From 9f01fcb1558b11b52c78bcddee2ea601ab4b102c Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 19 Apr 2018 14:38:24 -0700 Subject: [PATCH 01/11] GUACAMOLE-220: Add JavaScript service for retrieving/manipulating user groups. --- .../webapp/app/rest/services/cacheService.js | 3 +- .../app/rest/services/membershipService.js | 385 ++++++++++++++++++ .../app/rest/services/userGroupService.js | 223 ++++++++++ .../app/rest/types/RelatedObjectPatch.js | 85 ++++ .../main/webapp/app/rest/types/UserGroup.js | 59 +++ 5 files changed, 754 insertions(+), 1 deletion(-) create mode 100644 guacamole/src/main/webapp/app/rest/services/membershipService.js create mode 100644 guacamole/src/main/webapp/app/rest/services/userGroupService.js create mode 100644 guacamole/src/main/webapp/app/rest/types/RelatedObjectPatch.js create mode 100644 guacamole/src/main/webapp/app/rest/types/UserGroup.js diff --git a/guacamole/src/main/webapp/app/rest/services/cacheService.js b/guacamole/src/main/webapp/app/rest/services/cacheService.js index 55b7fc1d2..9a32004d3 100644 --- a/guacamole/src/main/webapp/app/rest/services/cacheService.js +++ b/guacamole/src/main/webapp/app/rest/services/cacheService.js @@ -60,7 +60,8 @@ angular.module('rest').factory('cacheService', ['$injector', service.schema = $cacheFactory('API-SCHEMA'); /** - * Shared cache used by both userService and permissionService. + * Shared cache used by userService, userGroupService, permissionService, + * and membershipService. * * @type $cacheFactory.Cache */ diff --git a/guacamole/src/main/webapp/app/rest/services/membershipService.js b/guacamole/src/main/webapp/app/rest/services/membershipService.js new file mode 100644 index 000000000..58181c897 --- /dev/null +++ b/guacamole/src/main/webapp/app/rest/services/membershipService.js @@ -0,0 +1,385 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Service for operating on user group memberships via the REST API. + */ +angular.module('rest').factory('membershipService', ['$injector', + function membershipService($injector) { + + // Required services + var requestService = $injector.get('requestService'); + var authenticationService = $injector.get('authenticationService'); + var cacheService = $injector.get('cacheService'); + + // Required types + var RelatedObjectPatch = $injector.get('RelatedObjectPatch'); + + var service = {}; + + /** + * Creates a new array of patches which represents the given changes to an + * arbitrary set of objects sharing some common relation. + * + * @param {String[]} [identifiersToAdd] + * The identifiers of all objects which should be added to the + * relation, if any. + * + * @param {String[]} [identifiersToRemove] + * The identifiers of all objects which should be removed from the + * relation, if any. + * + * @returns {RelatedObjectPatch[]} + * A new array of patches which represents the given changes. + */ + var getRelatedObjectPatch = function getRelatedObjectPatch(identifiersToAdd, identifiersToRemove) { + + var patch = []; + + angular.forEach(identifiersToAdd, function addIdentifier(identifier) { + patch.push(new RelatedObjectPatch({ + op : RelatedObjectPatch.Operation.ADD, + value : identifier + })); + }); + + angular.forEach(identifiersToRemove, function removeIdentifier(identifier) { + patch.push(new RelatedObjectPatch({ + op : RelatedObjectPatch.Operation.REMOVE, + value : identifier + })); + }); + + return patch; + + }; + + /** + * Returns the URL for the REST resource most appropriate for accessing + * the parent user groups of the user or group having the given identifier. + * + * It is important to note that a particular data source can authenticate + * and provide user groups for a user, even if that user does not exist + * within that data source (and thus cannot be found beneath + * "api/session/data/{dataSource}/users") + * + * @param {String} dataSource + * The unique identifier of the data source containing the user or + * group whose parent user groups should be retrieved. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @param {String} identifier + * The identifier of the user or group for which the URL of the proper + * REST resource should be derived. + * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. + * + * @returns {String} + * The URL for the REST resource representing the parent user groups of + * the user or group having the given identifier. + */ + var getUserGroupsResourceURL = function getUserGroupsResourceURL(dataSource, identifier, group) { + + // Create base URL for data source + var base = 'api/session/data/' + encodeURIComponent(dataSource); + + // Access parent groups directly (there is no "self" for user groups + // as there is for users) + if (group) + return base + '/userGroups/' + encodeURIComponent(identifier) + '/userGroups'; + + // If the username is that of the current user, do not rely on the + // user actually existing (they may not). Access their parent groups via + // "self" rather than the collection of defined users. + if (identifier === authenticationService.getCurrentUsername()) + return base + '/self/userGroups'; + + // Otherwise, the user must exist for their parent groups to be + // accessible. Use the collection of defined users. + return base + '/users/' + encodeURIComponent(identifier) + '/userGroups'; + + }; + + /** + * Makes a request to the REST API to retrieve the identifiers of all + * parent user groups of which a given user or group is a member, returning + * a promise that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user or + * group whose parent user groups should be retrieved. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @param {String} identifier + * The identifier of the user or group to retrieve the parent user + * groups of. + * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. + * + * @returns {Promise.} + * A promise for the HTTP call which will resolve with an array + * containing the requested identifiers upon success. + */ + service.getUserGroups = function getUserGroups(dataSource, identifier, group) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Retrieve parent groups + return requestService({ + cache : cacheService.users, + method : 'GET', + url : getUserGroupsResourceURL(dataSource, identifier, group), + params : httpParameters + }); + + }; + + /** + * Makes a request to the REST API to modify the parent user groups of + * which a given user or group is a member, returning a promise that can be + * used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user or + * group whose parent user groups should be modified. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @param {String} identifier + * The identifier of the user or group to modify the parent user + * groups of. + * + * @param {String[]} [addToUserGroups] + * The identifier of all parent user groups to which the given user or + * group should be added as a member, if any. + * + * @param {String[]} [removeFromUserGroups] + * The identifier of all parent user groups from which the given member + * user or group should be removed, if any. + * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * patch operation is successful. + */ + service.patchUserGroups = function patchUserGroups(dataSource, identifier, + addToUserGroups, removeFromUserGroups, group) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Update parent user groups + return requestService({ + method : 'PATCH', + url : getUserGroupsResourceURL(dataSource, identifier, group), + params : httpParameters, + data : getRelatedObjectPatch(addToUserGroups, removeFromUserGroups) + }) + + // Clear the cache + .then(function parentUserGroupsChanged(){ + cacheService.users.removeAll(); + }); + + }; + + /** + * Makes a request to the REST API to retrieve the identifiers of all + * users which are members of the given user group, returning a promise + * that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * whose member users should be retrieved. This identifier corresponds + * to an AuthenticationProvider within the Guacamole web application. + * + * @param {String} identifier + * The identifier of the user group to retrieve the member users of. + * + * @returns {Promise.} + * A promise for the HTTP call which will resolve with an array + * containing the requested identifiers upon success. + */ + service.getMemberUsers = function getMemberUsers(dataSource, identifier) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Retrieve member users + return requestService({ + cache : cacheService.users, + method : 'GET', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier) + '/memberUsers', + params : httpParameters + }); + + }; + + /** + * Makes a request to the REST API to modify the member users of a given + * user group, returning a promise that can be used for processing the + * results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * whose member users should be modified. This identifier corresponds + * to an AuthenticationProvider within the Guacamole web application. + * + * @param {String} identifier + * The identifier of the user group to modify the member users of. + * + * @param {String[]} [usersToAdd] + * The identifier of all users to add as members of the given user + * group, if any. + * + * @param {String[]} [usersToRemove] + * The identifier of all users to remove from the given user group, + * if any. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * patch operation is successful. + */ + service.patchMemberUsers = function patchMemberUsers(dataSource, identifier, + usersToAdd, usersToRemove) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Update member users + return requestService({ + method : 'PATCH', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier) + '/memberUsers', + params : httpParameters, + data : getRelatedObjectPatch(usersToAdd, usersToRemove) + }) + + // Clear the cache + .then(function memberUsersChanged(){ + cacheService.users.removeAll(); + }); + + }; + + /** + * Makes a request to the REST API to retrieve the identifiers of all + * user groups which are members of the given user group, returning a + * promise that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * whose member user groups should be retrieved. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @param {String} identifier + * The identifier of the user group to retrieve the member user + * groups of. + * + * @returns {Promise.} + * A promise for the HTTP call which will resolve with an array + * containing the requested identifiers upon success. + */ + service.getMemberUserGroups = function getMemberUserGroups(dataSource, identifier) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Retrieve member user groups + return requestService({ + cache : cacheService.users, + method : 'GET', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier) + '/memberUserGroups', + params : httpParameters + }); + + }; + + /** + * Makes a request to the REST API to modify the member user groups of a + * given user group, returning a promise that can be used for processing + * the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * whose member user groups should be modified. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @param {String} identifier + * The identifier of the user group to modify the member user groups of. + * + * @param {String[]} [userGroupsToAdd] + * The identifier of all user groups to add as members of the given + * user group, if any. + * + * @param {String[]} [userGroupsToRemove] + * The identifier of all member user groups to remove from the given + * user group, if any. