safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-08 06:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #64 from glyptodon/tokenize-mysql

Browse Source 
GUAC-340: Provide credentials through configurations via TokenFilter. Refactor use of user IDs to new AuthenticatedUser as needed.
This commit is contained in:
James Muehlner
2015-01-06 19:48:28 -08:00
parent 9b9b93d614 de30229d16
commit 0d03ad72b0
11 changed files with 714 additions and 368 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/AuthenticatedUser.java Normal file
View File

@@ -0,0 +1,80 @@
/*
* Copyright (C) 2015 Glyptodon LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
package net.sourceforge.guacamole.net.auth.mysql;
import org.glyptodon.guacamole.net.auth.Credentials;
/**
* Represents an authenticated user via their database ID and corresponding
* credentials.
*
* @author Michael Jumper
*/
public class AuthenticatedUser {
/**
* The database ID of this user.
*/
private final int userID;
/**
* The credentials given when this user authenticated.
*/
private final Credentials credentials;
/**
* Creates a new AuthenticatedUser associated with the given database ID
* and credentials.
*
* @param userID
* The database ID of the user this object should represent.
*
* @param credentials
* The credentials given by the user when they authenticated.
*/
public AuthenticatedUser(int userID, Credentials credentials) {
this.userID = userID;
this.credentials = credentials;
}
/**
* Returns the ID of this user.
*
* @return
* The ID of this user.
*/
public int getUserID() {
return userID;
}
/**
* Returns the credentials given during authentication by this user.
*
* @return
* The credentials given during authentication by this user.
*/
public Credentials getCredentials() {
return credentials;
}
}

61
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
View File

@@ -50,10 +50,10 @@ import org.mybatis.guice.transactional.Transactional;
public class ConnectionDirectory implements Directory<String, Connection>{ public class ConnectionDirectory implements Directory<String, Connection>{
/** /**
* The ID of the user who this connection directory belongs to. * The user who this connection directory belongs to. Access is based on
* Access is based on his/her permission settings. * his/her permission settings.
*/ */
private int user_id; private AuthenticatedUser currentUser;
/** /**
* The ID of the parent connection group. * The ID of the parent connection group.
@@ -93,12 +93,15 @@ public class ConnectionDirectory implements Directory<String, Connection>{
/** /**
* Set the user and parentID for this directory. * Set the user and parentID for this directory.
* *
* @param user_id The ID of the user owning this connection directory. * @param currentUser
* @param parentID The ID of the parent connection group. * The user owning this connection directory.
*
* @param parentID
* The ID of the parent connection group.
*/ */
public void init(int user_id, Integer parentID) { public void init(AuthenticatedUser currentUser, Integer parentID) {
this.currentUser = currentUser;
this.parentID = parentID; this.parentID = parentID;
this.user_id = user_id;
} }
@Transactional @Transactional
@@ -107,18 +110,18 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Get connection // Get connection
MySQLConnection connection = MySQLConnection connection =
connectionService.retrieveConnection(identifier, user_id); connectionService.retrieveConnection(identifier, currentUser);
if(connection == null) if(connection == null)
return null; return null;
// Verify permission to use the parent connection group for organizational purposes // Verify permission to use the parent connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(connection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (connection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify access is granted // Verify access is granted
permissionCheckService.verifyConnectionAccess( permissionCheckService.verifyConnectionAccess(
this.user_id, currentUser,
connection.getConnectionID(), connection.getConnectionID(),
MySQLConstants.CONNECTION_READ); MySQLConstants.CONNECTION_READ);
@@ -133,9 +136,9 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Verify permission to use the connection group for organizational purposes // Verify permission to use the connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
return permissionCheckService.retrieveConnectionIdentifiers(user_id, return permissionCheckService.retrieveConnectionIdentifiers(currentUser,
parentID, MySQLConstants.CONNECTION_READ); parentID, MySQLConstants.CONNECTION_READ);
} }
@@ -148,26 +151,26 @@ public class ConnectionDirectory implements Directory<String, Connection>{
throw new GuacamoleClientException("The connection name cannot be blank."); throw new GuacamoleClientException("The connection name cannot be blank.");
// Verify permission to create // Verify permission to create
permissionCheckService.verifySystemAccess(this.user_id, permissionCheckService.verifySystemAccess(currentUser,
MySQLConstants.SYSTEM_CONNECTION_CREATE); MySQLConstants.SYSTEM_CONNECTION_CREATE);
// Verify permission to edit the connection group // Verify permission to edit the connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE); this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify permission to use the connection group for organizational purposes // Verify permission to use the connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify that no connection already exists with this name. // Verify that no connection already exists with this name.
MySQLConnection previousConnection = MySQLConnection previousConnection =
connectionService.retrieveConnection(name, parentID, user_id); connectionService.retrieveConnection(name, parentID, currentUser);
if(previousConnection != null) if(previousConnection != null)
throw new GuacamoleClientException("That connection name is already in use."); throw new GuacamoleClientException("That connection name is already in use.");
// Create connection // Create connection
MySQLConnection connection = connectionService.createConnection( MySQLConnection connection = connectionService.createConnection(
name, object.getConfiguration().getProtocol(), user_id, parentID); name, object.getConfiguration().getProtocol(), currentUser, parentID);
// Set the connection ID // Set the connection ID
object.setIdentifier(connection.getIdentifier()); object.setIdentifier(connection.getIdentifier());
@@ -179,7 +182,7 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Finally, give the current user full access to the newly created // Finally, give the current user full access to the newly created
// connection. // connection.
ConnectionPermissionKey newConnectionPermission = new ConnectionPermissionKey(); ConnectionPermissionKey newConnectionPermission = new ConnectionPermissionKey();
newConnectionPermission.setUser_id(this.user_id); newConnectionPermission.setUser_id(currentUser.getUserID());
newConnectionPermission.setConnection_id(connection.getConnectionID()); newConnectionPermission.setConnection_id(connection.getConnectionID());
// Read permission // Read permission
@@ -238,7 +241,7 @@ public class ConnectionDirectory implements Directory<String, Connection>{
MySQLConnection mySQLConnection = (MySQLConnection) object; MySQLConnection mySQLConnection = (MySQLConnection) object;
// Verify permission to update // Verify permission to update
permissionCheckService.verifyConnectionAccess(this.user_id, permissionCheckService.verifyConnectionAccess(currentUser,
mySQLConnection.getConnectionID(), mySQLConnection.getConnectionID(),
MySQLConstants.CONNECTION_UPDATE); MySQLConstants.CONNECTION_UPDATE);
@@ -262,17 +265,17 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Get connection // Get connection
MySQLConnection mySQLConnection = MySQLConnection mySQLConnection =
connectionService.retrieveConnection(identifier, user_id); connectionService.retrieveConnection(identifier, currentUser);
if(mySQLConnection == null) if(mySQLConnection == null)
throw new GuacamoleResourceNotFoundException("Connection not found."); throw new GuacamoleResourceNotFoundException("Connection not found.");
// Verify permission to use the parent connection group for organizational purposes // Verify permission to use the parent connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(mySQLConnection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (mySQLConnection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to delete // Verify permission to delete
permissionCheckService.verifyConnectionAccess(this.user_id, permissionCheckService.verifyConnectionAccess(currentUser,
mySQLConnection.getConnectionID(), mySQLConnection.getConnectionID(),
MySQLConstants.CONNECTION_DELETE); MySQLConstants.CONNECTION_DELETE);
@@ -292,36 +295,36 @@ public class ConnectionDirectory implements Directory<String, Connection>{
// Get connection // Get connection
MySQLConnection mySQLConnection = MySQLConnection mySQLConnection =
connectionService.retrieveConnection(identifier, user_id); connectionService.retrieveConnection(identifier, currentUser);
if(mySQLConnection == null) if(mySQLConnection == null)
throw new GuacamoleResourceNotFoundException("Connection not found."); throw new GuacamoleResourceNotFoundException("Connection not found.");
// Verify permission to update the connection // Verify permission to update the connection
permissionCheckService.verifyConnectionAccess(this.user_id, permissionCheckService.verifyConnectionAccess(currentUser,
mySQLConnection.getConnectionID(), mySQLConnection.getConnectionID(),
MySQLConstants.CONNECTION_UPDATE); MySQLConstants.CONNECTION_UPDATE);
// Verify permission to use the from connection group for organizational purposes // Verify permission to use the from connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(mySQLConnection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (mySQLConnection.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to update the from connection group // Verify permission to update the from connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
mySQLConnection.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE); mySQLConnection.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify permission to use the to connection group for organizational purposes // Verify permission to use the to connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(toConnectionGroupID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (toConnectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to update the to connection group // Verify permission to update the to connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE); toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name. // Verify that no connection already exists with this name.
MySQLConnection previousConnection = MySQLConnection previousConnection =
connectionService.retrieveConnection(mySQLConnection.getName(), connectionService.retrieveConnection(mySQLConnection.getName(),
toConnectionGroupID, user_id); toConnectionGroupID, currentUser);
if(previousConnection != null) if(previousConnection != null)
throw new GuacamoleClientException("That connection name is already in use."); throw new GuacamoleClientException("That connection name is already in use.");

