safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-1101: Insert implicit permissions for created objects.

Browse Source
This commit is contained in:
Michael Jumper
2015-02-28 23:25:14 -08:00
parent d104a3170b
commit 1af52cffa4
4 changed files with 85 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
View File

@@ -29,6 +29,9 @@ import java.util.Set;
import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.GuacamoleSecurityException;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
@@ -53,6 +56,17 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
ExternalType, ModelType extends ObjectModel> {
/**
* All object permissions which are implicitly granted upon creation to the
* creator of the object.
*/
private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = {
ObjectPermission.Type.READ,
ObjectPermission.Type.UPDATE,
ObjectPermission.Type.DELETE,
ObjectPermission.Type.ADMINISTER
};
/**
* Returns an instance of a mapper for the type of object used by this
* service.
@@ -63,6 +77,16 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
*/
protected abstract DirectoryObjectMapper<ModelType> getObjectMapper();
/**
* Returns an instance of a mapper for the type of permissions that affect
* the type of object used by this service.
*
* @return
* A mapper which provides access to the model objects associated with
* the permissions that affect the objects used by this service.
*/
protected abstract ObjectPermissionMapper getPermissionMapper();
/**
* Returns an instance of an object which is backed by the given model
* object.
@@ -344,7 +368,28 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
ModelType model = getModelInstance(user, object);
getObjectMapper().insert(model);
// FIXME: Insert implicit object permissions, too.
// Build list of implicit permissions
Collection<ObjectPermissionModel> implicitPermissions =
new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
UserModel userModel = user.getUser().getModel();
for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
// Create model which grants this permission to the current user
ObjectPermissionModel permissionModel = new ObjectPermissionModel();
permissionModel.setUserID(userModel.getObjectID());
permissionModel.setUsername(userModel.getIdentifier());
permissionModel.setType(permission);
permissionModel.setObjectIdentifier(model.getIdentifier());
// Add permission
implicitPermissions.add(permissionModel);
}
// Add implicit permissions
getPermissionMapper().insert(implicitPermissions);
return getObjectInstance(user, model);
}

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java
View File

@@ -37,6 +37,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
import org.glyptodon.guacamole.GuacamoleClientException;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.GuacamoleSecurityException;
import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.net.GuacamoleSocket;
import org.glyptodon.guacamole.net.auth.Connection;
import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -60,6 +62,12 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
@Inject
private ConnectionMapper connectionMapper;
/**
* Mapper for manipulating connection permissions.
*/
@Inject
private ConnectionPermissionMapper connectionPermissionMapper;
/**
* Mapper for accessing connection parameters.
*/
@@ -89,6 +97,11 @@ public class ConnectionService extends DirectoryObjectService<ModeledConnection,
return connectionMapper;
}
@Override
protected ObjectPermissionMapper getPermissionMapper() {
return connectionPermissionMapper;
}
@Override
protected ModeledConnection getObjectInstance(AuthenticatedUser currentUser,
ConnectionModel model) {

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java
View File

@@ -32,6 +32,8 @@ import org.glyptodon.guacamole.auth.jdbc.socket.GuacamoleSocketService;
import org.glyptodon.guacamole.GuacamoleClientException;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.GuacamoleSecurityException;
import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.net.GuacamoleSocket;
import org.glyptodon.guacamole.net.auth.ConnectionGroup;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
@@ -55,6 +57,12 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
@Inject
private ConnectionGroupMapper connectionGroupMapper;
/**
* Mapper for manipulating connection group permissions.
*/
@Inject
private ConnectionGroupPermissionMapper connectionGroupPermissionMapper;
/**
* Provider for creating connection groups.
*/
@@ -72,6 +80,11 @@ public class ConnectionGroupService extends DirectoryObjectService<ModeledConnec
return connectionGroupMapper;
}
@Override
protected ObjectPermissionMapper getPermissionMapper() {
return connectionGroupPermissionMapper;
}
@Override
protected ModeledConnectionGroup getObjectInstance(AuthenticatedUser currentUser,
ConnectionGroupModel model) {

13
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
View File

@@ -31,6 +31,8 @@ import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
import org.glyptodon.guacamole.GuacamoleClientException;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
import org.glyptodon.guacamole.net.auth.User;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
@@ -50,6 +52,12 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
@Inject
private UserMapper userMapper;
/**
* Mapper for manipulating user permissions.
*/
@Inject
private UserPermissionMapper userPermissionMapper;
/**
* Provider for creating users.
*/
@@ -61,6 +69,11 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
return userMapper;
}
@Override
protected ObjectPermissionMapper getPermissionMapper() {
return userPermissionMapper;
}
@Override
protected ModeledUser getObjectInstance(AuthenticatedUser currentUser,
UserModel model) {