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * patch operation is successful. + */ + service.patchMemberUserGroups = function patchMemberUserGroups(dataSource, + identifier, userGroupsToAdd, userGroupsToRemove) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Update member user groups + return requestService({ + method : 'PATCH', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier) + '/memberUserGroups', + params : httpParameters, + data : getRelatedObjectPatch(userGroupsToAdd, userGroupsToRemove) + }) + + // Clear the cache + .then(function memberUserGroupsChanged(){ + cacheService.users.removeAll(); + }); + + }; + + return service; + +}]); diff --git a/guacamole/src/main/webapp/app/rest/services/userGroupService.js b/guacamole/src/main/webapp/app/rest/services/userGroupService.js new file mode 100644 index 000000000..ad29837f5 --- /dev/null +++ b/guacamole/src/main/webapp/app/rest/services/userGroupService.js @@ -0,0 +1,223 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Service for operating on user groups via the REST API. + */ +angular.module('rest').factory('userGroupService', ['$injector', + function userGroupService($injector) { + + // Required services + var requestService = $injector.get('requestService'); + var authenticationService = $injector.get('authenticationService'); + var cacheService = $injector.get('cacheService'); + + var service = {}; + + /** + * Makes a request to the REST API to get the list of user groups, + * returning a promise that provides an array of @link{UserGroup} objects if + * successful. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user groups + * to be retrieved. This identifier corresponds to an + * AuthenticationProvider within the Guacamole web application. + * + * @param {String[]} [permissionTypes] + * The set of permissions to filter with. A user group must have one or + * more of these permissions for a user group to appear in the result. + * If null, no filtering will be performed. Valid values are listed + * within PermissionSet.ObjectType. + * + * @returns {Promise.>} + * A promise which will resolve with a map of @link{UserGroup} objects + * where each key is the identifier of the corresponding user group. + */ + service.getUserGroups = function getUserGroups(dataSource, permissionTypes) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Add permission filter if specified + if (permissionTypes) + httpParameters.permission = permissionTypes; + + // Retrieve user groups + return requestService({ + cache : cacheService.users, + method : 'GET', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups', + params : httpParameters + }); + + }; + + /** + * Makes a request to the REST API to get the user group having the given + * identifier, returning a promise that provides the corresponding + * @link{UserGroup} if successful. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group to + * be retrieved. This identifier corresponds to an + * AuthenticationProvider within the Guacamole web application. + * + * @param {String} identifier + * The identifier of the user group to retrieve. + * + * @returns {Promise.} + * A promise which will resolve with a @link{UserGroup} upon success. + */ + service.getUserGroup = function getUserGroup(dataSource, identifier) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Retrieve user group + return requestService({ + cache : cacheService.users, + method : 'GET', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier), + params : httpParameters + }); + + }; + + /** + * Makes a request to the REST API to delete a user group, returning a + * promise that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group to + * be deleted. This identifier corresponds to an AuthenticationProvider + * within the Guacamole web application. + * + * @param {UserGroup} userGroup + * The user group to delete. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * delete operation is successful. + */ + service.deleteUserGroup = function deleteUserGroup(dataSource, userGroup) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Delete user group + return requestService({ + method : 'DELETE', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(userGroup.identifier), + params : httpParameters + }) + + // Clear the cache + .then(function userGroupDeleted(){ + cacheService.users.removeAll(); + }); + + + }; + + /** + * Makes a request to the REST API to create a user group, returning a promise + * that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source in which the user group + * should be created. This identifier corresponds to an + * AuthenticationProvider within the Guacamole web application. + * + * @param {UserGroup} userGroup + * The user group to create. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * create operation is successful. + */ + service.createUserGroup = function createUserGroup(dataSource, userGroup) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Create user group + return requestService({ + method : 'POST', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups', + params : httpParameters, + data : userGroup + }) + + // Clear the cache + .then(function userGroupCreated(){ + cacheService.users.removeAll(); + }); + + }; + + /** + * Makes a request to the REST API to save a user group, returning a + * promise that can be used for processing the results of the call. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group to + * be updated. This identifier corresponds to an AuthenticationProvider + * within the Guacamole web application. + * + * @param {UserGroup} userGroup + * The user group to update. + * + * @returns {Promise} + * A promise for the HTTP call which will succeed if and only if the + * save operation is successful. + */ + service.saveUserGroup = function saveUserGroup(dataSource, userGroup) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Update user group + return requestService({ + method : 'PUT', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(userGroup.identifier), + params : httpParameters, + data : userGroup + }) + + // Clear the cache + .then(function userGroupUpdated(){ + cacheService.users.removeAll(); + }); + + }; + + return service; + +}]); diff --git a/guacamole/src/main/webapp/app/rest/types/RelatedObjectPatch.js b/guacamole/src/main/webapp/app/rest/types/RelatedObjectPatch.js new file mode 100644 index 000000000..bb82def73 --- /dev/null +++ b/guacamole/src/main/webapp/app/rest/types/RelatedObjectPatch.js @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Service which defines the RelatedObjectPatch class. + */ +angular.module('rest').factory('RelatedObjectPatch', [function defineRelatedObjectPatch() { + + /** + * The object returned by REST API calls when representing changes to an + * arbitrary set of objects which share some common relation. + * + * @constructor + * @param {RelatedObjectPatch|Object} [template={}] + * The object whose properties should be copied within the new + * RelatedObjectPatch. + */ + var RelatedObjectPatch = function RelatedObjectPatch(template) { + + // Use empty object by default + template = template || {}; + + /** + * The operation to apply to the objects indicated by the path. Valid + * operation values are defined within RelatedObjectPatch.Operation. + * + * @type String + */ + this.op = template.op; + + /** + * The path of the objects to modify. This will always be "/". + * + * @type String + * @default '/' + */ + this.path = template.path || '/'; + + /** + * The identifier of the object being added or removed from the + * relation. + * + * @type String + */ + this.value = template.value; + + }; + + /** + * All valid patch operations for objects sharing some common relation. + * Currently, only add and remove are supported. + */ + RelatedObjectPatch.Operation = { + + /** + * Adds the specified object to the relation. + */ + ADD : "add", + + /** + * Removes the specified object from the relation. + */ + REMOVE : "remove" + + }; + + return RelatedObjectPatch; + +}]); \ No newline at end of file diff --git a/guacamole/src/main/webapp/app/rest/types/UserGroup.js b/guacamole/src/main/webapp/app/rest/types/UserGroup.js new file mode 100644 index 000000000..03b73e29f --- /dev/null +++ b/guacamole/src/main/webapp/app/rest/types/UserGroup.js @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * Service which defines the UserGroup class. + */ +angular.module('rest').factory('UserGroup', [function defineUserGroup() { + + /** + * The object returned by REST API calls when representing the data + * associated with a user group. + * + * @constructor + * @param {UserGroup|Object} [template={}] + * The object whose properties should be copied within the new + * UserGroup. + */ + var UserGroup = function UserGroup(template) { + + // Use empty object by default + template = template || {}; + + /** + * The name which uniquely identifies this user group. + * + * @type String + */ + this.identifier = template.identifier; + + /** + * Arbitrary name/value pairs which further describe this user group. + * The semantics and validity of these attributes are dictated by the + * extension which defines them. + * + * @type Object. + */ + this.attributes = {}; + + }; + + return UserGroup; + +}]); \ No newline at end of file From 55bcf25a1c53f85ba2383fc83b46e2bc2ccd05af Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 19 Apr 2018 14:39:04 -0700 Subject: [PATCH 02/11] GUACAMOLE-220: Allow manipulation and retrieval of user group permissions via JavaScript. --- .../app/rest/services/permissionService.js | 91 +++++++++++++------ .../app/rest/types/PermissionFlagSet.js | 23 ++++- .../webapp/app/rest/types/PermissionSet.js | 82 ++++++++++++++++- 3 files changed, 163 insertions(+), 33 deletions(-) diff --git a/guacamole/src/main/webapp/app/rest/services/permissionService.js b/guacamole/src/main/webapp/app/rest/services/permissionService.js index 6d3dfdf5e..21c5a02ec 100644 --- a/guacamole/src/main/webapp/app/rest/services/permissionService.js +++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js @@ -45,6 +45,11 @@ angular.module('rest').factory('permissionService', ['$injector', * within that data source (and thus cannot be found beneath * "api/session/data/{dataSource}/users") * + * NOTE: Unlike getPermissionsResourceURL(), + * getEffectivePermissionsResourceURL() CANNOT be applied to user groups. + * Only users have retrievable effective permissions as far as the REST API + * is concerned. + * * @param {String} dataSource * The unique identifier of the data source containing the user whose * permissions should be retrieved. This identifier corresponds to an @@ -82,6 +87,10 @@ angular.module('rest').factory('permissionService', ['$injector', * from the permissions returned via getPermissions() in that permissions * which are not directly granted to the user are included. * + * NOTE: Unlike getPermissions(), getEffectivePermissions() CANNOT be + * applied to user groups. Only users have retrievable effective + * permissions as far as the REST API is concerned. + * * @param {String} dataSource * The unique identifier of the data source containing the user whose * permissions should be retrieved. This identifier corresponds to an @@ -113,10 +122,10 @@ angular.module('rest').factory('permissionService', ['$injector', /** * Returns the URL for the REST resource most appropriate for accessing - * the permissions of the user having the given identifier. The permissions - * retrieved differ from effective permissions (those returned by - * getEffectivePermissions()) in that only permissions which are directly - * granted to the user are included. + * the permissions of the user or group having the