safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 13:41:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Inherit from groups even if not determined by database.

Browse Source
This commit is contained in:
Michael Jumper
2018-04-06 14:10:52 -07:00
parent 6e71f330b8
commit 14d10fb42a
39 changed files with 514 additions and 348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -23,21 +23,40 @@
<mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" >
<!-- Retrieves the ID of the given entity. If inheritance is enabled, the
IDs of the entities for all applicable user groups are retrieved, as well. -->
<sql id="relatedEntities">
<if test="!${inheritFlag}">${entityID}</if>
<if test="${inheritFlag}">
WITH RECURSIVE related_entity(entity_id) AS (
VALUES (${entityID})
UNION
SELECT guacamole_user_group.entity_id
FROM related_entity
JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
)
SELECT entity_id FROM related_entity
</if>
<!--
* SQL fragment which tests whether the value of the given column matches
* the given entity ID. If group identifiers are provided, the IDs of the
* entities for all groups having those identifiers are tested, as well.
*
* @param column
* The name of the column to test. This column MUST contain an entity
* ID (a foreign key into the guacamole_entity table).
*
* @param entityID
* The ID of the specific entity to test the column against.
*
* @param groups
* A collection of group identifiers to additionally test the column
* against. Though this functionality is optional, a collection must
* always be given, even if that collection is empty.
-->
<sql id="isRelatedEntity">
(
${column} = ${entityID}
<if test="!${groups}.isEmpty()">
OR ${column} IN (
SELECT entity_id
FROM guacamole_entity
WHERE
type = 'USER_GROUP'::guacamole_entity_type
AND name IN
<foreach collection="${groups}" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
)
</if>
)
</sql>
<!-- Insert single entity -->

55
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -68,12 +68,11 @@
SELECT connection_id
FROM guacamole_connection_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
</select>
@@ -94,12 +93,11 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
</select>
@@ -175,12 +173,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_connection_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
GROUP BY guacamole_connection.connection_id;
@@ -192,12 +189,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
SELECT
@@ -211,12 +207,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
</select>

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -166,23 +166,21 @@
<!-- Restrict to readable connections -->
JOIN guacamole_connection_permission ON
guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id
AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_connection_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND guacamole_connection_permission.permission = 'READ'
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->

66
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -69,12 +69,11 @@
SELECT connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
</select>
@@ -95,12 +94,11 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
</select>
@@ -171,12 +169,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
SELECT parent_id, guacamole_connection_group.connection_group_id
@@ -187,12 +184,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
SELECT parent_id, guacamole_connection.connection_id
@@ -203,12 +199,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
SELECT
@@ -222,12 +217,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
</select>

33
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -40,12 +40,11 @@
connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
</select>
@@ -58,12 +57,11 @@
connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
@@ -75,12 +73,11 @@
SELECT DISTINCT connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

33
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -40,12 +40,11 @@
connection_id
FROM guacamole_connection_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
</select>
@@ -58,12 +57,11 @@
connection_id
FROM guacamole_connection_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_id = #{identifier,jdbcType=INTEGER}::integer
@@ -75,12 +73,11 @@
SELECT DISTINCT connection_id
FROM guacamole_connection_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

34
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -40,13 +40,11 @@
sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
</select>
@@ -59,12 +57,11 @@
sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
@@ -76,12 +73,11 @@
SELECT DISTINCT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

22
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -38,12 +38,11 @@
permission
FROM guacamole_system_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
</select>
@@ -55,12 +54,11 @@
permission
FROM guacamole_system_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type
</select>

33
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -42,12 +42,11 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND affected_entity.type = 'USER'::guacamole_entity_type
</select>
@@ -63,12 +62,11 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER'::guacamole_entity_type
@@ -83,12 +81,11 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

33
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -52,12 +52,11 @@
SELECT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
</select>
@@ -104,12 +103,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
SELECT
@@ -123,12 +121,11 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
</select>

71
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -70,16 +70,53 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
WHERE
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND permission = 'READ'
</select>
<!-- Select names of all effective (including inherited) groups -->
<select id="selectEffectiveGroupIdentifiers" resultType="string">
WITH RECURSIVE related_entity(entity_id) AS (
SELECT
guacamole_user_group.entity_id
FROM guacamole_user_group
JOIN guacamole_user_group_member ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
WHERE
guacamole_user_group_member.member_entity_id = #{user.entityID}
<if test="!effectiveGroups.isEmpty()">
UNION
SELECT
guacamole_entity.entity_id
FROM guacamole_entity
WHERE
type = 'USER_GROUP'::guacamole_entity_type
AND name IN
<foreach collection="effectiveGroups" item="effectiveGroup"
open="(" separator="," close=")">
#{effectiveGroup,jdbcType=VARCHAR}
</foreach>
</if>
UNION
SELECT
guacamole_user_group.entity_id
FROM related_entity
JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
)
SELECT name
FROM related_entity
JOIN guacamole_entity ON related_entity.entity_id = guacamole_entity.entity_id
WHERE
guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type;
</select>
<!-- Select multiple users by username -->
<select id="select" resultMap="UserResultMap"
resultSets="users,arbitraryAttributes">
@@ -163,12 +200,11 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ'
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -186,12 +222,11 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND permission = 'READ';
</select>

11
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -156,12 +156,11 @@
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_user_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
<property name="column" value="guacamole_user_permission.entity_id"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/>
</include>
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->