safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-31 09:03:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-932: Migrate to PermissionSet for reading permissions.

Browse Source
This commit is contained in:
Michael Jumper
2014-12-15 14:19:29 -08:00
parent b1db52541d
commit 68d3b7741e
15 changed files with 792 additions and 718 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
guacamole/src/main/webapp/app/index/controllers/indexController.js
View File

@@ -25,10 +25,12 @@
*/
angular.module('index').controller('indexController', ['$scope', '$injector',
function indexController($scope, $injector) {
// Get the dependencies commonJS style
var permissionService = $injector.get("permissionService"),
permissionCheckService = $injector.get("permissionCheckService"),
// Get class dependencies
var PermissionSet = $injector.get("PermissionSet");
// Get services
var permissionService = $injector.get("permissionService"),
authenticationService = $injector.get("authenticationService"),
$q = $injector.get("$q"),
$document = $injector.get("$document"),
@@ -169,13 +171,15 @@ angular.module('index').controller('indexController', ['$scope', '$injector',
permissionService.getPermissions($scope.currentUserID).success(function fetchCurrentUserPermissions(permissions) {
$scope.currentUserPermissions = permissions;
// Will be true if the user is an admin
$scope.currentUserIsAdmin = permissionCheckService.checkPermission($scope.currentUserPermissions, "SYSTEM", undefined, "ADMINISTER");
// Whether the user has system-wide admin permission
$scope.currentUserIsAdmin = PermissionSet.hasSystemPermission($scope.currentUserPermissions, PermissionSet.SystemPermissionType.ADMINISTER);
// Whether the user can update at least one object
$scope.currentUserHasUpdate = $scope.currentUserIsAdmin
|| PermissionSet.hasConnectionPermission($scope.currentUserPermissions, "UPDATE")
|| PermissionSet.hasConnectionGroupPermission($scope.currentUserPermissions, "UPDATE")
|| PermissionSet.hasUserPermission($scope.currentUserPermissions, "UPDATE");
// Will be true if the user is an admin or has update access to any object
$scope.currentUserHasUpdate = $scope.currentUserIsAdmin ||
permissionCheckService.checkPermission($scope.currentUserPermissions, undefined, undefined, "UPDATE");
permissionsLoaded.resolve();
});
};

4
guacamole/src/main/webapp/app/manage/controllers/manageController.js
View File

@@ -27,7 +27,7 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
function manageController($scope, $injector) {
// Required types
var Permission = $injector.get('Permission');
var PermissionSet = $injector.get('PermissionSet');
// Required services
var legacyConnectionGroupService = $injector.get('legacyConnectionGroupService');
@@ -68,7 +68,7 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
});
// Retrieve all users for whom we have UPDATE permission
userService.getUsers(Permission.Type.UPDATE).success(function usersReceived(users) {
userService.getUsers(PermissionSet.ObjectPermissionType.UPDATE).success(function usersReceived(users) {
$scope.users = users;
$scope.loadingUsers = false;
});

13
guacamole/src/main/webapp/app/rest/services/legacyConnectionGroupService.js
View File

@@ -25,9 +25,12 @@
*/
angular.module('rest').factory('legacyConnectionGroupService', ['$injector', function legacyConnectionGroupService($injector) {
var connectionGroupService = $injector.get('connectionGroupService');
// Get class dependencies
var PermissionSet = $injector.get("PermissionSet");
// Get services
var connectionGroupService = $injector.get('connectionGroupService');
var connectionService = $injector.get('connectionService');
var permissionCheckService = $injector.get('permissionCheckService');
var $q = $injector.get('$q');
var displayObjectPreparationService = $injector.get('displayObjectPreparationService');
@@ -196,8 +199,7 @@ angular.module('rest').factory('legacyConnectionGroupService', ['$injector', fun
* item, check now to see if the permission exists. If not,
* remove the item.
*/
if(!permissionCheckService.checkPermission(permissionList,
"CONNECTION", item.identifier, requiredConnectionPermission)) {
if(!PermissionSet.hasConnectionPermission(permissionList, item.identifier, requiredConnectionPermission)) {
items.splice(i, 1);
continue;
}
@@ -210,8 +212,7 @@ angular.module('rest').factory('legacyConnectionGroupService', ['$injector', fun
* remove the item.
*/
if(requiredConnectionGroupPermission) {
if(!permissionCheckService.checkPermission(permissionList,
"CONNECTION_GROUP", item.identifier, requiredConnectionGroupPermission)) {
if(!PermissionSet.hasConnectionGroupPermission(permissionList, item.identifier, requiredConnectionGroupPermission)) {
items.splice(i, 1);
continue;
}