63
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
View File

@@ -46,10 +46,10 @@ import org.mybatis.guice.transactional.Transactional;
public class ConnectionGroupDirectory implements Directory<String, ConnectionGroup>{ public class ConnectionGroupDirectory implements Directory<String, ConnectionGroup>{
/** /**
* The ID of the user who this connection directory belongs to. * The user who this connection directory belongs to. Access is based on
* Access is based on his/her permission settings. * his/her permission settings.
*/ */
private int user_id; private AuthenticatedUser currentUser;
/** /**
* The ID of the parent connection group. * The ID of the parent connection group.
@@ -77,12 +77,15 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
/** /**
* Set the user and parentID for this directory. * Set the user and parentID for this directory.
* *
* @param user_id The ID of the user owning this connection group directory. * @param currentUser
* @param parentID The ID of the parent connection group. * The user owning this connection group directory.
*
* @param parentID
* The ID of the parent connection group.
*/ */
public void init(int user_id, Integer parentID) { public void init(AuthenticatedUser currentUser, Integer parentID) {
this.parentID = parentID; this.parentID = parentID;
this.user_id = user_id; this.currentUser = currentUser;
} }
@Transactional @Transactional
@@ -91,18 +94,18 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Get connection // Get connection
MySQLConnectionGroup connectionGroup = MySQLConnectionGroup connectionGroup =
connectionGroupService.retrieveConnectionGroup(identifier, user_id); connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
if(connectionGroup == null) if(connectionGroup == null)
return null; return null;
// Verify permission to use the parent connection group for organizational purposes // Verify permission to use the parent connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(connectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (connectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify access is granted // Verify access is granted
permissionCheckService.verifyConnectionGroupAccess( permissionCheckService.verifyConnectionGroupAccess(
this.user_id, currentUser,
connectionGroup.getConnectionGroupID(), connectionGroup.getConnectionGroupID(),
MySQLConstants.CONNECTION_GROUP_READ); MySQLConstants.CONNECTION_GROUP_READ);
@@ -117,9 +120,9 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Verify permission to use the connection group for organizational purposes // Verify permission to use the connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
return permissionCheckService.retrieveConnectionGroupIdentifiers(user_id, return permissionCheckService.retrieveConnectionGroupIdentifiers(currentUser,
parentID, MySQLConstants.CONNECTION_GROUP_READ); parentID, MySQLConstants.CONNECTION_GROUP_READ);
} }
@@ -136,26 +139,26 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
String mySQLType = MySQLConstants.getConnectionGroupTypeConstant(type); String mySQLType = MySQLConstants.getConnectionGroupTypeConstant(type);
// Verify permission to create // Verify permission to create
permissionCheckService.verifySystemAccess(this.user_id, permissionCheckService.verifySystemAccess(currentUser,
MySQLConstants.SYSTEM_CONNECTION_GROUP_CREATE); MySQLConstants.SYSTEM_CONNECTION_GROUP_CREATE);
// Verify permission to edit the parent connection group // Verify permission to edit the parent connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE); this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify permission to use the parent connection group for organizational purposes // Verify permission to use the parent connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (parentID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify that no connection already exists with this name. // Verify that no connection already exists with this name.
MySQLConnectionGroup previousConnectionGroup = MySQLConnectionGroup previousConnectionGroup =
connectionGroupService.retrieveConnectionGroup(name, parentID, user_id); connectionGroupService.retrieveConnectionGroup(name, parentID, currentUser);
if(previousConnectionGroup != null) if(previousConnectionGroup != null)
throw new GuacamoleClientException("That connection group name is already in use."); throw new GuacamoleClientException("That connection group name is already in use.");
// Create connection group // Create connection group
MySQLConnectionGroup connectionGroup = connectionGroupService MySQLConnectionGroup connectionGroup = connectionGroupService
.createConnectionGroup(name, user_id, parentID, mySQLType); .createConnectionGroup(name, currentUser, parentID, mySQLType);
// Set the connection group ID // Set the connection group ID
object.setIdentifier(connectionGroup.getIdentifier()); object.setIdentifier(connectionGroup.getIdentifier());
@@ -163,7 +166,7 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Finally, give the current user full access to the newly created // Finally, give the current user full access to the newly created
// connection group. // connection group.
ConnectionGroupPermissionKey newConnectionGroupPermission = new ConnectionGroupPermissionKey(); ConnectionGroupPermissionKey newConnectionGroupPermission = new ConnectionGroupPermissionKey();
newConnectionGroupPermission.setUser_id(this.user_id); newConnectionGroupPermission.setUser_id(currentUser.getUserID());
newConnectionGroupPermission.setConnection_group_id(connectionGroup.getConnectionGroupID()); newConnectionGroupPermission.setConnection_group_id(connectionGroup.getConnectionGroupID());
// Read permission // Read permission
@@ -196,7 +199,7 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
MySQLConnectionGroup mySQLConnectionGroup = (MySQLConnectionGroup) object; MySQLConnectionGroup mySQLConnectionGroup = (MySQLConnectionGroup) object;
// Verify permission to update // Verify permission to update
permissionCheckService.verifyConnectionAccess(this.user_id, permissionCheckService.verifyConnectionAccess(currentUser,
mySQLConnectionGroup.getConnectionGroupID(), mySQLConnectionGroup.getConnectionGroupID(),
MySQLConstants.CONNECTION_UPDATE); MySQLConstants.CONNECTION_UPDATE);
@@ -210,17 +213,17 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Get connection // Get connection
MySQLConnectionGroup mySQLConnectionGroup = MySQLConnectionGroup mySQLConnectionGroup =
connectionGroupService.retrieveConnectionGroup(identifier, user_id); connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
if(mySQLConnectionGroup == null) if(mySQLConnectionGroup == null)
throw new GuacamoleResourceNotFoundException("Connection group not found."); throw new GuacamoleResourceNotFoundException("Connection group not found.");
// Verify permission to use the parent connection group for organizational purposes // Verify permission to use the parent connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(mySQLConnectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (mySQLConnectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to delete // Verify permission to delete
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
mySQLConnectionGroup.getConnectionGroupID(), mySQLConnectionGroup.getConnectionGroupID(),
MySQLConstants.CONNECTION_GROUP_DELETE); MySQLConstants.CONNECTION_GROUP_DELETE);
@@ -244,36 +247,36 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
// Get connection group // Get connection group
MySQLConnectionGroup mySQLConnectionGroup = MySQLConnectionGroup mySQLConnectionGroup =
connectionGroupService.retrieveConnectionGroup(identifier, user_id); connectionGroupService.retrieveConnectionGroup(identifier, currentUser);
if(mySQLConnectionGroup == null) if(mySQLConnectionGroup == null)
throw new GuacamoleResourceNotFoundException("Connection group not found."); throw new GuacamoleResourceNotFoundException("Connection group not found.");
// Verify permission to update the connection // Verify permission to update the connection
permissionCheckService.verifyConnectionAccess(this.user_id, permissionCheckService.verifyConnectionAccess(currentUser,
mySQLConnectionGroup.getConnectionGroupID(), mySQLConnectionGroup.getConnectionGroupID(),
MySQLConstants.CONNECTION_GROUP_UPDATE); MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify permission to use the from connection group for organizational purposes // Verify permission to use the from connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(mySQLConnectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (mySQLConnectionGroup.getParentID(), currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to update the from connection group // Verify permission to update the from connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
mySQLConnectionGroup.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE); mySQLConnectionGroup.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify permission to use the to connection group for organizational purposes // Verify permission to use the to connection group for organizational purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(toConnectionGroupID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL); (toConnectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
// Verify permission to update the to connection group // Verify permission to update the to connection group
permissionCheckService.verifyConnectionGroupAccess(this.user_id, permissionCheckService.verifyConnectionGroupAccess(currentUser,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE); toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name. // Verify that no connection already exists with this name.
MySQLConnectionGroup previousConnectionGroup = MySQLConnectionGroup previousConnectionGroup =
connectionGroupService.retrieveConnectionGroup(mySQLConnectionGroup.getName(), connectionGroupService.retrieveConnectionGroup(mySQLConnectionGroup.getName(),
toConnectionGroupID, user_id); toConnectionGroupID, currentUser);
if(previousConnectionGroup != null) if(previousConnectionGroup != null)
throw new GuacamoleClientException("That connection group name is already in use."); throw new GuacamoleClientException("That connection group name is already in use.");
@@ -284,7 +287,7 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
throw new GuacamoleUnsupportedException("Connection group cycle detected."); throw new GuacamoleUnsupportedException("Connection group cycle detected.");
MySQLConnectionGroup relativeParentGroup = connectionGroupService. MySQLConnectionGroup relativeParentGroup = connectionGroupService.
retrieveConnectionGroup(relativeParentID, user_id); retrieveConnectionGroup(relativeParentID, currentUser);
relativeParentID = relativeParentGroup.getParentID(); relativeParentID = relativeParentGroup.getParentID();
} }

2
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLAuthenticationProvider.java
View File

@@ -86,7 +86,7 @@ public class MySQLAuthenticationProvider implements AuthenticationProvider {
MySQLUser authenticatedUser = userService.retrieveUser(credentials); MySQLUser authenticatedUser = userService.retrieveUser(credentials);
if (authenticatedUser != null) { if (authenticatedUser != null) {
MySQLUserContext context = injector.getInstance(MySQLUserContext.class); MySQLUserContext context = injector.getInstance(MySQLUserContext.class);
context.init(authenticatedUser.getUserID()); context.init(new AuthenticatedUser(authenticatedUser.getUserID(), credentials));
return context; return context;
} }

37
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnection.java
View File

@@ -52,9 +52,9 @@ public class MySQLConnection extends AbstractConnection {
private Integer parentID; private Integer parentID;
/** /**
* The ID of the user who queried or created this connection. * The user who queried or created this connection.
*/ */
private int userID; private AuthenticatedUser currentUser;
/** /**
* History of this connection. * History of this connection.
@@ -115,16 +115,31 @@ public class MySQLConnection extends AbstractConnection {
/** /**
* Initialize from explicit values. * Initialize from explicit values.
* *
* @param connectionID The ID of the associated database record, if any. * @param connectionID
* @param parentID The D of the parent connection group for this connection, if any. * The ID of the associated database record, if any.
* @param identifier The unique identifier associated with this connection. *
* @param config The GuacamoleConfiguration associated with this connection. * @param parentID
* @param history All ConnectionRecords associated with this connection. * The ID of the parent connection group for this connection, if any.
* @param userID The IID of the user who queried this connection. *
* @param name
* The human-readable name associated with this connection.
*
* @param identifier
* The unique identifier associated with this connection.
*
* @param config
* The GuacamoleConfiguration associated with this connection.
*
* @param history
* All ConnectionRecords associated with this connection.
*
* @param currentUser
* The user who queried this connection.
*/ */
public void init(Integer connectionID, Integer parentID, String name, public void init(Integer connectionID, Integer parentID, String name,
String identifier, GuacamoleConfiguration config, String identifier, GuacamoleConfiguration config,
List<? extends ConnectionRecord> history, int userID) { List<? extends ConnectionRecord> history,
AuthenticatedUser currentUser) {
this.connectionID = connectionID; this.connectionID = connectionID;
this.setParentID(parentID); this.setParentID(parentID);
@@ -132,13 +147,13 @@ public class MySQLConnection extends AbstractConnection {
setIdentifier(identifier); setIdentifier(identifier);
setConfiguration(config); setConfiguration(config);
this.history.addAll(history); this.history.addAll(history);
this.userID = userID; this.currentUser = currentUser;
} }
@Override @Override
public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException { public GuacamoleSocket connect(GuacamoleClientInformation info) throws GuacamoleException {
return connectionService.connect(this, info, userID, null); return connectionService.connect(this, info, currentUser, null);
} }
@Override @Override

