mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-07 05:31:22 +00:00
Ticket #269: Clean up MySQLConstants, fix permission query for system permissions.
This commit is contained in:
Michael Jumper
@@ -35,10 +35,7 @@
|
|||||||
* ***** END LICENSE BLOCK ***** */
|
* ***** END LICENSE BLOCK ***** */
|
||||||
package net.sourceforge.guacamole.net.auth.mysql;
|
package net.sourceforge.guacamole.net.auth.mysql;
|
||||||
|
|
||||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
|
||||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||||
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
|
||||||
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A set of constants that are useful for the MySQL-based authentication provider.
|
* A set of constants that are useful for the MySQL-based authentication provider.
|
||||||
@@ -51,19 +48,61 @@ public final class MySQLConstants {
|
|||||||
*/
|
*/
|
||||||
private MySQLConstants() {}
|
private MySQLConstants() {}
|
||||||
|
|
||||||
// Permission constants
|
/**
|
||||||
public static final String USER_READ = UserPermission.Type.READ.name();
|
* The string stored in the database to represent READ access to a user.
|
||||||
public static final String USER_UPDATE = UserPermission.Type.UPDATE.name();
|
*/
|
||||||
public static final String USER_DELETE = UserPermission.Type.DELETE.name();
|
public static final String USER_READ = "READ";
|
||||||
public static final String USER_ADMINISTER = UserPermission.Type.ADMINISTER.name();
|
|
||||||
public static final String USER_CREATE = UserDirectoryPermission.Type.CREATE.name();
|
|
||||||
|
|
||||||
public static final String CONNECTION_READ = ConnectionPermission.Type.READ.name();
|
/**
|
||||||
public static final String CONNECTION_UPDATE = ConnectionPermission.Type.UPDATE.name();
|
* The string stored in the database to represent UPDATE access to a user.
|
||||||
public static final String CONNECTION_DELETE = ConnectionPermission.Type.DELETE.name();
|
*/
|
||||||
public static final String CONNECTION_ADMINISTER = ConnectionPermission.Type.ADMINISTER.name();
|
public static final String USER_UPDATE = "UPDATE";
|
||||||
public static final String CONNECTION_CREATE = ConnectionDirectoryPermission.Type.CREATE.name();
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent DELETE access to a user.
|
||||||
|
*/
|
||||||
|
public static final String USER_DELETE = "DELETE";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent ADMINISTER access to a
|
||||||
|
* user.
|
||||||
|
*/
|
||||||
|
public static final String USER_ADMINISTER = "ADMINISTER";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent READ access to a
|
||||||
|
* connection.
|
||||||
|
*/
|
||||||
|
public static final String CONNECTION_READ = "READ";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent UPDATE access to a
|
||||||
|
* connection.
|
||||||
|
*/
|
||||||
|
public static final String CONNECTION_UPDATE = "UPDATE";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent DELETE access to a
|
||||||
|
* connection.
|
||||||
|
*/
|
||||||
|
public static final String CONNECTION_DELETE = "DELETE";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent ADMINISTER access to a
|
||||||
|
* connection.
|
||||||
|
*/
|
||||||
|
public static final String CONNECTION_ADMINISTER = "ADMINISTER";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent permission to create
|
||||||
|
* users.
|
||||||
|
*/
|
||||||
|
public static final String SYSTEM_USER_CREATE = "CREATE_USER";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The string stored in the database to represent permission to create
|
||||||
|
* connections.
