GUACAMOLE-1123: Add RecordMapper support for searching history limited by the identifier of a record.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java

@@ -62,8 +62,12 @@ public interface ConnectionRecordMapper {
      * the data they are associated with is is readable by any particular user.
      * This should only be called on behalf of a system administrator. If
      * records are needed by a non-administrative user who must have explicit
-     * read rights, use searchReadable() instead.
+     * read rights, use {@link searchReadable()} instead.
      *
+     * @param identifier
+     *     The optional connection identifier to which records should be limited,
+     *     or null if all records should be retrieved.
+     * 
      * @param terms
      *     The search terms that must match the returned records.
      *
@@ -77,7 +81,8 @@ public interface ConnectionRecordMapper {
      * @return
      *     The results of the search performed with the given parameters.
      */
-    List<ConnectionRecordModel> search(@Param("terms") Collection<ActivityRecordSearchTerm> terms,
+    List<ConnectionRecordModel> search(@Param("identifier") String identifier,
+            @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
             @Param("limit") int limit);
 
@@ -86,8 +91,13 @@ public interface ConnectionRecordMapper {
      * the given terms, sorted by the given predicates. Only records that are
      * associated with data explicitly readable by the given user will be
      * returned. If records are needed by a system administrator (who, by
-     * definition, does not need explicit read rights), use search() instead.
+     * definition, does not need explicit read rights), use {@link search()}
+     * instead.
      *
+     * @param identifier
+     *     The optional connection identifier for which records should be
+     *     retrieved, or null if all readable records should be retrieved.
+     * 
      * @param user
      *    The user whose permissions should determine whether a record is
      *    returned.
@@ -111,7 +121,8 @@ public interface ConnectionRecordMapper {
      * @return
      *     The results of the search performed with the given parameters.
      */
-    List<ConnectionRecordModel> searchReadable(@Param("user") UserModel user,
+    List<ConnectionRecordModel> searchReadable(@Param("identifier") String identifier,
+            @Param("user") UserModel user,
             @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
             @Param("limit") int limit,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java

@@ -213,7 +213,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
         Map<String, String> parameters = connection.getConfiguration().getParameters();
         
         // Convert parameters to model objects
-        Collection<ConnectionParameterModel> parameterModels = new ArrayList<ConnectionParameterModel>(parameters.size());
+        Collection<ConnectionParameterModel> parameterModels = new ArrayList<>(parameters.size());
         for (Map.Entry<String, String> parameterEntry : parameters.entrySet()) {
 
             // Get parameter name and value
@@ -329,7 +329,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
     public Map<String, String> retrieveParameters(ModeledAuthenticatedUser user,
             String identifier) {
 
-        Map<String, String> parameterMap = new HashMap<String, String>();
+        Map<String, String> parameterMap = new HashMap<>();
 
         // Determine whether we have permission to read parameters
         boolean canRetrieveParameters;
@@ -382,7 +382,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
     protected List<ConnectionRecord> getObjectInstances(List<ConnectionRecordModel> models) {
 
         // Create new list of records by manually converting each model
-        List<ConnectionRecord> objects = new ArrayList<ConnectionRecord>(models.size());
+        List<ConnectionRecord> objects = new ArrayList<>(models.size());
         for (ConnectionRecordModel model : models)
             objects.add(getObjectInstance(model));
 
@@ -411,28 +411,16 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
             ModeledConnection connection) throws GuacamoleException {
 
         String identifier = connection.getIdentifier();
-
-        // Retrieve history only if READ permission is granted
-        if (hasObjectPermission(user, identifier, ObjectPermission.Type.READ)) {
-
-            // Retrieve history
-            List<ConnectionRecordModel> models = connectionRecordMapper.select(identifier);
-
-            // Get currently-active connections
-            List<ConnectionRecord> records = new ArrayList<ConnectionRecord>(tunnelService.getActiveConnections(connection));
-            Collections.reverse(records);
-
-            // Add past connections from model objects
-            for (ConnectionRecordModel model : models)
-                records.add(getObjectInstance(model));
-
-            // Return converted history list
-            return records;
-
-        }
-
-        // The user does not have permission to read the history
-        throw new GuacamoleSecurityException("Permission denied.");
+        
+        // Get current active connections.
+        List<ConnectionRecord> records = new ArrayList<>(tunnelService.getActiveConnections(connection));
+        Collections.reverse(records);
+        
+        // Add in the history records.
+        records.addAll(retrieveHistory(identifier, user, Collections.emptyList(),
+                Collections.emptyList(), Integer.MAX_VALUE));
+        
+        return records;
 
