GUAC-1132: Add active connection permission support to JavaScript permission services and related types.

guacamole/src/main/webapp/app/rest/services/activeConnectionService.js

@@ -33,18 +33,29 @@ angular.module('rest').factory('activeConnectionService', ['$http', 'authenticat
      * returning a promise that provides a map of @link{ActiveConnection}
      * objects if successful.
      *
+     * @param {String[]} [permissionTypes]
+     *     The set of permissions to filter with. A user must have one or more
+     *     of these permissions for an active connection to appear in the
+     *     result.  If null, no filtering will be performed. Valid values are
+     *     listed within PermissionSet.ObjectType.
+     *                          
+
      * @returns {Promise.<Object.<String, ActiveConnection>>}
      *     A promise which will resolve with a map of @link{ActiveConnection}
      *     objects, where each key is the identifier of the corresponding
      *     active connection.
      */
-    service.getActiveConnections = function getActiveConnections() {
+    service.getActiveConnections = function getActiveConnections(permissionTypes) {
 
         // Build HTTP parameters set
         var httpParameters = {
             token : authenticationService.getCurrentToken()
         };
 
+        // Add permission filter if specified
+        if (permissionTypes)
+            httpParameters.permission = permissionTypes;
+
         // Retrieve tunnels
         return $http({
             method  : 'GET',

guacamole/src/main/webapp/app/rest/services/permissionService.js

@@ -153,6 +153,10 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
         addObjectPatchOperations(patch, operation, "/connectionGroupPermissions",
             permissions.connectionGroupPermissions);
 
+        // Add active connection permission operations to patch
+        addObjectPatchOperations(patch, operation, "/activeConnectionPermissions",
+            permissions.activeConnectionPermissions);
+
         // Add user permission operations to patch
         addObjectPatchOperations(patch, operation, "/userPermissions",
             permissions.userPermissions);

guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js

@@ -90,6 +90,25 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
             'ADMINISTER' : {}
         };
 
+        /**
+         * The granted state of each permission for each active connection, as
+         * a map of object permission type string to permission map. The
+         * permission map is, in turn, a map of active connection identifier to
+         * boolean value. A particular permission is granted if its
+         * corresponding boolean value is set to true. Valid permission type
+         * strings are defined within PermissionSet.ObjectPermissionType.
+         * Permissions which are not granted may be set to false, but this is
+         * not required.
+         * 
+         * @type Object.<String, Object.<String, Boolean>>
+         */
+        this.activeConnectionPermissions = template.activeConnectionPermissions || {
+            'READ'       : {},
+            'UPDATE'     : {},
+            'DELETE'     : {},
+            'ADMINISTER' : {}
+        };
+
         /**
          * The granted state of each permission for each user, as a map of
          * object permission type string to permission map. The permission map
@@ -110,6 +129,20 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
 
     };
 
+    /**
+     * Iterates through all permissions in the given permission map, setting
+     * the corresponding permission flags in the given permission flag map.
+     *
+     * @param {Object.<String, String[]>} permMap
+     *     Map of object identifiers to the set of granted permissions. Each
+     *     permission is represented by a string listed within
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {Object.<String, Object.<String, Boolean>>} flagMap
+     *     Map of permission type strings to identifier/flag pairs representing
+     *     whether the permission of that type is granted for the object having
+     *     having the associated identifier.
+     */
     var addObjectPermissions = function addObjectPermissions(permMap, flagMap) {
 
         // For each defined identifier in the permission map
@@ -158,6 +191,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
         // Add all granted connection group permissions
         addObjectPermissions(permissionSet.connectionGroupPermissions, permissionFlagSet.connectionGroupPermissions);
 
+        // Add all granted active connection permissions
+        addObjectPermissions(permissionSet.activeConnectionPermissions, permissionFlagSet.activeConnectionPermissions);
+
         // Add all granted user permissions
         addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions);
 

guacamole/src/main/webapp/app/rest/types/PermissionSet.js

@@ -57,6 +57,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
          */
         this.connectionGroupPermissions = template.connectionGroupPermissions || {};
         
+        /**
+         * Map of active connection identifiers to the corresponding array of
+         * granted permissions. Each permission is represented by a string
+         * listed within PermissionSet.ObjectPermissionType.
+         *
+         * @type Object.<String, String[]>
+         */
+        this.activeConnectionPermissions = template.activeConnectionPermissions || {};
+        
         /**
          * Map of user identifiers to the corresponding array of granted
          * permissions. Each permission is represented by a string listed
@@ -237,6 +246,28 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
         return hasPermission(permSet.connectionGroupPermissions, type, identifier);
     };
 
+    /**
+     * Returns whether the given permission is granted for the active
+     * connection having the given ID.
+     *
+     * @param {PermissionSet|Object} permSet
+     *     The permission set to check.
+     *
+     * @param {String} type
+     *     The permission to search for, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *     
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission is present (granted), false otherwise.
+     */
+    PermissionSet.hasActiveConnectionPermission = function hasActiveConnectionPermission(permSet, type, identifier) {
+        return hasPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
     /**
      * Returns whether the given permission is granted for the user having the 
      * given ID.
@@ -507,6 +538,55 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
         return removeObjectPermission(permSet.connectionGroupPermissions, type, identifier);
     };
 
+    /**
+     * Adds the given active connection permission applying to the connection
+     * group with the given ID to the given permission set, if not already
+     * present. If the permission is already present, this function has no
+     * effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to add, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was added, false if the permission was
+     *     already present in the given permission set.
+     */
+    PermissionSet.addActiveConnectionPermission = function addActiveConnectionPermission(permSet, type, identifier) {
+        return addObjectPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
+    /**
+     * Removes the given active connection permission applying to the
+     * connection group with the given ID from the given permission set, if
+     * present. If the permission is not present, this function has no effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to remove, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was removed, false if the permission was not
+     *     present in the given permission set.
+     */
+    PermissionSet.removeActiveConnectionPermission = function removeActiveConnectionPermission(permSet, type, identifier) {
+        return removeObjectPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
     /**
      * Adds the given user permission applying to the user with the given ID to
      * the given permission set, if not already present. If the permission is