safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Allow manipulation and retrieval of user group permissions via JavaScript.

Browse Source
This commit is contained in:
Michael Jumper
2018-04-19 14:39:04 -07:00
parent 9f01fcb155
commit 55bcf25a1c
3 changed files with 163 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
guacamole/src/main/webapp/app/rest/services/permissionService.js
View File

@@ -45,6 +45,11 @@ angular.module('rest').factory('permissionService', ['$injector',
* within that data source (and thus cannot be found beneath
* "api/session/data/{dataSource}/users")
*
* NOTE: Unlike getPermissionsResourceURL(),
* getEffectivePermissionsResourceURL() CANNOT be applied to user groups.
* Only users have retrievable effective permissions as far as the REST API
* is concerned.
*
* @param {String} dataSource
* The unique identifier of the data source containing the user whose
* permissions should be retrieved. This identifier corresponds to an
@@ -82,6 +87,10 @@ angular.module('rest').factory('permissionService', ['$injector',
* from the permissions returned via getPermissions() in that permissions
* which are not directly granted to the user are included.
*
* NOTE: Unlike getPermissions(), getEffectivePermissions() CANNOT be
* applied to user groups. Only users have retrievable effective
* permissions as far as the REST API is concerned.
*
* @param {String} dataSource
* The unique identifier of the data source containing the user whose
* permissions should be retrieved. This identifier corresponds to an
@@ -113,10 +122,10 @@ angular.module('rest').factory('permissionService', ['$injector',
/**
* Returns the URL for the REST resource most appropriate for accessing
* the permissions of the user having the given identifier. The permissions
* retrieved differ from effective permissions (those returned by
* getEffectivePermissions()) in that only permissions which are directly
* granted to the user are included.
* the permissions of the user or group having the given identifier. The
* permissions retrieved differ from effective permissions (those returned
* by getEffectivePermissions()) in that only permissions which are directly
* granted to the user or group are included.
*
* It is important to note that a particular data source can authenticate
* and provide permissions for a user, even if that user does not exist
@@ -129,18 +138,27 @@ angular.module('rest').factory('permissionService', ['$injector',
* AuthenticationProvider within the Guacamole web application.
*
* @param {String} identifier
* The identifier of the user for which the URL of the proper REST
* resource should be derived.
* The identifier of the user or group for which the URL of the proper
* REST resource should be derived.
*
* @param {Boolean} [group]
* Whether the provided identifier refers to a user group. If false or
* omitted, the identifier given is assumed to refer to a user.
*
* @returns {String}
* The URL for the REST resource representing the user having the given
* identifier.
* The URL for the REST resource representing the user or group having
* the given identifier.
*/
var getPermissionsResourceURL = function getPermissionsResourceURL(dataSource, identifier) {
var getPermissionsResourceURL = function getPermissionsResourceURL(dataSource, identifier, group) {
// Create base URL for data source
var base = 'api/session/data/' + encodeURIComponent(dataSource);
// Access group permissions directly (there is no "self" for user groups
// as there is for users)
if (group)
return base + '/userGroups/' + encodeURIComponent(identifier) + '/permissions';
// If the username is that of the current user, do not rely on the
// user actually existing (they may not). Access their permissions via
// "self" rather than the collection of defined users.
@@ -155,36 +173,41 @@ angular.module('rest').factory('permissionService', ['$injector',
/**
* Makes a request to the REST API to get the list of permissions for a
* given user, returning a promise that provides an array of
* given user or user group, returning a promise that provides an array of
* @link{Permission} objects if successful. The permissions retrieved
* differ from effective permissions (those returned by
* getEffectivePermissions()) in that only permissions which are directly
* granted to the user included.
* getEffectivePermissions()) in that both users and groups may be queried,
* and only permissions which are directly granted to the user or group are
