From 06b710e47e960e989da7f9950480036b5393743c Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Mon, 25 Feb 2013 16:41:20 -0800
Subject: [PATCH] Ticket #269: Clean up MySQLConstants, fix permission query
 for system permissions.

---
 .../net/auth/mysql/MySQLConstants.java        | 71 ++++++++++++++-----
 .../net/auth/mysql/UserDirectory.java         | 38 +++++++---
 .../mysql/utility/PermissionCheckUtility.java | 16 ++---
 3 files changed, 93 insertions(+), 32 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
index d20315f2e..af6869e40 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConstants.java
@@ -35,10 +35,7 @@
  * ***** END LICENSE BLOCK ***** */
 package net.sourceforge.guacamole.net.auth.mysql;
 
-import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
 import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
-import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
-import net.sourceforge.guacamole.net.auth.permission.UserPermission;
 
 /**
  * A set of constants that are useful for the MySQL-based authentication provider.
@@ -51,19 +48,61 @@ public final class MySQLConstants {
      */
     private MySQLConstants() {}
 
-    // Permission constants
-    public static final String USER_READ = UserPermission.Type.READ.name();
-    public static final String USER_UPDATE = UserPermission.Type.UPDATE.name();
-    public static final String USER_DELETE = UserPermission.Type.DELETE.name();
-    public static final String USER_ADMINISTER = UserPermission.Type.ADMINISTER.name();
-    public static final String USER_CREATE = UserDirectoryPermission.Type.CREATE.name();
+    /**
+     * The string stored in the database to represent READ access to a user.
+     */
+    public static final String USER_READ = "READ";
 
-    public static final String CONNECTION_READ = ConnectionPermission.Type.READ.name();
-    public static final String CONNECTION_UPDATE = ConnectionPermission.Type.UPDATE.name();
-    public static final String CONNECTION_DELETE = ConnectionPermission.Type.DELETE.name();
-    public static final String CONNECTION_ADMINISTER = ConnectionPermission.Type.ADMINISTER.name();
-    public static final String CONNECTION_CREATE = ConnectionDirectoryPermission.Type.CREATE.name();
+    /**
+     * The string stored in the database to represent UPDATE access to a user.
+     */
+    public static final String USER_UPDATE = "UPDATE";
+
+    /**
+     * The string stored in the database to represent DELETE access to a user.
+     */
+    public static final String USER_DELETE = "DELETE";
+
+    /**
+     * The string stored in the database to represent ADMINISTER access to a
+     * user.
+     */
+    public static final String USER_ADMINISTER = "ADMINISTER";
+
+    /**
+     * The string stored in the database to represent READ access to a
+     * connection.
+     */
+    public static final String CONNECTION_READ = "READ";
+
+    /**
+     * The string stored in the database to represent UPDATE access to a
+     * connection.
+     */
+    public static final String CONNECTION_UPDATE = "UPDATE";
+
+    /**
+     * The string stored in the database to represent DELETE access to a
+     * connection.
+     */
+    public static final String CONNECTION_DELETE = "DELETE";
+
+    /**
+     * The string stored in the database to represent ADMINISTER access to a
+     * connection.
+     */
+    public static final String CONNECTION_ADMINISTER = "ADMINISTER";
+
+    /**
+     * The string stored in the database to represent permission to create
+     * users.
+     */
+    public static final String SYSTEM_USER_CREATE = "CREATE_USER";
+
+    /**
+     * The string stored in the database to represent permission to create
+     * connections.
+     */
+    public static final String SYSTEM_CONNECTION_CREATE = "CREATE_CONNECTION";
 
-    public static final String SYSTEM_USER_CREATE = "USER_CREATE";
-    public static final String SYSTEM_CONNECTION_CREATE = "CONNECTION_CREATE";
 }
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 5faf31b47..0a6badc3d 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -447,15 +447,38 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
         for (SystemPermission permission : permissions) {
 
             // Connection directory permission
-            String operation = permission.getType().name();
-            if (permission instanceof ConnectionDirectoryPermission)
-                systemPermissionTypes.add(operation + "_CONNECTION");
+            if (permission instanceof ConnectionDirectoryPermission) {
+                switch (permission.getType()) {
+
+                    // Create permission
+                    case CREATE:
+                        systemPermissionTypes.add(MySQLConstants.SYSTEM_CONNECTION_CREATE);
+                        break;
+
+                    // Fail if unexpected type encountered
+                    default:
+                        assert false : "Unsupported type: " + permission.getType();
+
+                }
+            }
 
             // User directory permission
-            else if (permission instanceof UserDirectoryPermission)
-                systemPermissionTypes.add(operation + "_USER");
+            else if (permission instanceof UserDirectoryPermission) {
+                switch (permission.getType()) {
 
-        }
+                    // Create permission
+                    case CREATE:
+                        systemPermissionTypes.add(MySQLConstants.SYSTEM_USER_CREATE);
+                        break;
+
+                    // Fail if unexpected type encountered
+                    default:
+                        assert false : "Unsupported type: " + permission.getType();
+
+                }
+            }
+
+        } // end for each system permission
 
         // Delete all system permissions not in the list
         SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
@@ -467,9 +490,8 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
         systemPermissionExample.createCriteria().andUser_idEqualTo(user.getUserID()).andPermissionIn(systemPermissionTypes);
         List<SystemPermissionKey> existingPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
         Set<String> existingPermissionTypes = new HashSet<String>();
-        for (SystemPermissionKey existingPermission : existingPermissions) {
+        for (SystemPermissionKey existingPermission : existingPermissions)
             existingPermissionTypes.add(existingPermission.getPermission());
-        }
 
         // Finally, insert any NEW system permissions for this user
         for (String systemPermissionType : systemPermissionTypes) {
diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java
index 1a1c5434c..3bf29f532 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java
@@ -68,7 +68,6 @@ import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
 import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
 import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
 import net.sourceforge.guacamole.net.auth.permission.Permission;
-import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
 import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
 import net.sourceforge.guacamole.net.auth.permission.UserPermission;
 
@@ -882,14 +881,15 @@ public class PermissionCheckUtility {
         List<SystemPermissionKey> systemPermissions =
                 systemPermissionDAO.selectByExample(systemPermissionExample);
         for(SystemPermissionKey systemPermission : systemPermissions) {
-            SystemPermission newPermission = null;
-            if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
-                newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE);
-            else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
-                newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE);
 
-            if(newPermission != null)
-                allPermissions.add(newPermission);
+            // User creation permission
+            if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
+                allPermissions.add(new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE));
+
+            // System creation permission
+            else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
+                allPermissions.add(new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE));
+
         }
 
         return allPermissions;