mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 05:07:41 +00:00
Ticket #263: Finalizing changes.
This commit is contained in:
James Muehlner
@@ -48,6 +48,7 @@ import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameter;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameterExample;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
|
||||
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
|
||||
@@ -83,6 +84,12 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
@Inject
|
||||
private ConnectionService connectionService;
|
||||
|
||||
/**
|
||||
* Service managing connection groups.
|
||||
*/
|
||||
@Inject
|
||||
private ConnectionGroupService connectionGroupService;
|
||||
|
||||
/**
|
||||
* Service for manipulating connection permissions in the database.
|
||||
*/
|
||||
@@ -108,11 +115,18 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
|
||||
@Transactional
|
||||
@Override
|
||||
public Connection get(String name) throws GuacamoleException {
|
||||
public Connection get(String identifier) throws GuacamoleException {
|
||||
|
||||
// Get connection
|
||||
MySQLConnection connection =
|
||||
connectionService.retrieveConnection(name, parentID, user_id);
|
||||
connectionService.retrieveConnection(identifier, user_id);
|
||||
|
||||
if(connection == null)
|
||||
return null;
|
||||
|
||||
// Verify permission to use the parent connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(connection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify access is granted
|
||||
permissionCheckService.verifyConnectionAccess(
|
||||
@@ -133,7 +147,7 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
return permissionCheckService.retrieveConnectionNames(user_id,
|
||||
return permissionCheckService.retrieveConnectionIdentifiers(user_id,
|
||||
parentID, MySQLConstants.CONNECTION_READ);
|
||||
}
|
||||
|
||||
@@ -141,9 +155,9 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
@Override
|
||||
public void add(Connection object) throws GuacamoleException {
|
||||
|
||||
String identifier = object.getIdentifier().trim();
|
||||
if(identifier.isEmpty())
|
||||
throw new GuacamoleClientException("The connection identifier cannot be blank.");
|
||||
String name = object.getName().trim();
|
||||
if(name.isEmpty())
|
||||
throw new GuacamoleClientException("The connection name cannot be blank.");
|
||||
|
||||
// Verify permission to create
|
||||
permissionCheckService.verifySystemAccess(this.user_id,
|
||||
@@ -157,16 +171,15 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify that no connection already exists with this identifier.
|
||||
// Verify that no connection already exists with this name.
|
||||
MySQLConnection previousConnection =
|
||||
connectionService.retrieveConnection(identifier, user_id, parentID);
|
||||
connectionService.retrieveConnection(name, user_id, parentID);
|
||||
if(previousConnection != null)
|
||||
throw new GuacamoleClientException("That connection identifier is already in use.");
|
||||
throw new GuacamoleClientException("That connection name is already in use.");
|
||||
|
||||
// Create connection
|
||||
MySQLConnection connection = connectionService.createConnection(
|
||||
identifier, object.getConfiguration().getProtocol(),
|
||||
user_id);
|
||||
name, object.getConfiguration().getProtocol(), user_id);
|
||||
|
||||
// Add connection parameters
|
||||
createConfigurationValues(connection.getConnectionID(),
|
||||
@@ -258,7 +271,14 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
|
||||
// Get connection
|
||||
MySQLConnection mySQLConnection =
|
||||
connectionService.retrieveConnection(identifier, parentID, user_id);
|
||||
connectionService.retrieveConnection(identifier, user_id);
|
||||
|
||||
if(mySQLConnection == null)
|
||||
throw new GuacamoleException("Connection not found.");
|
||||
|
||||
// Verify permission to use the parent connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(mySQLConnection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to delete
|
||||
permissionCheckService.verifyConnectionAccess(this.user_id,
|
||||
@@ -270,4 +290,50 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Get connection
|
||||
MySQLConnection mySQLConnection =
|
||||
connectionService.retrieveConnection(identifier, user_id);
|
||||
|
||||
if(mySQLConnection == null)
|
||||
throw new GuacamoleException("Connection not found.");
|
||||
|
||||
// Verify permission to update the connection
|
||||
permissionCheckService.verifyConnectionAccess(this.user_id,
|
||||
mySQLConnection.getConnectionID(),
|
||||
MySQLConstants.CONNECTION_UPDATE);
|
||||
|
||||
// Verify permission to use the from connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(mySQLConnection.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to update the from connection group