given identifier. The + * permissions retrieved differ from effective permissions (those returned + * by getEffectivePermissions()) in that only permissions which are directly + * granted to the user or group are included. * * It is important to note that a particular data source can authenticate * and provide permissions for a user, even if that user does not exist @@ -129,18 +138,27 @@ angular.module('rest').factory('permissionService', ['$injector', * AuthenticationProvider within the Guacamole web application. * * @param {String} identifier - * The identifier of the user for which the URL of the proper REST - * resource should be derived. + * The identifier of the user or group for which the URL of the proper + * REST resource should be derived. + * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. * * @returns {String} - * The URL for the REST resource representing the user having the given - * identifier. + * The URL for the REST resource representing the user or group having + * the given identifier. */ - var getPermissionsResourceURL = function getPermissionsResourceURL(dataSource, identifier) { + var getPermissionsResourceURL = function getPermissionsResourceURL(dataSource, identifier, group) { // Create base URL for data source var base = 'api/session/data/' + encodeURIComponent(dataSource); + // Access group permissions directly (there is no "self" for user groups + // as there is for users) + if (group) + return base + '/userGroups/' + encodeURIComponent(identifier) + '/permissions'; + // If the username is that of the current user, do not rely on the // user actually existing (they may not). Access their permissions via // "self" rather than the collection of defined users. @@ -155,36 +173,41 @@ angular.module('rest').factory('permissionService', ['$injector', /** * Makes a request to the REST API to get the list of permissions for a - * given user, returning a promise that provides an array of + * given user or user group, returning a promise that provides an array of * @link{Permission} objects if successful. The permissions retrieved * differ from effective permissions (those returned by - * getEffectivePermissions()) in that only permissions which are directly - * granted to the user included. + * getEffectivePermissions()) in that both users and groups may be queried, + * and only permissions which are directly granted to the user or group are + * included. * * @param {String} dataSource - * The unique identifier of the data source containing the user whose - * permissions should be retrieved. This identifier corresponds to an - * AuthenticationProvider within the Guacamole web application. + * The unique identifier of the data source containing the user or group + * whose permissions should be retrieved. This identifier corresponds to + * an AuthenticationProvider within the Guacamole web application. * * @param {String} identifier - * The identifier of the user to retrieve the permissions for. + * The identifier of the user or group to retrieve the permissions for. + * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. * * @returns {Promise.} * A promise which will resolve with a @link{PermissionSet} upon * success. */ - service.getPermissions = function getPermissions(dataSource, identifier) { + service.getPermissions = function getPermissions(dataSource, identifier, group) { // Build HTTP parameters set var httpParameters = { token : authenticationService.getCurrentToken() }; - // Retrieve user permissions + // Retrieve user/group permissions return requestService({ cache : cacheService.users, method : 'GET', - url : getPermissionsResourceURL(dataSource, identifier), + url : getPermissionsResourceURL(dataSource, identifier, group), params : httpParameters }); @@ -261,6 +284,10 @@ angular.module('rest').factory('permissionService', ['$injector', addObjectPatchOperations(patch, operation, "/userPermissions", permissions.userPermissions); + // Add user group permission operations to patch + addObjectPatchOperations(patch, operation, "/userGroupPermissions", + permissions.userGroupPermissions); + // Add system operations to patch permissions.systemPermissions.forEach(function addSystemPatch(type) { patch.push({ @@ -274,18 +301,18 @@ angular.module('rest').factory('permissionService', ['$injector', /** * Makes a request to the REST API to modify the permissions for a given - * user, returning a promise that can be used for processing the results of - * the call. This request affects only the permissions directly granted to - * the user, and may not affect permissions inherited through other means - * (effective permissions). + * user or group, returning a promise that can be used for processing the + * results of the call. This request affects only the permissions directly + * granted to the user or group, and may not affect permissions inherited + * through other means (effective permissions). * * @param {String} dataSource - * The unique identifier of the data source containing the user whose - * permissions should be modified. This identifier corresponds to an - * AuthenticationProvider within the Guacamole web application. + * The unique identifier of the data source containing the user or group + * whose permissions should be modified. This identifier corresponds to + * an AuthenticationProvider within the Guacamole web application. * * @param {String} identifier - * The identifier of the user to modify the permissions of. + * The identifier of the user or group to modify the permissions of. * * @param {PermissionSet} [permissionsToAdd] * The set of permissions to add, if any. @@ -293,12 +320,16 @@ angular.module('rest').factory('permissionService', ['$injector', * @param {PermissionSet} [permissionsToRemove] * The set of permissions to remove, if any. * + * @param {Boolean} [group] + * Whether the provided identifier refers to a user group. If false or + * omitted, the identifier given is assumed to refer to a user. + * * @returns {Promise} * A promise for the HTTP call which will succeed if and only if the * patch operation is successful. */ service.patchPermissions = function patchPermissions(dataSource, identifier, - permissionsToAdd, permissionsToRemove) { + permissionsToAdd, permissionsToRemove, group) { var permissionPatch = []; @@ -313,10 +344,10 @@ angular.module('rest').factory('permissionService', ['$injector', // Add all the remove operations to the patch addPatchOperations(permissionPatch, PermissionPatch.Operation.REMOVE, permissionsToRemove); - // Patch user permissions + // Patch user/group permissions return requestService({ method : 'PATCH', - url : getPermissionsResourceURL(dataSource, identifier), + url : getPermissionsResourceURL(dataSource, identifier, group), params : httpParameters, data : permissionPatch }) diff --git a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js index 64b942bea..f79e3b964 100644 --- a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js +++ b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js @@ -133,7 +133,7 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', * true. Valid permission type strings are defined within * PermissionSet.ObjectPermissionType. Permissions which are not * granted may be set to false, but this is not required. - * + * * @type Object.> */ this.userPermissions = template.userPermissions || { @@ -143,6 +143,24 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', 'ADMINISTER' : {} }; + /** + * The granted state of each permission for each user group, as a map of + * object permission type string to permission map. The permission map + * is, in turn, a map of group identifier to boolean value. A particular + * permission is granted if its corresponding boolean value is set to + * true. Valid permission type strings are defined within + * PermissionSet.ObjectPermissionType. Permissions which are not + * granted may be set to false, but this is not required. + * + * @type Object.> + */ + this.userGroupPermissions = template.userGroupPermissions || { + 'READ' : {}, + 'UPDATE' : {}, + 'DELETE' : {}, + 'ADMINISTER' : {} + }; + }; /** @@ -216,6 +234,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet', // Add all granted user permissions addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions); + // Add all granted user group permissions + addObjectPermissions(permissionSet.userGroupPermissions, permissionFlagSet.userGroupPermissions); + return permissionFlagSet; }; diff --git a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js index 8fd1ef684..2bc2e9eb4 100644 --- a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js +++ b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js @@ -81,6 +81,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() */ this.userPermissions = template.userPermissions || {}; + /** + * Map of user group identifiers to the corresponding array of granted + * permissions. Each permission is represented by a string listed + * within PermissionSet.ObjectPermissionType. + * + * @type Object. + */ + this.userGroupPermissions = template.userGroupPermissions || {}; + /** * Array of granted system permissions. Each permission is represented * by a string listed within PermissionSet.SystemPermissionType. @@ -306,7 +315,7 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() }; /** - * Returns whether the given permission is granted for the user having the + * Returns whether the given permission is granted for the user having the * given ID. * * @param {PermissionSet|Object} permSet @@ -315,7 +324,7 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() * @param {String} type * The permission to search for, as defined by * PermissionSet.ObjectPermissionType. - * + * * @param {String} identifier * The identifier of the user to which the permission applies. * @@ -326,6 +335,27 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() return hasPermission(permSet.userPermissions, type, identifier); }; + /** + * Returns whether the given permission is granted for the user group having + * the given identifier. + * + * @param {PermissionSet|Object} permSet + * The permission set to check. + * + * @param {String} type + * The permission to search for, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the user group to which the permission applies. + * + * @returns {Boolean} + * true if the permission is present (granted), false otherwise. + */ + PermissionSet.hasUserGroupPermission = function hasUserGroupPermission(permSet, type, identifier) { + return hasPermission(permSet.userGroupPermissions, type, identifier); + }; + /** * Returns whether the given permission is granted at the system level. * @@ -733,6 +763,54 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet() return removeObjectPermission(permSet.userPermissions, type, identifier); }; + /** + * Adds the given user group permission applying to the user group with the + * given identifier to the given permission set, if not already present. If + * the permission is already present, this function has no effect. + * + * @param {PermissionSet} permSet + * The permission set to modify. + * + * @param {String} type + * The permission to add, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the user group to which the permission applies. + * + * @returns {Boolean} + * true if the permission was added, false if the permission was + * already present in the given permission set. + */ + PermissionSet.addUserGroupPermission = function addUserGroupPermission(permSet, type, identifier) { + permSet.userGroupPermissions = permSet.userGroupPermissions || {}; + return