     }
 
@@ -442,6 +430,60 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
      * the given terms and sorted by the given predicates. Only history records
      * associated with data that the given user can read are returned.
      *
+     * @param identifier
+     *     The optional connection identifier for which history records should
+     *     be retrieved, or null if all readable records should be retrieved.
+     * 
+     * @param user
+     *     The user retrieving the connection history.
+     *
+     * @param requiredContents
+     *     The search terms that must be contained somewhere within each of the
+     *     returned records.
+     *
+     * @param sortPredicates
+     *     A list of predicates to sort the returned records by, in order of
+     *     priority.
+     *
+     * @param limit
+     *     The maximum number of records that should be returned.
+     *
+     * @return
+     *     The connection history of the given connection, including any
+     *     active connections.
+     *
+     * @throws GuacamoleException
+     *     If permission to read the connection history is denied.
+     */
+    public List<ConnectionRecord> retrieveHistory(String identifier,
+            ModeledAuthenticatedUser user,
+            Collection<ActivityRecordSearchTerm> requiredContents,
+            List<ActivityRecordSortPredicate> sortPredicates, int limit)
+            throws GuacamoleException {
+
+        List<ConnectionRecordModel> searchResults;
+
+        // Bypass permission checks if the user is privileged
+        if (user.isPrivileged())
+            searchResults = connectionRecordMapper.search(identifier, requiredContents,
+                    sortPredicates, limit);
+
+        // Otherwise only return explicitly readable history records
+        else
+            searchResults = connectionRecordMapper.searchReadable(identifier,
+                    user.getUser().getModel(), requiredContents, sortPredicates,
+                    limit, user.getEffectiveUserGroups());
+
+        return getObjectInstances(searchResults);
+
+    }
+    
+    /**
+     * Retrieves the connection history records matching the given criteria.
+     * Retrieves up to <code>limit</code> connection history records matching
+     * the given terms and sorted by the given predicates. Only history records
+     * associated with data that the given user can read are returned.
+     * 
      * @param user
      *     The user retrieving the connection history.
      *
@@ -467,22 +509,9 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
             Collection<ActivityRecordSearchTerm> requiredContents,
             List<ActivityRecordSortPredicate> sortPredicates, int limit)
             throws GuacamoleException {
-
-        List<ConnectionRecordModel> searchResults;
-
-        // Bypass permission checks if the user is privileged
-        if (user.isPrivileged())
-            searchResults = connectionRecordMapper.search(requiredContents,
-                    sortPredicates, limit);
-
-        // Otherwise only return explicitly readable history records
-        else
-            searchResults = connectionRecordMapper.searchReadable(
-                    user.getUser().getModel(), requiredContents, sortPredicates,
-                    limit, user.getEffectiveUserGroups());
-
-        return getObjectInstances(searchResults);
-
+        
+        return retrieveHistory(null, user, requiredContents, sortPredicates, limit);
+        
     }
 
     /**

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.java

@@ -73,8 +73,12 @@ public interface UserRecordMapper {
      * the data they are associated with is is readable by any particular user.
      * This should only be called on behalf of a system administrator. If
      * records are needed by a non-administrative user who must have explicit
-     * read rights, use searchReadable() instead.
+     * read rights, use {@link searchReadable()} instead.
      *
+     * @param username
+     *     The optional username to which records should be limited, or null
+     *     if all records should be retrieved.
+     * 
      * @param terms
      *     The search terms that must match the returned records.
      *
@@ -88,7 +92,8 @@ public interface UserRecordMapper {
      * @return
      *     The results of the search performed with the given parameters.
      */
-    List<ActivityRecordModel> search(@Param("terms") Collection<ActivityRecordSearchTerm> terms,
+    List<ActivityRecordModel> search(@Param("username") String username,
+            @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
             @Param("limit") int limit);
 
