Merge pull request #179 from glyptodon/GUAC-1188

GUAC-1188 Use canReadPermissions() - do not reimplement permission checks
2025-09-06 13:17:41 +00:00 · 2015-05-13 21:55:35 -07:00
parent f354e4b463 13fa327ba4
commit 2b021ad33a
1 changed files with 2 additions and 3 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -151,9 +151,8 @@ public class SystemPermissionService
    public SystemPermission retrievePermission(AuthenticatedUser user,
            ModeledUser targetUser, SystemPermission.Type type) throws GuacamoleException {

-        // Only an admin can read permissions that aren't his own
-        if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
-                || user.getUser().isAdministrator()) {
+        // Retrieve permissions only if allowed
+        if (canReadPermissions(user, targetUser)) {

            // Read permission from database, return null if not found
            SystemPermissionModel model = getPermissionMapper().selectOne(targetUser.getModel(), type);