safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-31 00:53:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Store config permissions in XML attributes (#268).

Browse Source
This commit is contained in:
Michael Jumper
2013-01-30 00:42:04 -08:00
parent dcd5adac04
commit 13d3159908
1 changed files with 115 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/ConfigurationList.java
View File

@@ -28,8 +28,16 @@ import javax.xml.stream.XMLOutputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import net.sourceforge.guacamole.GuacamoleException;
import net.sourceforge.guacamole.GuacamoleSecurityException;
import net.sourceforge.guacamole.net.auth.GuacamoleConfigurationDirectory;
import net.sourceforge.guacamole.net.auth.PermissionDirectory;
import net.sourceforge.guacamole.net.auth.User;
import net.sourceforge.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.permission.GuacamoleConfigurationDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.GuacamoleConfigurationPermission;
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
/**
@@ -40,6 +48,72 @@ import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
*/
public class ConfigurationList extends AuthenticatingHttpServlet {
/**
* Checks whether the given user has permission to perform the given
* system operation. Security exceptions are handled appropriately - only
* non-security exceptions pass through.
*
* @param permissions The PermissionsDirectory to check.
* @param user The user whose permissions should be verified.
* @param type The type of operation to check for permission for.
* @return true if permission is granted, false otherwise.
*
* @throws GuacamoleException If an error occurs while checking permissions.
*/
private boolean hasConfigPermission(PermissionDirectory permissions,
User user, SystemPermission.Type type)
throws GuacamoleException {
// Build permission
Permission permission =
new GuacamoleConfigurationDirectoryPermission(type);
try {
// Return result of permission check, if possible
return permissions.hasPermission(user, permission);
}
catch (GuacamoleSecurityException e) {
// If cannot check due to security restrictions, no permission
return false;
}
}
/**
* Checks whether the given user has permission to perform the given
* object operation. Security exceptions are handled appropriately - only
* non-security exceptions pass through.
*
* @param permissions The PermissionsDirectory to check.
* @param user The user whose permissions should be verified.
* @param type The type of operation to check for permission for.
* @param identifier The identifier of the configuration the operation
* would be performed upon.
* @return true if permission is granted, false otherwise.
*
* @throws GuacamoleException If an error occurs while checking permissions.
*/
private boolean hasConfigPermission(PermissionDirectory permissions,
User user, ObjectPermission.Type type, String identifier)
throws GuacamoleException {
// Build permission
Permission permission = new GuacamoleConfigurationPermission(
type,
identifier
);
try {
// Return result of permission check, if possible
return permissions.hasPermission(user, permission);
}
catch (GuacamoleSecurityException e) {
// If cannot check due to security restrictions, no permission
return false;
}
}
@Override
protected void authenticatedService(
UserContext context,
@@ -68,6 +142,19 @@ public class ConfigurationList extends AuthenticatingHttpServlet {
throw new ServletException("Unable to retrieve configurations.", e);
}
// Try to get permission directory
PermissionDirectory permissions = null;
try {
permissions = context.getPermissionDirectory();
}
catch (GuacamoleSecurityException e) {
// Soft fail - can't check permissions ... assume have READ and
// nothing else
}
catch (GuacamoleException e) {
throw new ServletException("Unable to retrieve permissions.", e);
}
// Write actual XML
try {
@@ -89,6 +176,31 @@ public class ConfigurationList extends AuthenticatingHttpServlet {
xml.writeAttribute("id", entry.getKey());
xml.writeAttribute("protocol", config.getProtocol());
// Save config create permission attribute
if (hasConfigPermission(permissions, context.self(),
SystemPermission.Type.CREATE))
xml.writeAttribute("create", "yes");
// Check permissions and set attributes appropriately
if (permissions != null) {
// Save update permission attribute
if (hasConfigPermission(permissions, context.self(),
ObjectPermission.Type.UPDATE, entry.getKey()))
xml.writeAttribute("update", "yes");
// Save admin permission attribute
if (hasConfigPermission(permissions, context.self(),
ObjectPermission.Type.ADMINSTER, entry.getKey()))
xml.writeAttribute("admin", "yes");
// Save delete permission attribute
if (hasConfigPermission(permissions, context.self(),
ObjectPermission.Type.DELETE, entry.getKey()))
xml.writeAttribute("delete", "yes");
}
}
// End document
@@ -99,6 +211,9 @@ public class ConfigurationList extends AuthenticatingHttpServlet {
catch (XMLStreamException e) {
throw new IOException("Unable to write configuration list XML.", e);
}
catch (GuacamoleException e) {
throw new ServletException("Unable to read configurations.", e);
}
}