safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1101: Implement system permission creation/deletion.

Browse Source
This commit is contained in:
Michael Jumper
2015-02-13 11:59:26 -08:00
parent e6f3da057b
commit 107367731a
3 changed files with 152 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/DirectoryObjectService.java
View File

@@ -229,8 +229,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
throws GuacamoleException {
// Only create object if user has permission to do so
if (user.getUser().isAdministrator() || hasCreatePermission(user))
if (user.getUser().isAdministrator() || hasCreatePermission(user)) {
getObjectMapper().insert(object.getModel());
return;
}
// User lacks permission to create
throw new GuacamoleSecurityException("Permission denied.");
@@ -259,8 +261,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
// Only delete object if user has permission to do so
if (user.getUser().isAdministrator()
|| permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier))
|| permissionSet.hasPermission(ObjectPermission.Type.DELETE, identifier)) {
getObjectMapper().delete(identifier);
return;
}
// User lacks permission to delete
throw new GuacamoleSecurityException("Permission denied.");
@@ -289,8 +293,10 @@ public abstract class DirectoryObjectService<ObjectType extends DirectoryObject<
// Only update object if user has permission to do so
if (user.getUser().isAdministrator()
|| permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier()))
|| permissionSet.hasPermission(ObjectPermission.Type.UPDATE, object.getIdentifier())) {
getObjectMapper().update(object.getModel());
return;
}
// User lacks permission to update
throw new GuacamoleSecurityException("Permission denied.");

68
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionService.java
View File

@@ -22,6 +22,7 @@
package net.sourceforge.guacamole.net.auth.mysql.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
@@ -57,27 +58,27 @@ public abstract class PermissionService<PermissionType extends Permission, Model
protected abstract PermissionMapper<ModelType> getPermissionMapper();
/**
* Returns an instance of a permission which is backed by the given model
* Returns an instance of a permission which is based on the given model
* object.
*
* @param model
* The model object to use to back the returned permission.
* The model object to use to produce the returned permission.
*
* @return
* A permission which is backed by the given model object.
* A permission which is based on the given model object.
*/
protected abstract PermissionType getPermissionInstance(ModelType model);
/**
* Returns a collection of permissions which are backed by the models in
* Returns a collection of permissions which are based on the models in
* the given collection.
*
* @param models
* The model objects to use to back the permissions within the returned
* set.
* The model objects to use to produce the permissions within the
* returned set.
*
* @return
* A set of permissions which are backed by the models in the given
* A set of permissions which are based on the models in the given
* collection.
*/
protected Set<PermissionType> getPermissionInstances(Collection<ModelType> models) {
@@ -91,6 +92,49 @@ public abstract class PermissionService<PermissionType extends Permission, Model
}
/**
* Returns an instance of a model object which is based on the given
* permission and target user.
*
* @param targetUser
* The user to whom this permission is granted.
*
* @param permission
* The permission to use to produce the returned model object.
*
* @return
* A model object which is based on the given permission and target
* user.
*/
protected abstract ModelType getModelInstance(MySQLUser targetUser,
PermissionType permission);
/**
* Returns a collection of model objects which are based on the given
* permissions and target user.
*
* @param targetUser
* The user to whom this permission is granted.
*
* @param permissions
* The permissions to use to produce the returned model objects.
*
* @return
* A collection of model objects which are based on the given
* permissions and target user.
*/
protected Collection<ModelType> getModelInstances(MySQLUser targetUser,
Collection<PermissionType> permissions) {
// Create new collection of models by manually converting each permission
Collection<ModelType> models = new ArrayList<ModelType>(permissions.size());
for (PermissionType permission : permissions)
models.add(getModelInstance(targetUser, permission));
return models;
}
/**
* Retrieves all permissions associated with the given user.
*
@@ -115,7 +159,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
return getPermissionInstances(getPermissionMapper().select(targetUser.getModel()));
// User cannot read this user's permissions
throw new GuacamoleSecurityException("Permision denied.");
throw new GuacamoleSecurityException("Permission denied.");
}
@@ -126,6 +170,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
* @param user
* The user creating the permissions.
*
* @param targetUser
* The user associated with the permissions to be created.
*
* @param permissions
* The permissions to create.
*
@@ -134,6 +181,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
* occurs while creating the permissions.
*/
public abstract void createPermissions(AuthenticatedUser user,
MySQLUser targetUser,
Collection<PermissionType> permissions) throws GuacamoleException;
/**
@@ -143,6 +191,9 @@ public abstract class PermissionService<PermissionType extends Permission, Model
* @param user
* The user deleting the permissions.
*
* @param targetUser
* The user associated with the permissions to be deleted.
*
* @param permissions
* The permissions to delete.
*
@@ -151,6 +202,7 @@ public abstract class PermissionService<PermissionType extends Permission, Model
* occurs while deleting the permissions.
*/
public abstract void deletePermissions(AuthenticatedUser user,
MySQLUser targetUser,
Collection<PermissionType> permissions) throws GuacamoleException;
}

90
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/SystemPermissionService.java
View File

@@ -25,9 +25,11 @@ package net.sourceforge.guacamole.net.auth.mysql.service;
import com.google.inject.Inject;
import java.util.Collection;
import net.sourceforge.guacamole.net.auth.mysql.AuthenticatedUser;
import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
import net.sourceforge.guacamole.net.auth.mysql.model.SystemPermissionModel;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.GuacamoleSecurityException;
import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
/**
@@ -52,21 +54,95 @@ public class SystemPermissionService
@Override
protected SystemPermission getPermissionInstance(SystemPermissionModel model) {
// TODO: Will need an implementation-specific SystemPermission, but this
// will suffice for testing
return new SystemPermission(model.getType());
}
@Override
public void createPermissions(AuthenticatedUser user,
Collection<SystemPermission> permissions) throws GuacamoleException {
// TODO: Implement, including perm checks
protected SystemPermissionModel getModelInstance(final MySQLUser targetUser,
final SystemPermission permission) {
// Populate and return model object
return new SystemPermissionModel() {
/**
* The ID of the user to whom this permission is granted.
*/
private Integer userID = targetUser.getModel().getUserID();
/**
* The username of the user to whom this permission is granted.
*/
private String username = targetUser.getModel().getUsername();
/**
* The type of action granted by this permission.
*/
private SystemPermission.Type type = permission.getType();
@Override
public Integer getUserID() {
return userID;
}
@Override
public void setUserID(Integer userID) {
this.userID = userID;
}
@Override
public String getUsername() {
return username;
}
@Override
public void setUsername(String username) {
this.username = username;
}
@Override
public SystemPermission.Type getType() {
return type;
}
@Override
public void setType(SystemPermission.Type type) {
this.type = type;
}
};
}
@Override
public void deletePermissions(AuthenticatedUser user,
public void createPermissions(AuthenticatedUser user, MySQLUser targetUser,
Collection<SystemPermission> permissions) throws GuacamoleException {
// TODO: Implement, including perm checks
// Only an admin can create system permissions
if (user.getUser().isAdministrator()) {
Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
systemPermissionMapper.insert(models);
return;
}
// User lacks permission to create system permissions
throw new GuacamoleSecurityException("Permission denied.");
}
@Override
public void deletePermissions(AuthenticatedUser user, MySQLUser targetUser,
Collection<SystemPermission> permissions) throws GuacamoleException {
// Only an admin can delete system permissions
if (user.getUser().isAdministrator()) {
Collection<SystemPermissionModel> models = getModelInstances(targetUser, permissions);
systemPermissionMapper.delete(models);
return;
}
// User lacks permission to delete system permissions
throw new GuacamoleSecurityException("Permission denied.");
}
}