safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Correct handling of permission-filtered directory search.

Browse Source 
The correct ObjectPermissionSet should be used to filter the identifiers
used. Previous code was always using the ObjectPermissionSet specific to
permissions affecting user objects, and thus was incorrect for all other
types of objects (connections, connection groups, etc.).
This commit is contained in:
Michael Jumper
2018-09-08 13:04:25 -07:00
parent 402ddb577f
commit 2161260e34
7 changed files with 74 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
guacamole/src/main/java/org/apache/guacamole/rest/activeconnection/ActiveConnectionDirectoryResource.java
View File

@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.ActiveConnection; import org.apache.guacamole.net.auth.ActiveConnection;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.directory.DirectoryResource; import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -67,4 +70,10 @@ public class ActiveConnectionDirectoryResource
super(userContext, directory, translator, resourceFactory); super(userContext, directory, translator, resourceFactory);
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getActiveConnectionPermissions();
}
} }

9
guacamole/src/main/java/org/apache/guacamole/rest/connection/ConnectionDirectoryResource.java
View File

@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.directory.DirectoryResource; import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -66,4 +69,10 @@ public class ConnectionDirectoryResource
super(userContext, directory, translator, resourceFactory); super(userContext, directory, translator, resourceFactory);
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getConnectionPermissions();
}
} }

8
guacamole/src/main/java/org/apache/guacamole/rest/connectiongroup/ConnectionGroupDirectoryResource.java
View File

@@ -27,7 +27,9 @@ import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.ConnectionGroup; import org.apache.guacamole.net.auth.ConnectionGroup;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResource; import org.apache.guacamole.rest.directory.DirectoryObjectResource;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
@@ -102,4 +104,10 @@ public class ConnectionGroupDirectoryResource
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getConnectionGroupPermissions();
}
} }

22
guacamole/src/main/java/org/apache/guacamole/rest/directory/DirectoryResource.java
View File

@@ -119,6 +119,26 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter
this.resourceFactory = resourceFactory; this.resourceFactory = resourceFactory;
} }
/**
* Returns the ObjectPermissionSet defined within the given Permissions
* that represents the permissions affecting objects available within this
* DirectoryResource.
*
* @param permissions
* The Permissions object from which the ObjectPermissionSet should be
* retrieved.
*
* @return
* The ObjectPermissionSet defined within the given Permissions object
* that represents the permissions affecting objects available within
* this DirectoryResource.
*
* @throws GuacamoleException
* If an error prevents retrieval of permissions.
*/
protected abstract ObjectPermissionSet getObjectPermissions(
Permissions permissions) throws GuacamoleException;
/** /**
* Returns a map of all objects available within this DirectoryResource, * Returns a map of all objects available within this DirectoryResource,
* filtering the returned map by the given permission, if specified. * filtering the returned map by the given permission, if specified.
@@ -149,7 +169,7 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter
// Filter objects, if requested // Filter objects, if requested
Collection<String> identifiers = directory.getIdentifiers(); Collection<String> identifiers = directory.getIdentifiers();
if (!isAdmin && permissions != null && !permissions.isEmpty()) { if (!isAdmin && permissions != null && !permissions.isEmpty()) {
ObjectPermissionSet objectPermissions = effective.getUserPermissions(); ObjectPermissionSet objectPermissions = getObjectPermissions(effective);
identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers); identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers);
} }

9
guacamole/src/main/java/org/apache/guacamole/rest/sharingprofile/SharingProfileDirectoryResource.java
View File

@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.SharingProfile; import org.apache.guacamole.net.auth.SharingProfile;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.directory.DirectoryResource; import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -67,4 +70,10 @@ public class SharingProfileDirectoryResource
super(userContext, directory, translator, resourceFactory); super(userContext, directory, translator, resourceFactory);
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getSharingProfilePermissions();
}
} }

9
guacamole/src/main/java/org/apache/guacamole/rest/user/UserDirectoryResource.java
View File

@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.directory.DirectoryResource; import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -65,4 +68,10 @@ public class UserDirectoryResource extends DirectoryResource<User, APIUser> {
super(userContext, directory, translator, resourceFactory); super(userContext, directory, translator, resourceFactory);
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getUserPermissions();
}
} }

9
guacamole/src/main/java/org/apache/guacamole/rest/usergroup/UserGroupDirectoryResource.java
View File

@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
import javax.ws.rs.Consumes; import javax.ws.rs.Consumes;
import javax.ws.rs.Produces; import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.UserGroup; import org.apache.guacamole.net.auth.UserGroup;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory; import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator; import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
import org.apache.guacamole.rest.directory.DirectoryResource; import org.apache.guacamole.rest.directory.DirectoryResource;
@@ -65,4 +68,10 @@ public class UserGroupDirectoryResource extends DirectoryResource<UserGroup, API
super(userContext, directory, translator, resourceFactory); super(userContext, directory, translator, resourceFactory);
} }
@Override
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
throws GuacamoleException {
return permissions.getUserGroupPermissions();
}
} }