GUAC-995 Improve permission checking around connections and groups.

2025-09-09 22:51:22 +00:00 · 2015-01-13 21:27:54 -08:00
parent cdc0581a1a
commit 459449c6d3
8 changed files with 139 additions and 34 deletions
--- a/guacamole/src/main/webapp/app/manage/controllers/manageConnectionController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageConnectionController.js
@@ -35,8 +35,10 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
    // Required services
    var $location                = $injector.get('$location');
    var $routeParams             = $injector.get('$routeParams');
+    var authenticationService    = $injector.get('authenticationService');
    var connectionService        = $injector.get('connectionService');
    var connectionGroupService   = $injector.get('connectionGroupService');
+    var permissionService        = $injector.get('permissionService');
    var protocolService          = $injector.get('protocolService');
    var translationStringService = $injector.get('translationStringService');

@@ -95,6 +97,20 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
     * @type HistoryEntryWrapper[]
     */
    $scope.historyEntryWrappers = null;
+    
+    /**
+     * Whether the user has UPDATE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the user has DELETE permission for the current connection.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;

    /**
     * Returns whether critical data has completed being loaded.
@@ -109,15 +125,34 @@ angular.module('manage').controller('manageConnectionController', ['$scope', '$i
            && $scope.rootGroup            !== null
            && $scope.connection           !== null
            && $scope.parameters           !== null
-            && $scope.historyEntryWrappers !== null;
+            && $scope.historyEntryWrappers !== null
+            && $scope.hasUpdatePermission  !== null
+            && $scope.hasDeletePermission  !== null;

    };

    // Pull connection group hierarchy
-    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, PermissionSet.ObjectPermissionType.UPDATE)
+    connectionGroupService.getConnectionGroupTree(ConnectionGroup.ROOT_IDENTIFIER, 
+        [PermissionSet.ObjectPermissionType.ADMINISTER])
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
+    
+    // Query the user's permissions for the current connection
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, identifier);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, identifier);
+    
+    });
   
    // Get protocol metadata
    protocolService.getProtocols().success(function protocolsReceived(protocols) {