42
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLConnectionGroup.java
View File

@@ -52,9 +52,9 @@ public class MySQLConnectionGroup extends AbstractConnectionGroup {
private Integer parentID; private Integer parentID;
/** /**
* The ID of the user who queried or created this connection group. * The user who queried or created this connection group.
*/ */
private int userID; private AuthenticatedUser currentUser;
/** /**
* A Directory of connections that have this connection group as a parent. * A Directory of connections that have this connection group as a parent.
@@ -136,27 +136,39 @@ public class MySQLConnectionGroup extends AbstractConnectionGroup {
/** /**
* Initialize from explicit values. * Initialize from explicit values.
* *
* @param connectionGroupID The ID of the associated database record, if any. * @param connectionGroupID
* @param parentID The ID of the parent connection group for this connection group, if any. * The ID of the associated database record, if any.
* @param name The name of this connection group. *
* @param identifier The unique identifier associated with this connection group. * @param parentID
* @param type The type of this connection group. * The ID of the parent connection group for this connection group, if
* @param userID The IID of the user who queried this connection. * any.
*
* @param name
* The name of this connection group.
*
* @param identifier
* The unique identifier associated with this connection group.
*
* @param type
* The type of this connection group.
*
* @param currentUser
* The user who queried this connection.
*/ */
public void init(Integer connectionGroupID, Integer parentID, String name, public void init(Integer connectionGroupID, Integer parentID, String name,
String identifier, ConnectionGroup.Type type, int userID) { String identifier, ConnectionGroup.Type type, AuthenticatedUser currentUser) {
this.connectionGroupID = connectionGroupID; this.connectionGroupID = connectionGroupID;
this.setParentID(parentID); this.setParentID(parentID);
setName(name); setName(name);
setIdentifier(identifier); setIdentifier(identifier);
setType(type); setType(type);
this.userID = userID; this.currentUser = currentUser;
connectionDirectory = connectionDirectoryProvider.get(); connectionDirectory = connectionDirectoryProvider.get();
connectionDirectory.init(userID, connectionGroupID); connectionDirectory.init(currentUser, connectionGroupID);
connectionGroupDirectory = connectionGroupDirectoryProvider.get(); connectionGroupDirectory = connectionGroupDirectoryProvider.get();
connectionGroupDirectory.init(userID, connectionGroupID); connectionGroupDirectory.init(currentUser, connectionGroupID);
} }
@Override @Override
@@ -164,14 +176,14 @@ public class MySQLConnectionGroup extends AbstractConnectionGroup {
// Verify permission to use the connection group for balancing purposes // Verify permission to use the connection group for balancing purposes
permissionCheckService.verifyConnectionGroupUsageAccess permissionCheckService.verifyConnectionGroupUsageAccess
(this.connectionGroupID, this.userID, MySQLConstants.CONNECTION_GROUP_BALANCING); (this.connectionGroupID, currentUser, MySQLConstants.CONNECTION_GROUP_BALANCING);
// Verify permission to delete // Verify permission to delete
permissionCheckService.verifyConnectionGroupAccess(this.userID, permissionCheckService.verifyConnectionGroupAccess(currentUser,
this.connectionGroupID, this.connectionGroupID,
MySQLConstants.CONNECTION_GROUP_READ); MySQLConstants.CONNECTION_GROUP_READ);
return connectionGroupService.connect(this, info, userID); return connectionGroupService.connect(this, info, currentUser);
} }
@Override @Override

20
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/MySQLUserContext.java
View File

@@ -30,6 +30,7 @@ import org.glyptodon.guacamole.net.auth.Directory;
import org.glyptodon.guacamole.net.auth.User; import org.glyptodon.guacamole.net.auth.User;
import org.glyptodon.guacamole.net.auth.UserContext; import org.glyptodon.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.mysql.service.UserService; import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
import org.glyptodon.guacamole.net.auth.Credentials;
/** /**
* The MySQL representation of a UserContext. * The MySQL representation of a UserContext.
@@ -38,10 +39,10 @@ import net.sourceforge.guacamole.net.auth.mysql.service.UserService;
public class MySQLUserContext implements UserContext { public class MySQLUserContext implements UserContext {
/** /**
* The ID of the user owning this context. The permissions of this user * The the user owning this context. The permissions of this user dictate
* dictate the access given via the user and connection directories. * the access given via the user and connection directories.
*/ */
private int user_id; private AuthenticatedUser currentUser;
/** /**
* User directory restricted by the permissions of the user associated * User directory restricted by the permissions of the user associated
@@ -65,20 +66,21 @@ public class MySQLUserContext implements UserContext {
/** /**
* Initializes the user and directories associated with this context. * Initializes the user and directories associated with this context.
* *
* @param user_id The ID of the user owning this context. * @param currentUser
* The user owning this context.
*/ */
public void init(int user_id) { public void init(AuthenticatedUser currentUser) {
this.user_id = user_id; this.currentUser = currentUser;
userDirectory.init(user_id); userDirectory.init(currentUser);
rootConnectionGroup.init(null, null, rootConnectionGroup.init(null, null,
MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
ConnectionGroup.Type.ORGANIZATIONAL, user_id); ConnectionGroup.Type.ORGANIZATIONAL, currentUser);
} }
@Override @Override
public User self() { public User self() {
return userService.retrieveUser(user_id); return userService.retrieveUser(currentUser.getUserID());
} }
@Override @Override

59
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
View File

@@ -67,10 +67,10 @@ import org.mybatis.guice.transactional.Transactional;
public class UserDirectory implements Directory<String, User> { public class UserDirectory implements Directory<String, User> {
/** /**
* The ID of the user who this user directory belongs to. * The user this user directory belongs to. Access is based on his/her
* Access is based on his/her permission settings. * permission settings.
*/ */
private int user_id; private AuthenticatedUser currentUser;
/** /**
* Service for accessing users. * Service for accessing users.
@@ -123,11 +123,12 @@ public class UserDirectory implements Directory<String, User> {
/** /**
* Set the user for this directory. * Set the user for this directory.
* *
* @param user_id The ID of the user whose permissions define the visibility * @param currentUser
* of other users in this directory. * The user whose permissions define the visibility of other users in
* this directory.
*/ */
public void init(int user_id) { public void init(AuthenticatedUser currentUser) {
this.user_id = user_id; this.currentUser = currentUser;
} }
@Transactional @Transactional
@@ -142,7 +143,7 @@ public class UserDirectory implements Directory<String, User> {
return null; return null;
// Verify access is granted // Verify access is granted
permissionCheckService.verifyUserAccess(this.user_id, permissionCheckService.verifyUserAccess(currentUser,
user.getUserID(), user.getUserID(),
MySQLConstants.USER_READ); MySQLConstants.USER_READ);
@@ -154,7 +155,7 @@ public class UserDirectory implements Directory<String, User> {
@Transactional @Transactional
@Override @Override
public Set<String> getIdentifiers() throws GuacamoleException { public Set<String> getIdentifiers() throws GuacamoleException {
return permissionCheckService.retrieveUsernames(user_id, return permissionCheckService.retrieveUsernames(currentUser,
MySQLConstants.USER_READ); MySQLConstants.USER_READ);
} }
@@ -168,7 +169,7 @@ public class UserDirectory implements Directory<String, User> {
throw new GuacamoleClientException("The username cannot be blank."); throw new GuacamoleClientException("The username cannot be blank.");
// Verify current user has permission to create users // Verify current user has permission to create users
permissionCheckService.verifySystemAccess(this.user_id, permissionCheckService.verifySystemAccess(currentUser,
MySQLConstants.SYSTEM_USER_CREATE); MySQLConstants.SYSTEM_USER_CREATE);
Preconditions.checkNotNull(object); Preconditions.checkNotNull(object);
@@ -185,7 +186,7 @@ public class UserDirectory implements Directory<String, User> {
// Give the current user full access to the newly created user. // Give the current user full access to the newly created user.
UserPermissionKey newUserPermission = new UserPermissionKey(); UserPermissionKey newUserPermission = new UserPermissionKey();
newUserPermission.setUser_id(this.user_id); newUserPermission.setUser_id(currentUser.getUserID());
newUserPermission.setAffected_user_id(user.getUserID()); newUserPermission.setAffected_user_id(user.getUserID());
// READ permission on new user // READ permission on new user
@@ -304,7 +305,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable user IDs // Get list of administerable user IDs
List<Integer> administerableUserIDs = List<Integer> administerableUserIDs =
permissionCheckService.retrieveUserIDs(this.user_id, permissionCheckService.retrieveUserIDs(currentUser,
MySQLConstants.USER_ADMINISTER); MySQLConstants.USER_ADMINISTER);
// Get set of usernames corresponding to administerable users // Get set of usernames corresponding to administerable users
@@ -322,13 +323,13 @@ public class UserDirectory implements Directory<String, User> {
// every one of these users // every one of these users
if (affected_id == null) if (affected_id == null)
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate user " + " does not have permission to administrate user "
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
// Create new permission // Create new permission
UserPermissionKey newPermission = new UserPermissionKey(); UserPermissionKey newPermission = new UserPermissionKey();
newPermission.setUser_id(user_id); newPermission.setUser_id(currentUser.getUserID());
newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType())); newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType()));
newPermission.setAffected_user_id(affected_id); newPermission.setAffected_user_id(affected_id);
userPermissionDAO.insert(newPermission); userPermissionDAO.insert(newPermission);
@@ -356,7 +357,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable user IDs // Get list of administerable user IDs
List<Integer> administerableUserIDs = List<Integer> administerableUserIDs =
permissionCheckService.retrieveUserIDs(this.user_id, permissionCheckService.retrieveUserIDs(currentUser,
MySQLConstants.USER_ADMINISTER); MySQLConstants.USER_ADMINISTER);
// Get set of usernames corresponding to administerable users // Get set of usernames corresponding to administerable users
@@ -374,7 +375,7 @@ public class UserDirectory implements Directory<String, User> {
// every one of these users // every one of these users
if (affected_id == null) if (affected_id == null)
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate user " + " does not have permission to administrate user "
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
@@ -410,7 +411,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable connection IDs // Get list of administerable connection IDs
Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet( Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id, permissionCheckService.retrieveConnectionIDs(currentUser,
MySQLConstants.CONNECTION_ADMINISTER)); MySQLConstants.CONNECTION_ADMINISTER));
// Insert all given permissions // Insert all given permissions
@@ -423,7 +424,7 @@ public class UserDirectory implements Directory<String, User> {
// is not granted // is not granted
if (!administerableConnectionIDs.contains(connection_id)) if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate connection " + " does not have permission to administrate connection "
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
@@ -457,7 +458,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable connection group IDs // Get list of administerable connection group IDs
Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet( Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id, permissionCheckService.retrieveConnectionGroupIDs(currentUser,
MySQLConstants.CONNECTION_GROUP_ADMINISTER)); MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Insert all given permissions // Insert all given permissions
@@ -470,7 +471,7 @@ public class UserDirectory implements Directory<String, User> {
// is not granted // is not granted
if (!administerableConnectionGroupIDs.contains(connection_group_id)) if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate connection group" + " does not have permission to administrate connection group"
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
@@ -503,7 +504,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable connection IDs // Get list of administerable connection IDs
Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet( Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id, permissionCheckService.retrieveConnectionIDs(currentUser,
MySQLConstants.CONNECTION_ADMINISTER)); MySQLConstants.CONNECTION_ADMINISTER));
// Delete requested permissions // Delete requested permissions
@@ -516,7 +517,7 @@ public class UserDirectory implements Directory<String, User> {
// every one of these connections // every one of these connections
if (!administerableConnectionIDs.contains(connection_id)) if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate connection " + " does not have permission to administrate connection "
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
@@ -550,7 +551,7 @@ public class UserDirectory implements Directory<String, User> {
// Get list of administerable connection group IDs // Get list of administerable connection group IDs
Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet( Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id, permissionCheckService.retrieveConnectionGroupIDs(currentUser,
MySQLConstants.CONNECTION_GROUP_ADMINISTER)); MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Delete requested permissions // Delete requested permissions
@@ -563,7 +564,7 @@ public class UserDirectory implements Directory<String, User> {
// every one of these connection groups // every one of these connection groups
if (!administerableConnectionGroupIDs.contains(connection_group_id)) if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException( throw new GuacamoleSecurityException(
"User #" + this.user_id "User #" + currentUser.getUserID()
+ " does not have permission to administrate connection group" + " does not have permission to administrate connection group"
+ permission.getObjectIdentifier()); + permission.getObjectIdentifier());
@@ -597,7 +598,7 @@ public class UserDirectory implements Directory<String, User> {
// Only a system administrator can add system permissions. // Only a system administrator can add system permissions.
permissionCheckService.verifySystemAccess( permissionCheckService.verifySystemAccess(
this.user_id, SystemPermission.Type.ADMINISTER.name()); currentUser, SystemPermission.Type.ADMINISTER.name());
// Insert all requested permissions // Insert all requested permissions
for (SystemPermission permission : permissions) { for (SystemPermission permission : permissions) {
@@ -631,7 +632,7 @@ public class UserDirectory implements Directory<String, User> {
return; return;
// Prevent self-de-adminifying // Prevent self-de-adminifying
if (user_id == this.user_id) if (user_id == currentUser.getUserID())
throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed."); throw new GuacamoleUnsupportedException("Removing your own administrative permissions is not allowed.");
// Build list of requested system permissions // Build list of requested system permissions
@@ -660,7 +661,7 @@ public class UserDirectory implements Directory<String, User> {
MySQLUser mySQLUser = (MySQLUser) object; MySQLUser mySQLUser = (MySQLUser) object;
// Validate permission to update this user is granted // Validate permission to update this user is granted
permissionCheckService.verifyUserAccess(this.user_id, permissionCheckService.verifyUserAccess(currentUser,
mySQLUser.getUserID(), mySQLUser.getUserID(),
MySQLConstants.USER_UPDATE); MySQLConstants.USER_UPDATE);
@@ -685,11 +686,11 @@ public class UserDirectory implements Directory<String, User> {
MySQLUser user = userService.retrieveUser(identifier); MySQLUser user = userService.retrieveUser(identifier);
// Prevent self-deletion // Prevent self-deletion
if (user.getUserID() == this.user_id) if (user.getUserID() == currentUser.getUserID())
throw new GuacamoleUnsupportedException("Deleting your own user is not allowed."); throw new GuacamoleUnsupportedException("Deleting your own user is not allowed.");
// Validate current user has permission to remove the specified user // Validate current user has permission to remove the specified user
permissionCheckService.verifyUserAccess(this.user_id, permissionCheckService.verifyUserAccess(currentUser,
user.getUserID(), user.getUserID(),
MySQLConstants.USER_DELETE); MySQLConstants.USER_DELETE);

