GUACAMOLE-220: Map and allow manipulation of the user group parents of users.

2025-09-06 13:17:41 +00:00 · 2018-04-10 15:18:38 -07:00
parent 856ab44373
commit 2999c56098
5 changed files with 196 additions and 2 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -91,6 +91,7 @@ import org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper;
 import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
+import org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper;

 /**
 * Guice module which configures the injections used by the JDBC authentication
@@ -144,6 +145,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
        addMapperClass(UserGroupParentUserGroupMapper.class);
        addMapperClass(UserGroupPermissionMapper.class);
        addMapperClass(UserMapper.class);
+        addMapperClass(UserParentUserGroupMapper.class);
        addMapperClass(UserPermissionMapper.class);
        addMapperClass(UserRecordMapper.class);
        
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.jdbc.user;

 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import java.sql.Date;
 import java.sql.Time;
 import java.sql.Timestamp;
@@ -49,7 +50,6 @@ import org.apache.guacamole.net.auth.ActivityRecord;
 import org.apache.guacamole.net.auth.Permissions;
 import org.apache.guacamole.net.auth.RelatedObjectSet;
 import org.apache.guacamole.net.auth.User;
-import org.apache.guacamole.net.auth.simple.SimpleRelatedObjectSet;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

@@ -176,6 +176,13 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {
    @Inject
    private SaltService saltService;

+    /**
+     * Provider for RelatedObjectSets containing the user groups of which this
+     * user is a member.
+     */
+    @Inject
+    private Provider<UserParentUserGroupSet> parentUserGroupSetProvider;
+
    /**
     * Whether attributes which control access restrictions should be exposed
     * via getAttributes() or allowed to be set via setAttributes().
@@ -747,7 +754,9 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {

    @Override
    public RelatedObjectSet getUserGroups() throws GuacamoleException {
-        return new SimpleRelatedObjectSet();
+        UserParentUserGroupSet parentUserGroupSet = parentUserGroupSetProvider.get();
+        parentUserGroupSet.init(getCurrentUser(), this);
+        return parentUserGroupSet;
    }

    @Override
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.user;
+
+import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
+
+/**
+ * Mapper for the one-to-many relationship between a user and the user groups
+ * of which it is a member.
+ */
+public interface UserParentUserGroupMapper extends ObjectRelationMapper<UserModel> {}
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.user;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
+import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+
+/**
+ * RelatedObjectSet implementation which represents the one-to-many
+ * relationship between a particular user and the user groups of which it is a
+ * member.
+ */
+public class UserParentUserGroupSet extends RelatedObjectSet<ModeledUser, UserModel> {
+
+    /**
+     * Mapper for the relations between users and the user groups of which they
+     * are members.
+     */
+    @Inject
+    private UserParentUserGroupMapper userParentUserGroupMapper;
+
+    @Override
+    protected ObjectRelationMapper<UserModel> getObjectRelationMapper() {
+        return userParentUserGroupMapper;
+    }
+
+    @Override
+    protected ObjectPermissionSet
+        getParentObjectEffectivePermissionSet() throws GuacamoleException {
+           return getCurrentUser().getUser().getEffectivePermissions().getUserPermissions();
+    }
+
+    @Override
+    protected ObjectPermissionSet getChildObjectEffectivePermissionSet()
+            throws GuacamoleException {
+        return getCurrentUser().getUser().getEffectivePermissions().getUserGroupPermissions();
+    }
+
+}