From 13fa327ba423c52f11f781294f06449b76f8fd4d Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Wed, 13 May 2015 21:50:20 -0700
Subject: [PATCH] GUAC-1188 Use canReadPermissions() - do not reimplement
 permission checks.

---
 .../auth/jdbc/permission/SystemPermissionService.java        | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
index 47a0c1795..a30f9302a 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -151,9 +151,8 @@ public class SystemPermissionService
     public SystemPermission retrievePermission(AuthenticatedUser user,
             ModeledUser targetUser, SystemPermission.Type type) throws GuacamoleException {
 
-        // Only an admin can read permissions that aren't his own
-        if (user.getUser().getIdentifier().equals(targetUser.getIdentifier())
-                || user.getUser().isAdministrator()) {
+        // Retrieve permissions only if allowed
+        if (canReadPermissions(user, targetUser)) {
 
             // Read permission from database, return null if not found
             SystemPermissionModel model = getPermissionMapper().selectOne(targetUser.getModel(), type);