diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java index 91ad11d7e..405b23761 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java @@ -23,7 +23,6 @@ import com.google.inject.Inject; import com.google.inject.Provider; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; import java.util.HashSet; import java.util.Set; import org.apache.guacamole.GuacamoleException; @@ -58,26 +57,23 @@ public class ActiveConnectionPermissionService private Provider activeConnectionPermissionSetProvider; @Override - public ObjectPermission retrievePermission(ModeledAuthenticatedUser user, + public boolean hasPermission(ModeledAuthenticatedUser user, ModeledUser targetUser, ObjectPermission.Type type, - String identifier) throws GuacamoleException { + String identifier, boolean inherit) throws GuacamoleException { // Retrieve permissions - Set permissions = retrievePermissions(user, targetUser); + Set permissions = retrievePermissions(user, targetUser, inherit); - // If retrieved permissions contains the requested permission, return it + // Permission is granted if retrieved permissions contains the + // requested permission ObjectPermission permission = new ObjectPermission(type, identifier); - if (permissions.contains(permission)) - return permission; - - // Otherwise, no such permission - return null; + return permissions.contains(permission); } @Override public Set retrievePermissions(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Retrieve permissions only if allowed if (canReadPermissions(user, targetUser)) { @@ -113,9 +109,9 @@ public class ActiveConnectionPermissionService @Override public Collection retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user, ModeledUser targetUser, Collection permissionTypes, - Collection identifiers) throws GuacamoleException { + Collection identifiers, boolean inherit) throws GuacamoleException { - Set permissions = retrievePermissions(user, targetUser); + Set permissions = retrievePermissions(user, targetUser, inherit); Collection accessibleObjects = new ArrayList(permissions.size()); // For each identifier/permission combination @@ -138,11 +134,11 @@ public class ActiveConnectionPermissionService @Override public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Create permission set for requested user ActiveConnectionPermissionSet permissionSet = activeConnectionPermissionSetProvider.get(); - permissionSet.init(user, targetUser); + permissionSet.init(user, targetUser, inherit); return permissionSet; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java index 68fc3ed4b..3027d8123 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionService.java @@ -51,11 +51,11 @@ public class ConnectionGroupPermissionService extends ModeledObjectPermissionSer @Override public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Create permission set for requested user ObjectPermissionSet permissionSet = connectionGroupPermissionSetProvider.get(); - permissionSet.init(user, targetUser); + permissionSet.init(user, targetUser, inherit); return permissionSet; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java index 80c4b0b43..19c30c0be 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionService.java @@ -51,11 +51,11 @@ public class ConnectionPermissionService extends ModeledObjectPermissionService @Override public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Create permission set for requested user ObjectPermissionSet permissionSet = connectionPermissionSetProvider.get(); - permissionSet.init(user, targetUser); + permissionSet.init(user, targetUser, inherit); return permissionSet; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java index 9197217bc..30ea5d78a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java @@ -105,7 +105,7 @@ public abstract class ModeledObjectPermissionService affectedIdentifiers.add(permission.getObjectIdentifier()); // Determine subset of affected identifiers that we have admin access to - ObjectPermissionSet affectedPermissionSet = getPermissionSet(user, user.getUser()); + ObjectPermissionSet affectedPermissionSet = getPermissionSet(user, user.getUser(), true); Collection allowedSubset = affectedPermissionSet.getAccessibleObjects( Collections.singleton(ObjectPermission.Type.ADMINISTER), affectedIdentifiers @@ -154,21 +154,13 @@ public abstract class ModeledObjectPermissionService } @Override - public ObjectPermission retrievePermission(ModeledAuthenticatedUser user, + public boolean hasPermission(ModeledAuthenticatedUser user, ModeledUser targetUser, ObjectPermission.Type type, - String identifier) throws GuacamoleException { + String identifier, boolean inherit) throws GuacamoleException { // Retrieve permissions only if allowed - if (canReadPermissions(user, targetUser)) { - - // Read permission from database, return null if not found - ObjectPermissionModel