GUACAMOLE-5: Add sharing profiles to database schema.

2025-09-06 21:27:40 +00:00 · 2016-07-19 11:21:45 -07:00
parent 4e0929c665
commit 21f5aba548
6 changed files with 366 additions and 19 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/001-create-schema.sql
@@ -44,6 +44,7 @@ CREATE TYPE guacamole_object_permission_type AS ENUM(
 CREATE TYPE guacamole_system_permission_type AS ENUM(
    'CREATE_CONNECTION',
    'CREATE_CONNECTION_GROUP',
+    'CREATE_SHARING_PROFILE',
    'CREATE_USER',
    'ADMINISTER'
 );
@@ -148,6 +149,34 @@ CREATE TABLE guacamole_user (

 );

+--
+-- Table of sharing profiles. Each sharing profile has a name, associated set
+-- of parameters, and a primary connection. The primary connection is the
+-- connection that the sharing profile shares, and the parameters dictate the
+-- restrictions/features which apply to the user joining the connection via the
+-- sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  sharing_profile_id    serial       NOT NULL,
+  sharing_profile_name  varchar(128) NOT NULL,
+  primary_connection_id integer      NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id),
+
+  CONSTRAINT sharing_profile_name_primary
+    UNIQUE (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT guacamole_sharing_profile_ibfk_1
+    FOREIGN KEY (primary_connection_id)
+    REFERENCES guacamole_connection (connection_id)
+    ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile(primary_connection_id);
+
 --
 -- Table of connection parameters. Each parameter is simply a name/value pair
 -- associated with a connection.
@@ -169,6 +198,29 @@ CREATE TABLE guacamole_connection_parameter (

 CREATE INDEX ON guacamole_connection_parameter(connection_id);

+--
+-- Table of sharing profile parameters. Each parameter is simply
+-- name/value pair associated with a sharing profile. These parameters dictate
+-- the restrictions/features which apply to the user joining the associated
+-- connection via the sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  sharing_profile_id integer       NOT NULL,
+  parameter_name     varchar(128)  NOT NULL,
+  parameter_value    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id, parameter_name),
+
+  CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id);
+
 --
 -- Table of connection permissions. Each connection permission grants a user
 -- specific access to a connection.
@@ -221,6 +273,32 @@ CREATE TABLE guacamole_connection_group_permission (
 CREATE INDEX ON guacamole_connection_group_permission(connection_group_id);
 CREATE INDEX ON guacamole_connection_group_permission(user_id);

+--
+-- Table of sharing profile permissions. Each sharing profile permission grants
+-- a user specific access to a sharing profile.
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  user_id            integer NOT NULL,
+  sharing_profile_id integer NOT NULL,
+  permission         guacamole_object_permission_type NOT NULL,
+
+  PRIMARY KEY (user_id,sharing_profile_id,permission),
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE,
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id);
+CREATE INDEX ON guacamole_sharing_profile_permission(user_id);
+
 --
 -- Table of system permissions. Each system permission grants a user a
 -- system-level privilege of some kind.
@@ -275,27 +353,34 @@ CREATE INDEX ON guacamole_user_permission(user_id);

 CREATE TABLE guacamole_connection_history (

-  history_id      serial       NOT NULL,
-  user_id         integer      DEFAULT NULL,
-  username        varchar(128) NOT NULL,
-  connection_id   integer      DEFAULT NULL,
-  connection_name varchar(128) NOT NULL,
-  start_date      timestamptz  NOT NULL,
-  end_date        timestamptz  DEFAULT NULL,
+  history_id           serial       NOT NULL,
+  user_id              integer      DEFAULT NULL,
+  username             varchar(128) NOT NULL,
+  connection_id        integer      DEFAULT NULL,
+  connection_name      varchar(128) NOT NULL,
+  sharing_profile_id   integer      DEFAULT NULL,
+  sharing_profile_name varchar(128) NOT NULL,
+  start_date           timestamptz  NOT NULL,
+  end_date             timestamptz  DEFAULT NULL,

  PRIMARY KEY (history_id),

  CONSTRAINT guacamole_connection_history_ibfk_1
    FOREIGN KEY (user_id)
-    REFERENCES guacamole_user (user_id) ON DELETE CASCADE,
+    REFERENCES guacamole_user (user_id) ON DELETE SET NULL,

