safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #269: Clean up MySQLConstants, fix permission query for system permissions.

Browse Source
This commit is contained in:
Michael Jumper
2013-02-25 16:41:20 -08:00
parent 73641925fc
commit 06b710e47e
3 changed files with 93 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
View File

@@ -35,10 +35,7 @@
* ***** END LICENSE BLOCK ***** */
package net.sourceforge.guacamole.net.auth.mysql;
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
/**
* A set of constants that are useful for the MySQL-based authentication provider.
@@ -51,19 +48,61 @@ public final class MySQLConstants {
*/
private MySQLConstants() {}
// Permission constants
public static final String USER_READ = UserPermission.Type.READ.name();
public static final String USER_UPDATE = UserPermission.Type.UPDATE.name();
public static final String USER_DELETE = UserPermission.Type.DELETE.name();
public static final String USER_ADMINISTER = UserPermission.Type.ADMINISTER.name();
public static final String USER_CREATE = UserDirectoryPermission.Type.CREATE.name();
/**
* The string stored in the database to represent READ access to a user.
*/
public static final String USER_READ = "READ";
public static final String CONNECTION_READ = ConnectionPermission.Type.READ.name();
public static final String CONNECTION_UPDATE = ConnectionPermission.Type.UPDATE.name();
public static final String CONNECTION_DELETE = ConnectionPermission.Type.DELETE.name();
public static final String CONNECTION_ADMINISTER = ConnectionPermission.Type.ADMINISTER.name();
public static final String CONNECTION_CREATE = ConnectionDirectoryPermission.Type.CREATE.name();
/**
* The string stored in the database to represent UPDATE access to a user.
*/
public static final String USER_UPDATE = "UPDATE";
/**
* The string stored in the database to represent DELETE access to a user.
*/
public static final String USER_DELETE = "DELETE";
/**
* The string stored in the database to represent ADMINISTER access to a
* user.
*/
public static final String USER_ADMINISTER = "ADMINISTER";
/**
* The string stored in the database to represent READ access to a
* connection.
*/
public static final String CONNECTION_READ = "READ";
/**
* The string stored in the database to represent UPDATE access to a
* connection.
*/
public static final String CONNECTION_UPDATE = "UPDATE";
/**
* The string stored in the database to represent DELETE access to a
* connection.
*/
public static final String CONNECTION_DELETE = "DELETE";
/**
* The string stored in the database to represent ADMINISTER access to a
* connection.
*/
public static final String CONNECTION_ADMINISTER = "ADMINISTER";
/**
* The string stored in the database to represent permission to create
* users.
*/
public static final String SYSTEM_USER_CREATE = "CREATE_USER";
/**
* The string stored in the database to represent permission to create
* connections.
*/
public static final String SYSTEM_CONNECTION_CREATE = "CREATE_CONNECTION";
public static final String SYSTEM_USER_CREATE = "USER_CREATE";
public static final String SYSTEM_CONNECTION_CREATE = "CONNECTION_CREATE";
}

38
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
View File

@@ -447,15 +447,38 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
for (SystemPermission permission : permissions) {
// Connection directory permission
String operation = permission.getType().name();
if (permission instanceof ConnectionDirectoryPermission)
systemPermissionTypes.add(operation + "_CONNECTION");
if (permission instanceof ConnectionDirectoryPermission) {
switch (permission.getType()) {
// Create permission
case CREATE:
systemPermissionTypes.add(MySQLConstants.SYSTEM_CONNECTION_CREATE);
break;
// Fail if unexpected type encountered
default:
assert false : "Unsupported type: " + permission.getType();
}
}
// User directory permission
else if (permission instanceof UserDirectoryPermission)
systemPermissionTypes.add(operation + "_USER");
else if (permission instanceof UserDirectoryPermission) {
switch (permission.getType()) {
}
// Create permission
case CREATE:
systemPermissionTypes.add(MySQLConstants.SYSTEM_USER_CREATE);
break;
// Fail if unexpected type encountered
default:
assert false : "Unsupported type: " + permission.getType();
}
}
} // end for each system permission
// Delete all system permissions not in the list
SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
@@ -467,9 +490,8 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
systemPermissionExample.createCriteria().andUser_idEqualTo(user.getUserID()).andPermissionIn(systemPermissionTypes);
List<SystemPermissionKey> existingPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
Set<String> existingPermissionTypes = new HashSet<String>();
for (SystemPermissionKey existingPermission : existingPermissions) {
for (SystemPermissionKey existingPermission : existingPermissions)
existingPermissionTypes.add(existingPermission.getPermission());
}
// Finally, insert any NEW system permissions for this user
for (String systemPermissionType : systemPermissionTypes) {

16
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java
View File

@@ -68,7 +68,6 @@ import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
@@ -882,14 +881,15 @@ public class PermissionCheckUtility {
List<SystemPermissionKey> systemPermissions =
systemPermissionDAO.selectByExample(systemPermissionExample);
for(SystemPermissionKey systemPermission : systemPermissions) {
SystemPermission newPermission = null;
if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE);
else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE);
if(newPermission != null)
allPermissions.add(newPermission);
// User creation permission
if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
allPermissions.add(new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE));
// System creation permission
else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
allPermissions.add(new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE));
}
return allPermissions;