addObjectPermission(permSet.userGroupPermissions, type, identifier); + }; + + /** + * Removes the given user group permission applying to the user group with + * the given identifier from the given permission set, if present. If the + * permission is not present, this function has no effect. + * + * @param {PermissionSet} permSet + * The permission set to modify. + * + * @param {String} type + * The permission to remove, as defined by + * PermissionSet.ObjectPermissionType. + * + * @param {String} identifier + * The identifier of the user group to whom the permission applies. + * + * @returns {Boolean} + * true if the permission was removed, false if the permission was not + * present in the given permission set. + */ + PermissionSet.removeUserGroupPermission = function removeUserGroupPermission(permSet, type, identifier) { + permSet.userGroupPermissions = permSet.userGroupPermissions || {}; + return removeObjectPermission(permSet.userGroupPermissions, type, identifier); + }; + return PermissionSet; }]); \ No newline at end of file From 615f5c6bab28f78884cf42fb29c76ad44822a33d Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 19 Apr 2018 23:21:17 -0700 Subject: [PATCH 03/11] GUACAMOLE-220: Add missing getUserGroupAttributes() to JavaScript schemaService. --- .../webapp/app/rest/services/schemaService.js | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/guacamole/src/main/webapp/app/rest/services/schemaService.js b/guacamole/src/main/webapp/app/rest/services/schemaService.js index cc871d842..61c8639de 100644 --- a/guacamole/src/main/webapp/app/rest/services/schemaService.js +++ b/guacamole/src/main/webapp/app/rest/services/schemaService.js @@ -64,6 +64,40 @@ angular.module('rest').factory('schemaService', ['$injector', }; + /** + * Makes a request to the REST API to get the list of available attributes + * for user group objects, returning a promise that provides an array of + * @link{Form} objects if successful. Each element of the array describes + * a logical grouping of possible attributes. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user groups + * whose available attributes are to be retrieved. This identifier + * corresponds to an AuthenticationProvider within the Guacamole web + * application. + * + * @returns {Promise.} + * A promise which will resolve with an array of @link{Form} + * objects, where each @link{Form} describes a logical grouping of + * possible attributes. + */ + service.getUserGroupAttributes = function getUserGroupAttributes(dataSource) { + + // Build HTTP parameters set + var httpParameters = { + token : authenticationService.getCurrentToken() + }; + + // Retrieve available user group attributes + return requestService({ + cache : cacheService.schema, + method : 'GET', + url : 'api/session/data/' + encodeURIComponent(dataSource) + '/schema/userGroupAttributes', + params : httpParameters + }); + + }; + /** * Makes a request to the REST API to get the list of available attributes * for connection objects, returning a promise that provides an array of From 1cf16d1dc6f02e608eb860d627c423dc6be958da Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Sat, 21 Jul 2018 19:41:47 -0700 Subject: [PATCH 04/11] GUACAMOLE-220: Upgrade to latest versions of jQuery and Lodash. The version of Lodash previously included with Guacamole lacks the sortedIndexOf() function, which is needed by the identity set editor directive for manipulating sorted arrays of identifiers. If upgrading Lodash, may as well upgrade jQuery while we're at it. The version previously included within Guacamole is no longer maintained. --- guacamole/pom.xml | 4 +- guacamole/src/licenses/LICENSE | 60 +++++++++++++++---- .../LICENSE.txt} | 19 +++++- .../LICENSE.txt => lodash-4.17.10/LICENSE} | 31 +++++++++- guacamole/src/main/webapp/index.html | 4 +- 5 files changed, 99 insertions(+), 19 deletions(-) rename guacamole/src/licenses/bundled/{jquery-2.1.3/MIT-LICENSE.txt => jquery-3.3.1/LICENSE.txt} (63%) rename guacamole/src/licenses/bundled/{lodash-2.4.1/LICENSE.txt => lodash-4.17.10/LICENSE} (53%) diff --git a/guacamole/pom.xml b/guacamole/pom.xml index dc4f0824b..0899e78d0 100644 --- a/guacamole/pom.xml +++ b/guacamole/pom.xml @@ -308,7 +308,7 @@ org.webjars.bower lodash - 2.4.1 + 4.17.10 runtime @@ -316,7 +316,7 @@ org.webjars.bower jquery - 2.1.3 + 3.3.1 runtime diff --git a/guacamole/src/licenses/LICENSE b/guacamole/src/licenses/LICENSE index 447470769..51f5b2171 100644 --- a/guacamole/src/licenses/LICENSE +++ b/guacamole/src/licenses/LICENSE @@ -486,13 +486,21 @@ Jettison (https://github.com/jettison-json/jettison) jQuery (http://jquery.com/) --------------------------- - Version: 2.1.3 - From: 'jQuery Foundation' (http://jquery.com/) + Version: 3.3.1 + From: 'JS Foundation' (https://js.foundation/) License(s): - MIT (bundled/jquery-2.1.3/MIT-LICENSE.txt) + MIT (bundled/jquery-3.3.1/LICENSE.txt) -Copyright 2014 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ + +This software consists of voluntary contributions made by many +individuals. For exact contribution history, see the revision history +available at https://github.com/jquery/jquery + +The following license applies to all parts of this software except as +documented below: + +==== Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -513,6 +521,13 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +==== + +All files located in the node_modules and external directories are +externally maintained libraries used by this software which have their +own licenses; we recommend you read them, as their terms may differ from +the terms above. + JSR-250 Reference Implementation (https://jcp.org/aboutJava/communityprocess/final/jsr250/index.html) @@ -536,15 +551,25 @@ JSR-330 / Dependency Injection for Java (http://code.google.com/p/atinject/) Lodash (https://lodash.com/) ---------------------------- - Version: 2.4.1 - From: 'The Dojo Foundation' (http://dojofoundation.org/) + Version: 4.17.10 + From: 'JS Foundation' (https://js.foundation/) License(s): - MIT (bundled/lodash-2.4.1/LICENSE.txt) + MIT (bundled/lodash-4.17.10/LICENSE) -Copyright 2012-2013 The Dojo Foundation -Based on Underscore.js 1.5.2, copyright 2009-2013 Jeremy Ashkenas, +Copyright JS Foundation and other contributors + +Based on Underscore.js, copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors +This software consists of voluntary contributions made by many +individuals. For exact contribution history, see the revision history +available at https://github.com/lodash/lodash + +The following license applies to all parts of this software except as +documented below: + +==== + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including @@ -564,6 +589,21 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +==== + +Copyright and related rights for sample code are waived via CC0. Sample +code is defined as all source code displayed within the prose of the +documentation. + +CC0: http://creativecommons.org/publicdomain/zero/1.0/ + +==== + +Files located in the node_modules and vendor directories are externally +maintained libraries used by this software which have their own +licenses; we recommend you read them, as their terms may differ from the +terms above. + Logback (http://logback.qos.ch/) -------------------------------- diff --git a/guacamole/src/licenses/bundled/jquery-2.1.3/MIT-LICENSE.txt b/guacamole/src/licenses/bundled/jquery-3.3.1/LICENSE.txt similarity index 63% rename from guacamole/src/licenses/bundled/jquery-2.1.3/MIT-LICENSE.txt rename to guacamole/src/licenses/bundled/jquery-3.3.1/LICENSE.txt index cdd31b5c7..e4e5e00ef 100644 --- a/guacamole/src/licenses/bundled/jquery-2.1.3/MIT-LICENSE.txt +++ b/guacamole/src/licenses/bundled/jquery-3.3.1/LICENSE.txt @@ -1,5 +1,13 @@ -Copyright 2014 jQuery Foundation and other contributors -http://jquery.com/ +Copyright JS Foundation and other contributors, https://js.foundation/ + +This software consists of voluntary contributions made by many +individuals. For exact contribution history, see the revision history +available at https://github.com/jquery/jquery + +The following license applies to all parts of this software except as +documented below: + +==== Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the @@ -19,3 +27,10 @@ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==== + +All files located in the node_modules and external directories are +externally maintained libraries used by this software which have their +own licenses; we recommend you read them, as their terms may differ from +the terms above. diff --git a/guacamole/src/licenses/bundled/lodash-2.4.1/LICENSE.txt b/guacamole/src/licenses/bundled/lodash-4.17.10/LICENSE similarity index 53% rename from guacamole/src/licenses/bundled/lodash-2.4.1/LICENSE.txt rename to guacamole/src/licenses/bundled/lodash-4.17.10/LICENSE index 49869bbab..c6f2f6145 100644 --- a/guacamole/src/licenses/bundled/lodash-2.4.1/LICENSE.txt +++ b/guacamole/src/licenses/bundled/lodash-4.17.10/LICENSE @@ -1,7 +1,17 @@ -Copyright 2012-2013 The Dojo Foundation -Based on Underscore.js 1.5.2, copyright 2009-2013 Jeremy Ashkenas, +Copyright JS Foundation and other contributors + +Based on Underscore.js, copyright Jeremy Ashkenas, DocumentCloud and Investigative Reporters & Editors +This software consists of voluntary contributions made by many +individuals. For exact contribution history, see the revision history +available at https://github.com/lodash/lodash + +The following license applies to all parts of this software except as +documented below: + +==== + Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including @@ -19,4 +29,19 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION -WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. \ No newline at end of file +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +==== + +Copyright and related rights for sample code are waived via CC0. Sample +code is defined as all source code displayed within the prose of the +documentation. + +CC0: http://creativecommons.org/publicdomain/zero/1.0/ + +==== + +Files located in the node_modules and vendor directories are externally +maintained libraries used by this software which have their own +licenses; we recommend you read them, as their terms may differ from the +terms above. diff --git a/guacamole/src/main/webapp/index.html b/guacamole/src/main/webapp/index.html index 5a53d8a23..a4a93daf4 100644 --- a/guacamole/src/main/webapp/index.html +++ b/guacamole/src/main/webapp/index.html @@ -57,8 +57,8 @@ - - + + From 229b0dee4882352e7583c4f5872bee92158da712 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 25 Jul 2018 02:34:27 -0700 Subject: [PATCH 05/11] GUACAMOLE-220: Implement generic editor directive for manipulating sets of identifiers. --- .../manage/directives/identifierSetEditor.js | 267 ++++++++++++++++++ .../app/manage/styles/related-objects.css | 82 ++++++ .../manage/templates/identifierSetEditor.html | 46 +++ .../src/main/webapp/images/arrows/right.png | Bin 0 -> 264 bytes guacamole/src/main/webapp/images/x-red.png | Bin 0 -> 583 bytes 5 files changed, 395 insertions(+) create mode 100644 guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js create mode 100644 guacamole/src/main/webapp/app/manage/styles/related-objects.css create mode 100644 guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html create mode 100644 guacamole/src/main/webapp/images/arrows/right.png create mode 100644 guacamole/src/main/webapp/images/x-red.png diff --git a/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js new file mode 100644 index 000000000..82f110915 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js @@ -0,0 +1,267 