From 0893493893e19ae37555947452ca08e8bf40ca25 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Thu, 22 Jan 2015 16:37:25 -0800
Subject: [PATCH] GUAC-1001: Treat queries with empty permission filter lists
 as unfiltered.

---
 .../connectiongroup/ConnectionGroupRESTService.java  | 12 ++++++++----
 .../net/basic/rest/user/UserRESTService.java         |  4 ++++
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
index 7fc93a273..049a9d1bc 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
@@ -297,10 +297,10 @@ public class ConnectionGroupRESTService {
      *     The ID of the connection group to retrieve.
      *
      * @param permissions
-     *     If specified, limit the returned list to only those connections for
-     *     which the current user has any of the given permissions. Otherwise, 
-     *     all visible connections are returned. Connection groups are 
-     *     unaffected by this parameter.
+     *     If specified and non-empty, limit the returned list to only those
+     *     connections for which the current user has any of the given
+     *     permissions. Otherwise, all visible connections are returned.
+     *     Connection groups are unaffected by this parameter.
      * 
      * @return
      *     The requested connection group, including all descendants.
@@ -319,6 +319,10 @@ public class ConnectionGroupRESTService {
 
         UserContext userContext = authenticationService.getUserContext(authToken);
 
+        // Do not filter on permissions if no permissions are specified
+        if (permissions != null && permissions.isEmpty())
+            permissions = null;
+        
         // Retrieve requested connection group and all descendants
         APIConnectionGroup connectionGroup = retrieveConnectionGroup(userContext, connectionGroupID, true, permissions);
         if (connectionGroup == null)
diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
index aa8c56107..8f12aff47 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/user/UserRESTService.java
@@ -176,6 +176,10 @@ public class UserRESTService {
         UserContext userContext = authenticationService.getUserContext(authToken);
         User self = userContext.self();
         
+        // Do not filter on permissions if no permissions are specified
+        if (permissions != null && permissions.isEmpty())
+            permissions = null;
+
         // An admin user has access to any user
         boolean isAdmin = self.hasPermission(new SystemPermission(SystemPermission.Type.ADMINISTER));