mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
Ticket #269: Changed database permission enums from WRITE to UPDATE.
This commit is contained in:
James Muehlner
@@ -42,7 +42,7 @@ CREATE TABLE `guacamole_connection_parameter` (
|
|||||||
CREATE TABLE `guacamole_connection_permission` (
|
CREATE TABLE `guacamole_connection_permission` (
|
||||||
`user_id` int(11) NOT NULL,
|
`user_id` int(11) NOT NULL,
|
||||||
`connection_id` int(11) NOT NULL,
|
`connection_id` int(11) NOT NULL,
|
||||||
`permission` enum('READ','WRITE','DELETE','ADMINISTER') NOT NULL,
|
`permission` enum('READ','UPDATE','DELETE','ADMINISTER') NOT NULL,
|
||||||
PRIMARY KEY (`user_id`,`connection_id`,`permission`),
|
PRIMARY KEY (`user_id`,`connection_id`,`permission`),
|
||||||
CONSTRAINT `guacamole_connection_permission_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `guacamole_connection` (`connection_id`),
|
CONSTRAINT `guacamole_connection_permission_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `guacamole_connection` (`connection_id`),
|
||||||
CONSTRAINT `guacamole_connection_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`)
|
CONSTRAINT `guacamole_connection_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`)
|
||||||
@@ -66,7 +66,7 @@ CREATE TABLE `guacamole_system_permission` (
|
|||||||
CREATE TABLE `guacamole_user_permission` (
|
CREATE TABLE `guacamole_user_permission` (
|
||||||
`user_id` int(11) NOT NULL,
|
`user_id` int(11) NOT NULL,
|
||||||
`affected_user_id` int(11) NOT NULL,
|
`affected_user_id` int(11) NOT NULL,
|
||||||
`permission` enum('READ','WRITE','DELETE','ADMINISTER') NOT NULL,
|
`permission` enum('READ','UPDATE','DELETE','ADMINISTER') NOT NULL,
|
||||||
PRIMARY KEY (`user_id`,`affected_user_id`,`permission`),
|
PRIMARY KEY (`user_id`,`affected_user_id`,`permission`),
|
||||||
CONSTRAINT `guacamole_user_permission_ibfk_1` FOREIGN KEY (`affected_user_id`) REFERENCES `guacamole_user` (`user_id`),
|
CONSTRAINT `guacamole_user_permission_ibfk_1` FOREIGN KEY (`affected_user_id`) REFERENCES `guacamole_user` (`user_id`),
|
||||||
CONSTRAINT `guacamole_user_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`)
|
CONSTRAINT `guacamole_user_permission_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `guacamole_user` (`user_id`)
|
||||||
|
|||||||
@@ -35,37 +35,35 @@
|
|||||||
* ***** END LICENSE BLOCK ***** */
|
* ***** END LICENSE BLOCK ***** */
|
||||||
package net.sourceforge.guacamole.net.auth.mysql;
|
package net.sourceforge.guacamole.net.auth.mysql;
|
||||||
|
|
||||||
|
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
||||||
|
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||||
|
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
||||||
|
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constants relevant to the guacamole-auth-mysql project.
|
* A set of constants that useful for the MySQL-based authentication provider.
|
||||||
* @author James Muehlner
|
* @author James Muehlner
|
||||||
*/
|
*/
|
||||||
public interface MySQLConstants {
|
public final class MySQLConstants {
|
||||||
|
|
||||||
//*********** Permission Strings ***********
|
/**
|
||||||
// operations
|
* This class should not be instantiated.