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * A directive for manipulating a set of objects sharing some common relation + * and represented by an array of their identifiers. The specific objects + * added or removed are tracked within a separate pair of arrays of + * identifiers. + */ +angular.module('manage').directive('identifierSetEditor', ['$injector', + function identifierSetEditor($injector) { + + var directive = { + + // Element only + restrict: 'E', + replace: true, + + scope: { + + /** + * The translation key of the text which should be displayed within + * the main header of the identifier set editor. + * + * @type String + */ + header : '@', + + /** + * The translation key of the text which should be displayed if no + * identifiers are currently present within the set. + * + * @type String + */ + emptyPlaceholder : '@', + + /** + * The translation key of the text which should be displayed if no + * identifiers are available to be added within the set. + * + * @type String + */ + unavailablePlaceholder : '@', + + /** + * All identifiers which are available to be added to or removed + * from the identifier set being edited. + * + * @type String[] + */ + identifiersAvailable : '=', + + /** + * The current state of the identifier set being manipulated. This + * array will be modified as changes are made through this + * identifier set editor. + * + * @type String[] + */ + identifiers : '=', + + /** + * The set of identifiers that have been added, relative to the + * initial state of the identifier set being manipulated. + * + * @type String[] + */ + identifiersAdded : '=', + + /** + * The set of identifiers that have been removed, relative to the + * initial state of the identifier set being manipulated. + * + * @type String[] + */ + identifiersRemoved : '=' + + }, + + templateUrl: 'app/manage/templates/identifierSetEditor.html' + + }; + + directive.controller = ['$scope', function identifierSetEditorController($scope) { + + /** + * Whether the full list of available identifiers should be displayed. + * Initially, only an abbreviated list of identifiers currently present + * is shown. + * + * @type Boolean + */ + $scope.expanded = false; + + /** + * Map of identifiers to boolean flags indicating whether that + * identifier is currently present (true) or absent (false). If an + * identifier is absent, it may also be absent from this map. + * + * @type Object. + */ + $scope.identifierFlags = {}; + + /** + * Adds the given identifier to the given sorted array of identifiers, + * preserving the sorted order of the array. If the identifier is + * already present, no change is made to the array. The given array + * must already be sorted in ascending order. + * + * @param {String[]} arr + * The sorted array of identifiers to add the given identifier to. + * + * @param {String} identifier + * The identifier to add to the given array. + */ + var addIdentifier = function addIdentifier(arr, identifier) { + + // Determine location that the identifier should be added to + // maintain sorted order + var index = _.sortedIndex(arr, identifier); + + // Do not add if already present + if (arr[index] === identifier) + return; + + // Insert identifier at determined location + arr.splice(index, 0, identifier); + + }; + + /** + * Removes the given identifier from the given sorted array of + * identifiers, preserving the sorted order of the array. If the + * identifier is already absent, no change is made to the array. The + * given array must already be sorted in ascending order. + * + * @param {String[]} arr + * The sorted array of identifiers to remove the given identifier + * from. + * + * @param {String} identifier + * The identifier to remove from the given array. + * + * @returns {Boolean} + * true if the identifier was present in the given array and has + * been removed, false otherwise. + */ + var removeIdentifier = function removeIdentifier(arr, identifier) { + + // Search for identifier in sorted array + var index = _.sortedIndexOf(arr, identifier); + + // Nothing to do if already absent + if (index === -1) + return false; + + // Remove identifier + arr.splice(index, 1); + return true; + + }; + + // Keep identifierFlags up to date when identifiers array is replaced + // or initially assigned + $scope.$watch('identifiers', function identifiersChanged(identifiers) { + + // Maintain identifiers in sorted order so additions and removals + // can be made more efficiently + if (identifiers) + identifiers.sort(); + + // Convert array of identifiers into set of boolean + // presence/absence flags + $scope.identifierFlags = {}; + angular.forEach(identifiers, function storeIdentifierFlag(identifier) { + $scope.identifierFlags[identifier] = true; + }); + + }); + + /** + * Notifies the controller that a change has been made to the flag + * denoting presence/absence of a particular identifier within the + * identifierFlags map. The identifiers, + * identifiersAdded, and identifiersRemoved + * arrays are updated accordingly. + * + * @param {String} identifier + * The identifier which has been added or removed through modifying + * its boolean flag within identifierFlags. + */ + $scope.identifierChanged = function identifierChanged(identifier) { + + // Determine status of modified identifier + var present = !!$scope.identifierFlags[identifier]; + + // Add/remove identifier from added/removed sets depending on + // change in flag state + if (present) { + + addIdentifier($scope.identifiers, identifier); + + if (!removeIdentifier($scope.identifiersRemoved, identifier)) + addIdentifier($scope.identifiersAdded, identifier); + + } + else { + + removeIdentifier($scope.identifiers, identifier); + + if (!removeIdentifier($scope.identifiersAdded, identifier)) + addIdentifier($scope.identifiersRemoved, identifier); + + } + + }; + + /** + * Removes the given identifier, updating identifierFlags, + * identifiers, identifiersAdded, and + * identifiersRemoved accordingly. + * + * @param {String} identifier + * The identifier to remove. + */ + $scope.removeIdentifier = function removeIdentifier(identifier) { + $scope.identifierFlags[identifier] = false; + $scope.identifierChanged(identifier); + }; + + /** + * Shows the full list of available identifiers. If the full list is + * already shown, this function has no effect. + */ + $scope.expand = function expand() { + $scope.expanded = true; + }; + + /** + * Hides the full list of available identifiers. If the full list is + * already hidden, this function has no effect. + */ + $scope.collapse = function collapse() { + $scope.expanded = false; + }; + + }]; + + return directive; + +}]); diff --git a/guacamole/src/main/webapp/app/manage/styles/related-objects.css b/guacamole/src/main/webapp/app/manage/styles/related-objects.css new file mode 100644 index 000000000..ddc85b1de --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/styles/related-objects.css @@ -0,0 +1,82 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.related-objects .abbreviated-related-objects { + display: table; + margin: 1em 0; +} + +.related-objects .abbreviated-related-objects ul { + display: table-cell; + vertical-align: top; +} + +.related-objects .abbreviated-related-objects ul, +.related-objects .all-related-objects ul { + padding: 0; + list-style: none; +} + +.related-objects .abbreviated-related-objects ul li { + + display: inline-block; + margin: 0.25em; + padding: 0.25em; + + border: 1px solid silver; + background: #F5F5F5; + -moz-border-radius: 0.25em; + -webkit-border-radius: 0.25em; + -khtml-border-radius: 0.25em; + border-radius: 0.25em; + +} + +.related-objects .abbreviated-related-objects ul li img.remove { + max-height: 0.75em; + max-width: 0.75em; + margin: 0 0.25em; +} + +.related-objects .abbreviated-related-objects ul li .identifier { + margin: 0 0.25em; +} + +.related-objects .abbreviated-related-objects img.expand, +.related-objects .abbreviated-related-objects img.collapse { + display: table-cell; + max-height: 1.5em; + max-width: 1.5em; + margin: 0.375em 0; +} + +.related-objects .all-related-objects { + border-top: 1px solid silver; +} + +.related-objects .abbreviated-related-objects p.no-related-objects, +.related-objects .all-related-objects p.no-objects-available { + font-style: italic; + opacity: 0.5; +} + +.related-objects .abbreviated-related-objects p.no-related-objects { + display: table-cell; + vertical-align: middle; +} diff --git a/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html new file mode 100644 index 000000000..838decf03 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html @@ -0,0 +1,46 @@ +
+
+

{{ header | translate }}

+
+ +
+
+ +
+ + +
+ Expand + Collapse +

{{ emptyPlaceholder | translate }}

+
    +
  • + +
    • +
+
+ + +
+

{{ unavailablePlaceholder | translate }}

+
    +
  • + +
    • +
+ + + +
+ +
+
\ No newline at end of file diff --git a/guacamole/src/main/webapp/images/arrows/right.png b/guacamole/src/main/webapp/images/arrows/right.png new file mode 100644 index 0000000000000000000000000000000000000000..1b3483edfa3b383bd6184096b2e4a4bdf1da743a GIT binary patch literal 264 zcmeAS@N?(olHy`uVBq!ia0vp^4j|0I1|(Ny7TyC=Y)RhkE)4%caKYZ?lYt_f1s;*b zKpodXn9)gNb_Gz7y~NYkmHiRBB!?pFul|%DK%uFgE{-7;x8B}xgTe~DWM4fT$5+D literal 0 HcmV?d00001 diff --git a/guacamole/src/main/webapp/images/x-red.png b/guacamole/src/main/webapp/images/x-red.png new file mode 100644 index 0000000000000000000000000000000000000000..e5497f34aeed6295428b4220c9b55747b222a610 GIT binary patch literal 583 zcmV-N0=WH&P)f0Mv|$=mo&Xj``bCz(lkMaKB@IRs--u^hUq~fL{Q2RuE?K zp8&2Ic)wwO><(Zd{y0n^EX5zctAS7iAR*oaLP~rsglqsC;#DDRiLZf>1t3Gb3WOZ- zr4UX6C=lNjLW%ei2%7*Z#CL&EBR&_xDu4#@q7Yid=RimTn1h@rfgi64f`s_RcufUM zYXBrCu7aSohSe=#2|;u2%|p-vg7%yzuR+ZPSpd%pgftdrwdJxy;hqb$Ja3AUp&kpJ zKbze+#p$pl1O^TOK){vNbz5bK2>%mcCBD@XI~NE|(Pon=dIk`h^NnU#*bst9vL#}R z8$b|Cx5erLiV#G-2GPQZ0t9ilNxU-D5keQMtxIWaBHA Date: Tue, 7 Aug 2018 12:25:55 -0700 Subject: [PATCH 06/11] GUACAMOLE-220: Hide identifier set editor if there are no identifiers to edit. --- .../app/manage/directives/identifierSetEditor.js | 14 ++++++++++++++ .../app/manage/templates/identifierSetEditor.html | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js index 82f110915..4240901b9 100644 --- a/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js +++ b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js @@ -260,6 +260,20 @@ angular.module('manage').directive('identifierSetEditor', ['$injector', $scope.expanded = false; }; + /** + * Returns whether there are absolutely no identifiers that can be + * managed using this editor. If true, the editor is effectively + * useless, as there is nothing whatsoever to display. + * + * @returns {Boolean} + * true if there are no identifiers that can be managed using this + * editor, false otherwise. + */ + $scope.isEmpty = function isEmpty() { + return _.isEmpty($scope.identifiers) + && _.isEmpty($scope.identifiersAvailable); + }; + }]; return directive; diff --git a/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html index 838decf03..7f660883d 100644 --- a/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html +++ b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html @@ -1,4 +1,4 @@ -
+

{{ header | translate }}