124
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
View File

@@ -31,6 +31,7 @@ import java.util.Set;
import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.net.GuacamoleSocket; import org.glyptodon.guacamole.net.GuacamoleSocket;
import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap; import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap;
import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection; import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup; import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants; import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants;
@@ -82,14 +83,21 @@ public class ConnectionGroupService {
* Retrieves the connection group having the given * Retrieves the connection group having the given
* name from the database. * name from the database.
* *
* @param name The name of the connection to return. * @param name
* @param parentID The ID of the parent connection group. * The name of the connection to return.
* @param userID The ID of the user who queried this connection group. *
* @return The connection having the given name, or null if no such * @param parentID
* connection group could be found. * The ID of the parent connection group.
*
* @param currentUser
* The user who queried this connection group.
*
* @return
* The connection having the given name, or null if no such connection
* group could be found.
*/ */
public MySQLConnectionGroup retrieveConnectionGroup(String name, Integer parentID, public MySQLConnectionGroup retrieveConnectionGroup(String name, Integer parentID,
int userID) { AuthenticatedUser currentUser) {
// Create criteria // Create criteria
ConnectionGroupExample example = new ConnectionGroupExample(); ConnectionGroupExample example = new ConnectionGroupExample();
@@ -108,7 +116,7 @@ public class ConnectionGroupService {
return null; return null;
// Otherwise, return found connection // Otherwise, return found connection
return toMySQLConnectionGroup(connectionGroups.get(0), userID); return toMySQLConnectionGroup(connectionGroups.get(0), currentUser);
} }
@@ -116,13 +124,21 @@ public class ConnectionGroupService {
* Retrieves the connection group having the given unique identifier * Retrieves the connection group having the given unique identifier
* from the database. * from the database.
* *
* @param uniqueIdentifier The unique identifier of the connection group to retrieve. * @param uniqueIdentifier
* @param userID The ID of the user who queried this connection group. * The unique identifier of the connection group to retrieve.
* @return The connection group having the given unique identifier, *
* or null if no such connection group was found. * @param currentUser
* The user who queried this connection group.
*
* @return
* The connection group having the given unique identifier, or null if
* no such connection group was found.
*
* @throws GuacamoleException
* If an error occurs while retrieving the connection group.
*/ */
public MySQLConnectionGroup retrieveConnectionGroup(String uniqueIdentifier, public MySQLConnectionGroup retrieveConnectionGroup(String uniqueIdentifier,
int userID) throws GuacamoleException { AuthenticatedUser currentUser) throws GuacamoleException {
// The unique identifier for a MySQLConnectionGroup is the database ID // The unique identifier for a MySQLConnectionGroup is the database ID
Integer connectionGroupID = null; Integer connectionGroupID = null;
@@ -136,18 +152,23 @@ public class ConnectionGroupService {
} }
} }
return retrieveConnectionGroup(connectionGroupID, userID); return retrieveConnectionGroup(connectionGroupID, currentUser);
} }
/** /**
* Retrieves the connection group having the given ID from the database. * Retrieves the connection group having the given ID from the database.
* *
* @param id The ID of the connection group to retrieve. * @param id
* @param userID The ID of the user who queried this connection. * The ID of the connection group to retrieve.
* @return The connection group having the given ID, or null if no such *
* @param currentUser
* The user who queried this connection.
*
* @return
* The connection group having the given ID, or null if no such
* connection was found. * connection was found.
*/ */
public MySQLConnectionGroup retrieveConnectionGroup(Integer id, int userID) { public MySQLConnectionGroup retrieveConnectionGroup(Integer id, AuthenticatedUser currentUser) {
// This is the root connection group, so just create it here // This is the root connection group, so just create it here
if(id == null) { if(id == null) {
@@ -156,7 +177,7 @@ public class ConnectionGroupService {
MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER, MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
org.glyptodon.guacamole.net.auth.ConnectionGroup.Type.ORGANIZATIONAL, org.glyptodon.guacamole.net.auth.ConnectionGroup.Type.ORGANIZATIONAL,
userID); currentUser);
return connectionGroup; return connectionGroup;
} }
@@ -169,23 +190,31 @@ public class ConnectionGroupService {
return null; return null;
// Otherwise, return found connection // Otherwise, return found connection
return toMySQLConnectionGroup(connectionGroup, userID); return toMySQLConnectionGroup(connectionGroup, currentUser);
} }
/** /**
* Connect to the connection within the given group with the lowest number * Connect to the connection within the given group with the lowest number
* of currently active users. * of currently active users.
* *
* @param group The group to load balance across. * @param group
* @param info The information to use when performing the connection * The group to load balance across.
* handshake. *
* @param userID The ID of the user who is connecting to the socket. * @param info
* @return The connected socket. * The information to use when performing the connection handshake.
* @throws GuacamoleException If an error occurs while connecting the *
* socket. * @param currentUser
* The user who is connecting to the socket.
*
* @return
* The connected socket.
*
* @throws GuacamoleException
* If an error occurs while connecting the socket.
*/ */
public GuacamoleSocket connect(MySQLConnectionGroup group, public GuacamoleSocket connect(MySQLConnectionGroup group,
GuacamoleClientInformation info, int userID) throws GuacamoleException { GuacamoleClientInformation info, AuthenticatedUser currentUser)
throws GuacamoleException {
// Get all connections in the group. // Get all connections in the group.
List<Integer> connectionIDs = connectionService.getAllConnectionIDs List<Integer> connectionIDs = connectionService.getAllConnectionIDs
@@ -208,16 +237,16 @@ public class ConnectionGroupService {
if(GuacamoleProperties.getProperty( if(GuacamoleProperties.getProperty(
MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true) MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true)
&& activeConnectionMap.isConnectionGroupUserActive(group.getConnectionGroupID(), userID)) && activeConnectionMap.isConnectionGroupUserActive(group.getConnectionGroupID(), currentUser.getUserID()))
throw new GuacamoleClientTooManyException throw new GuacamoleClientTooManyException
("Cannot connect. Connection group already in use by this user."); ("Cannot connect. Connection group already in use by this user.");
// Get the connection // Get the connection
MySQLConnection connection = connectionService MySQLConnection connection = connectionService
.retrieveConnection(leastUsedConnectionID, userID); .retrieveConnection(leastUsedConnectionID, currentUser);
// Connect to the connection // Connect to the connection
return connectionService.connect(connection, info, userID, group.getConnectionGroupID()); return connectionService.connect(connection, info, currentUser, group.getConnectionGroupID());
} }
@@ -287,12 +316,18 @@ public class ConnectionGroupService {
* The parameters of the given connection will be read and added to the * The parameters of the given connection will be read and added to the
* MySQLConnection in the process. * MySQLConnection in the process.
* *
* @param connection The connection to convert. * @param connection
* @param userID The user who queried this connection. * The connection to convert.
* @return A new MySQLConnection containing all data associated with the *
* @param currentUser
* The user who queried this connection.
*
* @return
* A new MySQLConnection containing all data associated with the
* specified connection. * specified connection.
*/ */
private MySQLConnectionGroup toMySQLConnectionGroup(ConnectionGroup connectionGroup, int userID) { private MySQLConnectionGroup toMySQLConnectionGroup(ConnectionGroup connectionGroup,
AuthenticatedUser currentUser) {
// Create new MySQLConnection from retrieved data // Create new MySQLConnection from retrieved data
MySQLConnectionGroup mySQLConnectionGroup = mysqlConnectionGroupProvider.get(); MySQLConnectionGroup mySQLConnectionGroup = mysqlConnectionGroupProvider.get();
@@ -311,7 +346,7 @@ public class ConnectionGroupService {
connectionGroup.getConnection_group_name(), connectionGroup.getConnection_group_name(),
Integer.toString(connectionGroup.getConnection_group_id()), Integer.toString(connectionGroup.getConnection_group_id()),
authType, authType,
userID currentUser
); );
return mySQLConnectionGroup; return mySQLConnectionGroup;
@@ -341,13 +376,22 @@ public class ConnectionGroupService {
/** /**
* Creates a new connection group having the given name and type. * Creates a new connection group having the given name and type.
* *
* @param name The name to assign to the new connection group. * @param name
* @param userID The ID of the user who created this connection group. * The name to assign to the new connection group.
* @param Type The type of the new connection group. *
* @param currentUser
* The user who created this connection group.
*
* @param parentID
* The ID of the parent of the new connection group, if any.
*
* @param type
* The type of the new connection group.
*
* @return A new MySQLConnectionGroup containing the data of the newly created * @return A new MySQLConnectionGroup containing the data of the newly created
* connection group. * connection group.
*/ */
public MySQLConnectionGroup createConnectionGroup(String name, int userID, public MySQLConnectionGroup createConnectionGroup(String name, AuthenticatedUser currentUser,
Integer parentID, String type) { Integer parentID, String type) {
// Initialize database connection // Initialize database connection
@@ -358,7 +402,7 @@ public class ConnectionGroupService {
// Create connection // Create connection
connectionGroupDAO.insert(connectionGroup); connectionGroupDAO.insert(connectionGroup);
return toMySQLConnectionGroup(connectionGroup, userID); return toMySQLConnectionGroup(connectionGroup, currentUser);
} }