* included.
*
* @param {String} dataSource
* The unique identifier of the data source containing the user whose
* permissions should be retrieved. This identifier corresponds to an
* AuthenticationProvider within the Guacamole web application.
* The unique identifier of the data source containing the user or group
* whose permissions should be retrieved. This identifier corresponds to
* an AuthenticationProvider within the Guacamole web application.
*
* @param {String} identifier
* The identifier of the user to retrieve the permissions for.
* The identifier of the user or group to retrieve the permissions for.
*
* @param {Boolean} [group]
* Whether the provided identifier refers to a user group. If false or
* omitted, the identifier given is assumed to refer to a user.
*
* @returns {Promise.<PermissionSet>}
* A promise which will resolve with a @link{PermissionSet} upon
* success.
*/
service.getPermissions = function getPermissions(dataSource, identifier) {
service.getPermissions = function getPermissions(dataSource, identifier, group) {
// Build HTTP parameters set
var httpParameters = {
token : authenticationService.getCurrentToken()
};
// Retrieve user permissions
// Retrieve user/group permissions
return requestService({
cache : cacheService.users,
method : 'GET',
url : getPermissionsResourceURL(dataSource, identifier),
url : getPermissionsResourceURL(dataSource, identifier, group),
params : httpParameters
});
@@ -261,6 +284,10 @@ angular.module('rest').factory('permissionService', ['$injector',
addObjectPatchOperations(patch, operation, "/userPermissions",
permissions.userPermissions);
// Add user group permission operations to patch
addObjectPatchOperations(patch, operation, "/userGroupPermissions",
permissions.userGroupPermissions);
// Add system operations to patch
permissions.systemPermissions.forEach(function addSystemPatch(type) {
patch.push({
@@ -274,18 +301,18 @@ angular.module('rest').factory('permissionService', ['$injector',
/**
* Makes a request to the REST API to modify the permissions for a given
* user, returning a promise that can be used for processing the results of
* the call. This request affects only the permissions directly granted to
* the user, and may not affect permissions inherited through other means
* (effective permissions).
* user or group, returning a promise that can be used for processing the
* results of the call. This request affects only the permissions directly
* granted to the user or group, and may not affect permissions inherited
* through other means (effective permissions).
*
* @param {String} dataSource
* The unique identifier of the data source containing the user whose
* permissions should be modified. This identifier corresponds to an
* AuthenticationProvider within the Guacamole web application.
* The unique identifier of the data source containing the user or group
* whose permissions should be modified. This identifier corresponds to
* an AuthenticationProvider within the Guacamole web application.
*
* @param {String} identifier
* The identifier of the user to modify the permissions of.
* The identifier of the user or group to modify the permissions of.
*
* @param {PermissionSet} [permissionsToAdd]
* The set of permissions to add, if any.
@@ -293,12 +320,16 @@ angular.module('rest').factory('permissionService', ['$injector',
* @param {PermissionSet} [permissionsToRemove]
* The set of permissions to remove, if any.
*
* @param {Boolean} [group]
* Whether the provided identifier refers to a user group. If false or
* omitted, the identifier given is assumed to refer to a user.
*
* @returns {Promise}
* A promise for the HTTP call which will succeed if and only if the
* patch operation is successful.
*/
service.patchPermissions = function patchPermissions(dataSource, identifier,
permissionsToAdd, permissionsToRemove) {
permissionsToAdd, permissionsToRemove, group) {
var permissionPatch = [];
@@ -313,10 +344,10 @@ angular.module('rest').factory('permissionService', ['$injector',
// Add all the remove operations to the patch
addPatchOperations(permissionPatch, PermissionPatch.Operation.REMOVE, permissionsToRemove);
// Patch user permissions
// Patch user/group permissions
return requestService({
method : 'PATCH',
url : getPermissionsResourceURL(dataSource, identifier),
url : getPermissionsResourceURL(dataSource, identifier, group),
params : httpParameters,
data : permissionPatch
})