73
guacamole/src/main/webapp/app/rest/services/permissionCheckService.js
View File

@@ -1,73 +0,0 @@
/*
* Copyright (C) 2014 Glyptodon LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* A service for checking if a specific permission exists
* in a given list of permissions.
*/
angular.module('rest').factory('permissionCheckService', [
function permissionCheckService() {
var service = {};
/**
* A service for checking if the given permission list contains the given
* permission, defined by the objectType, objectID, and permissionType.
* If the objectType or objectID are not passed, they will not be checked.
*
* For example, checkPermission(list, "CONNECTION", undefined, "READ") would
* check if the permission list contains permission to read any connection.
*
* @param {array} permissions The array of permissions to check.
* @param {string} objectType The object type for the permission.
* If not passed, this will not be checked.
* @param {string} objectID The ID of the object the permission is for.
* If not passed, this will not be checked.
* @param {string} permissionType The actual permission type to check for.
* @returns {boolean} True if the given permissions contain the requested permission, false otherwise.
*/
service.checkPermission = function checkPermission(permissions, objectType, objectID, permissionType) {
// Loop through all the permissions and check if any of them match the given parameters
for(var i = 0; i < permissions.length; i++) {
var permission = permissions[i];
if(objectType === "SYSTEM") {
// System permissions have no object ID, we only need to check the type.
if(permission.permissionType === permissionType)
return true;
}
else {
// Object permissions need to match the object ID and type if given.
if(permission.permissionType === permissionType &&
(!objectType || permission.objectType === objectType) &&
(!objectID || permission.objectID === objectID))
return true;
}
}
// Didn't find any that matched
return false;
}
return service;
}]);

22
guacamole/src/main/webapp/app/rest/services/permissionService.js
View File

@@ -37,12 +37,12 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
* @param {String} userID
* The ID of the user to retrieve the permissions for.
*
* @returns {Promise.<Permission[]>}
* A promise which will resolve with an array of @link{Permission}
* objects upon success.
* @returns {Promise.<PermissionSet>}
* A promise which will resolve with a @link{PermissionSet} upon
* success.
*/
service.getPermissions = function getPermissions(userID) {
return $http.get("api/permission/" + userID + "/?token=" + authenticationService.getCurrentToken());
return $http.get("api/user/" + userID + "/permissions?token=" + authenticationService.getCurrentToken());
};
/**
@@ -51,14 +51,14 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
* call.
*
* @param {String} userID The ID of the user to add the permission for.
* @param {Permission[]} permissions The permissions to add.
* @param {PermissionSet} permissions The permissions to add.
*
* @returns {Promise}
* A promise for the HTTP call which will succeed if and only if the
* add operation is successful.
*/
service.addPermissions = function addPermissions(userID, permissions) {
return service.patchPermissions(userID, permissions, []);
return service.patchPermissions(userID, permissions, null);
};
/**
@@ -67,14 +67,14 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
* call.
*
* @param {String} userID The ID of the user to remove the permission for.
* @param {Permission[]} permissions The permissions to remove.
* @param {PermissionSet} permissions The permissions to remove.
*
* @returns {Promise}
* A promise for the HTTP call which will succeed if and only if the
* remove operation is successful.
*/
service.removePermissions = function removePermissions(userID, permissions) {
return service.patchPermissions(userID, [], permissions);
return service.patchPermissions(userID, null, permissions);
};
/**
@@ -83,8 +83,8 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
* the call.
*
* @param {String} userID The ID of the user to remove the permission for.
* @param {Permission[]} permissionsToAdd The permissions to add.
* @param {Permission[]} permissionsToRemove The permissions to remove.
* @param {PermissionSet} [permissionsToAdd] The permissions to add.
* @param {PermissionSet} [permissionsToRemove] The permissions to remove.
*
* @returns {Promise}
* A promise for the HTTP call which will succeed if and only if the
@@ -92,6 +92,8 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
*/
service.patchPermissions = function patchPermissions(userID, permissionsToAdd, permissionsToRemove) {
// FIXME: This will NOT work, now that PermissionSet is used
var i;
var permissionPatch = [];