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
mySQLConnection.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
Integer toConnectionGroupID;
|
||||
if(groupIdentifier.equals(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER))
|
||||
toConnectionGroupID = null;
|
||||
try {
|
||||
toConnectionGroupID = Integer.valueOf(groupIdentifier);
|
||||
} catch(NumberFormatException e) {
|
||||
throw new GuacamoleException("Invalid connection group identifier.");
|
||||
}
|
||||
|
||||
// Verify permission to use the to connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(toConnectionGroupID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to update the to connection group
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
// Update the connection
|
||||
mySQLConnection.setParentID(toConnectionGroupID);
|
||||
connectionService.updateConnection(mySQLConnection);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -41,17 +41,12 @@ import com.google.inject.Inject;
|
||||
import java.util.Set;
|
||||
import net.sourceforge.guacamole.GuacamoleClientException;
|
||||
import net.sourceforge.guacamole.GuacamoleException;
|
||||
import net.sourceforge.guacamole.net.auth.Connection;
|
||||
import net.sourceforge.guacamole.net.auth.ConnectionGroup;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionParameterMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameter;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionParameterExample;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionPermissionKey;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupPermissionKey;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
|
||||
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
|
||||
import org.mybatis.guice.transactional.Transactional;
|
||||
|
||||
/**
|
||||
@@ -85,24 +80,36 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
|
||||
private ConnectionGroupService connectionGroupService;
|
||||
|
||||
/**
|
||||
* Service for manipulating connection permissions in the database.
|
||||
* Service for manipulating connection group permissions in the database.
|
||||
*/
|
||||
@Inject
|
||||
private ConnectionPermissionMapper connectionPermissionDAO;
|
||||
private ConnectionGroupPermissionMapper connectionGroupPermissionDAO;
|
||||
|
||||
/**
|
||||
* Service for manipulating connection parameters in the database.
|
||||
* Set the user and parentID for this directory.
|
||||
*
|
||||
* @param user_id The ID of the user owning this connection group directory.
|
||||
* @param parentID The ID of the parent connection group.
|
||||
*/
|
||||
@Inject
|
||||
private ConnectionParameterMapper connectionParameterDAO;
|
||||
public void init(int user_id, Integer parentID) {
|
||||
this.parentID = parentID;
|
||||
this.user_id = user_id;
|
||||
}
|
||||
|
||||
@Transactional
|
||||
@Override
|
||||
public ConnectionGroup get(String name) throws GuacamoleException {
|
||||
public ConnectionGroup get(String identifier) throws GuacamoleException {
|
||||
|
||||
// Get connection
|
||||
MySQLConnectionGroup connectionGroup =
|
||||
connectionGroupService.retrieveConnectionGroup(name, parentID, user_id);
|
||||
connectionGroupService.retrieveConnectionGroup(identifier, user_id);
|
||||
|
||||
if(connectionGroup == null)
|
||||
return null;
|
||||
|
||||
// Verify permission to use the parent connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(connectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify access is granted
|
||||
permissionCheckService.verifyConnectionGroupAccess(
|
||||
@@ -123,24 +130,156 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
return permissionCheckService.retrieveConnectionGroupNames(user_id,
|
||||
return permissionCheckService.retrieveConnectionGroupIdentifiers(user_id,
|
||||
parentID, MySQLConstants.CONNECTION_GROUP_READ);
|
||||
}
|
||||
|
||||
@Transactional
|
||||
@Override
|
||||
public void add(ConnectionGroup object) throws GuacamoleException {
|
||||
throw new UnsupportedOperationException("Not supported yet.");
|
||||
|
||||
String name = object.getName().trim();
|
||||
if(name.isEmpty())
|
||||
throw new GuacamoleClientException("The connection group name cannot be blank.");
|
||||
|
||||
// Verify permission to create
|
||||
permissionCheckService.verifySystemAccess(this.user_id,
|
||||
MySQLConstants.SYSTEM_CONNECTION_GROUP_CREATE);
|
||||
|
||||
// Verify permission to edit the parent connection group
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
this.parentID, MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
// Verify permission to use the parent connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(parentID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify that no connection already exists with this name.
