From 328ecb1f9c38eea0fe5846839f8c0dc68f04faf1 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 20 Mar 2015 21:32:47 -0700 Subject: [PATCH] GUAC-1132: Add active connection permission support to JavaScript permission services and related types. --- .../rest/services/activeConnectionService.js | 13 ++- .../app/rest/services/permissionService.js | 4 + .../app/rest/types/PermissionFlagSet.js | 36 +++++++++ .../webapp/app/rest/types/PermissionSet.js | 80 +++++++++++++++++++ 4 files changed, 132 insertions(+), 1 deletion(-) diff --git a/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js b/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js index f086e3a11..a96ebdf3f 100644 --- a/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js +++ b/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js @@ -33,18 +33,29 @@ angular.module('rest').factory('activeConnectionService', ['$http', 'authenticat * returning a promise that provides a map of @link{ActiveConnection} * objects if successful. * + * @param {String[]} [permissionTypes] + * The set of permissions to filter with. A user must have one or more + * of these permissions for an active connection to appear in the + * result. If null, no filtering will be performed. Valid values are + * listed within PermissionSet.ObjectType. + * + * @returns {Promise.>} * A promise which will resolve with a map of @link{ActiveConnection} * objects, where each key is the identifier of the corresponding * active connection. */ - service.getActiveConnections = function getActiveConnections() { + service.getActiveConnections = function getActiveConnections(permissionTypes) { // Build HTTP parameters set var httpParameters = { token : authenticationService.getCurrentToken() }; + // Add permission filter if specified + if (permissionTypes) + httpParameters.permission = permissionTypes; + // Retrieve tunnels return $http({ method : 'GET', diff --git a/guacamole/src/main/webapp/app/rest/services/permissionService.js b/guacamole/src/main/webapp/app/rest/services/permissionService.js index 57760191d..803afcf8e 100644 --- a/guacamole/src/main/webapp/app/rest/services/permissionService.js +++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js @@ -153,6 +153,10 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer addObjectPatchOperations(patch, operation, "/connectionGroupPermissions", permissions.connectionGroupPermissions); + // Add active connection permission operations to patch + addObjectPatchOperations(patch, operation, "/activeConnectionPermissions", + permissions.activeConnectionPermissions); + // Add user permission operations to patch addObjectPatchOperations(patch, operation, "/userPermissions", permissions.userPermissions); diff --git a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js index 876f6bb20..598594812 100644 --- a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js +++ b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js @@ -90,6 +90,25 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', 'ADMINISTER' : {} }; + /** + * The granted state of each permission for each active connection, as + * a map of object permission type string to permission map. The + * permission map is, in turn, a map of active connection identifier to + * boolean value. A particular permission is granted if its + * corresponding boolean value is set to true. Valid permission type + * strings are defined within PermissionSet.ObjectPermissionType. + * Permissions which are not granted may be set to false, but this is + * not required. + * + * @type Object.> + */ + this.activeConnectionPermissions = template.activeConnectionPermissions || { + 'READ' : {}, + 'UPDATE' : {}, + 'DELETE' : {}, + 'ADMINISTER' : {} + }; + /** * The granted state of each permission for each user, as a map of * object permission type string to permission map. The permission map @@ -110,6 +129,20 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', }; + /** + * Iterates through all permissions in the given permission map, setting + * the corresponding permission flags in the given permission flag map. + * + * @param {Object.} permMap + * Map of object identifiers to the set of granted permissions. Each + * permission is represented by a string listed within + * PermissionSet.ObjectPermissionType. + * + * @param {Object.>} flagMap + * Map of permission type strings to identifier/flag pairs representing + * whether the permission of that type is granted for the object having + * having the associated identifier. + */ var addObjectPermissions = function addObjectPermissions(permMap, flagMap) { // For each defined identifier in the permission map @@ -158,6 +191,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', // Add all granted connection group permissions addObjectPermissions(permissionSet.connectionGroupPermissions, permissionFlagSet.connectionGroupPermissions); + // Add all granted active connection permissions + addObjectPermissions(permissionSet.activeConnectionPermissions, permissionFlagSet.activeConnectionPermissions); + // Add all granted user permissions addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions); diff --git a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js index 869f14523..7f61f3d02 100644 --- a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js +++ b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js @@ -57,6 +57,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() */ this.connectionGroupPermissions = template.connectionGroupPermissions || {}; + /** + * Map of active connection identifiers to the corresponding array of + * granted permissions. Each permission is represented by a string + * listed within PermissionSet.ObjectPermissionType. + * + * @type Object. + */ + this.activeConnectionPermissions = template.activeConnectionPermissions || {}; + /** * Map of user identifiers to the corresponding array of granted * permissions. Each permission is represented by a string listed @@ -237,6 +246,28 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() return hasPermission(permSet.connectionGroupPermissions, type, identifier); }; + /** + * Returns whether the given permission is granted for the active + * connection having the given ID. + * + * @param {PermissionSet|Object} permSet + * The permission set to check. + * + * @param {String} type + * The permission to search for, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the active connection to which the permission + * applies. + * + * @returns {Boolean} + * true if the permission is present (granted), false otherwise. + */ + PermissionSet.hasActiveConnectionPermission = function hasActiveConnectionPermission(permSet, type, identifier) { + return hasPermission(permSet.activeConnectionPermissions, type, identifier); + }; + /** * Returns whether the given permission is granted for the user having the * given ID. @@ -507,6 +538,55 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() return removeObjectPermission(permSet.connectionGroupPermissions, type, identifier); }; + /** + * Adds the given active connection permission applying to the connection + * group with the given ID to the given permission set, if not already + * present. If the permission is already present, this function has no + * effect. + * + * @param {PermissionSet} permSet + * The permission set to modify. + * + * @param {String} type + * The permission to add, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the active connection to which the permission + * applies. + * + * @returns {Boolean} + * true if the permission was added, false if the permission was + * already present in the given permission set. + */ + PermissionSet.addActiveConnectionPermission = function addActiveConnectionPermission(permSet, type, identifier) { + return addObjectPermission(permSet.activeConnectionPermissions, type, identifier); + }; + + /** + * Removes the given active connection permission applying to the + * connection group with the given ID from the given permission set, if + * present. If the permission is not present, this function has no effect. + * + * @param {PermissionSet} permSet + * The permission set to modify. + * + * @param {String} type + * The permission to remove, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the active connection to which the permission + * applies. + * + * @returns {Boolean} + * true if the permission was removed, false if the permission was not + * present in the given permission set. + */ + PermissionSet.removeActiveConnectionPermission = function removeActiveConnectionPermission(permSet, type, identifier) { + return removeObjectPermission(permSet.activeConnectionPermissions, type, identifier); + }; + /** * Adds the given user permission applying to the user with the given ID to * the given permission set, if not already present. If the permission is