|
||||||
public static final String CREATE = "CREATE";
|
*/
|
||||||
public static final String READ = "READ";
|
private MySQLConstants() {}
|
||||||
public static final String WRITE = "WRITE";
|
|
||||||
public static final String DELETE = "DELETE";
|
|
||||||
public static final String ADMINISTER = "ADMINISTER";
|
|
||||||
|
|
||||||
// used to separate operations from objects
|
// Permission constants
|
||||||
public static final String SEPARATOR = "_";
|
public static final String USER_READ = UserPermission.Type.READ.name();
|
||||||
|
public static final String USER_UPDATE = UserPermission.Type.UPDATE.name();
|
||||||
|
public static final String USER_DELETE = UserPermission.Type.DELETE.name();
|
||||||
|
public static final String USER_ADMINISTER = UserPermission.Type.ADMINISTER.name();
|
||||||
|
public static final String USER_CREATE = UserDirectoryPermission.Type.CREATE.name();
|
||||||
|
|
||||||
//object types
|
public static final String CONNECTION_READ = ConnectionPermission.Type.READ.name();
|
||||||
public static final String USER = "USER";
|
public static final String CONNECTION_UPDATE = ConnectionPermission.Type.UPDATE.name();
|
||||||
public static final String CONNECTION = "CONNECTION";
|
public static final String CONNECTION_DELETE = ConnectionPermission.Type.DELETE.name();
|
||||||
|
public static final String CONNECTION_ADMINISTER = ConnectionPermission.Type.ADMINISTER.name();
|
||||||
|
public static final String CONNECTION_CREATE = ConnectionDirectoryPermission.Type.CREATE.name();
|
||||||
|
|
||||||
//combinations
|
public static final String SYSTEM_USER_CREATE = "USER_CREATE";
|
||||||
public static final String CREATE_USER = CREATE + SEPARATOR + USER;
|
public static final String SYSTEM_CONNECTION_CREATE = "CONNECTION_CREATE";
|
||||||
public static final String READ_USER = READ + SEPARATOR + USER;
|
|
||||||
public static final String WRITE_USER = WRITE + SEPARATOR + USER;
|
|
||||||
public static final String DELETE_USER = DELETE + SEPARATOR + USER;
|
|
||||||
public static final String ADMINISTER_USER = ADMINISTER + SEPARATOR + USER;
|
|
||||||
|
|
||||||
public static final String CREATE_CONNECTION = CREATE + SEPARATOR + CONNECTION;
|
|
||||||
public static final String READ_CONNECTION = READ + SEPARATOR + CONNECTION;
|
|
||||||
public static final String WRITE_CONNECTION = WRITE + SEPARATOR + CONNECTION;
|
|
||||||
public static final String DELETE_CONNECTION = DELETE + SEPARATOR + CONNECTION;
|
|
||||||
public static final String ADMINISTER_CONNECTION = ADMINISTER + SEPARATOR + CONNECTION;
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -97,35 +97,35 @@ public class PermissionCheckUtility {
|
|||||||
Provider<MySQLConnection> mySQLConnectionProvider;
|
Provider<MySQLConnection> mySQLConnectionProvider;
|
||||||
|
|
||||||
public boolean checkUserReadAccess(int userID, int affectedUserID) {
|
public boolean checkUserReadAccess(int userID, int affectedUserID) {
|
||||||
return checkUserAccess(userID, affectedUserID, MySQLConstants.READ_USER);
|
return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserWriteAccess(int userID, int affectedUserID) {
|
public boolean checkUserUpdateAccess(int userID, int affectedUserID) {
|
||||||
return checkUserAccess(userID, affectedUserID, MySQLConstants.WRITE_USER);
|
return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserDeleteAccess(int userID, int affectedUserID) {
|
public boolean checkUserDeleteAccess(int userID, int affectedUserID) {
|
||||||
return checkUserAccess(userID, affectedUserID, MySQLConstants.DELETE_USER);
|
return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserAdministerAccess(int userID, int affectedUserID) {
|
public boolean checkUserAdministerAccess(int userID, int affectedUserID) {
|
||||||
return checkUserAccess(userID, affectedUserID, MySQLConstants.ADMINISTER_USER);
|
return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserReadAccess(int userID, String affectedUsername) {
|
public boolean checkUserReadAccess(int userID, String affectedUsername) {
|
||||||
return checkUserAccess(userID, affectedUsername, MySQLConstants.READ_USER);
|
return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserWriteAccess(int userID, String affectedUsername) {
|
public boolean checkUserUpdateAccess(int userID, String affectedUsername) {
|
||||||
return checkUserAccess(userID, affectedUsername, MySQLConstants.WRITE_USER);
|
return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserDeleteAccess(int userID, String affectedUsername) {
|
public boolean checkUserDeleteAccess(int userID, String affectedUsername) {
|
||||||
return checkUserAccess(userID, affectedUsername, MySQLConstants.DELETE_USER);
|