137
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
View File

@@ -35,6 +35,7 @@ import org.glyptodon.guacamole.net.GuacamoleSocket;
import org.glyptodon.guacamole.net.InetGuacamoleSocket; import org.glyptodon.guacamole.net.InetGuacamoleSocket;
import org.glyptodon.guacamole.net.SSLGuacamoleSocket; import org.glyptodon.guacamole.net.SSLGuacamoleSocket;
import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap; import net.sourceforge.guacamole.net.auth.mysql.ActiveConnectionMap;
import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection; import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionRecord; import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionRecord;
import net.sourceforge.guacamole.net.auth.mysql.MySQLGuacamoleSocket; import net.sourceforge.guacamole.net.auth.mysql.MySQLGuacamoleSocket;
@@ -56,6 +57,8 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
import org.apache.ibatis.session.RowBounds; import org.apache.ibatis.session.RowBounds;
import org.glyptodon.guacamole.GuacamoleClientTooManyException; import org.glyptodon.guacamole.GuacamoleClientTooManyException;
import org.glyptodon.guacamole.GuacamoleResourceConflictException; import org.glyptodon.guacamole.GuacamoleResourceConflictException;
import org.glyptodon.guacamole.token.StandardTokens;
import org.glyptodon.guacamole.token.TokenFilter;
/** /**
* Service which provides convenience methods for creating, retrieving, and * Service which provides convenience methods for creating, retrieving, and
@@ -110,14 +113,21 @@ public class ConnectionService {
/** /**
* Retrieves the connection having the given name from the database. * Retrieves the connection having the given name from the database.
* *
* @param name The name of the connection to return. * @param name
* @param parentID The ID of the parent connection group. * The name of the connection to return.
* @param userID The ID of the user who queried this connection. *
* @return The connection having the given name, or null if no such * @param parentID
* The ID of the parent connection group.
*
* @param currentUser
* The user who queried this connection.
*
* @return
* The connection having the given name, or null if no such
* connection could be found. * connection could be found.
*/ */
public MySQLConnection retrieveConnection(String name, Integer parentID, public MySQLConnection retrieveConnection(String name, Integer parentID,
int userID) { AuthenticatedUser currentUser) {
// Create criteria // Create criteria
ConnectionExample example = new ConnectionExample(); ConnectionExample example = new ConnectionExample();
@@ -136,7 +146,7 @@ public class ConnectionService {
return null; return null;
// Otherwise, return found connection // Otherwise, return found connection
return toMySQLConnection(connections.get(0), userID); return toMySQLConnection(connections.get(0), currentUser);
} }
@@ -144,12 +154,17 @@ public class ConnectionService {
* Retrieves the connection having the given unique identifier * Retrieves the connection having the given unique identifier
* from the database. * from the database.
* *
* @param uniqueIdentifier The unique identifier of the connection to retrieve. * @param uniqueIdentifier
* @param userID The ID of the user who queried this connection. * The unique identifier of the connection to retrieve.
* @return The connection having the given unique identifier, *
* or null if no such connection was found. * @param currentUser
* The user who queried this connection.
*
* @return
* The connection having the given unique identifier, or null if no
* such connection was found.
*/ */
public MySQLConnection retrieveConnection(String uniqueIdentifier, int userID) { public MySQLConnection retrieveConnection(String uniqueIdentifier, AuthenticatedUser currentUser) {
// The unique identifier for a MySQLConnection is the database ID // The unique identifier for a MySQLConnection is the database ID
int connectionID; int connectionID;
@@ -160,18 +175,23 @@ public class ConnectionService {
return null; return null;
} }
return retrieveConnection(connectionID, userID); return retrieveConnection(connectionID, currentUser);
} }
/** /**
* Retrieves the connection having the given ID from the database. * Retrieves the connection having the given ID from the database.
* *
* @param id The ID of the connection to retrieve. * @param id
* @param userID The ID of the user who queried this connection. * The ID of the connection to retrieve.
* @return The connection having the given ID, or null if no such *
* connection was found. * @param currentUser
* The user who queried this connection.
*
* @return
* The connection having the given ID, or null if no such connection
* was found.
*/ */
public MySQLConnection retrieveConnection(int id, int userID) { public MySQLConnection retrieveConnection(int id, AuthenticatedUser currentUser) {
// Query connection by ID // Query connection by ID
Connection connection = connectionDAO.selectByPrimaryKey(id); Connection connection = connectionDAO.selectByPrimaryKey(id);
@@ -181,7 +201,7 @@ public class ConnectionService {
return null; return null;
// Otherwise, return found connection // Otherwise, return found connection
return toMySQLConnection(connection, userID); return toMySQLConnection(connection, currentUser);
} }
/** /**
@@ -218,12 +238,16 @@ public class ConnectionService {
* The parameters of the given connection will be read and added to the * The parameters of the given connection will be read and added to the
* MySQLConnection in the process. * MySQLConnection in the process.
* *
* @param connection The connection to convert. * @param connection
* @param userID The user who queried this connection. * The connection to convert.
*
* @param currentUser
* The user who queried this connection.
*
* @return A new MySQLConnection containing all data associated with the * @return A new MySQLConnection containing all data associated with the
* specified connection. * specified connection.
*/ */
private MySQLConnection toMySQLConnection(Connection connection, int userID) { private MySQLConnection toMySQLConnection(Connection connection, AuthenticatedUser currentUser) {
// Build configuration // Build configuration
GuacamoleConfiguration config = new GuacamoleConfiguration(); GuacamoleConfiguration config = new GuacamoleConfiguration();
@@ -251,7 +275,7 @@ public class ConnectionService {
Integer.toString(connection.getConnection_id()), Integer.toString(connection.getConnection_id()),
config, config,
retrieveHistory(connection.getConnection_id()), retrieveHistory(connection.getConnection_id()),
userID currentUser
); );
return mySQLConnection; return mySQLConnection;
@@ -326,18 +350,28 @@ public class ConnectionService {
/** /**
* Create a MySQLGuacamoleSocket using the provided connection. * Create a MySQLGuacamoleSocket using the provided connection.
* *
* @param connection The connection to use when connecting the socket. * @param connection
* @param info The information to use when performing the connection * The connection to use when connecting the socket.
* handshake. *
* @param userID The ID of the user who is connecting to the socket. * @param info
* @param connectionGroupID The ID of the balancing connection group that is * The information to use when performing the connection handshake.
* being connected to; null if not used. *
* @return The connected socket. * @param currentUser
* @throws GuacamoleException If an error occurs while connecting the * The user who is connecting to the socket.
* socket. *
* @param connectionGroupID
* The ID of the balancing connection group that is being connected to;
* null if not used.
*
* @return
* The connected socket.
*
* @throws GuacamoleException
* If an error occurs while connecting the socket.
*/ */
public MySQLGuacamoleSocket connect(MySQLConnection connection, public MySQLGuacamoleSocket connect(MySQLConnection connection,
GuacamoleClientInformation info, int userID, Integer connectionGroupID) GuacamoleClientInformation info, AuthenticatedUser currentUser,
Integer connectionGroupID)
throws GuacamoleException { throws GuacamoleException {
synchronized (activeConnectionMap) { synchronized (activeConnectionMap) {
@@ -351,7 +385,7 @@ public class ConnectionService {
if(GuacamoleProperties.getProperty( if(GuacamoleProperties.getProperty(
MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true) MySQLGuacamoleProperties.MYSQL_DISALLOW_DUPLICATE_CONNECTIONS, true)
&& activeConnectionMap.isConnectionUserActive(connection.getConnectionID(), userID)) && activeConnectionMap.isConnectionUserActive(connection.getConnectionID(), currentUser.getUserID()))
throw new GuacamoleClientTooManyException throw new GuacamoleClientTooManyException
("Cannot connect. Connection already in use by this user."); ("Cannot connect. Connection already in use by this user.");
@@ -359,22 +393,30 @@ public class ConnectionService {
String host = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_HOSTNAME); String host = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_HOSTNAME);
int port = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_PORT); int port = GuacamoleProperties.getRequiredProperty(GuacamoleProperties.GUACD_PORT);
// Build token filter containing credential tokens
TokenFilter tokenFilter = new TokenFilter();
StandardTokens.addStandardTokens(tokenFilter, currentUser.getCredentials());
// Filter the configuration
GuacamoleConfiguration config = new GuacamoleConfiguration(connection.getConfiguration());
tokenFilter.filterValues(config.getParameters());
// Get socket // Get socket
GuacamoleSocket socket; GuacamoleSocket socket;
if (GuacamoleProperties.getProperty(GuacamoleProperties.GUACD_SSL, false)) if (GuacamoleProperties.getProperty(GuacamoleProperties.GUACD_SSL, false))
socket = new ConfiguredGuacamoleSocket( socket = new ConfiguredGuacamoleSocket(
new SSLGuacamoleSocket(host, port), new SSLGuacamoleSocket(host, port),
connection.getConfiguration(), info config, info
); );
else else
socket = new ConfiguredGuacamoleSocket( socket = new ConfiguredGuacamoleSocket(
new InetGuacamoleSocket(host, port), new InetGuacamoleSocket(host, port),
connection.getConfiguration(), info config, info
); );
// Mark this connection as active // Mark this connection as active
int historyID = activeConnectionMap.openConnection(connection.getConnectionID(), int historyID = activeConnectionMap.openConnection(connection.getConnectionID(),
userID, connectionGroupID); currentUser.getUserID(), connectionGroupID);
// Return new MySQLGuacamoleSocket // Return new MySQLGuacamoleSocket
MySQLGuacamoleSocket mySQLGuacamoleSocket = mySQLGuacamoleSocketProvider.get(); MySQLGuacamoleSocket mySQLGuacamoleSocket = mySQLGuacamoleSocketProvider.get();
@@ -389,15 +431,24 @@ public class ConnectionService {
/** /**
* Creates a new connection having the given name and protocol. * Creates a new connection having the given name and protocol.
* *
* @param name The name to assign to the new connection. * @param name
* @param protocol The protocol to assign to the new connection. * The name to assign to the new connection.
* @param userID The ID of the user who created this connection. *
* @param parentID The ID of the parent connection group. * @param protocol
* @return A new MySQLConnection containing the data of the newly created * The protocol to assign to the new connection.
*
* @param currentUser
* The user who created this connection.
*
* @param parentID
* The ID of the parent connection group.
*
* @return
* A new MySQLConnection containing the data of the newly created
* connection. * connection.
*/ */
public MySQLConnection createConnection(String name, String protocol, public MySQLConnection createConnection(String name, String protocol,
int userID, Integer parentID) { AuthenticatedUser currentUser, Integer parentID) {
// Initialize database connection // Initialize database connection
Connection connection = new Connection(); Connection connection = new Connection();
@@ -407,7 +458,7 @@ public class ConnectionService {
// Create connection // Create connection
connectionDAO.insert(connection); connectionDAO.insert(connection);
return toMySQLConnection(connection, userID); return toMySQLConnection(connection, currentUser);
} }