From ca1db7831bfc7b365f4bb84e2d0f9b082354162f Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 7 Aug 2018 13:05:09 -0700 Subject: [PATCH 07/11] GUACAMOLE-220: Do not display "X" for removing an identifier if the identifier cannot actually be edited. --- .../manage/directives/identifierSetEditor.js | 19 +++++++++++++++++++ .../manage/templates/identifierSetEditor.html | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js index 4240901b9..d2936e7b9 100644 --- a/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js +++ b/guacamole/src/main/webapp/app/manage/directives/identifierSetEditor.js @@ -117,6 +117,15 @@ angular.module('manage').directive('identifierSetEditor', ['$injector', */ $scope.identifierFlags = {}; + /** + * Map of identifiers to boolean flags indicating whether that + * identifier is editable. If an identifier is not editable, it will be + * absent from this map. + * + * @type Object. + */ + $scope.isEditable = {}; + /** * Adds the given identifier to the given sorted array of identifiers, * preserving the sorted order of the array. If the identifier is @@ -194,6 +203,16 @@ angular.module('manage').directive('identifierSetEditor', ['$injector', }); + // An identifier is editable iff it is available to be added or removed + // from the identifier set being edited (iff it is within the + // identifiersAvailable array) + $scope.$watch('identifiersAvailable', function availableIdentifiersChanged(identifiers) { + $scope.isEditable = {}; + angular.forEach(identifiers, function storeEditableIdentifier(identifier) { + $scope.isEditable[identifier] = true; + }); + }); + /** * Notifies the controller that a change has been made to the flag * denoting presence/absence of a particular identifier within the diff --git a/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html index 7f660883d..72c235c66 100644 --- a/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html +++ b/guacamole/src/main/webapp/app/manage/templates/identifierSetEditor.html @@ -18,7 +18,8 @@
From de8095740435de7fcfddf263304aa8be2eb553dd Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Tue, 7 Aug 2018 12:15:46 -0700 Subject: [PATCH 08/11] GUACAMOLE-220: Add management interface for user parent groups. --- .../controllers/manageUserController.js | 69 +++++++++++++++++-- .../app/manage/templates/manageUser.html | 11 +++ .../src/main/webapp/translations/en.json | 6 +- 3 files changed, 80 insertions(+), 6 deletions(-) diff --git a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js index e4a91db73..7d8397f4c 100644 --- a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js +++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js @@ -36,9 +36,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto var $q = $injector.get('$q'); var authenticationService = $injector.get('authenticationService'); var dataSourceService = $injector.get('dataSourceService'); + var membershipService = $injector.get('membershipService'); var permissionService = $injector.get('permissionService'); var requestService = $injector.get('requestService'); var schemaService = $injector.get('schemaService'); + var userGroupService = $injector.get('userGroupService'); var userService = $injector.get('userService'); /** @@ -133,6 +135,46 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto */ $scope.permissionsRemoved = new PermissionSet(); + /** + * The identifiers of all user groups which can be manipulated (all groups + * for which the user accessing this interface has UPDATE permission), + * either through adding the current user as a member or removing the + * current user from that group. If this information has not yet been + * retrieved, this will be null. + * + * @type String[] + */ + $scope.availableGroups = null; + + /** + * The identifiers of all user groups of which the user is a member, + * taking into account any user groups which will be added/removed when + * saved. If this information has not yet been retrieved, this will be + * null. + * + * @type String[] + */ + $scope.parentGroups = null; + + /** + * The set of identifiers of all parent user groups to which the user will + * be added when saved. Parent groups will only be present in this set if + * they are manually added, and not later manually removed before saving. + * + * @type String[] + */ + $scope.parentGroupsAdded = []; + + /** + * The set of identifiers of all parent user groups from which the user + * will be removed when saved. Parent groups will only be present in this + * set if they are manually removed, and not later manually added before + * saving. + * + * @type String[] + */ + $scope.parentGroupsRemoved = []; + /** * For each applicable data source, the management-related actions that the * current user may perform on the user account currently being created @@ -166,6 +208,8 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto return $scope.users !== null && $scope.permissionFlags !== null && $scope.managementPermissions !== null + && $scope.availableGroups !== null + && $scope.parentGroups !== null && $scope.attributes !== null; }; @@ -204,12 +248,14 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto var loadExistingUser = function loadExistingUser(dataSource, username) { return $q.all({ users : dataSourceService.apply(userService.getUser, dataSources, username), - permissions : permissionService.getPermissions(dataSource, username) + permissions : permissionService.getPermissions(dataSource, username), + parentGroups : membershipService.getUserGroups(dataSource, username) }) .then(function userDataRetrieved(values) { $scope.users = values.users; $scope.user = values.users[dataSource]; + $scope.parentGroups = values.parentGroups; // Create skeleton user if user does not exist if (!$scope.user) @@ -243,12 +289,15 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto var loadClonedUser = function loadClonedUser(dataSource, username) { return $q.all({ users : dataSourceService.apply(userService.getUser, [dataSource], username), - permissions : permissionService.getPermissions(dataSource, username) + permissions : permissionService.getPermissions(dataSource, username), + parentGroups : membershipService.getUserGroups(dataSource, username) }) .then(function userDataRetrieved(values) { $scope.users = {}; $scope.user = values.users[dataSource]; + $scope.parentGroups = values.parentGroups; + $scope.parentGroupsAdded = values.parentGroups; // The current user will be associated with cloneSourceUsername in the // retrieved permission set @@ -274,6 +323,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto // Use skeleton user object with no associated permissions $scope.user = new User(); + $scope.parentGroups = []; $scope.permissionFlags = new PermissionFlagSet(); // As no permissions are yet associated with the user, it is safe to @@ -314,6 +364,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto $q.all({ userData : loadRequestedUser(), permissions : dataSourceService.apply(permissionService.getEffectivePermissions, dataSources, currentUsername), + userGroups : userGroupService.getUserGroups($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]), attributes : schemaService.getUserAttributes($scope.dataSource) }) .then(function dataReceived(values) { @@ -326,6 +377,12 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto // Determine whether data source contains this user var exists = (dataSource in $scope.users); + // Add the identifiers of all modifiable user groups + $scope.availableGroups = []; + angular.forEach(values.userGroups, function addUserGroupIdentifier(userGroup) { + $scope.availableGroups.push(userGroup.identifier); + }); + // Calculate management actions available for this specific account $scope.managementPermissions[dataSource] = ManagementPermissions.fromPermissionSet( values.permissions[dataSource], @@ -415,9 +472,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto } - // Upon success, save any changed permissions - return permissionService.patchPermissions($scope.dataSource, $scope.user.username, - $scope.permissionsAdded, $scope.permissionsRemoved); + // Upon success, save any changed permissions/groups + return $q.all([ + permissionService.patchPermissions($scope.dataSource, $scope.user.username, $scope.permissionsAdded, $scope.permissionsRemoved), + membershipService.patchUserGroups($scope.dataSource, $scope.user.username, $scope.parentGroupsAdded, $scope.parentGroupsRemoved) + ]); }); diff --git a/guacamole/src/main/webapp/app/manage/templates/manageUser.html b/guacamole/src/main/webapp/app/manage/templates/manageUser.html index bb5cfb388..571f5c874 100644 --- a/guacamole/src/main/webapp/app/manage/templates/manageUser.html +++ b/guacamole/src/main/webapp/app/manage/templates/manageUser.html @@ -56,6 +56,17 @@ permissions-removed="permissionsRemoved"> + + + + Date: Thu, 19 Apr 2018 23:51:25 -0700 Subject: [PATCH 09/11] GUACAMOLE-220: Add management tab and editor for user groups. --- .../app/index/config/indexRouteConfig.js | 9 + .../main/webapp/app/index/styles/lists.css | 4 + .../src/main/webapp/app/index/styles/ui.css | 8 + .../controllers/manageUserGroupController.js | 538 ++++++++++++++++++ .../directives/systemPermissionEditor.js | 4 + .../app/manage/styles/manage-user-group.css | 71 +++ .../app/manage/templates/manageUserGroup.html | 101 ++++ .../app/manage/types/ManageableUserGroup.js | 53 ++ .../navigation/services/userPageService.js | 27 + .../controllers/settingsController.js | 4 +- .../directives/guacSettingsUserGroups.js | 270 +++++++++ .../webapp/app/settings/styles/buttons.css | 6 + .../app/settings/styles/user-group-list.css | 36 ++ .../app/settings/templates/settings.html | 1 + .../templates/settingsUserGroups.html | 48 ++ .../action-icons/guac-user-group-add.png | Bin 0 -> 1222 bytes .../images/user-icons/guac-user-group.png | Bin 0 -> 1428 bytes .../src/main/webapp/translations/en.json | 67 ++- 18 files changed, 1244 insertions(+), 3 deletions(-) create mode 100644 guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js create mode 100644 guacamole/src/main/webapp/app/manage/styles/manage-user-group.css create mode 100644 guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html create mode 100644 guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js create mode 100644 guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js create mode 100644 guacamole/src/main/webapp/app/settings/styles/user-group-list.css create mode 100644 guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html create mode 100644 guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png create mode 100644 guacamole/src/main/webapp/images/user-icons/guac-user-group.png diff --git a/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js b/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js index 47bc48e55..5a8c3fb8a 100644 --- a/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js +++ b/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js @@ -171,6 +171,15 @@ angular.module('index').config(['$routeProvider', '$locationProvider', resolve : { updateCurrentToken: updateCurrentToken } }) + // User group editor + .when('/manage/:dataSource/userGroups/:id?', { + title : 'APP.NAME', + bodyClassName : 'manage', + templateUrl : 'app/manage/templates/manageUserGroup.html', + controller : 'manageUserGroupController', + resolve : { updateCurrentToken: updateCurrentToken } + }) + // Client view .when('/client/:id/:params?', { bodyClassName : 'client', diff --git a/guacamole/src/main/webapp/app/index/styles/lists.css b/guacamole/src/main/webapp/app/index/styles/lists.css index 0c761aef3..80df4917c 100644 --- a/guacamole/src/main/webapp/app/index/styles/lists.css +++ b/guacamole/src/main/webapp/app/index/styles/lists.css @@ -18,12 +18,14 @@ */ .user, +.user-group, .connection-group, .connection { cursor: pointer; } .user a, +.user-group a, .connection a, .connection-group a { text-decoration:none; @@ -31,6 +33,7 @@ } .user a:hover, +.user-group a:hover, .connection a:hover, .connection-group