From 3b7618a0305563a03eb5fe8422670bd592354597 Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Sun, 3 Mar 2013 21:58:41 -0800
Subject: [PATCH] Ticket #269: Only a system administrator can add system
 permissions.

---
 .../guacamole/net/auth/mysql/UserDirectory.java           | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
index 2e3f5c0b0..109b1060e 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
@@ -495,15 +495,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
      *                    have when this operation completes.
      */
     private void createSystemPermissions(int user_id,
-            Collection<SystemPermission> permissions) {
+            Collection<SystemPermission> permissions) throws GuacamoleException {
 
         // If no permissions given, stop now
         if(permissions.isEmpty())
             return;
 
+        // Only a system administrator can add system permissions.
+        permissionCheckService.verifySystemAccess(
+                this.user_id, SystemPermission.Type.ADMINISTER.name());
+
         // Insert all requested permissions
         for (SystemPermission permission : permissions) {
-
+            
             // Insert permission
             SystemPermissionKey newSystemPermission = new SystemPermissionKey();
             newSystemPermission.setUser_id(user_id);