|
||||
MySQLConnectionGroup previousConnectionGroup =
|
||||
connectionGroupService.retrieveConnectionGroup(name, user_id, parentID);
|
||||
if(previousConnectionGroup != null)
|
||||
throw new GuacamoleClientException("That connection group name is already in use.");
|
||||
|
||||
// Create connection group
|
||||
MySQLConnectionGroup connectionGroup = connectionGroupService
|
||||
.createConnectionGroup(name, user_id);
|
||||
|
||||
// Finally, give the current user full access to the newly created
|
||||
// connection group.
|
||||
ConnectionGroupPermissionKey newConnectionGroupPermission = new ConnectionGroupPermissionKey();
|
||||
newConnectionGroupPermission.setUser_id(this.user_id);
|
||||
newConnectionGroupPermission.setConnection_group_id(connectionGroup.getConnectionGroupID());
|
||||
|
||||
// Read permission
|
||||
newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_READ);
|
||||
connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
|
||||
|
||||
// Update permission
|
||||
newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
|
||||
|
||||
// Delete permission
|
||||
newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_DELETE);
|
||||
connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
|
||||
|
||||
// Administer permission
|
||||
newConnectionGroupPermission.setPermission(MySQLConstants.CONNECTION_GROUP_ADMINISTER);
|
||||
connectionGroupPermissionDAO.insert(newConnectionGroupPermission);
|
||||
|
||||
}
|
||||
|
||||
@Transactional
|
||||
@Override
|
||||
public void update(ConnectionGroup object) throws GuacamoleException {
|
||||
throw new UnsupportedOperationException("Not supported yet.");
|
||||
|
||||
// If connection not actually from this auth provider, we can't handle
|
||||
// the update
|
||||
if (!(object instanceof MySQLConnectionGroup))
|
||||
throw new GuacamoleException("Connection not from database.");
|
||||
|
||||
MySQLConnectionGroup mySQLConnectionGroup = (MySQLConnectionGroup) object;
|
||||
|
||||
// Verify permission to update
|
||||
permissionCheckService.verifyConnectionAccess(this.user_id,
|
||||
mySQLConnectionGroup.getConnectionGroupID(),
|
||||
MySQLConstants.CONNECTION_UPDATE);
|
||||
|
||||
// Perform update
|
||||
connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
|
||||
}
|
||||
|
||||
@Transactional
|
||||
@Override
|
||||
public void remove(String identifier) throws GuacamoleException {
|
||||
|
||||
// Get connection
|
||||
MySQLConnectionGroup mySQLConnectionGroup =
|
||||
connectionGroupService.retrieveConnectionGroup(identifier, user_id);
|
||||
|
||||
if(mySQLConnectionGroup == null)
|
||||
throw new GuacamoleException("Connection group not found.");
|
||||
|
||||
// Verify permission to use the parent connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(mySQLConnectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to delete
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
mySQLConnectionGroup.getConnectionGroupID(),
|
||||
MySQLConstants.CONNECTION_GROUP_DELETE);
|
||||
|
||||
// Delete the connection group itself
|
||||
connectionGroupService.deleteConnectionGroup
|
||||
(mySQLConnectionGroup.getConnectionGroupID());
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void remove(String identifier) throws GuacamoleException {
|
||||
throw new UnsupportedOperationException("Not supported yet.");
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Get connection
|
||||
MySQLConnectionGroup mySQLConnectionGroup =
|
||||
connectionGroupService.retrieveConnectionGroup(identifier, user_id);
|
||||
|
||||
if(mySQLConnectionGroup == null)
|
||||
throw new GuacamoleException("Connection not found.");
|
||||
|
||||
// Verify permission to update the connection
|
||||
permissionCheckService.verifyConnectionAccess(this.user_id,
|
||||
mySQLConnectionGroup.getConnectionGroupID(),
|
||||
MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
// Verify permission to use the from connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(mySQLConnectionGroup.getParentID(), user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to update the from connection group
