GUAC-1101: Add missing selectAccessibleIdentifiers query. Fix selectOne for object permissions.

2025-09-06 13:17:41 +00:00 · 2015-02-28 21:05:32 -08:00
parent 8d2e953a23
commit 12c00c9749
3 changed files with 68 additions and 3 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -62,6 +62,27 @@
        WHERE
            guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_group_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_group_id 
+        FROM guacamole_connection_group_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_group_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>

    </select>

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -62,6 +62,27 @@
        WHERE
            guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
+            AND connection_id = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT connection_id 
+        FROM guacamole_connection_permission
+        WHERE
+            user_id = #{user.objectID,jdbcType=INTEGER}
+            AND connection_id IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>

    </select>

--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -64,6 +64,28 @@
        WHERE
            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
+            AND affected.username = #{identifier,jdbcType=VARCHAR}
+
+    </select>
+
+    <!-- Select identifiers accessible by the given user for the given permissions -->
+    <select id="selectAccessibleIdentifiers" resultType="string">
+
+        SELECT DISTINCT username
+        FROM guacamole_user_permission
+        JOIN guacamole_user ON guacamole_user_permission.affected_user_id = guacamole_user.user_id
+        WHERE
+            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
+            AND username IN
+                <foreach collection="identifiers" item="identifier"
+                         open="(" separator="," close=")">
+                    #{identifier,jdbcType=VARCHAR}
+                </foreach>
+            AND permission IN
+                <foreach collection="permissions" item="permission"
+                         open="(" separator="," close=")">
+                    #{permission,jdbcType=VARCHAR}
+                </foreach>

    </select>

@@ -92,13 +114,14 @@
            permission,
            affected_user_id
        )
-        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM ( 
-            <foreach collection="permissions" item="permission" separator="UNION ALL">
+        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM
+            <foreach collection="permissions" item="permission"
+                     open="(" separator="UNION ALL" close=")">
                SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
                       #{permission.type,jdbcType=VARCHAR}             AS permission,
                       #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
            </foreach>
-        ) AS permissions
+        AS permissions
        JOIN guacamole_user ON guacamole_user.username = permissions.username; 

    </insert>