@@ -97,11 +102,16 @@ public interface UserRecordMapper {
      * the given terms, sorted by the given predicates. Only records that are
      * associated with data explicitly readable by the given user will be
      * returned. If records are needed by a system administrator (who, by
-     * definition, does not need explicit read rights), use search() instead.
+     * definition, does not need explicit read rights), use {@link search()}
+     * instead.
      *
+     * @param username
+     *     The optional username to which records should be limited, or null
+     *     if all readable records should be retrieved.
+     * 
      * @param user
-     *    The user whose permissions should determine whether a record is
-     *    returned.
+     *     The user whose permissions should determine whether a record is
+     *     returned.
      *
      * @param terms
      *     The search terms that must match the returned records.
@@ -122,7 +132,8 @@ public interface UserRecordMapper {
      * @return
      *     The results of the search performed with the given parameters.
      */
-    List<ActivityRecordModel> searchReadable(@Param("user") UserModel user,
+    List<ActivityRecordModel> searchReadable(@Param("username") String username,
+            @Param("user") UserModel user,
             @Param("terms") Collection<ActivityRecordSearchTerm> terms,
             @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
             @Param("limit") int limit,

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java

@@ -32,7 +32,6 @@ import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
 import org.apache.guacamole.GuacamoleClientException;
 import org.apache.guacamole.GuacamoleException;
-import org.apache.guacamole.GuacamoleSecurityException;
 import org.apache.guacamole.GuacamoleUnsupportedException;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm;
@@ -581,13 +580,9 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
             ModeledUser user) throws GuacamoleException {
 
         String username = user.getIdentifier();
-
-        // Retrieve history only if READ permission is granted
-        if (hasObjectPermission(authenticatedUser, username, ObjectPermission.Type.READ))
-            return getObjectInstances(userRecordMapper.select(username));
-
-        // The user does not have permission to read the history
-        throw new GuacamoleSecurityException("Permission denied.");
+        
+        return retrieveHistory(username, authenticatedUser, Collections.emptyList(),
+                Collections.emptyList(), Integer.MAX_VALUE);
 
     }
 
@@ -597,6 +592,59 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
      * given terms and sorted by the given predicates. Only history records
      * associated with data that the given user can read are returned.
      *
+     * @param username
+     *     The optional username to which history records should be limited, or
+     *     null if all readable records should be retrieved.
+     * 
+     * @param user
+     *     The user retrieving the login history.
+     *
+     * @param requiredContents
+     *     The search terms that must be contained somewhere within each of the
+     *     returned records.
+     *
+     * @param sortPredicates
+     *     A list of predicates to sort the returned records by, in order of
+     *     priority.
+     *
+     * @param limit
+     *     The maximum number of records that should be returned.
+     *
+     * @return
+     *     The login history of the given user, including any active sessions.
+     *
+     * @throws GuacamoleException
+     *     If permission to read the user login history is denied.
+     */
+    public List<ActivityRecord> retrieveHistory(String username,
+            ModeledAuthenticatedUser user,
+            Collection<ActivityRecordSearchTerm> requiredContents,
+            List<ActivityRecordSortPredicate> sortPredicates, int limit)
+            throws GuacamoleException {
+
+        List<ActivityRecordModel> searchResults;
+
+        // Bypass permission checks if the user is privileged
+        if (user.isPrivileged())
+            searchResults = userRecordMapper.search(username, requiredContents,
+                    sortPredicates, limit);
+
+        // Otherwise only return explicitly readable history records
+        else
+            searchResults = userRecordMapper.searchReadable(username, 
+                    user.getUser().getModel(),
+                    requiredContents, sortPredicates, limit, user.getEffectiveUserGroups());
+
+        return getObjectInstances(searchResults);
+
+    }
+    
+    /**
+     * Retrieves user login history records matching the given criteria.
+     * Retrieves up to <code>limit</code> user history records matching the
+     * given terms and sorted by the given predicates. Only history records
+     * associated with data that the given user can read are returned.
+     * 
      * @param user
      *     The user retrieving the login history.
      *
@@ -621,21 +669,9 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
             Collection<ActivityRecordSearchTerm> requiredContents,
             List<ActivityRecordSortPredicate> sortPredicates, int limit)
             throws GuacamoleException {
-
-        List<ActivityRecordModel> searchResults;
-
-        // Bypass permission checks if the user is privileged
-        if (user.isPrivileged())
-            searchResults = userRecordMapper.search(requiredContents,
-                    sortPredicates, limit);
-
-        // Otherwise only return explicitly readable history records
-        else
-            searchResults = userRecordMapper.searchReadable(user.getUser().getModel(),
-                    requiredContents, sortPredicates, limit, user.getEffectiveUserGroups());
-
-        return getObjectInstances(searchResults);
-
+        
+        return retrieveHistory(null, user, requiredContents, sortPredicates, limit);
+        
     }
 
 }