23
guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js
View File

@@ -133,7 +133,7 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
* true. Valid permission type strings are defined within
* PermissionSet.ObjectPermissionType. Permissions which are not
* granted may be set to false, but this is not required.
*
*
* @type Object.<String, Object.<String, Boolean>>
*/
this.userPermissions = template.userPermissions || {
@@ -143,6 +143,24 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
'ADMINISTER' : {}
};
/**
* The granted state of each permission for each user group, as a map of
* object permission type string to permission map. The permission map
* is, in turn, a map of group identifier to boolean value. A particular
* permission is granted if its corresponding boolean value is set to
* true. Valid permission type strings are defined within
* PermissionSet.ObjectPermissionType. Permissions which are not
* granted may be set to false, but this is not required.
*
* @type Object.<String, Object.<String, Boolean>>
*/
this.userGroupPermissions = template.userGroupPermissions || {
'READ' : {},
'UPDATE' : {},
'DELETE' : {},
'ADMINISTER' : {}
};
};
/**
@@ -216,6 +234,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
// Add all granted user permissions
addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions);
// Add all granted user group permissions
addObjectPermissions(permissionSet.userGroupPermissions, permissionFlagSet.userGroupPermissions);
return permissionFlagSet;
};

82
guacamole/src/main/webapp/app/rest/types/PermissionSet.js
View File

@@ -81,6 +81,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
*/
this.userPermissions = template.userPermissions || {};
/**
* Map of user group identifiers to the corresponding array of granted
* permissions. Each permission is represented by a string listed
* within PermissionSet.ObjectPermissionType.
*
* @type Object.<String, String[]>
*/
this.userGroupPermissions = template.userGroupPermissions || {};
/**
* Array of granted system permissions. Each permission is represented
* by a string listed within PermissionSet.SystemPermissionType.
@@ -306,7 +315,7 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
};
/**
* Returns whether the given permission is granted for the user having the
* Returns whether the given permission is granted for the user having the
* given ID.
*
* @param {PermissionSet|Object} permSet
@@ -315,7 +324,7 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
*
* @param {String} identifier
* The identifier of the user to which the permission applies.
*
@@ -326,6 +335,27 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
return hasPermission(permSet.userPermissions, type, identifier);
};
/**
* Returns whether the given permission is granted for the user group having
* the given identifier.
*
* @param {PermissionSet|Object} permSet
* The permission set to check.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the user group to which the permission applies.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
PermissionSet.hasUserGroupPermission = function hasUserGroupPermission(permSet, type, identifier) {
return hasPermission(permSet.userGroupPermissions, type, identifier);
};
/**
* Returns whether the given permission is granted at the system level.
*
@@ -733,6 +763,54 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
return removeObjectPermission(permSet.userPermissions, type, identifier);
};
/**
* Adds the given user group permission applying to the user group with the
* given identifier to the given permission set, if not already present. If
* the permission is already present, this function has no effect.
*
* @param {PermissionSet} permSet
* The permission set to modify.
*
* @param {String} type
* The permission to add, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the user group to which the permission applies.
*
* @returns {Boolean}
* true if the permission was added, false if the permission was
* already present in the given permission set.
*/
PermissionSet.addUserGroupPermission = function addUserGroupPermission(permSet, type, identifier) {
permSet.userGroupPermissions = permSet.userGroupPermissions || {};
return addObjectPermission(permSet.userGroupPermissions, type, identifier);
};
/**
* Removes the given user group permission applying to the user group with
* the given identifier from the given permission set, if present. If the
* permission is not present, this function has no effect.
*
* @param {PermissionSet} permSet
* The permission set to modify.
*
* @param {String} type
* The permission to remove, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the user group to whom the permission applies.
*
* @returns {Boolean}
* true if the permission was removed, false if the permission was not
* present in the given permission set.
*/
PermissionSet.removeUserGroupPermission = function removeUserGroupPermission(permSet, type, identifier) {
permSet.userGroupPermissions = permSet.userGroupPermissions || {};
return removeObjectPermission(permSet.userGroupPermissions, type, identifier);
};
return PermissionSet;
}]);