Ticket #269: Added permissions checks to UserDirectory actions, and improved PermissionCheckUtility

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/GuacamolePermissionException.java

@@ -0,0 +1,78 @@
+/* ***** BEGIN LICENSE BLOCK *****
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is guacamole-auth-mysql.
+ *
+ * The Initial Developer of the Original Code is
+ * James Muehlner.
+ * Portions created by the Initial Developer are Copyright (C) 2010
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * ***** END LICENSE BLOCK ***** */
+package net.sourceforge.guacamole.net.auth.mysql;
+
+import net.sourceforge.guacamole.GuacamoleException;
+
+/**
+ * Represents an error condition when a user tries to perform an action
+ * that he/she does not have permission to do.
+ * @author James Muehlner
+ */
+public class GuacamolePermissionException extends GuacamoleException {
+
+    /**
+     * Creates a new GuacamoleException with the given message and cause.
+     *
+     * @param message A human readable description of the exception that
+     *                occurred.
+     * @param cause The cause of this exception.
+     */
+    public GuacamolePermissionException(String message, Throwable cause) {
+        super(message, cause);
+    }
+
+    /**
+     * Creates a new GuacamoleException with the given message.
+     *
+     * @param message A human readable description of the exception that
+     *                occurred.
+     */
+    public GuacamolePermissionException(String message) {
+        super(message);
+    }
+
+    /**
+     * Creates a new GuacamoleException with the given cause.
+     *
+     * @param cause The cause of this exception.
+     */
+    public GuacamolePermissionException(Throwable cause) {
+        super(cause);
+    }
+
+    
+}

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java

@@ -147,6 +147,7 @@ public class UserDirectory implements Directory<String, User> {
     @Transactional
     @Override
     public User get(String identifier) throws GuacamoleException {
+        permissionCheckUtility.verifyUserReadAccess(this.user.getUserID(), identifier);
         return getExistingMySQLUser(identifier);
     }
 
@@ -164,7 +165,10 @@ public class UserDirectory implements Directory<String, User> {
     @Override
     @Transactional
     public void add(User object) throws GuacamoleException {
+        permissionCheckUtility.verifyCreateUserPermission(this.user.getUserID());
         Preconditions.checkNotNull(object);
+        permissionCheckUtility.verifyUserUpdateAccess(user.getUserID(), object.getUsername());
+        
         //create user in database
         MySQLUser mySQLUser = getNewMySQLUser(object);
         userDAO.insert(mySQLUser.getUser());
@@ -356,6 +360,7 @@ public class UserDirectory implements Directory<String, User> {
     @Override
     @Transactional
     public void update(User object) throws GuacamoleException {
+        permissionCheckUtility.verifyUserUpdateAccess(this.user.getUserID(), object.getUsername());
         //update the user in the database
         MySQLUser mySQLUser = getExistingMySQLUser(object);
         userDAO.updateByPrimaryKey(mySQLUser.getUser());
@@ -367,6 +372,7 @@ public class UserDirectory implements Directory<String, User> {
     @Override
     @Transactional
     public void remove(String identifier) throws GuacamoleException {
+        permissionCheckUtility.verifyUserDeleteAccess(this.user.getUserID(), identifier);
         
         MySQLUser mySQLUser = getExistingMySQLUser(identifier);
         

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/utility/PermissionCheckUtility.java

@@ -43,6 +43,7 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
+import net.sourceforge.guacamole.net.auth.mysql.GuacamolePermissionException;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
@@ -96,34 +97,170 @@ public class PermissionCheckUtility {
     @Inject
     Provider<MySQLConnection> mySQLConnectionProvider;
     
