_connection_group_permission_ibfk_2` + FOREIGN KEY (`user_id`) + REFERENCES `guacamole_user` (`user_id`) ON DELETE CASCADE + +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +ALTER TABLE `guacamole_system_permission` MODIFY `permission` + enum('CREATE_CONNECTION', + 'CREATE_GROUP', + 'CREATE_USER', + 'ADMINISTER') NOT NULL; \ No newline at end of file diff --git a/extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql b/extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql index 1efed1ccb..ebce17c25 100644 --- a/extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql +++ b/extensions/guacamole-auth-mysql/schema/002-create-admin-user.sql @@ -6,6 +6,7 @@ insert into guacamole_user values(1, 'guacadmin', -- Grant this user create permissions insert into guacamole_system_permission values(1, 'CREATE_CONNECTION'); +insert into guacamole_system_permission values(1, 'CREATE_GROUP'); insert into guacamole_system_permission values(1, 'CREATE_USER'); insert into guacamole_system_permission values(1, 'ADMINISTER');