GUAC-1101: Add missing selectAccessibleIdentifiers query. Fix selectOne for object permissions.

2025-09-07 21:51:23 +00:00 · 2015-02-28 21:05:32 -08:00
parent 8d2e953a23
commit 12c00c9749
3 changed files with 68 additions and 3 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
@@ -62,6 +62,27 @@
        WHERE
            guacamole_connection_group_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
            AND connection_group_id = #{identifier,jdbcType=VARCHAR}
    </select>
    <!-- Select identifiers accessible by the given user for the given permissions -->
    <select id="selectAccessibleIdentifiers" resultType="string">
        SELECT DISTINCT connection_group_id 
        FROM guacamole_connection_group_permission
        WHERE
            user_id = #{user.objectID,jdbcType=INTEGER}
            AND connection_group_id IN
                <foreach collection="identifiers" item="identifier"
                         open="(" separator="," close=")">
                    #{identifier,jdbcType=VARCHAR}
                </foreach>
            AND permission IN
                <foreach collection="permissions" item="permission"
                         open="(" separator="," close=")">
                    #{permission,jdbcType=VARCHAR}
                </foreach>
    </select>
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
@@ -62,6 +62,27 @@
        WHERE
            guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
            AND connection_id = #{identifier,jdbcType=VARCHAR}
    </select>
    <!-- Select identifiers accessible by the given user for the given permissions -->
    <select id="selectAccessibleIdentifiers" resultType="string">
        SELECT DISTINCT connection_id 
        FROM guacamole_connection_permission
        WHERE
            user_id = #{user.objectID,jdbcType=INTEGER}
            AND connection_id IN
                <foreach collection="identifiers" item="identifier"
                         open="(" separator="," close=")">
                    #{identifier,jdbcType=VARCHAR}
                </foreach>
            AND permission IN
                <foreach collection="permissions" item="permission"
                         open="(" separator="," close=")">
                    #{permission,jdbcType=VARCHAR}
                </foreach>
    </select>
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
@@ -64,6 +64,28 @@
        WHERE
            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND permission = #{type,jdbcType=VARCHAR}
            AND affected.username = #{identifier,jdbcType=VARCHAR}
    </select>
    <!-- Select identifiers accessible by the given user for the given permissions -->
    <select id="selectAccessibleIdentifiers" resultType="string">
        SELECT DISTINCT username
        FROM guacamole_user_permission
        JOIN guacamole_user ON guacamole_user_permission.affected_user_id = guacamole_user.user_id
        WHERE
            guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
            AND username IN
                <foreach collection="identifiers" item="identifier"
                         open="(" separator="," close=")">
                    #{identifier,jdbcType=VARCHAR}
                </foreach>
            AND permission IN
                <foreach collection="permissions" item="permission"
                         open="(" separator="," close=")">
                    #{permission,jdbcType=VARCHAR}
                </foreach>
    </select>
@@ -92,13 +114,14 @@
            permission,
            affected_user_id
        )
-        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM ( 
+        SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM
-            <foreach collection="permissions" item="permission" separator="UNION ALL">
+            <foreach collection="permissions" item="permission"
                     open="(" separator="UNION ALL" close=")">
                SELECT #{permission.userID,jdbcType=INTEGER}           AS user_id,
                       #{permission.type,jdbcType=VARCHAR}             AS permission,
                       #{permission.objectIdentifier,jdbcType=VARCHAR} AS username
            </foreach>
-        ) AS permissions
+        AS permissions
        JOIN guacamole_user ON guacamole_user.username = permissions.username; 
    </insert>