GUAC-1132: Add active connection permission support to JavaScript permission services and related types.

2025-09-06 13:17:41 +00:00 · 2015-03-20 21:32:47 -07:00
parent d4ec7a3ab7
commit 328ecb1f9c
4 changed files with 132 additions and 1 deletions
--- a/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js
+++ b/guacamole/src/main/webapp/app/rest/services/activeConnectionService.js
@@ -33,18 +33,29 @@ angular.module('rest').factory('activeConnectionService', ['$http', 'authenticat
     * returning a promise that provides a map of @link{ActiveConnection}
     * objects if successful.
     *
+     * @param {String[]} [permissionTypes]
+     *     The set of permissions to filter with. A user must have one or more
+     *     of these permissions for an active connection to appear in the
+     *     result.  If null, no filtering will be performed. Valid values are
+     *     listed within PermissionSet.ObjectType.
+     *                          
+
     * @returns {Promise.<Object.<String, ActiveConnection>>}
     *     A promise which will resolve with a map of @link{ActiveConnection}
     *     objects, where each key is the identifier of the corresponding
     *     active connection.
     */
-    service.getActiveConnections = function getActiveConnections() {
+    service.getActiveConnections = function getActiveConnections(permissionTypes) {

        // Build HTTP parameters set
        var httpParameters = {
            token : authenticationService.getCurrentToken()
        };

+        // Add permission filter if specified
+        if (permissionTypes)
+            httpParameters.permission = permissionTypes;
+
        // Retrieve tunnels
        return $http({
            method  : 'GET',
--- a/guacamole/src/main/webapp/app/rest/services/permissionService.js
+++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js
@@ -153,6 +153,10 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
        addObjectPatchOperations(patch, operation, "/connectionGroupPermissions",
            permissions.connectionGroupPermissions);

+        // Add active connection permission operations to patch
+        addObjectPatchOperations(patch, operation, "/activeConnectionPermissions",
+            permissions.activeConnectionPermissions);
+
        // Add user permission operations to patch
        addObjectPatchOperations(patch, operation, "/userPermissions",
            permissions.userPermissions);
--- a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js
+++ b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js
@@ -90,6 +90,25 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
            'ADMINISTER' : {}
        };

+        /**
+         * The granted state of each permission for each active connection, as
+         * a map of object permission type string to permission map. The
+         * permission map is, in turn, a map of active connection identifier to
+         * boolean value. A particular permission is granted if its
+         * corresponding boolean value is set to true. Valid permission type
+         * strings are defined within PermissionSet.ObjectPermissionType.
+         * Permissions which are not granted may be set to false, but this is
+         * not required.
+         * 
+         * @type Object.<String, Object.<String, Boolean>>
+         */
+        this.activeConnectionPermissions = template.activeConnectionPermissions || {
+            'READ'       : {},
+            'UPDATE'     : {},
+            'DELETE'     : {},
+            'ADMINISTER' : {}
+        };
+
        /**
         * The granted state of each permission for each user, as a map of
         * object permission type string to permission map. The permission map
@@ -110,6 +129,20 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',

    };

+    /**
+     * Iterates through all permissions in the given permission map, setting
+     * the corresponding permission flags in the given permission flag map.
+     *
+     * @param {Object.<String, String[]>} permMap
+     *     Map of object identifiers to the set of granted permissions. Each
+     *     permission is represented by a string listed within
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {Object.<String, Object.<String, Boolean>>} flagMap
+     *     Map of permission type strings to identifier/flag pairs representing
+     *     whether the permission of that type is granted for the object having
+     *     having the associated identifier.
+     */
    var addObjectPermissions = function addObjectPermissions(permMap, flagMap) {

        // For each defined identifier in the permission map
@@ -158,6 +191,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
        // Add all granted connection group permissions
        addObjectPermissions(permissionSet.connectionGroupPermissions, permissionFlagSet.connectionGroupPermissions);

+        // Add all granted active connection permissions
+        addObjectPermissions(permissionSet.activeConnectionPermissions, permissionFlagSet.activeConnectionPermissions);
+
        // Add all granted user permissions
        addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions);

--- a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js
+++ b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js
@@ -57,6 +57,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
         */
        this.connectionGroupPermissions = template.connectionGroupPermissions || {};
        
+        /**
+         * Map of active connection identifiers to the corresponding array of
+         * granted permissions. Each permission is represented by a string
+         * listed within PermissionSet.ObjectPermissionType.
+         *
+         * @type Object.<String, String[]>
+         */
+        this.activeConnectionPermissions = template.activeConnectionPermissions || {};
+        
        /**
         * Map of user identifiers to the corresponding array of granted
         * permissions. Each permission is represented by a string listed
@@ -237,6 +246,28 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
        return hasPermission(permSet.connectionGroupPermissions, type, identifier);
    };

+    /**
+     * Returns whether the given permission is granted for the active
+     * connection having the given ID.
+     *
+     * @param {PermissionSet|Object} permSet
+     *     The permission set to check.
+     *
+     * @param {String} type
+     *     The permission to search for, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *     
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission is present (granted), false otherwise.
+     */
+    PermissionSet.hasActiveConnectionPermission = function hasActiveConnectionPermission(permSet, type, identifier) {
+        return hasPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
    /**
     * Returns whether the given permission is granted for the user having the 
     * given ID.
@@ -507,6 +538,55 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
        return removeObjectPermission(permSet.connectionGroupPermissions, type, identifier);
    };

+    /**
+     * Adds the given active connection permission applying to the connection
+     * group with the given ID to the given permission set, if not already
+     * present. If the permission is already present, this function has no
+     * effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to add, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was added, false if the permission was
+     *     already present in the given permission set.
+     */
+    PermissionSet.addActiveConnectionPermission = function addActiveConnectionPermission(permSet, type, identifier) {
+        return addObjectPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
+    /**
+     * Removes the given active connection permission applying to the
+     * connection group with the given ID from the given permission set, if
+     * present. If the permission is not present, this function has no effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to remove, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the active connection to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was removed, false if the permission was not
+     *     present in the given permission set.
+     */
+    PermissionSet.removeActiveConnectionPermission = function removeActiveConnectionPermission(permSet, type, identifier) {
+        return removeObjectPermission(permSet.activeConnectionPermissions, type, identifier);
+    };
+
    /**
     * Adds the given user permission applying to the user with the given ID to
     * the given permission set, if not already present. If the permission is