GUAC-995 Improve permission checking around connections and groups.

guacamole/src/main/webapp/app/manage/controllers/manageConnectionController.js

@@ -35,8 +35,10 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
     // Required services
     var $location                = $injector.get('$location');
     var $routeParams             = $injector.get('$routeParams');
+    var authenticationService    = $injector.get('authenticationService');
     var connectionService        = $injector.get('connectionService');
     var connectionGroupService   = $injector.get('connectionGroupService');
+    var permissionService        = $injector.get('permissionService');
     var protocolService          = $injector.get('protocolService');
     var translationStringService = $injector.get('translationStringService');
 
@@ -95,6 +97,20 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
      * @type HistoryEntryWrapper[]
      */
     $scope.historyEntryWrappers = null;
+    
+    /**
+     * Whether the user has UPDATE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the user has DELETE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;
 
     /**
      * Returns whether critical data has completed being loaded.
@@ -109,15 +125,34 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
             && $scope.rootGroup            !== null
             && $scope.connection           !== null
             && $scope.parameters           !== null
-            && $scope.historyEntryWrappers !== null;
+            && $scope.historyEntryWrappers !== null
+            && $scope.hasUpdatePermission  !== null
+            && $scope.hasDeletePermission  !== null;
 
     };
 
     // Pull connection group hierarchy
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, 
+        [PermissionSet.ObjectPermissionType.ADMINISTER])
     .success(function connectionGroupReceived(rootGroup) {
         $scope.rootGroup = rootGroup;
     });
+    
+    // Query the user's permissions for the current connection
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, identifier);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, identifier);
+    
+    });
    
     // Get protocol metadata
     protocolService.getProtocols().success(function protocolsReceived(protocols) {

guacamole/src/main/webapp/app/manage/controllers/manageConnectionGroupController.js

@@ -33,7 +33,9 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
     // Required services
     var $location              = $injector.get('$location');
     var $routeParams           = $injector.get('$routeParams');
+    var authenticationService  = $injector.get('authenticationService');
     var connectionGroupService = $injector.get('connectionGroupService');
+    var permissionService      = $injector.get('permissionService');
     
     /**
      * An action to be provided along with the object sent to showStatus which
@@ -68,6 +70,20 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
      * @type ConnectionGroup
      */
     $scope.connectionGroup = null;
+    
+    /**
+     * Whether the user has UPDATE permission for the current connection group.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the user has DELETE permission for the current connection group.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;
 
     /**
      * Returns whether critical data has completed being loaded.
@@ -78,14 +94,32 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
      */
     $scope.isLoaded = function isLoaded() {
 
-        return $scope.rootGroup       !== null
-            && $scope.connectionGroup !== null;
+        return $scope.rootGroup           !== null
+            && $scope.connectionGroup     !== null
+            && $scope.hasUpdatePermission !== null
+            && $scope.hasDeletePermission !== null;
 
     };
+    
+    // Query the user's permissions for the current connection group
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, identifier);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, identifier);
+    
+    });
 
 
     // Pull connection group hierarchy
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, [PermissionSet.ObjectPermissionType.ADMINISTER])
     .success(function connectionGroupReceived(rootGroup) {
         $scope.rootGroup = rootGroup;
     });

guacamole/src/main/webapp/app/manage/controllers/manageController.js

@@ -178,8 +178,9 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
         
     });
     
-    // Retrieve all connections for which we have UPDATE permission
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    // Retrieve all connections for which we have UPDATE or DELETE permission
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, 
+        [PermissionSet.ObjectPermissionType.UPDATE, PermissionSet.ObjectPermissionType.DELETE])
     .success(function connectionGroupReceived(rootGroup) {
         $scope.rootGroup = rootGroup;
     });

guacamole/src/main/webapp/app/manage/controllers/manageUserController.js

@@ -103,8 +103,8 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
         $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(permissions);
     });
 
-    // Retrieve all connections for which we have UPDATE permission
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.ADMINISTER)
+    // Retrieve all connections for which we have ADMINISTER permission
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, [PermissionSet.ObjectPermissionType.ADMINISTER])
     .success(function connectionGroupReceived(rootGroup) {
         $scope.rootGroup = rootGroup;
     });

guacamole/src/main/webapp/app/manage/templates/manageConnection.html

@@ -76,9 +76,9 @@ THE SOFTWARE.
 
