From 32c09e9daebe9ac65740cf705e72f3aa00df6a0d Mon Sep 17 00:00:00 2001 From: James Muehlner Date: Fri, 16 Aug 2013 21:26:08 -0700 Subject: [PATCH] Ticket #395: Add automatic READ and UPDATE permissions to ROOT in the permission checks. --- .../mysql/service/PermissionCheckService.java | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java index 548f41756..5dad66795 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java @@ -548,6 +548,12 @@ public class PermissionCheckService { List connectionGroupIDs = new ArrayList(connectionGroupPermissions.size()); for(ConnectionGroupPermissionKey permission : connectionGroupPermissions) connectionGroupIDs.add(permission.getConnection_group_id()); + + // All users have implicit access to read and update the root group + if(MySQLConstants.CONNECTION_GROUP_READ.equals(permissionType) + && MySQLConstants.CONNECTION_GROUP_UPDATE.equals(permissionType) + && !checkParentID) + connectionGroupIDs.add(null); return connectionGroupIDs; @@ -751,6 +757,18 @@ public class PermissionCheckService { permissions.add(permission); } + + // All users have implict access to read the root connection group + permissions.add(new ConnectionGroupPermission( + ConnectionGroupPermission.Type.READ, + MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER + )); + + // All users have implict access to update the root connection group + permissions.add(new ConnectionGroupPermission( + ConnectionGroupPermission.Type.UPDATE, + MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER + )); return permissions;