2
guacamole/src/main/webapp/app/rest/services/userService.js
View File

@@ -36,7 +36,7 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
* @param {String} [permissionType]
* The permission type string of the permission that the current user
* must have for a given user to appear within the list. Valid values
* are listed within Permission.Type.
* are listed within PermissionSet.ObjectType.
*
* @returns {Promise.<User[]>}
* A promise which will resolve with an array of @link{User} objects

153
guacamole/src/main/webapp/app/rest/types/Permission.js
View File

@@ -1,153 +0,0 @@
/*
* Copyright (C) 2014 Glyptodon LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* Service which defines the Permission class.
*/
angular.module('rest').factory('Permission', [function definePermission() {
/**
* The object returned by REST API calls when representing the data
* associated with a supported remote desktop protocol.
*
* @constructor
* @param {Permission|Object} [template={}]
* The object whose properties should be copied within the new
* Permission.
*/
var Permission = function Permission(template) {
// Use empty object by default
template = template || {};
/**
* The type of object associated with this permission.
*
* @type String
*/
this.objectType = template.objectType;
/**
* The identifier of the specific object associated with this
* permission. If the objectType is Permission.ObjectType.SYSTEM, this
* property is not applicable.
*
* @type String
*/
this.objectIdentifier = template.objectIdentifier;
/**
* The type of this permission, representing the actions granted if
* this permission is present, such as the ability to read or update
* specific objects. Legal values are specified within
* Permission.Type and depend on this permission's objectType.
*
* @type String
*/
this.permissionType = template.permissionType;
};
/**
* Valid object type strings.
*/
Permission.ObjectType = {
/**
* The permission refers to a specific connection, identified by the
* value of objectIdentifier.
*/
CONNECTION : "CONNECTION",
/**
* The permission refers to a specific connection group, identified by
* the value of objectIdentifier.
*/
CONNECTION_GROUP : "CONNECTION_GROUP",
/**
* The permission refers to a specific user, identified by the value of
* objectIdentifier.
*/
USER : "USER",
/**
* The permission refers to the system as a whole, and the
* objectIdentifier propery is not applicable.
*/
SYSTEM : "SYSTEM"
};
/**
* Valid permission type strings.
*/
Permission.Type = {
/**
* Permission to read from the specified object. This permission type
* does not apply to SYSTEM permissions.
*/
READ : "READ",
/**
* Permission to update the specified object. This permission type does
* not apply to SYSTEM permissions.
*/
UPDATE : "UPDATE",
/**
* Permission to delete the specified object. This permission type does
* not apply to SYSTEM permissions.
*/
DELETE : "DELETE",
/**
* Permission to administer the specified object or, if the permission
* refers to the system as a whole, permission to administer the entire
* system.
*/
ADMINISTER : "ADMINISTER",
/**
* Permission to create new users. This permission type may only be
* applied to the system as a whole.
*/
CREATE_USER : "CREATE_USER",
/**
* Permission to create new connections. This permission type may only
* be applied to the system as a whole.
*/
CREATE_CONNECTION : "CREATE_CONNECTION",
/**
* Permission to create new connection groups. This permission type may
* only be applied to the system as a whole.
*/
CREATE_CONNECTION_GROUP : "CREATE_CONNECTION_GROUP"
};
return Permission;
}]);

280
guacamole/src/main/webapp/app/rest/types/PermissionSet.js Normal file
View File