+    /**
+     * Verifies that the user has read access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUserID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserReadAccess(int userID, int affectedUserID) throws GuacamolePermissionException {
+        if(!checkUserReadAccess(userID, affectedUserID))
+            throw new GuacamolePermissionException("User " + userID + " does not have read access to user " + affectedUserID);
+    }
+    
+    /**
+     * Verifies that the user has update access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUserID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserUpdateAccess(int userID, int affectedUserID) throws GuacamolePermissionException {
+        if(!checkUserUpdateAccess(userID, affectedUserID))
+            throw new GuacamolePermissionException("User " + userID + " does not have update access to user " + affectedUserID);
+    }
+    
+    /**
+     * Verifies that the user has delete access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUserID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserDeleteAccess(int userID, int affectedUserID) throws GuacamolePermissionException {
+        if(!checkUserDeleteAccess(userID, affectedUserID))
+            throw new GuacamolePermissionException("User " + userID + " does not have delete access to user " + affectedUserID);
+    }
+    
+    /**
+     * Verifies that the user has administer access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUserID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserAdministerAccess(int userID, int affectedUserID) throws GuacamolePermissionException {
+        if(!checkUserAdministerAccess(userID, affectedUserID))
+            throw new GuacamolePermissionException("User " + userID + " does not have administer access to user " + affectedUserID);
+    }
+    
+    /**
+     * Verifies that the user has read access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUsername
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserReadAccess(int userID, String affectedUsername) throws GuacamolePermissionException {
+        if(!checkUserReadAccess(userID, affectedUsername))
+            throw new GuacamolePermissionException("User " + userID + " does not have read access to user '" + affectedUsername + "'");
+    }
+    
+    /**
+     * Verifies that the user has update access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUsername
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserUpdateAccess(int userID, String affectedUsername) throws GuacamolePermissionException {
+        if(!checkUserUpdateAccess(userID, affectedUsername))
+            throw new GuacamolePermissionException("User " + userID + " does not have update access to user '" + affectedUsername + "'");
+    }
+    
+    /**
+     * Verifies that the user has delete access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUsername
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserDeleteAccess(int userID, String affectedUsername) throws GuacamolePermissionException {
+        if(!checkUserDeleteAccess(userID, affectedUsername))
+            throw new GuacamolePermissionException("User " + userID + " does not have delete access to user '" + affectedUsername + "'");
+    }
+    
+    /**
+     * Verifies that the user has administer access to the given user. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedUsername
+     * @throws GuacamolePermissionException
+     */
+    public void verifyUserAdministerAccess(int userID, String affectedUsername) throws GuacamolePermissionException {
+        if(!checkUserAdministerAccess(userID, affectedUsername))
+            throw new GuacamolePermissionException("User " + userID + " does not have administer access to user '" + affectedUsername + "'");
+    }
+    
+    /**
+     * Checks if the user has read access to the given user.
+     * @param userID
+     * @param affectedUserID
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserReadAccess(int userID, int affectedUserID) {
         return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_READ);
     }
     
+    /**
+     * Checks if the user has update access to the given user.
+     * @param userID
+     * @param affectedUserID
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserUpdateAccess(int userID, int affectedUserID) {
         return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_UPDATE);
     }
     
+    /**
+     * Checks if the user has delete access to the given user.
+     * @param userID
+     * @param affectedUserID
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserDeleteAccess(int userID, int affectedUserID) {
         return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_DELETE);
     }
     
+    /**
+     * Checks if the user has administer access to the given user.
+     * @param userID
+     * @param affectedUserID
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserAdministerAccess(int userID, int affectedUserID) {
         return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_ADMINISTER);
     }
     
+    /**
+     * Checks if the user has read access to the given user.
+     * @param userID
+     * @param affectedUsername
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserReadAccess(int userID, String affectedUsername) {
         return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_READ);
     }
     
+    /**
+     * Checks if the user has update access to the given user.
+     * @param userID
+     * @param affectedUsername
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserUpdateAccess(int userID, String affectedUsername) {
         return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_UPDATE);
     }
     
+    /**
+     * Checks if the user has delete access to the given user.
+     * @param userID
+     * @param affectedUsername
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserDeleteAccess(int userID, String affectedUsername) {
         return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_DELETE);
     }
     
+    /**
+     * Checks if the user has administer access to the given user.
+     * @param userID
+     * @param affectedUsername
+     * @return true if the user has access to this user.
+     */
     public boolean checkUserAdministerAccess(int userID, String affectedUsername) {
         return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_ADMINISTER);
     }
@@ -233,36 +370,172 @@ public class PermissionCheckUtility {
         return userIDs;
     }
     
