From a0e18286d15a51613a838901b5839f5569116072 Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Wed, 2 Dec 2015 20:17:16 -0800
Subject: [PATCH] GUAC-1391: Skip readable check when listing active sessions
 for system administrators.

---
 .../auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java      | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
index 667be3329..ea721c020 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java
@@ -468,6 +468,10 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
         if (records.isEmpty())
             return Collections.<ActiveConnectionRecord>emptyList();
 
+        // A system administrator can view all connections; no need to filter
+        if (user.getUser().isAdministrator())
+            return records;
+
         // Build set of all connection identifiers associated with active tunnels
         Set<String> identifiers = new HashSet<String>(records.size());
         for (ActiveConnectionRecord record : records)