diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java index d9d1df81d..bc3a27b4c 100644 --- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java +++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java @@ -167,19 +167,33 @@ public class Update extends AuthenticatingHttpServlet { user.setPassword(password); // Set user permissions - String[] user_permission = request.getParameterValues("user"); - if (user_permission != null) { - for (String str : user_permission) + String[] add_user_permission = request.getParameterValues("+user"); + if (add_user_permission != null) { + for (String str : add_user_permission) user.addPermission(parseUserPermission(str)); } // Set connection permissions - String[] connection_permission = request.getParameterValues("connection"); - if (connection_permission != null) { - for (String str : connection_permission) + String[] add_connection_permission = request.getParameterValues("+connection"); + if (add_connection_permission != null) { + for (String str : add_connection_permission) user.addPermission(parseConnectionPermission(str)); } + // Set user permissions + String[] remove_user_permission = request.getParameterValues("-user"); + if (remove_user_permission != null) { + for (String str : remove_user_permission) + user.removePermission(parseUserPermission(str)); + } + + // Set connection permissions + String[] remove_connection_permission = request.getParameterValues("-connection"); + if (remove_connection_permission != null) { + for (String str : remove_connection_permission) + user.removePermission(parseConnectionPermission(str)); + } + // Update user directory.update(user); diff --git a/guacamole/src/main/webapp/scripts/admin-ui.js b/guacamole/src/main/webapp/scripts/admin-ui.js index 1d760b0be..77b4a3eb4 100644 --- a/guacamole/src/main/webapp/scripts/admin-ui.js +++ b/guacamole/src/main/webapp/scripts/admin-ui.js @@ -352,6 +352,10 @@ GuacAdmin.addUser = function(name) { // Get user permissions var user_perms = GuacamoleService.Permissions.list(name); + // Permission deltas + var added_perms = new GuacamoleService.PermissionSet(); + var removed_perms = new GuacamoleService.PermissionSet(); + // Create form base elements var form_element = GuacUI.createElement("div", "form"); var user_header = GuacUI.createChildElement(form_element, "h2"); @@ -404,7 +408,6 @@ GuacAdmin.addUser = function(name) { }; // If readable connections exist, list them - var selected_connections = {}; if (GuacAdmin.hasEntry(GuacAdmin.cached_permissions.administer_connection)) { // Add fields for per-connection checkboxes @@ -439,17 +442,27 @@ GuacAdmin.addUser = function(name) { connection_field.setAttribute("value", conn); // Check checkbox if connection readable by selected user - if (conn in user_perms.read_connection) { - selected_connections[conn] = true; + if (conn in user_perms.read_connection) connection_field.checked = true; - } // Update selected connections when changed connection_field.onclick = connection_field.onchange = function() { - if (this.checked) - selected_connections[this.value] = true; - else if (selected_connections[this.value]) - delete selected_connections[this.value]; + + // Update permission deltas for ADDED permission + if (this.checked) { + added_perms.read_connection[this.value] = true; + if (removed_perms.read_connection[this.value]) + delete removed_perms.read_connection[this.value]; + + } + + // Update permission deltas for REMOVED permission + else { + removed_perms.read_connection[this.value] = true; + if (added_perms.read_connection[this.value]) + delete added_perms.read_connection[this.value]; + } + }; connection_name.textContent = conn; @@ -496,12 +509,9 @@ GuacAdmin.addUser = function(name) { else password = null; - // Set user permissions - user_perms.read_connection = selected_connections; - // Save user GuacamoleService.Users.update( - GuacAdmin.selected_user, password, user_perms); + GuacAdmin.selected_user, password, added_perms, removed_perms); deselect(); GuacAdmin.reset(); diff --git a/guacamole/src/main/webapp/scripts/service.js b/guacamole/src/main/webapp/scripts/service.js index 038c86764..e9510952d 100644 --- a/guacamole/src/main/webapp/scripts/service.js +++ b/guacamole/src/main/webapp/scripts/service.js @@ -397,13 +397,14 @@ GuacamoleService.Users = { * * @param {String} username The username of the user to create. * @param {String} password The password to assign to the user (optional). - * @param {GuacamoleService.PermissionSet} permissions The permissions to - * assign. + * @param {GuacamoleService.PermissionSet} permissions_added All permissions that were added. + * @param {GuacamoleService.PermissionSet} permissions_removed All permissions that were removed. * @param {String} parameters Any parameters which should be passed to the * server for the sake of authentication * (optional). */ - "update" : function(username, password, permissions, parameters) { + "update" : function(username, password, permissions_added, + permissions_removed, parameters) { // Construct request URL var users_url = "users/update"; @@ -413,31 +414,55 @@ GuacamoleService.Users = { var data = "name=" + encodeURIComponent(username); if (password) data += "&password=" + encodeURIComponent(password); - // Creation permissions - if (permissions.create_user) data += "&user=create"; - if (permissions.create_connection) data += "&connection=create"; - var name; + // Creation permissions + if (permissions_added.create_user) data += "&%2Buser=create"; + if (permissions_added.create_connection) data += "&%2Bconnection=create"; + // User permissions - for (name in permissions.read_user) - data += "&user=read:" + encodeURIComponent(name); - for (name in permissions.administer_user) - data += "&user=admin:" + encodeURIComponent(name); - for (name in permissions.update_user) - data += "&user=update:" + encodeURIComponent(name); - for (name in permissions.remove_user) - data += "&user=delete:" + encodeURIComponent(name); + for (name in permissions_added.read_user) + data += "&%2Buser=read:" + encodeURIComponent(name); + for (name in permissions_added.administer_user) + data += "&%2Buser=admin:" + encodeURIComponent(name); + for (name in permissions_added.update_user) + data += "&%2Buser=update:" + encodeURIComponent(name); + for (name in permissions_added.remove_user) + data += "&%2Buser=delete:" + encodeURIComponent(name); // Connection permissions - for (name in permissions.read_connection) - data += "&connection=read:" + encodeURIComponent(name); - for (name in permissions.administer_connection) - data += "&connection=admin:" + encodeURIComponent(name); - for (name in permissions.update_connection) - data += "&connection=update:" + encodeURIComponent(name); - for (name in permissions.remove_connection) - data += "&connection=delete:" + encodeURIComponent(name); + for (name in permissions_added.read_connection) + data += "&%2Bconnection=read:" + encodeURIComponent(name); + for (name in permissions_added.administer_connection) + data += "&%2Bconnection=admin:" + encodeURIComponent(name); + for (name in permissions_added.update_connection) + data += "&%2Bconnection=update:" + encodeURIComponent(name); + for (name in permissions_added.remove_connection) + data += "&%2Bconnection=delete:" + encodeURIComponent(name); + + // Creation permissions + if (permissions_removed.create_user) data += "&-user=create"; + if (permissions_removed.create_connection) data += "&-connection=create"; + + // User permissions + for (name in permissions_removed.read_user) + data += "&-user=read:" + encodeURIComponent(name); + for (name in permissions_removed.administer_user) + data += "&-user=admin:" + encodeURIComponent(name); + for (name in permissions_removed.update_user) + data += "&-user=update:" + encodeURIComponent(name); + for (name in permissions_removed.remove_user) + data += "&-user=delete:" + encodeURIComponent(name); + + // Connection permissions + for (name in permissions_removed.read_connection) + data += "&-connection=read:" + encodeURIComponent(name); + for (name in permissions_removed.administer_connection) + data += "&-connection=admin:" + encodeURIComponent(name); + for (name in permissions_removed.update_connection) + data += "&-connection=update:" + encodeURIComponent(name); + for (name in permissions_removed.remove_connection) + data += "&-connection=delete:" + encodeURIComponent(name); // Update user var xhr = new XMLHttpRequest();