     <!-- Form action buttons -->
     <div class="action-buttons">
-        <button ng-click="saveConnection()">{{'MANAGE_CONNECTION.ACTION_SAVE' | translate}}</button>
+        <button ng-show="hasUpdatePermission" ng-click="saveConnection()">{{'MANAGE_CONNECTION.ACTION_SAVE' | translate}}</button>
         <button ng-click="cancel()">{{'MANAGE_CONNECTION.ACTION_CANCEL' | translate}}</button>
-        <button ng-click="deleteConnection()" class="danger">{{'MANAGE_CONNECTION.ACTION_DELETE' | translate}}</button>
+        <button ng-show="hasDeletePermission" ng-click="deleteConnection()" class="danger">{{'MANAGE_CONNECTION.ACTION_DELETE' | translate}}</button>
     </div>
 
     <!-- Connection history -->

guacamole/src/main/webapp/app/manage/templates/manageConnectionGroup.html

@@ -61,9 +61,9 @@ THE SOFTWARE.
 
     <!-- Form action buttons -->
     <div class="action-buttons">
-        <button ng-click="saveConnectionGroup()">{{'MANAGE_CONNECTION_GROUP.ACTION_SAVE' | translate}}</button>
+        <button ng-show="hasUpdatePermission" ng-click="saveConnectionGroup()">{{'MANAGE_CONNECTION_GROUP.ACTION_SAVE' | translate}}</button>
         <button ng-click="cancel()">{{'MANAGE_CONNECTION_GROUP.ACTION_CANCEL' | translate}}</button>
-        <button ng-click="deleteConnectionGroup()" class="danger">{{'MANAGE_CONNECTION_GROUP.ACTION_DELETE' | translate}}</button>
+        <button ng-show="hasDeletePermission" ng-click="deleteConnectionGroup()" class="danger">{{'MANAGE_CONNECTION_GROUP.ACTION_DELETE' | translate}}</button>
     </div>
 
 </div>

guacamole/src/main/webapp/app/rest/services/connectionGroupService.js

@@ -39,17 +39,17 @@ angular.module('rest').factory('connectionGroupService', ['$http', 'authenticati
      *     The ID of the connection group to retrieve. If not provided, the
      *     root connection group will be retrieved by default.
      *     
-     * @param {String} [permissionType]
-     *     The permission type string of the permission that the current user
-     *     must have for a given connection or connection group to appear
-     *     within the result. Valid values are listed within
-     *     PermissionSet.ObjectType.
+     * @param {String[]} [permissionType]
+     *     The set of permissions to filter with. A user must have one or more
+     *     of these permissions for a connection to appear in the result. 
+     *     If null, no filtering will be performed. Valid values are listed
+     *     within PermissionSet.ObjectType.
      *
      * @returns {Promise.ConnectionGroup}
      *     A promise which will resolve with a @link{ConnectionGroup} upon
      *     success.
      */
-    service.getConnectionGroupTree = function getConnectionGroupTree(connectionGroupID, permissionType) {
+    service.getConnectionGroupTree = function getConnectionGroupTree(connectionGroupID, permissionTypes) {
         
         // Use the root connection group ID if no ID is passed in
         connectionGroupID = connectionGroupID || ConnectionGroup.ROOT_IDENTIFIER;
@@ -60,8 +60,8 @@ angular.module('rest').factory('connectionGroupService', ['$http', 'authenticati
         };
 
         // Add permission filter if specified
-        if (permissionType)
-            httpParameters.permission = permissionType;
+        if (permissionTypes)
+            httpParameters.permission = permissionTypes;
 
         // Retrieve connection group 
         return $http({