safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-07 05:31:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #268: User permission deltas. Do not explicitly list all permissions every update.

Browse Source
This commit is contained in:
Michael Jumper
2013-02-25 20:23:24 -08:00
parent 3dd855b6aa
commit 2164807314
3 changed files with 90 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java
View File

@@ -167,19 +167,33 @@ public class Update extends AuthenticatingHttpServlet {
user.setPassword(password);
// Set user permissions
String[] user_permission = request.getParameterValues("user");
if (user_permission != null) {
for (String str : user_permission)
String[] add_user_permission = request.getParameterValues("+user");
if (add_user_permission != null) {
for (String str : add_user_permission)
user.addPermission(parseUserPermission(str));
}
// Set connection permissions
String[] connection_permission = request.getParameterValues("connection");
if (connection_permission != null) {
for (String str : connection_permission)
String[] add_connection_permission = request.getParameterValues("+connection");
if (add_connection_permission != null) {
for (String str : add_connection_permission)
user.addPermission(parseConnectionPermission(str));
}
// Set user permissions
String[] remove_user_permission = request.getParameterValues("-user");
if (remove_user_permission != null) {
for (String str : remove_user_permission)
user.removePermission(parseUserPermission(str));
}
// Set connection permissions
String[] remove_connection_permission = request.getParameterValues("-connection");
if (remove_connection_permission != null) {
for (String str : remove_connection_permission)
user.removePermission(parseConnectionPermission(str));
}
// Update user
directory.update(user);

34
guacamole/src/main/webapp/scripts/admin-ui.js
View File

@@ -352,6 +352,10 @@ GuacAdmin.addUser = function(name) {
// Get user permissions
var user_perms = GuacamoleService.Permissions.list(name);
// Permission deltas
var added_perms = new GuacamoleService.PermissionSet();
var removed_perms = new GuacamoleService.PermissionSet();
// Create form base elements
var form_element = GuacUI.createElement("div", "form");
var user_header = GuacUI.createChildElement(form_element, "h2");
@@ -404,7 +408,6 @@ GuacAdmin.addUser = function(name) {
};
// If readable connections exist, list them
var selected_connections = {};
if (GuacAdmin.hasEntry(GuacAdmin.cached_permissions.administer_connection)) {
// Add fields for per-connection checkboxes
@@ -439,17 +442,27 @@ GuacAdmin.addUser = function(name) {
connection_field.setAttribute("value", conn);
// Check checkbox if connection readable by selected user
if (conn in user_perms.read_connection) {
selected_connections[conn] = true;
if (conn in user_perms.read_connection)
connection_field.checked = true;
}
// Update selected connections when changed
connection_field.onclick = connection_field.onchange = function() {
if (this.checked)
selected_connections[this.value] = true;
else if (selected_connections[this.value])
delete selected_connections[this.value];
// Update permission deltas for ADDED permission
if (this.checked) {
added_perms.read_connection[this.value] = true;
if (removed_perms.read_connection[this.value])
delete removed_perms.read_connection[this.value];
}
// Update permission deltas for REMOVED permission
else {
removed_perms.read_connection[this.value] = true;
if (added_perms.read_connection[this.value])
delete added_perms.read_connection[this.value];
}
};
connection_name.textContent = conn;
@@ -496,12 +509,9 @@ GuacAdmin.addUser = function(name) {
else
password = null;
// Set user permissions
user_perms.read_connection = selected_connections;
// Save user
GuacamoleService.Users.update(
GuacAdmin.selected_user, password, user_perms);
GuacAdmin.selected_user, password, added_perms, removed_perms);
deselect();
GuacAdmin.reset();

71
guacamole/src/main/webapp/scripts/service.js
View File

@@ -397,13 +397,14 @@ GuacamoleService.Users = {
*
* @param {String} username The username of the user to create.
* @param {String} password The password to assign to the user (optional).
* @param {GuacamoleService.PermissionSet} permissions The permissions to
* assign.
* @param {GuacamoleService.PermissionSet} permissions_added All permissions that were added.
* @param {GuacamoleService.PermissionSet} permissions_removed All permissions that were removed.
* @param {String} parameters Any parameters which should be passed to the
* server for the sake of authentication
* (optional).
*/
"update" : function(username, password, permissions, parameters) {
"update" : function(username, password, permissions_added,
permissions_removed, parameters) {
// Construct request URL
var users_url = "users/update";
@@ -413,31 +414,55 @@ GuacamoleService.Users = {
var data = "name=" + encodeURIComponent(username);
if (password) data += "&password=" + encodeURIComponent(password);
// Creation permissions
if (permissions.create_user) data += "&user=create";
if (permissions.create_connection) data += "&connection=create";
var name;
// Creation permissions
if (permissions_added.create_user) data += "&%2Buser=create";
if (permissions_added.create_connection) data += "&%2Bconnection=create";
// User permissions
for (name in permissions.read_user)
data += "&user=read:" + encodeURIComponent(name);
for (name in permissions.administer_user)
data += "&user=admin:" + encodeURIComponent(name);
for (name in permissions.update_user)
data += "&user=update:" + encodeURIComponent(name);
for (name in permissions.remove_user)
data += "&user=delete:" + encodeURIComponent(name);
for (name in permissions_added.read_user)
data += "&%2Buser=read:" + encodeURIComponent(name);
for (name in permissions_added.administer_user)
data += "&%2Buser=admin:" + encodeURIComponent(name);
for (name in permissions_added.update_user)
data += "&%2Buser=update:" + encodeURIComponent(name);
for (name in permissions_added.remove_user)
data += "&%2Buser=delete:" + encodeURIComponent(name);
// Connection permissions
for (name in permissions.read_connection)
data += "&connection=read:" + encodeURIComponent(name);
for (name in permissions.administer_connection)
data += "&connection=admin:" + encodeURIComponent(name);
for (name in permissions.update_connection)
data += "&connection=update:" + encodeURIComponent(name);
for (name in permissions.remove_connection)
data += "&connection=delete:" + encodeURIComponent(name);
for (name in permissions_added.read_connection)
data += "&%2Bconnection=read:" + encodeURIComponent(name);
for (name in permissions_added.administer_connection)
data += "&%2Bconnection=admin:" + encodeURIComponent(name);
for (name in permissions_added.update_connection)
data += "&%2Bconnection=update:" + encodeURIComponent(name);
for (name in permissions_added.remove_connection)
data += "&%2Bconnection=delete:" + encodeURIComponent(name);
// Creation permissions
if (permissions_removed.create_user) data += "&-user=create";
if (permissions_removed.create_connection) data += "&-connection=create";
// User permissions
for (name in permissions_removed.read_user)
data += "&-user=read:" + encodeURIComponent(name);
for (name in permissions_removed.administer_user)
data += "&-user=admin:" + encodeURIComponent(name);
for (name in permissions_removed.update_user)
data += "&-user=update:" + encodeURIComponent(name);
for (name in permissions_removed.remove_user)
data += "&-user=delete:" + encodeURIComponent(name);
// Connection permissions
for (name in permissions_removed.read_connection)
data += "&-connection=read:" + encodeURIComponent(name);
for (name in permissions_removed.administer_connection)
data += "&-connection=admin:" + encodeURIComponent(name);
for (name in permissions_removed.update_connection)
data += "&-connection=update:" + encodeURIComponent(name);
for (name in permissions_removed.remove_connection)
data += "&-connection=delete:" + encodeURIComponent(name);
// Update user
var xhr = new XMLHttpRequest();