From 1d2e7035560ec4becccfb4b19370b7cb0d381498 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 11 Feb 2015 11:36:06 -0800 Subject: [PATCH] GUAC-1100: Implement Simple* read-only versions of the permission sets. --- .../simple/SimpleObjectPermissionSet.java | 147 ++++++++++++++++++ .../simple/SimpleSystemPermissionSet.java | 109 +++++++++++++ 2 files changed, 256 insertions(+) create mode 100644 guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleObjectPermissionSet.java create mode 100644 guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleSystemPermissionSet.java diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleObjectPermissionSet.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleObjectPermissionSet.java new file mode 100644 index 000000000..2a3b990af --- /dev/null +++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleObjectPermissionSet.java @@ -0,0 +1,147 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.glyptodon.guacamole.net.auth.simple; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import org.glyptodon.guacamole.GuacamoleException; +import org.glyptodon.guacamole.GuacamoleSecurityException; +import org.glyptodon.guacamole.net.auth.permission.ObjectPermission; +import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet; + +/** + * A read-only implementation of ObjectPermissionSet which uses a backing Set + * of Permissions to determine which permissions are present. + * + * @author Michael Jumper + * @param + * The type of identifier used to identify objects affected by permissions + * stored in this SimpleObjectPermissionSet. + * + * @param + * The type of objects affected by permissions stored in this + * SimpleObjectPermissionSet. + */ +public class SimpleObjectPermissionSet + implements ObjectPermissionSet { + + /** + * The set of all permissions currently granted. + */ + private Set> permissions = Collections.EMPTY_SET; + + /** + * Creates a new empty SimpleObjectPermissionSet. + */ + public SimpleObjectPermissionSet() { + } + + /** + * Creates a new SimpleObjectPermissionSet which contains the permissions + * within the given Set. + * + * @param permissions + * The Set of permissions this SimpleObjectPermissionSet should + * contain. + */ + public SimpleObjectPermissionSet(Set> permissions) { + this.permissions = permissions; + } + + /** + * Sets the Set which backs this SimpleObjectPermissionSet. Future function + * calls on this SimpleObjectPermissionSet will use the provided Set. + * + * @param permissions + * The Set of permissions this SimpleObjectPermissionSet should + * contain. + */ + protected void setPermissions(Set> permissions) { + this.permissions = permissions; + } + + /** + * Returns the Set which currently backs this SimpleObjectPermissionSet. + * Changes to this Set will affect future function calls on this + * SimpleObjectPermissionSet. + * + * @return + * The Set of permissions this SimpleObjectPermissionSet currently + * contains. + */ + protected Set> getPermissions() { + return permissions; + } + + + @Override + public boolean hasPermission(ObjectPermission.Type permission, + IdentifierType identifier) throws GuacamoleException { + + ObjectPermission objectPermission = + new ObjectPermission(permission, identifier); + + return permissions.contains(objectPermission); + + } + + @Override + public void addPermission(ObjectPermission.Type permission, + IdentifierType identifier) throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermission(ObjectPermission.Type permission, + IdentifierType identifier) throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public Collection getAccessibleObjects( + Collection permissionTypes, + Collection identifiers) throws GuacamoleException { + + Collection accessibleObjects = new ArrayList(permissions.size()); + + // For each identifier/permission combination + for (IdentifierType identifier : identifiers) { + for (ObjectPermission.Type permissionType : permissionTypes) { + + // Add identifier if at least one requested permission is granted + ObjectPermission permission = new ObjectPermission(permissionType, identifier); + if (permissions.contains(permission)) { + accessibleObjects.add(identifier); + break; + } + + } + } + + return accessibleObjects; + + } + +} diff --git a/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleSystemPermissionSet.java b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleSystemPermissionSet.java new file mode 100644 index 000000000..5b027e5a9 --- /dev/null +++ b/guacamole-ext/src/main/java/org/glyptodon/guacamole/net/auth/simple/SimpleSystemPermissionSet.java @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2015 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.glyptodon.guacamole.net.auth.simple; + +import java.util.Collections; +import java.util.Set; +import org.glyptodon.guacamole.GuacamoleException; +import org.glyptodon.guacamole.GuacamoleSecurityException; +import org.glyptodon.guacamole.net.auth.permission.SystemPermission; +import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet; + +/** + * A read-only implementation of SystemPermissionSet which uses a backing Set + * of Permissions to determine which permissions are present. + * + * @author Michael Jumper + */ +public class SimpleSystemPermissionSet implements SystemPermissionSet { + + /** + * The set of all permissions currently granted. + */ + private Set permissions = Collections.EMPTY_SET; + + /** + * Creates a new empty SimpleSystemPermissionSet. + */ + public SimpleSystemPermissionSet() { + } + + /** + * Creates a new SimpleSystemPermissionSet which contains the permissions + * within the given Set. + * + * @param permissions + * The Set of permissions this SimpleSystemPermissionSet should + * contain. + */ + public SimpleSystemPermissionSet(Set permissions) { + this.permissions = permissions; + } + + /** + * Sets the Set which backs this SimpleSystemPermissionSet. Future function + * calls on this SimpleSystemPermissionSet will use the provided Set. + * + * @param permissions + * The Set of permissions this SimpleSystemPermissionSet should + * contain. + */ + protected void setPermissions(Set permissions) { + this.permissions = permissions; + } + + /** + * Returns the Set which currently backs this SimpleSystemPermissionSet. + * Changes to this Set will affect future function calls on this + * SimpleSystemPermissionSet. + * + * @return + * The Set of permissions this SimpleSystemPermissionSet currently + * contains. + */ + protected Set getPermissions() { + return permissions; + } + + @Override + public boolean hasPermission(SystemPermission.Type permission) + throws GuacamoleException { + + SystemPermission systemPermission = new SystemPermission(permission); + return permissions.contains(systemPermission); + + } + + @Override + public void addPermission(SystemPermission.Type permission) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + + @Override + public void removePermission(SystemPermission.Type permission) + throws GuacamoleException { + throw new GuacamoleSecurityException("Permission denied."); + } + +}