model = getPermissionMapper().selectOne(targetUser.getModel(), type, identifier); - if (model == null) - return null; - - return getPermissionInstance(model); - - } + if (canReadPermissions(user, targetUser)) + return getPermissionMapper().selectOne(targetUser.getModel(), type, identifier, inherit) != null; // User cannot read this user's permissions throw new GuacamoleSecurityException("Permission denied."); @@ -178,7 +170,8 @@ public abstract class ModeledObjectPermissionService @Override public Collection retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user, ModeledUser targetUser, Collection permissions, - Collection identifiers) throws GuacamoleException { + Collection identifiers, boolean inherit) + throws GuacamoleException { // Nothing is always accessible if (identifiers.isEmpty()) @@ -192,7 +185,7 @@ public abstract class ModeledObjectPermissionService return identifiers; // Otherwise, return explicitly-retrievable identifiers - return getPermissionMapper().selectAccessibleIdentifiers(targetUser.getModel(), permissions, identifiers); + return getPermissionMapper().selectAccessibleIdentifiers(targetUser.getModel(), permissions, identifiers, inherit); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java index 28008451f..4d0fcf61f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledPermissionService.java @@ -92,7 +92,7 @@ public abstract class ModeledPermissionService getModelInstances(ModeledUser targetUser, Collection permissions) { - // Create new collection of models by manually converting each permission + // Create new collection of models by manually converting each permission Collection models = new ArrayList(permissions.size()); for (PermissionType permission : permissions) models.add(getModelInstance(targetUser, permission)); @@ -140,15 +140,15 @@ public abstract class ModeledPermissionService retrievePermissions(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Retrieve permissions only if allowed if (canReadPermissions(user, targetUser)) - return getPermissionInstances(getPermissionMapper().select(targetUser.getModel())); + return getPermissionInstances(getPermissionMapper().select(targetUser.getModel(), inherit)); // User cannot read this user's permissions throw new GuacamoleSecurityException("Permission denied."); - + } } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java index f744fbf89..e5efad09c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java @@ -36,20 +36,26 @@ public interface ObjectPermissionMapper extends PermissionMapper selectAccessibleIdentifiers(@Param("entity") EntityModel entity, @Param("permissions") Collection permissions, - @Param("identifiers") Collection identifiers); + @Param("identifiers") Collection identifiers, + @Param("inherit") boolean inherit); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java index 5eead24e1..fa1ee2d76 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionService.java @@ -35,31 +35,36 @@ public interface ObjectPermissionService extends PermissionService { /** - * Retrieves the permission of the given type associated with the given - * user and object, if it exists. If no such permission exists, null is + * Returns whether the permission of the given type and associated with the + * given object has been granted to the given user. * * @param user * The user retrieving the permission. * * @param targetUser * The user associated with the permission to be retrieved. - * + * * @param type * The type of permission to retrieve. * * @param identifier * The identifier of the object affected by the permission to return. * + * @param inherit + * Whether permissions inherited through user groups should be taken + * into account. If false, only permissions granted directly will be + * included. + * * @return - * The permission of the given type associated with the given user and - * object, or null if no such permission exists. + * true if permission of the given type and associated with the given + * object has been granted to the given user, false otherwise. * * @throws GuacamoleException * If an error occurs while retrieving the requested permission. */ - ObjectPermission retrievePermission(ModeledAuthenticatedUser user, + boolean hasPermission(ModeledAuthenticatedUser user, ModeledUser targetUser, ObjectPermission.Type type, - String identifier) throws GuacamoleException; + String identifier, boolean inherit) throws GuacamoleException; /** * Retrieves the subset of the given identifiers for which the given user @@ -80,6 +85,11 @@ public interface ObjectPermissionService * The identifiers of the objects affected by the permissions being * checked. * + * @param inherit + * Whether permissions inherited through user groups should be taken + * into account. If false, only permissions granted directly will be + * included. + * * @return * A collection