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
mySQLConnectionGroup.getParentID(), MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
Integer toConnectionGroupID;
|
||||
if(groupIdentifier.equals(MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER))
|
||||
toConnectionGroupID = null;
|
||||
try {
|
||||
toConnectionGroupID = Integer.valueOf(groupIdentifier);
|
||||
} catch(NumberFormatException e) {
|
||||
throw new GuacamoleException("Invalid connection group identifier.");
|
||||
}
|
||||
|
||||
// Verify permission to use the to connection group for organizational purposes
|
||||
permissionCheckService.verifyConnectionGroupUsageAccess
|
||||
(toConnectionGroupID, user_id, MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL);
|
||||
|
||||
// Verify permission to update the to connection group
|
||||
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
|
||||
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
|
||||
|
||||
// Update the connection
|
||||
mySQLConnectionGroup.setParentID(toConnectionGroupID);
|
||||
connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -46,7 +46,6 @@ import net.sourceforge.guacamole.net.auth.Connection;
|
||||
import net.sourceforge.guacamole.net.auth.ConnectionGroup;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionGroupService;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.ConnectionService;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.service.PermissionCheckService;
|
||||
import net.sourceforge.guacamole.protocol.GuacamoleClientInformation;
|
||||
|
||||
@@ -86,12 +85,6 @@ public class MySQLConnectionGroup extends AbstractConnectionGroup {
|
||||
*/
|
||||
private ConnectionGroupDirectory connectionGroupDirectory = null;
|
||||
|
||||
/**
|
||||
* Service managing connections.
|
||||
*/
|
||||
@Inject
|
||||
private ConnectionService connectionService;
|
||||
|
||||
/**
|
||||
* Service managing connection groups.
|
||||
*/
|
||||
@@ -174,7 +167,7 @@ public class MySQLConnectionGroup extends AbstractConnectionGroup {
|
||||
connectionDirectory.init(userID, parentID);
|
||||
|
||||
connectionGroupDirectory = connectionGroupDirectoryProvider.get();
|
||||
//connectionGroupDirectory.init(userID, parentID);
|
||||
connectionGroupDirectory.init(userID, parentID);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -132,6 +132,11 @@ public final class MySQLConstants {
|
||||
*/
|
||||
public static final String CONNECTION_GROUP_ORGANIZATIONAL =
|
||||
"ORGANIZATIONAL";
|
||||
|
||||
/**
|
||||
* The identifier used to mark the root connection group.
|
||||
*/
|
||||
public static final String CONNECTION_GROUP_ROOT_IDENTIFIER = "ROOT";
|
||||
|
||||
/**
|
||||
* The string stored in the database to represent permission to create
|
||||
@@ -145,6 +150,12 @@ public final class MySQLConstants {
|
||||
*/
|
||||
public static final String SYSTEM_CONNECTION_CREATE = "CREATE_CONNECTION";
|
||||
|
||||
/**
|
||||
* The string stored in the database to represent permission to create
|
||||
* connection groups.
|
||||
*/
|
||||
public static final String SYSTEM_CONNECTION_GROUP_CREATE = "CREATE_CONNECTION_GROUP";
|
||||
|
||||
/**
|
||||
* The string stored in the database to represent permission to administer
|
||||
* the system as a whole.
|
||||
|
||||
@@ -39,7 +39,6 @@ package net.sourceforge.guacamole.net.auth.mysql;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import net.sourceforge.guacamole.GuacamoleException;
|
||||
import net.sourceforge.guacamole.net.auth.Connection;
|
||||
import net.sourceforge.guacamole.net.auth.ConnectionGroup;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
@@ -65,6 +64,13 @@ public class MySQLUserContext implements UserContext {
|
||||
@Inject
|
||||
private UserDirectory userDirectory;
|
||||
|
||||
/**
|
||||
* User directory restricted by the permissions of the user associated
|
||||
* with this context.
|
||||
*/
|
||||
@Inject
|
||||
private MySQLConnectionGroup mySQLConnectionGroup;
|
||||
|
||||
/**
|
||||
* Service for accessing users.