445
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
View File

@@ -29,6 +29,7 @@ import java.util.HashSet;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
import org.glyptodon.guacamole.GuacamoleSecurityException; import org.glyptodon.guacamole.GuacamoleSecurityException;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup; import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants; import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants;
@@ -103,18 +104,24 @@ public class PermissionCheckService {
* Verifies that the user has the specified access to the given other * Verifies that the user has the specified access to the given other
* user. If permission is denied, a GuacamoleSecurityException is thrown. * user. If permission is denied, a GuacamoleSecurityException is thrown.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedUserID The user that would be affected by the operation * The user to check.
* if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedUserID
* @throws GuacamoleSecurityException If the specified permission is not * The user that would be affected by the operation if permission is
* granted. * granted.
*
* @param permissionType
* The type of permission to check for.
*
* @throws GuacamoleSecurityException
* If the specified permission is not granted.
*/ */
public void verifyUserAccess(int userID, int affectedUserID, public void verifyUserAccess(AuthenticatedUser currentUser, int affectedUserID,
String permissionType) throws GuacamoleSecurityException { String permissionType) throws GuacamoleSecurityException {
// If permission does not exist, throw exception // If permission does not exist, throw exception
if(!checkUserAccess(userID, affectedUserID, permissionType)) if(!checkUserAccess(currentUser, affectedUserID, permissionType))
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
} }
@@ -123,17 +130,24 @@ public class PermissionCheckService {
* Verifies that the user has the specified access to the given connection. * Verifies that the user has the specified access to the given connection.
* If permission is denied, a GuacamoleSecurityException is thrown. * If permission is denied, a GuacamoleSecurityException is thrown.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedConnectionID The connection that would be affected by the * The user to check.
* operation if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedConnectionID
* @throws GuacamoleSecurityException If the specified permission is not * The connection that would be affected by the operation if permission
* granted. * is granted.
*
* @param permissionType
* The type of permission to check for.
*
* @throws GuacamoleSecurityException
* If the specified permission is not granted.
*/ */
public void verifyConnectionAccess(int userID, int affectedConnectionID, String permissionType) throws GuacamoleSecurityException { public void verifyConnectionAccess(AuthenticatedUser currentUser,
int affectedConnectionID, String permissionType) throws GuacamoleSecurityException {
// If permission does not exist, throw exception // If permission does not exist, throw exception
if(!checkConnectionAccess(userID, affectedConnectionID, permissionType)) if(!checkConnectionAccess(currentUser, affectedConnectionID, permissionType))
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
} }
@@ -142,17 +156,24 @@ public class PermissionCheckService {
* Verifies that the user has the specified access to the given connection group. * Verifies that the user has the specified access to the given connection group.
* If permission is denied, a GuacamoleSecurityException is thrown. * If permission is denied, a GuacamoleSecurityException is thrown.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedConnectionGroupID The connection group that would be affected by the * The user to check.
* operation if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedConnectionGroupID
* @throws GuacamoleSecurityException If the specified permission is not * The connection group that would be affected by the operation if
* granted. * permission is granted.
*
* @param permissionType
* The type of permission to check for.
*
* @throws GuacamoleSecurityException
* If the specified permission is not granted.
*/ */
public void verifyConnectionGroupAccess(int userID, Integer affectedConnectionGroupID, String permissionType) throws GuacamoleSecurityException { public void verifyConnectionGroupAccess(AuthenticatedUser currentUser,
Integer affectedConnectionGroupID, String permissionType) throws GuacamoleSecurityException {
// If permission does not exist, throw exception // If permission does not exist, throw exception
if(!checkConnectionGroupAccess(userID, affectedConnectionGroupID, permissionType)) if(!checkConnectionGroupAccess(currentUser, affectedConnectionGroupID, permissionType))
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
} }
@@ -161,16 +182,20 @@ public class PermissionCheckService {
* Verifies that the user has the specified access to the system. If * Verifies that the user has the specified access to the system. If
* permission is denied, a GuacamoleSecurityException is thrown. * permission is denied, a GuacamoleSecurityException is thrown.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param systemPermissionType The type of permission to check for. * The user to check.
* @throws GuacamoleSecurityException If the specified permission is not *
* granted. * @param systemPermissionType
* The type of permission to check for.
*
* @throws GuacamoleSecurityException
* If the specified permission is not granted.
*/ */
public void verifySystemAccess(int userID, String systemPermissionType) public void verifySystemAccess(AuthenticatedUser currentUser, String systemPermissionType)
throws GuacamoleSecurityException { throws GuacamoleSecurityException {
// If permission does not exist, throw exception // If permission does not exist, throw exception
if(!checkSystemAccess(userID, systemPermissionType)) if(!checkSystemAccess(currentUser, systemPermissionType))
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
} }
@@ -179,21 +204,29 @@ public class PermissionCheckService {
* Checks whether a user has the specified type of access to the affected * Checks whether a user has the specified type of access to the affected
* user. * user.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedUserID The user that would be affected by the operation * The user to check.
* if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedUserID
* @return true if the specified permission is granted, false otherwise. * The user that would be affected by the operation if permission is
* granted.
*
* @param permissionType
* The type of permission to check for.
*
* @return
* true if the specified permission is granted, false otherwise.
*/ */
public boolean checkUserAccess(int userID, Integer affectedUserID, String permissionType) { public boolean checkUserAccess(AuthenticatedUser currentUser,
Integer affectedUserID, String permissionType) {
// A system administrator has full access to everything. // A system administrator has full access to everything.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return true; return true;
// Check existence of requested permission // Check existence of requested permission
UserPermissionExample example = new UserPermissionExample(); UserPermissionExample example = new UserPermissionExample();
example.createCriteria().andUser_idEqualTo(userID).andAffected_user_idEqualTo(affectedUserID).andPermissionEqualTo(permissionType); example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andAffected_user_idEqualTo(affectedUserID).andPermissionEqualTo(permissionType);
return userPermissionDAO.countByExample(example) > 0; return userPermissionDAO.countByExample(example) > 0;
} }
@@ -202,21 +235,29 @@ public class PermissionCheckService {
* Checks whether a user has the specified type of access to the affected * Checks whether a user has the specified type of access to the affected
* connection. * connection.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedConnectionID The connection that would be affected by the * The user to check.
* operation if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedConnectionID
* @return true if the specified permission is granted, false otherwise. * The connection that would be affected by the operation if permission
* is granted.
*
* @param permissionType
* The type of permission to check for.
*
* @return
* true if the specified permission is granted, false otherwise.
*/ */
public boolean checkConnectionAccess(int userID, Integer affectedConnectionID, String permissionType) { public boolean checkConnectionAccess(AuthenticatedUser currentUser,
Integer affectedConnectionID, String permissionType) {
// A system administrator has full access to everything. // A system administrator has full access to everything.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return true; return true;
// Check existence of requested permission // Check existence of requested permission
ConnectionPermissionExample example = new ConnectionPermissionExample(); ConnectionPermissionExample example = new ConnectionPermissionExample();
example.createCriteria().andUser_idEqualTo(userID).andConnection_idEqualTo(affectedConnectionID).andPermissionEqualTo(permissionType); example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andConnection_idEqualTo(affectedConnectionID).andPermissionEqualTo(permissionType);
return connectionPermissionDAO.countByExample(example) > 0; return connectionPermissionDAO.countByExample(example) > 0;
} }
@@ -225,13 +266,21 @@ public class PermissionCheckService {
* Checks whether a user has the specified type of access to the affected * Checks whether a user has the specified type of access to the affected
* connection group. * connection group.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param affectedConnectionGroupID The connection group that would be affected by the * The user to check.
* operation if permission is granted. *
* @param permissionType The type of permission to check for. * @param affectedConnectionGroupID
* @return true if the specified permission is granted, false otherwise. * The connection group that would be affected by the operation if
* permission is granted.
*
* @param permissionType
* The type of permission to check for.
*
* @return
* true if the specified permission is granted, false otherwise.
*/ */
public boolean checkConnectionGroupAccess(int userID, Integer affectedConnectionGroupID, String permissionType) { public boolean checkConnectionGroupAccess(AuthenticatedUser currentUser,
Integer affectedConnectionGroupID, String permissionType) {
// All users have implicit permission to read and update the root connection group // All users have implicit permission to read and update the root connection group
if(affectedConnectionGroupID == null && if(affectedConnectionGroupID == null &&
@@ -240,12 +289,12 @@ public class PermissionCheckService {
return true; return true;
// A system administrator has full access to everything. // A system administrator has full access to everything.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return true; return true;
// Check existence of requested permission // Check existence of requested permission
ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample(); ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample();
example.createCriteria().andUser_idEqualTo(userID).andConnection_group_idEqualTo(affectedConnectionGroupID).andPermissionEqualTo(permissionType); example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andConnection_group_idEqualTo(affectedConnectionGroupID).andPermissionEqualTo(permissionType);
return connectionGroupPermissionDAO.countByExample(example) > 0; return connectionGroupPermissionDAO.countByExample(example) > 0;
} }
@@ -253,19 +302,24 @@ public class PermissionCheckService {
/** /**
* Checks whether a user has the specified type of access to the system. * Checks whether a user has the specified type of access to the system.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param systemPermissionType The type of permission to check for. * The user to check.
* @return true if the specified permission is granted, false otherwise. *
* @param systemPermissionType
* The type of permission to check for.
*
* @return
* true if the specified permission is granted, false otherwise.
*/ */
private boolean checkSystemAccess(int userID, String systemPermissionType) { private boolean checkSystemAccess(AuthenticatedUser currentUser, String systemPermissionType) {
// A system administrator has full access to everything. // A system administrator has full access to everything.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return true; return true;
// Check existence of requested permission // Check existence of requested permission
SystemPermissionExample example = new SystemPermissionExample(); SystemPermissionExample example = new SystemPermissionExample();
example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(systemPermissionType); example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andPermissionEqualTo(systemPermissionType);
return systemPermissionDAO.countByExample(example) > 0; return systemPermissionDAO.countByExample(example) > 0;
} }
@@ -273,15 +327,18 @@ public class PermissionCheckService {
/** /**
* Checks whether a user has system administrator access to the system. * Checks whether a user has system administrator access to the system.
* *
* @param userID The ID of the user to check. * @param currentUser
* @return true if the system administrator access exists, false otherwise. * The user to check.
*
* @return
* true if the system administrator access exists, false otherwise.
*/ */
private boolean checkSystemAdministratorAccess(int userID) { private boolean checkSystemAdministratorAccess(AuthenticatedUser currentUser) {
// Check existence of system administrator permission // Check existence of system administrator permission
SystemPermissionExample example = new SystemPermissionExample(); SystemPermissionExample example = new SystemPermissionExample();
example.createCriteria().andUser_idEqualTo(userID). example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
andPermissionEqualTo(MySQLConstants.SYSTEM_ADMINISTER); .andPermissionEqualTo(MySQLConstants.SYSTEM_ADMINISTER);
return systemPermissionDAO.countByExample(example) > 0; return systemPermissionDAO.countByExample(example) > 0;
} }
@@ -289,46 +346,61 @@ public class PermissionCheckService {
* Verifies that the specified group can be used for organization * Verifies that the specified group can be used for organization
* by the given user. * by the given user.
* *
* @param connectionGroupID The ID of the affected ConnectionGroup. * @param connectionGroupID
* @param userID The ID of the user to check. * The ID of the affected ConnectionGroup.
* @throws GuacamoleSecurityException If the connection group *
* cannot be used for organization. * @param currentUser
* The user to check.
*
* @param type
* The desired usage.
*
* @throws GuacamoleSecurityException
* If the connection group cannot be used for organization.
*/ */
public void verifyConnectionGroupUsageAccess(Integer connectionGroupID, public void verifyConnectionGroupUsageAccess(Integer connectionGroupID,
int userID, String type) throws GuacamoleSecurityException { AuthenticatedUser currentUser, String type) throws GuacamoleSecurityException {
// If permission does not exist, throw exception // If permission does not exist, throw exception
if(!checkConnectionGroupUsageAccess(connectionGroupID, userID, type)) if(!checkConnectionGroupUsageAccess(connectionGroupID, currentUser, type))
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");
} }
/** /**
* Check whether a user can use connectionGroup for the given usage. * Check whether a user can use connectionGroup for the given usage.
* @param connectionGroupID the ID of the affected connection group. *
* @param userID The ID of the user to check. * @param connectionGroupID
* @param usage The desired usage. * The ID of the affected connection group.
* @return true if the user can use the connection group for the given usage. *
* @param currentUser
* The user to check.
*
* @param usage
* The desired usage.
*
* @return
* true if the user can use the connection group for the given usage.
*/ */
private boolean checkConnectionGroupUsageAccess( private boolean checkConnectionGroupUsageAccess(
Integer connectionGroupID, int userID, String usage) { Integer connectionGroupID, AuthenticatedUser currentUser, String usage) {
// The root level connection group can only be used for organization // The root level connection group can only be used for organization
if(connectionGroupID == null) if(connectionGroupID == null)
return MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL.equals(usage); return MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL.equals(usage);
// A system administrator has full access to everything. // A system administrator has full access to everything.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return true; return true;
// A connection group administrator can use the group either way. // A connection group administrator can use the group either way.
if(checkConnectionGroupAccess(userID, connectionGroupID, if(checkConnectionGroupAccess(currentUser, connectionGroupID,
MySQLConstants.CONNECTION_GROUP_ADMINISTER)) MySQLConstants.CONNECTION_GROUP_ADMINISTER))
return true; return true;
// Query the connection group // Query the connection group
MySQLConnectionGroup connectionGroup = connectionGroupService. MySQLConnectionGroup connectionGroup = connectionGroupService.
retrieveConnectionGroup(connectionGroupID, userID); retrieveConnectionGroup(connectionGroupID, currentUser);
// If the connection group is not found, it cannot be used. // If the connection group is not found, it cannot be used.
if(connectionGroup == null) if(connectionGroup == null)
@@ -344,29 +416,34 @@ public class PermissionCheckService {
* Find the list of the IDs of all users a user has permission to. * Find the list of the IDs of all users a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param permissionType The type of permission to check for. * The user to check.
* @return A list of all user IDs this user has the specified access to. *
* @param permissionType
* The type of permission to check for.
*
* @return
* A list of all user IDs this user has the specified access to.
*/ */
public List<Integer> retrieveUserIDs(int userID, String permissionType) { public List<Integer> retrieveUserIDs(AuthenticatedUser currentUser, String permissionType) {
// A system administrator has access to all users. // A system administrator has access to all users.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return userService.getAllUserIDs(); return userService.getAllUserIDs();
// Query all user permissions for the given user and permission type // Query all user permissions for the given user and permission type
UserPermissionExample example = new UserPermissionExample(); UserPermissionExample example = new UserPermissionExample();
example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(permissionType); example.createCriteria().andUser_idEqualTo(currentUser.getUserID()).andPermissionEqualTo(permissionType);
example.setDistinct(true); example.setDistinct(true);
List<UserPermissionKey> userPermissions = List<UserPermissionKey> userPermissions =
userPermissionDAO.selectByExample(example); userPermissionDAO.selectByExample(example);
// Convert result into list of IDs // Convert result into list of IDs
List<Integer> userIDs = new ArrayList<Integer>(userPermissions.size()); List<Integer> currentUsers = new ArrayList<Integer>(userPermissions.size());
for(UserPermissionKey permission : userPermissions) for(UserPermissionKey permission : userPermissions)
userIDs.add(permission.getAffected_user_id()); currentUsers.add(permission.getAffected_user_id());
return userIDs; return currentUsers;
} }
@@ -374,15 +451,19 @@ public class PermissionCheckService {
* Find the list of the IDs of all connections a user has permission to. * Find the list of the IDs of all connections a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param permissionType The type of permission to check for. * The user to check.
* @return A list of all connection IDs this user has the specified access *
* to. * @param permissionType
* The type of permission to check for.
*
* @return
* A list of all connection IDs this user has the specified access to.
*/ */
public List<Integer> retrieveConnectionIDs(int userID, public List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser,
String permissionType) { String permissionType) {
return retrieveConnectionIDs(userID, null, permissionType, false); return retrieveConnectionIDs(currentUser, null, permissionType, false);
} }
@@ -390,16 +471,22 @@ public class PermissionCheckService {
* Find the list of the IDs of all connections a user has permission to. * Find the list of the IDs of all connections a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param parentID the parent connection group. * The user to check.
* @param permissionType The type of permission to check for. *
* @return A list of all connection IDs this user has the specified access * @param parentID
* to. * The parent connection group.
*
* @param permissionType
* The type of permission to check for.
*
* @return
* A list of all connection IDs this user has the specified access to.
*/ */
public List<Integer> retrieveConnectionIDs(int userID, Integer parentID, public List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser, Integer parentID,
String permissionType) { String permissionType) {
return retrieveConnectionIDs(userID, parentID, permissionType, true); return retrieveConnectionIDs(currentUser, parentID, permissionType, true);
} }
@@ -407,18 +494,26 @@ public class PermissionCheckService {
* Find the list of the IDs of all connections a user has permission to. * Find the list of the IDs of all connections a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param parentID the parent connection group. * The user to check.
* @param permissionType The type of permission to check for. *
* @param checkParentID Whether the parentID should be checked or not. * @param parentID
* @return A list of all connection IDs this user has the specified access * The parent connection group.
* to. *
* @param permissionType
* The type of permission to check for.
*