containing the subset of identifiers for which at least * one of the specified permissions is granted. @@ -89,6 +99,7 @@ public interface ObjectPermissionService */ Collection retrieveAccessibleIdentifiers(ModeledAuthenticatedUser user, ModeledUser targetUser, Collection permissions, - Collection identifiers) throws GuacamoleException; + Collection identifiers, boolean inherit) + throws GuacamoleException; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java index 712a42242..cedb45dd3 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionSet.java @@ -42,6 +42,12 @@ public abstract class ObjectPermissionSet extends RestrictedObject */ private ModeledUser user; + /** + * Whether permissions inherited through user groups should be taken into + * account. If false, only permissions granted directly will be included. + */ + boolean inherit; + /** * Creates a new ObjectPermissionSet. The resulting permission set * must still be initialized by a call to init(), or the information @@ -60,10 +66,17 @@ public abstract class ObjectPermissionSet extends RestrictedObject * * @param user * The user to whom the permissions in this set are granted. + * + * @param inherit + * Whether permissions inherited through user groups should be taken + * into account. If false, only permissions granted directly will be + * included. */ - public void init(ModeledAuthenticatedUser currentUser, ModeledUser user) { + public void init(ModeledAuthenticatedUser currentUser, ModeledUser user, + boolean inherit) { super.init(currentUser); this.user = user; + this.inherit = inherit; } /** @@ -75,16 +88,16 @@ public abstract class ObjectPermissionSet extends RestrictedObject * permissions contained within this permission set. */ protected abstract ObjectPermissionService getObjectPermissionService(); - + @Override public Set getPermissions() throws GuacamoleException { - return getObjectPermissionService().retrievePermissions(getCurrentUser(), user); + return getObjectPermissionService().retrievePermissions(getCurrentUser(), user, inherit); } @Override public boolean hasPermission(ObjectPermission.Type permission, String identifier) throws GuacamoleException { - return getObjectPermissionService().retrievePermission(getCurrentUser(), user, permission, identifier) != null; + return getObjectPermissionService().hasPermission(getCurrentUser(), user, permission, identifier, inherit); } @Override @@ -102,7 +115,7 @@ public abstract class ObjectPermissionSet extends RestrictedObject @Override public Collection getAccessibleObjects(Collection permissions, Collection identifiers) throws GuacamoleException { - return getObjectPermissionService().retrieveAccessibleIdentifiers(getCurrentUser(), user, permissions, identifiers); + return getObjectPermissionService().retrieveAccessibleIdentifiers(getCurrentUser(), user, permissions, identifiers, inherit); } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java index 7b476b362..1c2d23b76 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java @@ -38,10 +38,16 @@ public interface PermissionMapper { * @param entity * The entity to retrieve permissions for. * + * @param inherit + * Whether permissions inherited through user groups should be taken + * into account. If false, only permissions granted directly will be + * included. + * * @return * All permissions associated with the given entity. */ - Collection select(@Param("entity") EntityModel entity); + Collection select(@Param("entity") EntityModel entity, + @Param("inherit") boolean inherit); /** * Inserts the given permissions into the database. If any permissions diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java index 12b046b4d..6e596346e 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionService.java @@ -19,16 +19,11 @@ package org.apache.guacamole.auth.jdbc.permission; -import java.util.ArrayList; import java.util.Collection; -import java.util.HashSet; import java.util.Set; import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser; import org.apache.guacamole.auth.jdbc.user.ModeledUser; import org.apache.guacamole.GuacamoleException; -import org.apache.guacamole.GuacamoleSecurityException; -import org.apache.guacamole.net.auth.permission.ObjectPermission; -import org.apache.guacamole.net.auth.permission.ObjectPermissionSet; import org.apache.guacamole.net.auth.permission.Permission; import org.apache.guacamole.net.auth.permission.PermissionSet; @@ -59,6 +54,11 @@ public interface PermissionService retrievePermissions(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException; + ModeledUser targetUser, boolean inherit) throws GuacamoleException; /** * Creates the given permissions within the database. If any permissions diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java index ac16fc2c7..3cdf9d160 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionService.java @@ -51,11 +51,11 @@ public class SharingProfilePermissionService extends ModeledObjectPermissionServ @Override public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Create permission set for requested user ObjectPermissionSet permissionSet = sharingProfilePermissionSetProvider.get(); - permissionSet.init(user, targetUser); + permissionSet.init(user, targetUser, inherit); return permissionSet; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java index 738062c2a..c05f4053a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java @@ -34,15 +34,21 @@ public interface SystemPermissionMapper extends PermissionMapper getPermissions() throws GuacamoleException { - return systemPermissionService.retrievePermissions(getCurrentUser(), user); + return systemPermissionService.retrievePermissions(getCurrentUser(), user, inherit); } @Override public boolean hasPermission(SystemPermission.Type permission) throws GuacamoleException { - return systemPermissionService.retrievePermission(getCurrentUser(), user, permission) != null; + return systemPermissionService.hasPermission(getCurrentUser(), user, permission, inherit); } @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java index d56ed28bc..8e6586257 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/UserPermissionService.java @@ -51,11 +51,11 @@ public class UserPermissionService extends ModeledObjectPermissionService { @Override public ObjectPermissionSet getPermissionSet(ModeledAuthenticatedUser user, - ModeledUser targetUser) throws GuacamoleException { + ModeledUser targetUser, boolean inherit) throws GuacamoleException { // Create permission set for requested user ObjectPermissionSet permissionSet = userPermissionSetProvider.get(); - permissionSet.init(user, targetUser); + permissionSet.init(user, targetUser, inherit); return permissionSet; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java index 583aa7fc1..39f163621 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java @@ -350,37 +350,37 @@ public class ModeledUser extends ModeledDirectoryObject implements Us @Override public SystemPermissionSet getSystemPermissions() throws GuacamoleException { - return systemPermissionService.getPermissionSet(getCurrentUser(), this); + return systemPermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException { - return connectionPermissionService.getPermissionSet(getCurrentUser(), this); + return connectionPermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException { - return connectionGroupPermissionService.getPermissionSet(getCurrentUser(), this); + return connectionGroupPermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override public ObjectPermissionSet getSharingProfilePermissions() throws GuacamoleException { - return sharingProfilePermissionService.getPermissionSet(getCurrentUser(), this); + return sharingProfilePermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override public ObjectPermissionSet getActiveConnectionPermissions() throws GuacamoleException { - return activeConnectionPermissionService.getPermissionSet(getCurrentUser(), this); + return activeConnectionPermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override public ObjectPermissionSet getUserPermissions() throws GuacamoleException { - return userPermissionService.getPermissionSet(getCurrentUser(), this); + return userPermissionService.getPermissionSet(getCurrentUser(), this, false); } @Override @@ -855,7 +855,52 @@ public class ModeledUser extends ModeledDirectoryObject implements Us @Override public Permissions getEffectivePermissions() throws GuacamoleException { - return this; + return new Permissions() { + + @Override + public ObjectPermissionSet getActiveConnectionPermissions() + throws GuacamoleException { + return activeConnectionPermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public ObjectPermissionSet getConnectionGroupPermissions() + throws GuacamoleException { + return connectionGroupPermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public ObjectPermissionSet getConnectionPermissions() + throws GuacamoleException { + return connectionPermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public ObjectPermissionSet getSharingProfilePermissions() + throws GuacamoleException { + return sharingProfilePermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public SystemPermissionSet getSystemPermissions() + throws GuacamoleException { + return systemPermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public ObjectPermissionSet getUserPermissions() + throws GuacamoleException { + return userPermissionService.getPermissionSet(getCurrentUser(), ModeledUser.this, true); + } + + @Override + public ObjectPermissionSet getUserGroupPermissions() + throws GuacamoleException { + // FIXME: STUB + return new SimpleObjectPermissionSet(); + } + + }; } }