|
||||
*/
|
||||
@@ -79,6 +85,9 @@ public class MySQLUserContext implements UserContext {
|
||||
public void init(int user_id) {
|
||||
this.user_id = user_id;
|
||||
userDirectory.init(user_id);
|
||||
mySQLConnectionGroup.init(null, null, MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
|
||||
MySQLConstants.CONNECTION_GROUP_ROOT_IDENTIFIER,
|
||||
MySQLConstants.CONNECTION_GROUP_ORGANIZATIONAL, user_id);
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -93,7 +102,7 @@ public class MySQLUserContext implements UserContext {
|
||||
|
||||
@Override
|
||||
public ConnectionGroup getConnectionGroup() throws GuacamoleException {
|
||||
throw new UnsupportedOperationException("Not supported yet.");
|
||||
return mySQLConnectionGroup;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -730,4 +730,10 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -49,10 +49,8 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import net.sourceforge.guacamole.net.GuacamoleSocket;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.MySQLConnectionGroup;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionGroupMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.Connection;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroup;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupExample;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.ConnectionGroupExample.Criteria;
|
||||
@@ -113,6 +111,29 @@ public class ConnectionGroupService {
|
||||
return toMySQLConnectionGroup(connectionGroups.get(0), userID);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the connection group having the given unique identifier
|
||||
* from the database.
|
||||
*
|
||||
* @param uniqueIdentifier The unique identifier of the connection group to retrieve.
|
||||
* @param userID The ID of the user who queried this connection group.
|
||||
* @return The connection group having the given unique identifier,
|
||||
* or null if no such connection group was found.
|
||||
*/
|
||||
public MySQLConnectionGroup retrieveConnectionGroup(String uniqueIdentifier, int userID) {
|
||||
|
||||
// The unique identifier for a MySQLConnectionGroup is the database ID
|
||||
int connectionGroupID;
|
||||
try {
|
||||
connectionGroupID = Integer.parseInt(uniqueIdentifier);
|
||||
} catch(NumberFormatException e) {
|
||||
// Invalid number means it can't be a DB record; not found
|
||||
return null;
|
||||
}
|
||||
|
||||
return retrieveConnectionGroup(connectionGroupID, userID);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the connection group having the given ID from the database.
|
||||
@@ -296,4 +317,54 @@ public class ConnectionGroupService {
|
||||
return connectionGroupIDs;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new connection group having the given name and protocol.
|
||||
*
|
||||
* @param name The name to assign to the new connection group.
|
||||
* @param userID The ID of the user who created this connection group.
|
||||
* @return A new MySQLConnectionGroup containing the data of the newly created
|
||||
* connection group.
|
||||
*/
|
||||
public MySQLConnectionGroup createConnectionGroup(String name, int userID) {
|
||||
|
||||
// Initialize database connection
|
||||
ConnectionGroup connectionGroup = new ConnectionGroup();
|
||||
connectionGroup.setConnection_group_name(name);
|
||||
|
||||
// Create connection
|
||||
connectionGroupDAO.insert(connectionGroup);
|
||||
return toMySQLConnectionGroup(connectionGroup, userID);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates the connection group in the database corresponding to the given
|
||||
* MySQLConnectionGroup.
|
||||
*
|
||||
* @param mySQLConnectionGroup The MySQLConnectionGroup to update (save)
|
||||
* to the database.
|
||||
* This connection must already exist.
|
||||
*/
|
||||
public void updateConnectionGroup(MySQLConnectionGroup mySQLConnectionGroup) {
|
||||
|
||||
// Populate connection
|
||||
ConnectionGroup connectionGroup = new ConnectionGroup();
|
||||
connectionGroup.setConnection_group_id(mySQLConnectionGroup.getConnectionGroupID());
|
||||
connectionGroup.setParent_id(mySQLConnectionGroup.getParentID());
|
||||
connectionGroup.setConnection_group_name(mySQLConnectionGroup.getName());
|
||||
connectionGroup.setType(mySQLConnectionGroup.getType());
|
||||
|
||||
// Update the connection in the database
|
||||
connectionGroupDAO.updateByPrimaryKeySelective(connectionGroup);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes the connection group having the given ID from the database.