  CONSTRAINT guacamole_connection_history_ibfk_2
    FOREIGN KEY (connection_id)
-    REFERENCES guacamole_connection (connection_id) ON DELETE CASCADE
+    REFERENCES guacamole_connection (connection_id) ON DELETE SET NULL,
+
+  CONSTRAINT guacamole_connection_history_ibfk_3
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL

 );

 CREATE INDEX ON guacamole_connection_history(user_id);
 CREATE INDEX ON guacamole_connection_history(connection_id);
+CREATE INDEX ON guacamole_connection_history(sharing_profile_id);
 CREATE INDEX ON guacamole_connection_history(start_date);
 CREATE INDEX ON guacamole_connection_history(end_date);
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/002-create-admin-user.sql
@@ -31,6 +31,7 @@ FROM (
    VALUES
        ('guacadmin', 'CREATE_CONNECTION'),
        ('guacadmin', 'CREATE_CONNECTION_GROUP'),
+        ('guacadmin', 'CREATE_SHARING_PROFILE'),
        ('guacadmin', 'CREATE_USER'),
        ('guacadmin', 'ADMINISTER')
 ) permissions (username, permission)
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/schema/upgrade/upgrade-pre-0.9.10.sql
@@ -95,3 +95,96 @@ ALTER TABLE guacamole_connection_history
 ALTER TABLE guacamole_connection_group
    ADD COLUMN enable_session_affinity boolean NOT NULL DEFAULT FALSE;

+--
+-- Add new system-level permission
+--
+
+ALTER TYPE guacamole_system_permission_type
+    ADD VALUE 'CREATE_SHARING_PROFILE'
+    AFTER 'CREATE_CONNECTION_GROUP';
+
+--
+-- Add sharing profile table
+--
+
+CREATE TABLE guacamole_sharing_profile (
+
+  sharing_profile_id    serial       NOT NULL,
+  sharing_profile_name  varchar(128) NOT NULL,
+  primary_connection_id integer      NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id),
+
+  CONSTRAINT sharing_profile_name_primary
+    UNIQUE (sharing_profile_name, primary_connection_id),
+
+  CONSTRAINT guacamole_sharing_profile_ibfk_1
+    FOREIGN KEY (primary_connection_id)
+    REFERENCES guacamole_connection (connection_id)
+    ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile(primary_connection_id);
+
+--
+-- Add table of sharing profile parameters
+--
+
+CREATE TABLE guacamole_sharing_profile_parameter (
+
+  sharing_profile_id integer       NOT NULL,
+  parameter_name     varchar(128)  NOT NULL,
+  parameter_value    varchar(4096) NOT NULL,
+
+  PRIMARY KEY (sharing_profile_id, parameter_name),
+
+  CONSTRAINT guacamole_sharing_profile_parameter_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_parameter(sharing_profile_id);
+
+--
+-- Object-level permission table for sharing profiles
+--
+
+CREATE TABLE guacamole_sharing_profile_permission (
+
+  user_id            integer NOT NULL,
+  sharing_profile_id integer NOT NULL,
+  permission         guacamole_object_permission_type NOT NULL,
+
+  PRIMARY KEY (user_id,sharing_profile_id,permission),
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_1
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE CASCADE,
+
+  CONSTRAINT guacamole_sharing_profile_permission_ibfk_2
+    FOREIGN KEY (user_id)
+    REFERENCES guacamole_user (user_id) ON DELETE CASCADE
+
+);
+
+CREATE INDEX ON guacamole_sharing_profile_permission(sharing_profile_id);
+CREATE INDEX ON guacamole_sharing_profile_permission(user_id);
+
+--
+-- Add new (optional) sharing profile ID and name columns to connection history
+--
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_id integer;
+
+ALTER TABLE guacamole_connection_history
+    ADD COLUMN sharing_profile_name varchar(128);
+
+ALTER TABLE guacamole_connection_history
+    ADD CONSTRAINT guacamole_connection_history_ibfk_3
+    FOREIGN KEY (sharing_profile_id)
+    REFERENCES guacamole_sharing_profile (sharing_profile_id) ON DELETE SET NULL;
+
+CREATE INDEX ON guacamole_connection_history(sharing_profile_id);