+    /**
+     * Verifies that the user has read access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionReadAccess(int userID, int affectedConnectionID) throws GuacamolePermissionException {
+        if(!checkConnectionReadAccess(userID, affectedConnectionID))
+            throw new GuacamolePermissionException("User " + userID + " does not have read access to connection " + affectedConnectionID);
+    }
+    
+    /**
+     * Verifies that the user has update access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionUpdateAccess(int userID, int affectedConnectionID) throws GuacamolePermissionException {
+        if(!checkConnectionUpdateAccess(userID, affectedConnectionID))
+            throw new GuacamolePermissionException("User " + userID + " does not have update access to connection " + affectedConnectionID);
+    }
+    
+    /**
+     * Verifies that the user has delete access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionDeleteAccess(int userID, int affectedConnectionID) throws GuacamolePermissionException {
+        if(!checkConnectionDeleteAccess(userID, affectedConnectionID))
+            throw new GuacamolePermissionException("User " + userID + " does not have delete access to connection " + affectedConnectionID);
+    }
+    
+    /**
+     * Verifies that the user has administer access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionID
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionAdministerAccess(int userID, int affectedConnectionID) throws GuacamolePermissionException {
+        if(!checkConnectionAdministerAccess(userID, affectedConnectionID))
+            throw new GuacamolePermissionException("User " + userID + " does not have administer access to connection " + affectedConnectionID);
+    }
+    
+    /**
+     * Verifies that the user has read access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionName
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionReadAccess(int userID, String affectedConnectionName) throws GuacamolePermissionException {
+        if(!checkConnectionReadAccess(userID, affectedConnectionName))
+            throw new GuacamolePermissionException("User " + userID + " does not have read access to connection '" + affectedConnectionName + "'");
+    }
+    
+    /**
+     * Verifies that the user has update access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionName
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionUpdateAccess(int userID, String affectedConnectionName) throws GuacamolePermissionException {
+        if(!checkConnectionUpdateAccess(userID, affectedConnectionName))
+            throw new GuacamolePermissionException("User " + userID + " does not have update access to connection '" + affectedConnectionName + "'");
+    }
+    
+    /**
+     * Verifies that the user has delete access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionName
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionDeleteAccess(int userID, String affectedConnectionName) throws GuacamolePermissionException {
+        if(!checkConnectionDeleteAccess(userID, affectedConnectionName))
+            throw new GuacamolePermissionException("User " + userID + " does not have delete access to connection '" + affectedConnectionName + "'");
+    }
+    
+    /**
+     * Verifies that the user has administer access to the given connection. If not, throws a GuacamolePermissionException.
+     * @param userID
+     * @param affectedConnectionName
+     * @throws GuacamolePermissionException
+     */
+    public void verifyConnectionAdministerAccess(int userID, String affectedConnectionName) throws GuacamolePermissionException {
+        if(!checkConnectionAdministerAccess(userID, affectedConnectionName))
+            throw new GuacamolePermissionException("User " + userID + " does not have administer access to connection '" + affectedConnectionName + "'");
+    }
+    
+    /**
+     * Checks if the user has read access to the given connection.
+     * @param userID
+     * @param affectedConnectionID
+     * @return true if the user has access to this connection.
+     */
     public boolean checkConnectionReadAccess(int userID, int affectedConnectionID) {
         return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_READ);
     }
     
+    /**
+     * Checks if the user has update access to the given connection.
+     * @param userID
+     * @param affectedConnectionID
+     * @return true if the user has access to this connection.
+     */
     public boolean checkConnectionUpdateAccess(int userID, int affectedConnectionID) {
         return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_UPDATE);
     }
     
+    /**
+     * Checks if the user has delete access to the given connection.
+     * @param userID
+     * @param affectedConnectionID
+     * @return true if the user has access to this connection.
+     */
     public boolean checkConnectionDeleteAccess(int userID, int affectedConnectionID) {
         return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_DELETE);
     }
     
+    /**
+     * Checks if the user has administer access to the given connection.
+     * @param userID
+     * @param affectedConnectionID
+     * @return true if the user has access to this connection.
+     */
     public boolean checkConnectionAdministerAccess(int userID, int affectedConnectionID) {
         return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_ADMINISTER);
     }
     
-    public boolean checkConnectionReadAccess(int userID, String affectedConnectionname) {
+    /**
-        return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_READ);
+     * Checks if the user has read access to the given connection.
+     * @param userID
+     * @param affectedConnectionName
+     * @return true if the user has access to this connection.
+     */
+    public boolean checkConnectionReadAccess(int userID, String affectedConnectionName) {
+        return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_READ);
     }
     
-    public boolean checkConnectionUpdateAccess(int userID, String affectedConnectionname) {
+    /**
-        return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_UPDATE);
+     * Checks if the user has update access to the given connection.
+     * @param userID
+     * @param affectedConnectionName
+     * @return true if the user has access to this connection.
+     */
+    public boolean checkConnectionUpdateAccess(int userID, String affectedConnectionName) {
+        return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_UPDATE);
     }
     
+    /**
+     * Checks if the user has delete access to the given connection.
+     * @param userID
+     * @param affectedConnectionID
+     * @return true if the user has access to this connection.
+     */
     public boolean checkConnectionDeleteAccess(int userID, String affectedConnectionname) {
         return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_DELETE);
     }
     
-    public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionname) {
+    /**
-        return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_ADMINISTER);
+     * Checks if the user has administer access to the given connection.
+     * @param userID
+     * @param affectedConnectionName
+     * @return true if the user has access to this connection.
+     */
+    public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionName) {
+        return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_ADMINISTER);
     }
     
     /**
@@ -370,6 +643,16 @@ public class PermissionCheckUtility {
         return connectionIDs;
     }
     
+    public void verifyCreateUserPermission(int userID) throws GuacamolePermissionException {
+        if(!checkCreateUserPermission(userID))
+            throw new GuacamolePermissionException("User " + userID + " does not have permission to create users.");
+    }
+    
+    public void verifyCreateConnectionPermission(int userID) throws GuacamolePermissionException {
+        if(!checkCreateConnectionPermission(userID))
+            throw new GuacamolePermissionException("User " + userID + " does not have permission to create connections.");
+    }
+    
     /**
      * Check if the user has the permission to create users.
      * @param userID