|
||||||
|
*/
|
||||||
|
public static final String SYSTEM_CONNECTION_CREATE = "CREATE_CONNECTION";
|
||||||
|
|
||||||
public static final String SYSTEM_USER_CREATE = "USER_CREATE";
|
|
||||||
public static final String SYSTEM_CONNECTION_CREATE = "CONNECTION_CREATE";
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -447,15 +447,38 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
|
|||||||
for (SystemPermission permission : permissions) {
|
for (SystemPermission permission : permissions) {
|
||||||
|
|
||||||
// Connection directory permission
|
// Connection directory permission
|
||||||
String operation = permission.getType().name();
|
if (permission instanceof ConnectionDirectoryPermission) {
|
||||||
if (permission instanceof ConnectionDirectoryPermission)
|
switch (permission.getType()) {
|
||||||
systemPermissionTypes.add(operation + "_CONNECTION");
|
|
||||||
|
// Create permission
|
||||||
|
case CREATE:
|
||||||
|
systemPermissionTypes.add(MySQLConstants.SYSTEM_CONNECTION_CREATE);
|
||||||
|
break;
|
||||||
|
|
||||||
|
// Fail if unexpected type encountered
|
||||||
|
default:
|
||||||
|
assert false : "Unsupported type: " + permission.getType();
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// User directory permission
|
// User directory permission
|
||||||
else if (permission instanceof UserDirectoryPermission)
|
else if (permission instanceof UserDirectoryPermission) {
|
||||||
systemPermissionTypes.add(operation + "_USER");
|
switch (permission.getType()) {
|
||||||
|
|
||||||
}
|
// Create permission
|
||||||
|
case CREATE:
|
||||||
|
systemPermissionTypes.add(MySQLConstants.SYSTEM_USER_CREATE);
|
||||||
|
break;
|
||||||
|
|
||||||
|
// Fail if unexpected type encountered
|
||||||
|
default:
|
||||||
|
assert false : "Unsupported type: " + permission.getType();
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
} // end for each system permission
|
||||||
|
|
||||||
// Delete all system permissions not in the list
|
// Delete all system permissions not in the list
|
||||||
SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
|
SystemPermissionExample systemPermissionExample = new SystemPermissionExample();
|
||||||
@@ -467,9 +490,8 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
|
|||||||
systemPermissionExample.createCriteria().andUser_idEqualTo(user.getUserID()).andPermissionIn(systemPermissionTypes);
|
systemPermissionExample.createCriteria().andUser_idEqualTo(user.getUserID()).andPermissionIn(systemPermissionTypes);
|
||||||
List<SystemPermissionKey> existingPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
|
List<SystemPermissionKey> existingPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
|
||||||
Set<String> existingPermissionTypes = new HashSet<String>();
|
Set<String> existingPermissionTypes = new HashSet<String>();
|
||||||
for (SystemPermissionKey existingPermission : existingPermissions) {
|
for (SystemPermissionKey existingPermission : existingPermissions)
|
||||||
existingPermissionTypes.add(existingPermission.getPermission());
|
existingPermissionTypes.add(existingPermission.getPermission());
|
||||||
}
|
|
||||||
|
|
||||||
// Finally, insert any NEW system permissions for this user
|
// Finally, insert any NEW system permissions for this user
|
||||||
for (String systemPermissionType : systemPermissionTypes) {
|
for (String systemPermissionType : systemPermissionTypes) {
|
||||||
|
|||||||
@@ -68,7 +68,6 @@ import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
|
|||||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
||||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||||
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
||||||
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
|
|
||||||
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
||||||
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
||||||
|
|
||||||
@@ -882,14 +881,15 @@ public class PermissionCheckUtility {
|
|||||||
List<SystemPermissionKey> systemPermissions =
|
List<SystemPermissionKey> systemPermissions =
|
||||||
systemPermissionDAO.selectByExample(systemPermissionExample);
|
systemPermissionDAO.selectByExample(systemPermissionExample);
|
||||||
for(SystemPermissionKey systemPermission : systemPermissions) {
|
for(SystemPermissionKey systemPermission : systemPermissions) {
|
||||||
SystemPermission newPermission = null;
|
|
||||||
if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
|
|
||||||
newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE);
|
|
||||||
else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
|
|
||||||
newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE);
|
|
||||||
|
|
||||||
if(newPermission != null)
|
// User creation permission
|
||||||
allPermissions.add(newPermission);
|
if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
|
||||||
|
allPermissions.add(new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE));
|
||||||
|
|
||||||
|
// System creation permission
|
||||||
|
else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
|
||||||
|
allPermissions.add(new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return allPermissions;
|
return allPermissions;
|
||||||
|
|||||||
Reference in New Issue
Block a user