return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkUserAdministerAccess(int userID, String affectedUsername) {
|
public boolean checkUserAdministerAccess(int userID, String affectedUsername) {
|
||||||
return checkUserAccess(userID, affectedUsername, MySQLConstants.ADMINISTER_USER);
|
return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -163,7 +163,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all users this user has administer access to
|
* @return the list of all users this user has administer access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLUser> getAdministerableUsers(int userID) {
|
public List<MySQLUser> getAdministerableUsers(int userID) {
|
||||||
return getUsers(userID, MySQLConstants.ADMINISTER_USER);
|
return getUsers(userID, MySQLConstants.USER_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -172,7 +172,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all users this user has delete access to
|
* @return the list of all users this user has delete access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLUser> getDeletableUsers(int userID) {
|
public List<MySQLUser> getDeletableUsers(int userID) {
|
||||||
return getUsers(userID, MySQLConstants.DELETE_USER);
|
return getUsers(userID, MySQLConstants.USER_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -180,8 +180,8 @@ public class PermissionCheckUtility {
|
|||||||
* @param userID
|
* @param userID
|
||||||
* @return the list of all users this user has write access to
|
* @return the list of all users this user has write access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLUser> getWriteableleUsers(int userID) {
|
public List<MySQLUser> getUpdateableUsers(int userID) {
|
||||||
return getUsers(userID, MySQLConstants.WRITE_USER);
|
return getUsers(userID, MySQLConstants.USER_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -190,7 +190,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all users this user read has access to
|
* @return the list of all users this user read has access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLUser> getReadableUsers(int userID) {
|
public List<MySQLUser> getReadableUsers(int userID) {
|
||||||
return getUsers(userID, MySQLConstants.READ_USER);
|
return getUsers(userID, MySQLConstants.USER_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -234,35 +234,35 @@ public class PermissionCheckUtility {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionReadAccess(int userID, int affectedConnectionID) {
|
public boolean checkConnectionReadAccess(int userID, int affectedConnectionID) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.READ_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionWriteAccess(int userID, int affectedConnectionID) {
|
public boolean checkConnectionUpdateAccess(int userID, int affectedConnectionID) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.WRITE_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionDeleteAccess(int userID, int affectedConnectionID) {
|
public boolean checkConnectionDeleteAccess(int userID, int affectedConnectionID) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.DELETE_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionAdministerAccess(int userID, int affectedConnectionID) {
|
public boolean checkConnectionAdministerAccess(int userID, int affectedConnectionID) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.ADMINISTER_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionReadAccess(int userID, String affectedConnectionname) {
|
public boolean checkConnectionReadAccess(int userID, String affectedConnectionname) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.READ_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionWriteAccess(int userID, String affectedConnectionname) {
|
public boolean checkConnectionUpdateAccess(int userID, String affectedConnectionname) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.WRITE_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionDeleteAccess(int userID, String affectedConnectionname) {
|
public boolean checkConnectionDeleteAccess(int userID, String affectedConnectionname) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.DELETE_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionname) {
|
public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionname) {
|
||||||
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.ADMINISTER_CONNECTION);
|
return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -300,7 +300,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all connections this connection has administer access to
|
* @return the list of all connections this connection has administer access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLConnection> getAdministerableConnections(int userID) {