|
||||
* @param id The ID of the connection group to delete.
|
||||
*/
|
||||
public void deleteConnectionGroup(int id) {
|
||||
connectionGroupDAO.deleteByPrimaryKey(id);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -158,6 +158,29 @@ public class ConnectionService {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the connection having the given unique identifier
|
||||
* from the database.
|
||||
*
|
||||
* @param uniqueIdentifier The unique identifier of the connection to retrieve.
|
||||
* @param userID The ID of the user who queried this connection.
|
||||
* @return The connection having the given unique identifier,
|
||||
* or null if no such connection was found.
|
||||
*/
|
||||
public MySQLConnection retrieveConnection(String uniqueIdentifier, int userID) {
|
||||
|
||||
// The unique identifier for a MySQLConnection is the database ID
|
||||
int connectionID;
|
||||
try {
|
||||
connectionID = Integer.parseInt(uniqueIdentifier);
|
||||
} catch(NumberFormatException e) {
|
||||
// Invalid number means it can't be a DB record; not found
|
||||
return null;
|
||||
}
|
||||
|
||||
return retrieveConnection(connectionID, userID);
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves the connection having the given ID from the database.
|
||||
*
|
||||
@@ -450,7 +473,8 @@ public class ConnectionService {
|
||||
// Populate connection
|
||||
Connection connection = new Connection();
|
||||
connection.setConnection_id(mySQLConnection.getConnectionID());
|
||||
connection.setConnection_name(mySQLConnection.getIdentifier());
|
||||
connection.setParent_id(mySQLConnection.getParentID());
|
||||
connection.setConnection_name(mySQLConnection.getName());
|
||||
connection.setProtocol(mySQLConnection.getConfiguration().getProtocol());
|
||||
|
||||
// Update the connection in the database
|
||||
@@ -491,8 +515,6 @@ public class ConnectionService {
|
||||
/**
|
||||
* Get the connection IDs of all the connections defined in the system
|
||||
* with a certain parent connection group.
|
||||
*
|
||||
* @param parentID The parent connection group ID.
|
||||
*
|
||||
* @return A list of connection IDs of all the connections defined in the system.
|
||||
*/
|
||||
@@ -503,11 +525,6 @@ public class ConnectionService {
|
||||
|
||||
// Create the criteria
|
||||
ConnectionExample example = new ConnectionExample();
|
||||
/*Criteria criteria = example.createCriteria();
|
||||
if(parentID != null)
|
||||
criteria.andParent_idEqualTo(parentID);
|
||||
else
|
||||
criteria.andParent_idIsNull();*/
|
||||
|
||||
// Query the connections
|
||||
List<Connection> connections =
|
||||
|
||||
@@ -245,6 +245,10 @@ public class PermissionCheckService {
|
||||
*/
|
||||
public boolean checkConnectionGroupAccess(int userID, Integer affectedConnectionGroupID, String permissionType) {
|
||||
|
||||
// All users have implicit permission to use the root group
|
||||
if(affectedConnectionGroupID == null)
|
||||
return true;
|
||||
|
||||
// A system administrator has full access to everything.
|
||||
if(checkSystemAdministratorAccess(userID))
|
||||
return true;
|
||||
@@ -340,19 +344,6 @@ public class PermissionCheckService {
|
||||
return connectionGroup.getType().equals(usage);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param userID
|
||||
* @throws GuacamoleSecurityException
|
||||
*/
|
||||
private void verifySystemAdministratorAccess(int userID)
|
||||
throws GuacamoleSecurityException {
|
||||
|
||||
// If permission does not exist, throw exception
|
||||
if(!checkSystemAdministratorAccess(userID))
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
@@ -572,16 +563,16 @@ public class PermissionCheckService {
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve all existing connection names that the given user has permission
|
||||
* to perform the given operation upon.
|
||||
* Retrieve all existing connection identifiers that the given user has
|
||||
* permission to perform the given operation upon.
|
||||
*
|
||||
* @param userID The user whose permissions should be checked.
|
||||
* @param permissionType The permission to check.