* @param checkParentID
* Whether the parentID should be checked or not.
*
* @return
* A list of all connection IDs this user has the specified access to.
*/ */
private List<Integer> retrieveConnectionIDs(int userID, Integer parentID, private List<Integer> retrieveConnectionIDs(AuthenticatedUser currentUser, Integer parentID,
String permissionType, boolean checkParentID) { String permissionType, boolean checkParentID) {
// A system administrator has access to all connections. // A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID)) { if(checkSystemAdministratorAccess(currentUser)) {
if(checkParentID) if(checkParentID)
return connectionService.getAllConnectionIDs(parentID); return connectionService.getAllConnectionIDs(parentID);
else else
@@ -427,7 +522,7 @@ public class PermissionCheckService {
// Query all connection permissions for the given user and permission type // Query all connection permissions for the given user and permission type
ConnectionPermissionExample example = new ConnectionPermissionExample(); ConnectionPermissionExample example = new ConnectionPermissionExample();
Criteria criteria = example.createCriteria().andUser_idEqualTo(userID) Criteria criteria = example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
.andPermissionEqualTo(permissionType); .andPermissionEqualTo(permissionType);
// Ensure that the connections are all under the parent ID, if needed // Ensure that the connections are all under the parent ID, if needed
@@ -458,15 +553,20 @@ public class PermissionCheckService {
* Find the list of the IDs of all connection groups a user has permission to. * Find the list of the IDs of all connection groups a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param permissionType The type of permission to check for. * The user to check.
* @return A list of all connection group IDs this user has the specified access *
* to. * @param permissionType
* The type of permission to check for.
*
* @return
* A list of all connection group IDs this user has the specified
* access to.
*/ */
public List<Integer> retrieveConnectionGroupIDs(int userID, public List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser,
String permissionType) { String permissionType) {
return retrieveConnectionGroupIDs(userID, null, permissionType, false); return retrieveConnectionGroupIDs(currentUser, null, permissionType, false);
} }
@@ -474,16 +574,23 @@ public class PermissionCheckService {
* Find the list of the IDs of all connection groups a user has permission to. * Find the list of the IDs of all connection groups a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param parentID the parent connection group. * The user to check.
* @param permissionType The type of permission to check for. *
* @return A list of all connection group IDs this user has the specified access * @param parentID
* to. * The parent connection group.
*
* @param permissionType
* The type of permission to check for.
*
* @return
* A list of all connection group IDs this user has the specified
* access to.
*/ */
public List<Integer> retrieveConnectionGroupIDs(int userID, Integer parentID, public List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser, Integer parentID,
String permissionType) { String permissionType) {
return retrieveConnectionGroupIDs(userID, parentID, permissionType, true); return retrieveConnectionGroupIDs(currentUser, parentID, permissionType, true);
} }
@@ -491,18 +598,27 @@ public class PermissionCheckService {
* Find the list of the IDs of all connection groups a user has permission to. * Find the list of the IDs of all connection groups a user has permission to.
* The access type is defined by permissionType. * The access type is defined by permissionType.
* *
* @param userID The ID of the user to check. * @param currentUser
* @param parentID the parent connection group. * The user to check.
* @param permissionType The type of permission to check for. *
* @param checkParentID Whether the parentID should be checked or not. * @param parentID
* @return A list of all connection group IDs this user has the specified access * The parent connection group.
* to. *
* @param permissionType
* The type of permission to check for.
*
* @param checkParentID
* Whether the parentID should be checked or not.
*
* @return
* A list of all connection group IDs this user has the specified
* access to.
*/ */
private List<Integer> retrieveConnectionGroupIDs(int userID, Integer parentID, private List<Integer> retrieveConnectionGroupIDs(AuthenticatedUser currentUser, Integer parentID,
String permissionType, boolean checkParentID) { String permissionType, boolean checkParentID) {
// A system administrator has access to all connectionGroups . // A system administrator has access to all connectionGroups .
if(checkSystemAdministratorAccess(userID)) { if(checkSystemAdministratorAccess(currentUser)) {
if(checkParentID) if(checkParentID)
return connectionGroupService.getAllConnectionGroupIDs(parentID); return connectionGroupService.getAllConnectionGroupIDs(parentID);
else else
@@ -512,7 +628,7 @@ public class PermissionCheckService {
// Query all connection permissions for the given user and permission type // Query all connection permissions for the given user and permission type
ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample(); ConnectionGroupPermissionExample example = new ConnectionGroupPermissionExample();
ConnectionGroupPermissionExample.Criteria criteria = ConnectionGroupPermissionExample.Criteria criteria =
example.createCriteria().andUser_idEqualTo(userID) example.createCriteria().andUser_idEqualTo(currentUser.getUserID())
.andPermissionEqualTo(permissionType); .andPermissionEqualTo(permissionType);
// Ensure that the connection groups are all under the parent ID, if needed // Ensure that the connection groups are all under the parent ID, if needed
@@ -550,23 +666,28 @@ public class PermissionCheckService {
* Retrieve all existing usernames that the given user has permission to * Retrieve all existing usernames that the given user has permission to
* perform the given operation upon. * perform the given operation upon.
* *
* @param userID The user whose permissions should be checked. * @param currentUser
* @param permissionType The permission to check. * The user whose permissions should be checked.
* @return A set of all usernames for which the given user has the given *
* @param permissionType
* The permission to check.
*
* @return
* A set of all usernames for which the given user has the given
* permission. * permission.
*/ */
public Set<String> retrieveUsernames(int userID, String permissionType) { public Set<String> retrieveUsernames(AuthenticatedUser currentUser, String permissionType) {
// A system administrator has access to all users. // A system administrator has access to all users.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return userService.getAllUsernames(); return userService.getAllUsernames();
// List of all user IDs for which this user has read access // List of all user IDs for which this user has read access
List<Integer> userIDs = List<Integer> currentUsers =
retrieveUserIDs(userID, MySQLConstants.USER_READ); retrieveUserIDs(currentUser, MySQLConstants.USER_READ);
// Query all associated users // Query all associated users
return userService.translateUsernames(userIDs).keySet(); return userService.translateUsernames(currentUsers).keySet();
} }
@@ -574,22 +695,29 @@ public class PermissionCheckService {
* Retrieve all existing connection identifiers that the given user has * Retrieve all existing connection identifiers that the given user has
* permission to perform the given operation upon. * permission to perform the given operation upon.
* *
* @param userID The user whose permissions should be checked. * @param currentUser
* @param permissionType The permission to check. * The user whose permissions should be checked.
* @param parentID The parent connection group. *
* @return A set of all connection identifiers for which the given user * @param permissionType
* has the given permission. * The permission to check.
*
* @param parentID
* The parent connection group.
*
* @return
* A set of all connection identifiers for which the given user has the
* given permission.
*/ */
public Set<String> retrieveConnectionIdentifiers(int userID, Integer parentID, public Set<String> retrieveConnectionIdentifiers(AuthenticatedUser currentUser, Integer parentID,
String permissionType) { String permissionType) {
// A system administrator has access to all connections. // A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return connectionService.getAllConnectionIdentifiers(parentID); return connectionService.getAllConnectionIdentifiers(parentID);
// List of all connection IDs for which this user has access // List of all connection IDs for which this user has access
List<Integer> connectionIDs = List<Integer> connectionIDs =
retrieveConnectionIDs(userID, parentID, permissionType); retrieveConnectionIDs(currentUser, parentID, permissionType);
// Unique Identifiers for MySQLConnections are the database IDs // Unique Identifiers for MySQLConnections are the database IDs
Set<String> connectionIdentifiers = new HashSet<String>(); Set<String> connectionIdentifiers = new HashSet<String>();
@@ -604,22 +732,29 @@ public class PermissionCheckService {
* Retrieve all existing connection group identifiers that the given user * Retrieve all existing connection group identifiers that the given user
* has permission to perform the given operation upon. * has permission to perform the given operation upon.
* *
* @param userID The user whose permissions should be checked. * @param currentUser
* @param permissionType The permission to check. * The user whose permissions should be checked.
* @param parentID The parent connection group. *
* @return A set of all connection group identifiers for which the given * @param permissionType
* user has the given permission. * The permission to check.
*
* @param parentID
* The parent connection group.
*
* @return
* A set of all connection group identifiers for which the given user
* has the given permission.
*/ */
public Set<String> retrieveConnectionGroupIdentifiers(int userID, Integer parentID, public Set<String> retrieveConnectionGroupIdentifiers(AuthenticatedUser currentUser, Integer parentID,
String permissionType) { String permissionType) {
// A system administrator has access to all connections. // A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID)) if(checkSystemAdministratorAccess(currentUser))
return connectionGroupService.getAllConnectionGroupIdentifiers(parentID); return connectionGroupService.getAllConnectionGroupIdentifiers(parentID);
// List of all connection group IDs for which this user has access // List of all connection group IDs for which this user has access
List<Integer> connectionGroupIDs = List<Integer> connectionGroupIDs =
retrieveConnectionGroupIDs(userID, parentID, permissionType); retrieveConnectionGroupIDs(currentUser, parentID, permissionType);
// Unique Identifiers for MySQLConnectionGroups are the database IDs // Unique Identifiers for MySQLConnectionGroups are the database IDs
Set<String> connectionGroupIdentifiers = new HashSet<String>(); Set<String> connectionGroupIdentifiers = new HashSet<String>();