|
public List<MySQLConnection> getAdministerableConnections(int userID) {
|
||||||
return getConnections(userID, MySQLConstants.ADMINISTER_CONNECTION);
|
return getConnections(userID, MySQLConstants.CONNECTION_ADMINISTER);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -309,7 +309,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all connections this connection has delete access to
|
* @return the list of all connections this connection has delete access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLConnection> getDeletableConnections(int userID) {
|
public List<MySQLConnection> getDeletableConnections(int userID) {
|
||||||
return getConnections(userID, MySQLConstants.DELETE_CONNECTION);
|
return getConnections(userID, MySQLConstants.CONNECTION_DELETE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -317,8 +317,8 @@ public class PermissionCheckUtility {
|
|||||||
* @param connectionID
|
* @param connectionID
|
||||||
* @return the list of all connections this connection has write access to
|
* @return the list of all connections this connection has write access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLConnection> getWriteableleConnections(int userID) {
|
public List<MySQLConnection> getUpdateableConnections(int userID) {
|
||||||
return getConnections(userID, MySQLConstants.WRITE_CONNECTION);
|
return getConnections(userID, MySQLConstants.CONNECTION_UPDATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -327,7 +327,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return the list of all connections this connection read has access to
|
* @return the list of all connections this connection read has access to
|
||||||
*/
|
*/
|
||||||
public List<MySQLConnection> getReadableConnections(int userID) {
|
public List<MySQLConnection> getReadableConnections(int userID) {
|
||||||
return getConnections(userID, MySQLConstants.READ_CONNECTION);
|
return getConnections(userID, MySQLConstants.CONNECTION_READ);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -376,7 +376,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public boolean checkCreateUserPermission(int userID) {
|
public boolean checkCreateUserPermission(int userID) {
|
||||||
return checkSystemPermission(userID, MySQLConstants.CREATE_USER);
|
return checkSystemPermission(userID, MySQLConstants.SYSTEM_USER_CREATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -385,7 +385,7 @@ public class PermissionCheckUtility {
|
|||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public boolean checkCreateConnectionPermission(int userID) {
|
public boolean checkCreateConnectionPermission(int userID) {
|
||||||
return checkSystemPermission(userID, MySQLConstants.CREATE_CONNECTION);
|
return checkSystemPermission(userID, MySQLConstants.SYSTEM_CONNECTION_CREATE);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -434,7 +434,7 @@ public class PermissionCheckUtility {
|
|||||||
/**
|
/**
|
||||||
* Get all permissions a given user has.
|
* Get all permissions a given user has.
|
||||||
* @param userID
|
* @param userID
|
||||||
* @return
|
* @return all permissions a user has.
|
||||||
*/
|
*/
|
||||||
public Set<Permission> getAllPermissions(int userID) {
|
public Set<Permission> getAllPermissions(int userID) {
|
||||||
Set<Permission> allPermissions = new HashSet<Permission>();
|
Set<Permission> allPermissions = new HashSet<Permission>();
|
||||||
@@ -497,9 +497,9 @@ public class PermissionCheckUtility {
|
|||||||
List<SystemPermissionKey> systemPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
|
List<SystemPermissionKey> systemPermissions = systemPermissionDAO.selectByExample(systemPermissionExample);
|
||||||
for(SystemPermissionKey systemPermission : systemPermissions) {
|
for(SystemPermissionKey systemPermission : systemPermissions) {
|
||||||
SystemPermission newPermission = null;
|
SystemPermission newPermission = null;
|
||||||
if(systemPermission.getPermission().equals(MySQLConstants.CREATE_USER))
|
if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_USER_CREATE))
|
||||||
newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE);
|
newPermission = new UserDirectoryPermission(UserDirectoryPermission.Type.CREATE);
|
||||||
else if(systemPermission.getPermission().equals(MySQLConstants.CREATE_CONNECTION))
|
else if(systemPermission.getPermission().equals(MySQLConstants.SYSTEM_CONNECTION_CREATE))
|
||||||
newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE);
|
newPermission = new ConnectionDirectoryPermission(ConnectionDirectoryPermission.Type.CREATE);
|
||||||
|
|
||||||
if(newPermission != null)
|
if(newPermission != null)
|
||||||
|
|||||||
Reference in New Issue
Block a user