@@ -0,0 +1,280 @@
/*
* Copyright (C) 2014 Glyptodon LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
/**
* Service which defines the PermissionSet class.
*/
angular.module('rest').factory('PermissionSet', [function definePermissionSet() {
/**
* The object returned by REST API calls when representing the permissions
* granted to a specific user.
*
* @constructor
* @param {PermissionSet|Object} [template={}]
* The object whose properties should be copied within the new
* PermissionSet.
*/
var PermissionSet = function Permission(template) {
// Use empty object by default
template = template || {};
/**
* Map of connection identifiers to the corresponding array of granted
* permissions. Each permission is represented by a string listed
* within PermissionSet.ObjectPermissionType.
*
* @type Object.<String, String[]>
*/
this.connectionPermissions = template.connectionPermissions || {};
/**
* Map of connection group identifiers to the corresponding array of
* granted permissions. Each permission is represented by a string
* listed within PermissionSet.ObjectPermissionType.
*
* @type Object.<String, String[]>
*/
this.connectionGroupPermissions = template.connectionGroupPermissions || {};
/**
* Map of user identifiers to the corresponding array of granted
* permissions. Each permission is represented by a string listed
* within PermissionSet.ObjectPermissionType.
*
* @type Object.<String, String[]>
*/
this.userPermissions = template.userPermissions || {};
/**
* Array of granted system permissions. Each permission is represented
* by a string listed within PermissionSet.SystemPermissionType.
*
* @type String[]
*/
this.systemPermissions = template.systemPermissions || [];
};
/**
* Valid object permission type strings.
*/
PermissionSet.ObjectPermissionType = {
/**
* Permission to read from the specified object.
*/
READ : "READ",
/**
* Permission to update the specified object.
*/
UPDATE : "UPDATE",
/**
* Permission to delete the specified object.
*/
DELETE : "DELETE",
/**
* Permission to administer the specified object
*/
ADMINISTER : "ADMINISTER"
};
/**
* Valid system permission type strings.
*/
PermissionSet.SystemPermissionType = {
/**
* Permission to administer the entire system.
*/
ADMINISTER : "ADMINISTER",
/**
* Permission to create new users.
*/
CREATE_USER : "CREATE_USER",
/**
* Permission to create new connections.
*/
CREATE_CONNECTION : "CREATE_CONNECTION",
/**
* Permission to create new connection groups.
*/
CREATE_CONNECTION_GROUP : "CREATE_CONNECTION_GROUP"
};
/**
* Returns whether the given permission is granted for at least one
* arbitrary object, regardless of ID.
*
* @param {Object.<String, String[]>} permMap
* The permission map to check, where each entry maps an object
* identifer to the array of granted permissions.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
var containsPermission = function containsPermission(permMap, type) {
// Search all identifiers for given permission
for (var identifier in permMap) {
// If permission is granted, then no further searching is necessary
if (permMap[identifier].indexOf(type) !== -1)
return true;
}
// No such permission exists
return false;
};
/**
* Returns whether the given permission is granted for the arbitrary
* object having the given ID. If no ID is given, this function determines
* whether the permission is granted at all for any such arbitrary object.
*
* @param {Object.<String, String[]>} permMap
* The permission map to check, where each entry maps an object
* identifer to the array of granted permissions.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} [identifier]
* The identifier of the object to which the permission applies.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
var hasPermission = function hasPermission(permMap, type, identifier) {
// If no identifier given, search ignoring the identifier
if (!identifier)
return containsPermission(permMap, type);
// If identifier not present at all, there are no such permissions
if (!(identifier in permMap))
return false;
return permMap[identifier].indexOf(type) !== -1;
};
/**
* Returns whether the given permission is granted for the connection
* having the given ID.
*
* @param {PermissionSet|Object} permSet
* The permission set to check.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the connection to which the permission applies.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
PermissionSet.hasConnectionPermission = function hasConnectionPermission(permSet, type, identifier) {
return hasPermission(permSet.connectionPermissions, type, identifier);
};
/**
* Returns whether the given permission is granted for the connection group
* having the given ID.
*
* @param {PermissionSet|Object} permSet
* The permission set to check.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the connection group to which the permission
* applies.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
PermissionSet.hasConnectionGroupPermission = function hasConnectionGroupPermission(permSet, type, identifier) {
return hasPermission(permSet.connectionGroupPermissions, type, identifier);
};
/**
* Returns whether the given permission is granted for the user having the
* given ID.
*
* @param {PermissionSet|Object} permSet
* The permission set to check.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.ObjectPermissionType.
*
* @param {String} identifier
* The identifier of the user to which the permission applies.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
PermissionSet.hasUserPermission = function hasUserPermission(permSet, type, identifier) {
return hasPermission(permSet.userPermissions, type, identifier);
};
/**
* Returns whether the given permission is granted at the system level.
*
* @param {PermissionSet|Object} permSet
* The permission set to check.
*
* @param {String} type
* The permission to search for, as defined by
* PermissionSet.SystemPermissionType.
*
* @returns {Boolean}
* true if the permission is present (granted), false otherwise.
*/
PermissionSet.hasSystemPermission = function hasSystemPermission(permSet, type) {
return permSet.systemPermissions.indexOf(type) !== -1;
};
return PermissionSet;
}]);