From 1af52cffa4c864f9c4bae5bc3dc88aef54dfbdc1 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mike.jumper@guac-dev.org>
Date: Sat, 28 Feb 2015 23:25:14 -0800
Subject: [PATCH] GUAC-1101: Insert implicit permissions for created objects.

---
 .../jdbc/base/DirectoryObjectService.java     | 47 ++++++++++++++++++-
 .../jdbc/connection/ConnectionService.java    | 13 +++++
 .../ConnectionGroupService.java               | 13 +++++
 .../guacamole/auth/jdbc/user/UserService.java | 13 +++++
 4 files changed, 85 insertions(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
index e370174ba..1e879b904 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
@@ -29,6 +29,9 @@ import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
@@ -53,6 +56,17 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
         ExternalType, ModelType extends ObjectModel> {
 
+    /**
+     * All object permissions which are implicitly granted upon creation to the
+     * creator of the object.
+     */
+    private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = {
+        ObjectPermission.Type.READ,
+        ObjectPermission.Type.UPDATE,
+        ObjectPermission.Type.DELETE,
+        ObjectPermission.Type.ADMINISTER
+    };
+    
     /**
      * Returns an instance of a mapper for the type of object used by this
      * service.
@@ -63,6 +77,16 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
      */
     protected abstract DirectoryObjectMapper<ModelType> getObjectMapper();
 
+    /**
+     * Returns an instance of a mapper for the type of permissions that affect
+     * the type of object used by this service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the permissions that affect the objects used by this service.
+     */
+    protected abstract ObjectPermissionMapper getPermissionMapper();
+
     /**
      * Returns an instance of an object which is backed by the given model
      * object.
@@ -344,7 +368,28 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
             ModelType model = getModelInstance(user, object);
             getObjectMapper().insert(model);
 
-            // FIXME: Insert implicit object permissions, too.
+            // Build list of implicit permissions
+            Collection<ObjectPermissionModel> implicitPermissions =
+                    new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
+
+            UserModel userModel = user.getUser().getModel();
+            for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
+
+                // Create model which grants this permission to the current user
+                ObjectPermissionModel permissionModel = new ObjectPermissionModel();
+                permissionModel.setUserID(userModel.getObjectID());
+                permissionModel.setUsername(userModel.getIdentifier());
+                permissionModel.setType(permission);
+                permissionModel.setObjectIdentifier(model.getIdentifier());
+
+                // Add permission
+                implicitPermissions.add(permissionModel);
+                
+            }
+
+            // Add implicit permissions
+            getPermissionMapper().insert(implicitPermissions);
+
             return getObjectInstance(user, model);
         }
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
index 634087ab7..fcc43208b 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
@@ -37,6 +37,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -60,6 +62,12 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
     @Inject
     private ConnectionMapper connectionMapper;
 
+    /**
+     * Mapper for manipulating connection permissions.
+     */
+    @Inject
+    private ConnectionPermissionMapper connectionPermissionMapper;
+    
     /**
      * Mapper for accessing connection parameters.
      */
@@ -89,6 +97,11 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
         return connectionMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionPermissionMapper;
+    }
+
     @Override
     protected ModeledConnection getObjectInstance(AuthenticatedUser currentUser,
             ConnectionModel model) {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
index 296f87e28..f144dcb87 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
@@ -32,6 +32,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleSocket;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -55,6 +57,12 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
     @Inject
     private ConnectionGroupMapper connectionGroupMapper;
 
+    /**
+     * Mapper for manipulating connection group permissions.
+     */
+    @Inject
+    private ConnectionGroupPermissionMapper connectionGroupPermissionMapper;
+    
     /**
      * Provider for creating connection groups.
      */
@@ -72,6 +80,11 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
         return connectionGroupMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return connectionGroupPermissionMapper;
+    }
+
     @Override
     protected ModeledConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
             ConnectionGroupModel model) {
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
index a74f5cd89..0785337ee 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
@@ -31,6 +31,8 @@ import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -50,6 +52,12 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
     @Inject
     private UserMapper userMapper;
 
+    /**
+     * Mapper for manipulating user permissions.
+     */
+    @Inject
+    private UserPermissionMapper userPermissionMapper;
+    
     /**
      * Provider for creating users.
      */
@@ -61,6 +69,11 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
         return userMapper;
     }
 
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return userPermissionMapper;
+    }
+
     @Override
     protected ModeledUser getObjectInstance(AuthenticatedUser currentUser,
             UserModel model) {