GUAC-995 Improve permission checking around connections and groups.

2025-09-10 07:01:21 +00:00 · 2015-01-13 21:27:54 -08:00
parent cdc0581a1a
commit 459449c6d3
8 changed files with 139 additions and 34 deletions
--- a/guacamole/src/main/webapp/app/manage/controllers/manageConnectionController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageConnectionController.js
@@ -35,8 +35,10 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
    // Required services
    var $location                = $injector.get('$location');
    var $routeParams             = $injector.get('$routeParams');
+    var authenticationService    = $injector.get('authenticationService');
    var connectionService        = $injector.get('connectionService');
    var connectionGroupService   = $injector.get('connectionGroupService');
+    var permissionService        = $injector.get('permissionService');
    var protocolService          = $injector.get('protocolService');
    var translationStringService = $injector.get('translationStringService');

@@ -95,6 +97,20 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
     * @type HistoryEntryWrapper[]
     */
    $scope.historyEntryWrappers = null;
+    
+    /**
+     * Whether the user has UPDATE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the user has DELETE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;

    /**
     * Returns whether critical data has completed being loaded.
@@ -109,15 +125,34 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
            && $scope.rootGroup            !== null
            && $scope.connection           !== null
            && $scope.parameters           !== null
-            && $scope.historyEntryWrappers !== null;
+            && $scope.historyEntryWrappers !== null
+            && $scope.hasUpdatePermission  !== null
+            && $scope.hasDeletePermission  !== null;

    };

    // Pull connection group hierarchy
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, 
+        [PermissionSet.ObjectPermissionType.ADMINISTER])
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
+    
+    // Query the user's permissions for the current connection
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, identifier);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, identifier);
+    
+    });
   
    // Get protocol metadata
    protocolService.getProtocols().success(function protocolsReceived(protocols) {
--- a/guacamole/src/main/webapp/app/manage/controllers/manageConnectionGroupController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageConnectionGroupController.js
@@ -33,7 +33,9 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
    // Required services
    var $location              = $injector.get('$location');
    var $routeParams           = $injector.get('$routeParams');
+    var authenticationService  = $injector.get('authenticationService');
    var connectionGroupService = $injector.get('connectionGroupService');
+    var permissionService      = $injector.get('permissionService');
    
    /**
     * An action to be provided along with the object sent to showStatus which
@@ -68,6 +70,20 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
     * @type ConnectionGroup
     */
    $scope.connectionGroup = null;
+    
+    /**
+     * Whether the user has UPDATE permission for the current connection group.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the user has DELETE permission for the current connection group.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;

    /**
     * Returns whether critical data has completed being loaded.
@@ -78,14 +94,32 @@ angular.module('manage').controller('manageConnectionGroupController', ['$scope'
     */
    $scope.isLoaded = function isLoaded() {

-        return $scope.rootGroup       !== null
-            && $scope.connectionGroup !== null;
+        return $scope.rootGroup           !== null
+            && $scope.connectionGroup     !== null
+            && $scope.hasUpdatePermission !== null
+            && $scope.hasDeletePermission !== null;

    };
+    
+    // Query the user's permissions for the current connection group
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, identifier);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, identifier);
+    
+    });


    // Pull connection group hierarchy
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, [PermissionSet.ObjectPermissionType.ADMINISTER])
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
--- a/guacamole/src/main/webapp/app/manage/controllers/manageController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageController.js
@@ -178,8 +178,9 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
        
    });
    
-    // Retrieve all connections for which we have UPDATE permission
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    // Retrieve all connections for which we have UPDATE or DELETE permission
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, 
+        [PermissionSet.ObjectPermissionType.UPDATE, PermissionSet.ObjectPermissionType.DELETE])
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
--- a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
@@ -103,8 +103,8 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
        $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(permissions);
    });

-    // Retrieve all connections for which we have UPDATE permission
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.ADMINISTER)
+    // Retrieve all connections for which we have ADMINISTER permission
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, [PermissionSet.ObjectPermissionType.ADMINISTER])
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
--- a/guacamole/src/main/webapp/app/manage/templates/manageConnection.html
+++ b/guacamole/src/main/webapp/app/manage/templates/manageConnection.html
@@ -76,9 +76,9 @@ THE SOFTWARE.

    <!-- Form action buttons -->
    <div class="action-buttons">
-        <button ng-click="saveConnection()">{{'MANAGE_CONNECTION.ACTION_SAVE' | translate}}</button>
+        <button ng-show="hasUpdatePermission" ng-click="saveConnection()">{{'MANAGE_CONNECTION.ACTION_SAVE' | translate}}</button>
        <button ng-click="cancel()">{{'MANAGE_CONNECTION.ACTION_CANCEL' | translate}}</button>
-        <button ng-click="deleteConnection()" class="danger">{{'MANAGE_CONNECTION.ACTION_DELETE' | translate}}</button>
+        <button ng-show="hasDeletePermission" ng-click="deleteConnection()" class="danger">{{'MANAGE_CONNECTION.ACTION_DELETE' | translate}}</button>
    </div>

    <!-- Connection history -->
--- a/guacamole/src/main/webapp/app/manage/templates/manageConnectionGroup.html
+++ b/guacamole/src/main/webapp/app/manage/templates/manageConnectionGroup.html
@@ -61,9 +61,9 @@ THE SOFTWARE.

    <!-- Form action buttons -->
    <div class="action-buttons">
-        <button ng-click="saveConnectionGroup()">{{'MANAGE_CONNECTION_GROUP.ACTION_SAVE' | translate}}</button>
+        <button ng-show="hasUpdatePermission" ng-click="saveConnectionGroup()">{{'MANAGE_CONNECTION_GROUP.ACTION_SAVE' | translate}}</button>
        <button ng-click="cancel()">{{'MANAGE_CONNECTION_GROUP.ACTION_CANCEL' | translate}}</button>
-        <button ng-click="deleteConnectionGroup()" class="danger">{{'MANAGE_CONNECTION_GROUP.ACTION_DELETE' | translate}}</button>
+        <button ng-show="hasDeletePermission" ng-click="deleteConnectionGroup()" class="danger">{{'MANAGE_CONNECTION_GROUP.ACTION_DELETE' | translate}}</button>
    </div>

 </div>