GUAC-932: Migrate to PermissionSet for reading permissions.

2025-09-12 16:07:42 +00:00 · 2014-12-15 14:19:29 -08:00
parent b1db52541d
commit 68d3b7741e
15 changed files with 792 additions and 718 deletions
--- a/guacamole/src/main/webapp/app/rest/services/legacyConnectionGroupService.js
+++ b/guacamole/src/main/webapp/app/rest/services/legacyConnectionGroupService.js
@@ -25,9 +25,12 @@
 */
 angular.module('rest').factory('legacyConnectionGroupService', ['$injector', function legacyConnectionGroupService($injector) {
            
-    var connectionGroupService              = $injector.get('connectionGroupService');
+    // Get class dependencies
+    var PermissionSet = $injector.get("PermissionSet");
+
+    // Get services
+    var connectionGroupService          = $injector.get('connectionGroupService');
    var connectionService               = $injector.get('connectionService');
-    var permissionCheckService          = $injector.get('permissionCheckService');
    var $q                              = $injector.get('$q');
    var displayObjectPreparationService = $injector.get('displayObjectPreparationService');
            
@@ -196,8 +199,7 @@ angular.module('rest').factory('legacyConnectionGroupService', ['$injector', fun
                 * item, check now to see if the permission exists. If not,
                 * remove the item.
                 */
-                if(!permissionCheckService.checkPermission(permissionList, 
-                        "CONNECTION", item.identifier, requiredConnectionPermission)) {
+                if(!PermissionSet.hasConnectionPermission(permissionList, item.identifier, requiredConnectionPermission)) {
                    items.splice(i, 1);
                    continue;
                } 
@@ -210,8 +212,7 @@ angular.module('rest').factory('legacyConnectionGroupService', ['$injector', fun
                 * remove the item.
                 */
                if(requiredConnectionGroupPermission) {
-                    if(!permissionCheckService.checkPermission(permissionList, 
-                            "CONNECTION_GROUP", item.identifier, requiredConnectionGroupPermission)) {
+                    if(!PermissionSet.hasConnectionGroupPermission(permissionList, item.identifier, requiredConnectionGroupPermission)) {
                        items.splice(i, 1);
                        continue;
                    }    
--- a/guacamole/src/main/webapp/app/rest/services/permissionCheckService.js
+++ b/guacamole/src/main/webapp/app/rest/services/permissionCheckService.js
@@ -1,73 +0,0 @@
-/*
- * Copyright (C) 2014 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-/**
- * A service for checking if a specific permission exists 
- * in a given list of permissions.
- */
-angular.module('rest').factory('permissionCheckService', [
-        function permissionCheckService() {
-            
-    var service = {};
-    
-    /**
-     * A service for checking if the given permission list contains the given
-     * permission, defined by the objectType, objectID, and permissionType.
-     * If the objectType or objectID are not passed, they will not be checked.
-     * 
-     * For example, checkPermission(list, "CONNECTION", undefined, "READ") would
-     * check if the permission list contains permission to read any connection.
-     * 
-     * @param {array} permissions The array of permissions to check.
-     * @param {string} objectType The object type for the permission.
-     *                            If not passed, this will not be checked.
-     * @param {string} objectID The ID of the object the permission is for. 
-     *                          If not passed, this will not be checked.
-     * @param {string} permissionType The actual permission type to check for.
-     * @returns {boolean} True if the given permissions contain the requested permission, false otherwise.
-     */
-    service.checkPermission = function checkPermission(permissions, objectType, objectID, permissionType) {
-        
-        // Loop through all the permissions and check if any of them match the given parameters
-        for(var i = 0; i < permissions.length; i++) {
-            var permission = permissions[i];
-            
-            if(objectType === "SYSTEM") {
-                // System permissions have no object ID, we only need to check the type.
-                if(permission.permissionType === permissionType)
-                    return true;
-            }
-            else {
-                // Object permissions need to match the object ID and type if given.
-                if(permission.permissionType === permissionType && 
-                        (!objectType || permission.objectType === objectType) && 
-                        (!objectID || permission.objectID === objectID))
-                    return true;
-            }
-        }
-        
-        // Didn't find any that matched
-        return false;
-    }
-    
-    return service;
-}]);
--- a/guacamole/src/main/webapp/app/rest/services/permissionService.js
+++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js
@@ -37,12 +37,12 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
     * @param {String} userID
     *     The ID of the user to retrieve the permissions for.
     *                          
-     * @returns {Promise.<Permission[]>}
-     *     A promise which will resolve with an array of @link{Permission}
-     *     objects upon success.
+     * @returns {Promise.<PermissionSet>}
+     *     A promise which will resolve with a @link{PermissionSet} upon
+     *     success.
     */
    service.getPermissions = function getPermissions(userID) {
-        return $http.get("api/permission/" + userID + "/?token=" + authenticationService.getCurrentToken());
+        return $http.get("api/user/" + userID + "/permissions?token=" + authenticationService.getCurrentToken());
    };
    
    /**
@@ -51,14 +51,14 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
     * call.
     * 
     * @param {String} userID The ID of the user to add the permission for.
-     * @param {Permission[]} permissions The permissions to add.
+     * @param {PermissionSet} permissions The permissions to add.
     *                          
     * @returns {Promise}
     *     A promise for the HTTP call which will succeed if and only if the
     *     add operation is successful.
     */
    service.addPermissions = function addPermissions(userID, permissions) {
-        return service.patchPermissions(userID, permissions, []);
+        return service.patchPermissions(userID, permissions, null);
    };
    
    /**
@@ -67,14 +67,14 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
     * call.
     * 
     * @param {String} userID The ID of the user to remove the permission for.
-     * @param {Permission[]} permissions The permissions to remove.
+     * @param {PermissionSet} permissions The permissions to remove.
     *                          
     * @returns {Promise}
     *     A promise for the HTTP call which will succeed if and only if the
     *     remove operation is successful.
     */
    service.removePermissions = function removePermissions(userID, permissions) {
-        return service.patchPermissions(userID, [], permissions);
+        return service.patchPermissions(userID, null, permissions);
    };
    
    /**
@@ -83,8 +83,8 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
     * the call.
     * 
     * @param {String} userID The ID of the user to remove the permission for.
-     * @param {Permission[]} permissionsToAdd The permissions to add.
-     * @param {Permission[]} permissionsToRemove The permissions to remove.
+     * @param {PermissionSet} [permissionsToAdd] The permissions to add.
+     * @param {PermissionSet} [permissionsToRemove] The permissions to remove.
     *                          
     * @returns {Promise}
     *     A promise for the HTTP call which will succeed if and only if the
@@ -92,6 +92,8 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
     */
    service.patchPermissions = function patchPermissions(userID, permissionsToAdd, permissionsToRemove) {

+        // FIXME: This will NOT work, now that PermissionSet is used
+
        var i;
        var permissionPatch = [];
        
--- a/guacamole/src/main/webapp/app/rest/services/userService.js
+++ b/guacamole/src/main/webapp/app/rest/services/userService.js
@@ -36,7 +36,7 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
     * @param {String} [permissionType]
     *     The permission type string of the permission that the current user
     *     must have for a given user to appear within the list. Valid values
-     *     are listed within Permission.Type.
+     *     are listed within PermissionSet.ObjectType.
     *                          
     * @returns {Promise.<User[]>}
     *     A promise which will resolve with an array of @link{User} objects