|
||||
* @param parentID The parent connection group.
|
||||
* @return A set of all connection names for which the given user has the
|
||||
* given permission.
|
||||
* @return A set of all connection identifiers for which the given user
|
||||
* has the given permission.
|
||||
*/
|
||||
public Set<String> retrieveConnectionNames(int userID, Integer parentID,
|
||||
public Set<String> retrieveConnectionIdentifiers(int userID, Integer parentID,
|
||||
String permissionType) {
|
||||
|
||||
// A system administrator has access to all connections.
|
||||
@@ -591,23 +582,27 @@ public class PermissionCheckService {
|
||||
// List of all connection IDs for which this user has access
|
||||
List<Integer> connectionIDs =
|
||||
retrieveConnectionIDs(userID, parentID, permissionType);
|
||||
|
||||
// Unique Identifiers for MySQLConnections are the database IDs
|
||||
Set<String> connectionIdentifiers = new HashSet<String>();
|
||||
|
||||
for(Integer connectionID : connectionIDs)
|
||||
connectionIdentifiers.add(Integer.toString(connectionID));
|
||||
|
||||
// Query all associated connections
|
||||
return connectionService.translateNames(connectionIDs).keySet();
|
||||
|
||||
return connectionIdentifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve all existing connection names that the given user has permission
|
||||
* to perform the given operation upon.
|
||||
* Retrieve all existing connection group identifiers that the given user
|
||||
* has permission to perform the given operation upon.
|
||||
*
|
||||
* @param userID The user whose permissions should be checked.
|
||||
* @param permissionType The permission to check.
|
||||
* @param parentID The parent connection group.
|
||||
* @return A set of all connection names for which the given user has the
|
||||
* given permission.
|
||||
* @return A set of all connection group identifiers for which the given
|
||||
* user has the given permission.
|
||||
*/
|
||||
public Set<String> retrieveConnectionGroupNames(int userID, Integer parentID,
|
||||
public Set<String> retrieveConnectionGroupIdentifiers(int userID, Integer parentID,
|
||||
String permissionType) {
|
||||
|
||||
// A system administrator has access to all connections.
|
||||
@@ -617,10 +612,14 @@ public class PermissionCheckService {
|
||||
// List of all connection group IDs for which this user has access
|
||||
List<Integer> connectionGroupIDs =
|
||||
retrieveConnectionGroupIDs(userID, parentID, permissionType);
|
||||
|
||||
// Unique Identifiers for MySQLConnectionGroups are the database IDs
|
||||
Set<String> connectionGroupIdentifiers = new HashSet<String>();
|
||||
|
||||
for(Integer connectionGroupID : connectionGroupIDs)
|
||||
connectionGroupIdentifiers.add(Integer.toString(connectionGroupID));
|
||||
|
||||
// Query all associated connections
|
||||
return connectionGroupService.translateNames(connectionGroupIDs).keySet();
|
||||
|
||||
return connectionGroupIdentifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -114,4 +114,17 @@ public interface Directory<IdentifierType, ObjectType> {
|
||||
*/
|
||||
void remove(IdentifierType identifier) throws GuacamoleException;
|
||||
|
||||
/**
|
||||
* Moves the object with the given identifier to the group with the given
|
||||
* group identifier.
|
||||
*
|
||||
* @param identifier The identifier of the object to remove.
|
||||
* @param groupIdentifier The identifier of the group to move the object to.
|
||||
*
|
||||
* @throws GuacamoleException If an error occurs while moving the object,
|
||||
* or if moving object is not allowed.
|
||||
*/
|
||||
void move(IdentifierType identifier, IdentifierType groupIdentifier)
|
||||
throws GuacamoleException;
|
||||
|
||||
}
|
||||
|
||||
@@ -109,4 +109,10 @@ public class SimpleConnectionDirectory
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -86,4 +86,10 @@ public class SimpleConnectionGroupDirectory
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -100,4 +100,10 @@ public class SimpleUserDirectory implements Directory<String, User> {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void move(String identifier, String groupIdentifier)
|
||||
throws GuacamoleException {
|
||||
throw new GuacamoleSecurityException("Permission denied.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user