a:hover { text-decoration:none; @@ -38,6 +41,7 @@ } .user a:visited, +.user-group a:visited, .connection a:visited, .connection-group a:visited { text-decoration:none; diff --git a/guacamole/src/main/webapp/app/index/styles/ui.css b/guacamole/src/main/webapp/app/index/styles/ui.css index 434f443f6..58406ebc6 100644 --- a/guacamole/src/main/webapp/app/index/styles/ui.css +++ b/guacamole/src/main/webapp/app/index/styles/ui.css @@ -156,6 +156,14 @@ div.section { background-image: url('images/action-icons/guac-user-add.png'); } +.icon.user-group { + background-image: url('images/user-icons/guac-user-group.png'); +} + +.icon.user-group.add { + background-image: url('images/action-icons/guac-user-group-add.png'); +} + .icon.connection { background-image: url('images/protocol-icons/guac-plug.png'); } diff --git a/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js b/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js new file mode 100644 index 000000000..229b3b858 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js @@ -0,0 +1,538 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * The controller for editing user groups. + */ +angular.module('manage').controller('manageUserGroupController', ['$scope', '$injector', + function manageUserGroupController($scope, $injector) { + + // Required types + var ManagementPermissions = $injector.get('ManagementPermissions'); + var PermissionFlagSet = $injector.get('PermissionFlagSet'); + var PermissionSet = $injector.get('PermissionSet'); + var UserGroup = $injector.get('UserGroup'); + + // Required services + var $location = $injector.get('$location'); + var $routeParams = $injector.get('$routeParams'); + var $q = $injector.get('$q'); + var authenticationService = $injector.get('authenticationService'); + var dataSourceService = $injector.get('dataSourceService'); + var membershipService = $injector.get('membershipService'); + var permissionService = $injector.get('permissionService'); + var requestService = $injector.get('requestService'); + var schemaService = $injector.get('schemaService'); + var userGroupService = $injector.get('userGroupService'); + var userService = $injector.get('userService'); + + /** + * The identifiers of all data sources currently available to the + * authenticated user. + * + * @type String[] + */ + var dataSources = authenticationService.getAvailableDataSources(); + + /** + * The username of the current, authenticated user. + * + * @type String + */ + var currentUsername = authenticationService.getCurrentUsername(); + + /** + * The identifier of the original user group from which this user group is + * being cloned. Only valid if this is a new user group. + * + * @type String + */ + var cloneSourceIdentifier = $location.search().clone; + + /** + * The identifier of the user group being edited. If a new user group is + * being created, this will not be defined. + * + * @type String + */ + var identifier = $routeParams.id; + + /** + * The unique identifier of the data source containing the user group being + * edited. + * + * @type String + */ + $scope.dataSource = $routeParams.dataSource; + + /** + * All user groups associated with the same identifier as the group being + * created or edited, as a map of data source identifier to the UserGroup + * object within that data source. + * + * @type Object. + */ + $scope.userGroups = null; + + /** + * The user group being modified. + * + * @type UserGroup + */ + $scope.userGroup = null; + + /** + * All permissions associated with the user group being modified. + * + * @type PermissionFlagSet + */ + $scope.permissionFlags = null; + + /** + * The set of permissions that will be added to the user group when the + * user group is saved. Permissions will only be present in this set if they + * are manually added, and not later manually removed before saving. + * + * @type PermissionSet + */ + $scope.permissionsAdded = new PermissionSet(); + + /** + * The set of permissions that will be removed from the user group when the + * user group is saved. Permissions will only be present in this set if they + * are manually removed, and not later manually added before saving. + * + * @type PermissionSet + */ + $scope.permissionsRemoved = new PermissionSet(); + + /** + * The identifiers of all user groups which can be manipulated (all groups + * for which the user accessing this interface has UPDATE permission), + * whether that means changing the members of those groups or changing the + * groups of which those groups are members. If this information has not + * yet been retrieved, this will be null. + * + * @type String[] + */ + $scope.availableGroups = null; + + /** + * The identifiers of all users which can be manipulated (all users for + * which the user accessing this interface has UPDATE permission), either + * through adding those users as a member of the current group or removing + * those users from the current group. If this information has not yet been + * retrieved, this will be null. + * + * @type String[] + */ + $scope.availableUsers = null; + + /** + * The identifiers of all user groups of which this group is a member, + * taking into account any user groups which will be added/removed when + * saved. If this information has not yet been retrieved, this will be + * null. + * + * @type String[] + */ + $scope.parentGroups = null; + + /** + * The set of identifiers of all parent user groups to which this group + * will be added when saved. Parent groups will only be present in this set + * if they are manually added, and not later manually removed before + * saving. + * + * @type String[] + */ + $scope.parentGroupsAdded = []; + + /** + * The set of identifiers of all parent user groups from which this group + * will be removed when saved. Parent groups will only be present in this + * set if they are manually removed, and not later manually added before + * saving. + * + * @type String[] + */ + $scope.parentGroupsRemoved = []; + + /** + * The identifiers of all user groups which are members of this group, + * taking into account any user groups which will be added/removed when + * saved. If this information has not yet been retrieved, this will be + * null. + * + * @type String[] + */ + $scope.memberGroups = null; + + /** + * The set of identifiers of all member user groups which will be added to + * this group when saved. Member groups will only be present in this set if + * they are manually added, and not later manually removed before saving. + * + * @type String[] + */ + $scope.memberGroupsAdded = []; + + /** + * The set of identifiers of all member user groups which will be removed + * from this group when saved. Member groups will only be present in this + * set if they are manually removed, and not later manually added before + * saving. + * + * @type String[] + */ + $scope.memberGroupsRemoved = []; + + /** + * The identifiers of all users which are members of this group, taking + * into account any users which will be added/removed when saved. If this + * information has not yet been retrieved, this will be null. + * + * @type String[] + */ + $scope.memberUsers = null; + + /** + * The set of identifiers of all member users which will be added to this + * group when saved. Member users will only be present in this set if they + * are manually added, and not later manually removed before saving. + * + * @type String[] + */ + $scope.memberUsersAdded = []; + + /** + * The set of identifiers of all member users which will be removed from + * this group when saved. Member users will only be present in this set if + * they are manually removed, and not later manually added before saving. + * + * @type String[] + */ + $scope.memberUsersRemoved = []; + + /** + * For each applicable data source, the management-related actions that the + * current user may perform on the user group currently being created + * or modified, as a map of data source identifier to the + * {@link ManagementPermissions} object describing the actions available + * within that data source, or null if the current user's permissions have + * not yet been loaded. + * + * @type Object. + */ + $scope.managementPermissions = null; + + /** + * All available user group attributes. This is only the set of attribute + * definitions, organized as logical groupings of attributes, not attribute + * values. + * + * @type Form[] + */ + $scope.attributes = null; + + /** + * Returns whether critical data has completed being loaded. + * + * @returns {Boolean} + * true if enough data has been loaded for the user group interface to + * be useful, false otherwise. + */ + $scope.isLoaded = function isLoaded() { + + return $scope.userGroups !== null + && $scope.permissionFlags !== null + && $scope.managementPermissions !== null + && $scope.availableGroups !== null + && $scope.availableUsers !== null + && $scope.parentGroups !== null + && $scope.memberGroups !== null + && $scope.memberUsers !== null + && $scope.attributes !== null; + + }; + + /** + * Returns whether the current user can edit the identifier of the user + * group being edited. + * + * @returns {Boolean} + * true if the current user can edit the identifier of the user group + * being edited, false otherwise. + */ + $scope.canEditIdentifier = function canEditIdentifier() { + return !identifier; + }; + + /** + * Loads the data associated with the user group having the given + * identifier, preparing the interface for making modifications to that + * existing user group. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * to load. + * + * @param {String} identifier + * The unique identifier of the user group to load. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * editing the given user group. + */ + var loadExistingUserGroup = function loadExistingGroup(dataSource, identifier) { + return $q.all({ + userGroups : dataSourceService.apply(userGroupService.getUserGroup, dataSources, identifier), + permissions : permissionService.getPermissions(dataSource, identifier, true), + parentGroups : membershipService.getUserGroups(dataSource, identifier, true), + memberGroups : membershipService.getMemberUserGroups(dataSource, identifier), + memberUsers : membershipService.getMemberUsers(dataSource, identifier) + }) + .then(function userGroupDataRetrieved(values) { + + $scope.userGroups = values.userGroups; + $scope.userGroup = values.userGroups[dataSource]; + $scope.parentGroups = values.parentGroups; + $scope.memberGroups = values.memberGroups; + $scope.memberUsers = values.memberUsers; + + // Create skeleton user group if user group does not exist + if (!$scope.userGroup) + $scope.userGroup = new UserGroup({ + 'identifier' : identifier + }); + + $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions); + + }); + }; + + /** + * Loads the data associated with the user group having the given + * identifier, preparing the interface for cloning that existing user + * group. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group to + * be cloned. + * + * @param {String} identifier + * The unique identifier of the user group being cloned. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * cloning the given user group. + */ + var loadClonedUserGroup = function loadClonedUserGroup(dataSource, identifier) { + return $q.all({ + userGroups : dataSourceService.apply(userGroupService.getUserGroup, [dataSource], identifier), + permissions : permissionService.getPermissions(dataSource, identifier, true), + parentGroups : membershipService.getUserGroups(dataSource, identifier, true), + memberGroups : membershipService.getMemberUserGroups(dataSource, identifier), + memberUsers : membershipService.getMemberUsers(dataSource, identifier) + }) + .then(function userGroupDataRetrieved(values) { + + $scope.userGroups = {}; + $scope.userGroup = values.userGroups[dataSource]; + $scope.parentGroups = values.parentGroups; + $scope.parentGroupsAdded = values.parentGroups; + $scope.memberGroups = values.memberGroups; + $scope.memberGroupsAdded = values.memberGroups; + $scope.memberUsers = values.memberUsers; + $scope.memberUsersAdded = values.memberUsers; + + $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions); + $scope.permissionsAdded = values.permissions; + + }); + }; + + /** + * Loads skeleton user group data, preparing the interface for creating a + * new user group. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * creating a new user group. + */ + var loadSkeletonUserGroup = function loadSkeletonUserGroup() { + + // No user groups exist regardless of data source if the user group is + // being created + $scope.userGroups = {}; + + // Use skeleton user group object with no associated permissions + $scope.userGroup = new UserGroup(); + $scope.parentGroups = []; + $scope.memberGroups = []; + $scope.memberUsers = []; + $scope.permissionFlags = new PermissionFlagSet(); + + return $q.resolve(); + + }; + + /** + * Loads the data required for performing the management task requested + * through the route parameters given at load time, automatically preparing + * the interface for editing an existing user group, cloning an existing + * user group, or creating an entirely new user group. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared + * for performing the requested management task. + */ + var loadRequestedUserGroup = function loadRequestedUserGroup() { + + // Pull user group data and permissions if we are editing an existing + // user group + if (identifier) + return loadExistingUserGroup($scope.dataSource, identifier); + + // If we are cloning an existing user group, pull its data instead + if (cloneSourceIdentifier) + return loadClonedUserGroup($scope.dataSource, cloneSourceIdentifier); + + // If we are creating a new user group, populate skeleton user group data + return loadSkeletonUserGroup(); + + }; + + // Populate interface with requested data + $q.all({ + userGroupData : loadRequestedUserGroup(), + permissions : dataSourceService.apply(permissionService.getEffectivePermissions, dataSources, currentUsername), + userGroups : userGroupService.getUserGroups($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]), + users : userService.getUsers($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]), + attributes : schemaService.getUserGroupAttributes($scope.dataSource) + }) + .then(function dataReceived(values) { + + $scope.attributes = values.attributes; + + $scope.managementPermissions = {}; + angular.forEach(dataSources, function deriveManagementPermissions(dataSource) { + + // Determine whether data source contains this user group + var exists = (dataSource in $scope.userGroups); + + // Add the identifiers of all modifiable user groups + $scope.availableGroups = []; + angular.forEach(values.userGroups, function addUserGroupIdentifier(userGroup) { + $scope.availableGroups.push(userGroup.identifier); + }); + + // Add the identifiers of all modifiable users + $scope.availableUsers = []; + angular.forEach(values.users, function addUserIdentifier(user) { + $scope.availableUsers.push(user.username); + }); + + // Calculate management actions available for this specific group + $scope.managementPermissions[dataSource] = ManagementPermissions.fromPermissionSet( + values.permissions[dataSource], + PermissionSet.SystemPermissionType.CREATE_USER_GROUP, + PermissionSet.hasUserGroupPermission, + exists ? identifier : null); + + }); + + }, requestService.WARN); + + /** + * Returns the URL for the page which manages the user group currently + * being edited under the given data source. The given data source need not + * be the same as the data source currently selected. + * + * @param {String} dataSource + * The unique identifier of the data source that the URL is being + * generated for. + * + * @returns {String} + * The URL for the page which manages the user group currently being + * edited under the given data source. + */ + $scope.getUserGroupURL = function getUserGroupURL(dataSource) { + return '/manage/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier || ''); + }; + + /** + * Cancels all pending edits, returning to the main list of user groups. + */ + $scope.returnToUserGroupList = function returnToUserGroupList() { + $location.url('/settings/userGroups'); + }; + + /** + * Cancels all pending edits, opening an edit page for a new user group + * which is prepopulated with the data from the user currently being edited. + */ + $scope.cloneUserGroup = function cloneUserGroup() { + $location.path('/manage/' + encodeURIComponent($scope.dataSource) + '/userGroups').search('clone', identifier); + }; + + /** + * Saves the current user group, creating a new user group or updating the + * existing user group depending on context, returning a promise which is + * resolved if the save operation succeeds and rejected if the save + * operation fails. + * + * @returns {Promise} + * A promise which is resolved if the save operation succeeds and is + * rejected with an {@link Error} if the save operation fails. + */ + $scope.saveUserGroup = function saveUserGroup() { + + // Save or create the user group, depending on whether the user group exists + var saveUserGroupPromise; + if ($scope.dataSource in $scope.userGroups) + saveUserGroupPromise = userGroupService.saveUserGroup($scope.dataSource, $scope.userGroup); + else + saveUserGroupPromise = userGroupService.createUserGroup($scope.dataSource, $scope.userGroup); + + return saveUserGroupPromise.then(function savedUserGroup() { + return $q.all([ + permissionService.patchPermissions($scope.dataSource, $scope.userGroup.identifier, $scope.permissionsAdded, $scope.permissionsRemoved, true), + membershipService.patchUserGroups($scope.dataSource, $scope.userGroup.identifier, $scope.parentGroupsAdded, $scope.parentGroupsRemoved, true), + membershipService.patchMemberUserGroups($scope.dataSource, $scope.userGroup.identifier, $scope.memberGroupsAdded, $scope.memberGroupsRemoved), + membershipService.patchMemberUsers($scope.dataSource, $scope.userGroup.identifier, $scope.memberUsersAdded, $scope.memberUsersRemoved) + ]); + }); + + }; + + /** + * Deletes the current user group, returning a promise which is resolved if + * the delete operation succeeds and rejected if the delete operation + * fails. + * + * @returns {Promise} + * A promise which is resolved if the delete operation succeeds and is + * rejected with an {@link Error} if the delete operation fails. + */ + $scope.deleteUserGroup = function deleteUserGroup() { + return userGroupService.deleteUserGroup($scope.dataSource, $scope.userGroup); + }; + +}]); diff --git a/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js b/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js index ec4187256..67fd3f4e7 100644 --- a/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js +++ b/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js @@ -125,6 +125,10 @@ angular.module('manage').directive('systemPermissionEditor', ['$injector', label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_USERS", value: PermissionSet.SystemPermissionType.CREATE_USER }, + { + label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_USER_GROUPS", + value: PermissionSet.SystemPermissionType.CREATE_USER_GROUP + }, { label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_CONNECTIONS", value: PermissionSet.SystemPermissionType.CREATE_CONNECTION diff --git a/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css b/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css new file mode 100644 index 000000000..df9e80df9 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.manage-user-group .page-tabs .page-list li.read-only a[href], +.manage-user-group .page-tabs .page-list li.unlinked a[href], +.manage-user-group .page-tabs .page-list li.linked a[href] { + padding-right: 2.5em; + position: relative; +} + +.manage-user-group .page-tabs .page-list li.read-only a[href]:before, +.manage-user-group .page-tabs .page-list li.unlinked a[href]:before, +.manage-user-group .page-tabs .page-list li.linked a[href]:before { + content: ' '; + position: absolute; + right: 0; + bottom: 0; + top: 0; + width: 2.5em; + background-size: 1.25em; + background-repeat: no-repeat; + background-position: center; +} + +.manage-user-group .page-tabs .page-list li.read-only a[href]:before { + background-image: url('images/lock.png'); +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href]:before { + background-image: url('images/plus.png'); +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href] { + opacity: 0.5; +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href]:hover, +.manage-user-group .page-tabs .page-list li.unlinked a[href].current { + opacity: 1; +} + +.manage-user-group .page-tabs .page-list li.linked a[href]:before { + background-image: url('images/checkmark.png'); +} + +.manage-user-group .notice.read-only { + + background: #FDA; + border: 1px solid rgba(0, 0, 0, 0.125); + border-radius: 0.25em; + + text-align: center; + padding: 1em; + +} \ No newline at end of file diff --git a/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html b/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html new file mode 100644 index 000000000..c65991505 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html @@ -0,0 +1,101 @@ +
+ + +
+

{{'MANAGE_USER_GROUP.SECTION_HEADER_EDIT_USER_GROUP' | translate}}

+ +
+ + + + +
+

{{'MANAGE_USER_GROUP.INFO_READ_ONLY' | translate}}

+
+ + +
+ + +
+ + + + + +
{{'MANAGE_USER_GROUP.FIELD_HEADER_USER_GROUP_NAME' | translate}} + + {{userGroup.identifier}} +
+
+ + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff --git a/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js b/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js new file mode 100644 index 000000000..6853fa0fc --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * A service for defining the ManageableUserGroup class. + */ +angular.module('manage').factory('ManageableUserGroup', [function defineManageableUserGroup() { + + /** + * A pairing of an @link{UserGroup} with the identifier of its corresponding + * data source. + * + * @constructor + * @param {Object|ManageableUserGroup} template + */ + var ManageableUserGroup = function ManageableUserGroup(template) { + + /** + * The unique identifier of the data source containing this user. + * + * @type String + */ + this.dataSource = template.dataSource; + + /** + * The @link{UserGroup} object represented by this ManageableUserGroup + * and contained within the associated data source. + * + * @type UserGroup + */ + this.userGroup = template.userGroup; + + }; + + return ManageableUserGroup; + +}]); diff --git a/guacamole/src/main/webapp/app/navigation/services/userPageService.js b/guacamole/src/main/webapp/app/navigation/services/userPageService.js index 4d1e61246..f5bc30815 100644 --- a/guacamole/src/main/webapp/app/navigation/services/userPageService.js +++ b/guacamole/src/main/webapp/app/navigation/services/userPageService.js @@ -192,6 +192,7 @@ angular.module('navigation').factory('userPageService', ['$injector', var pages = []; var canManageUsers = []; + var canManageUserGroups = []; var canManageConnections = []; var canViewConnectionRecords = []; var canManageSessions = []; @@ -235,6 +236,24 @@ angular.module('navigation').factory('userPageService', ['$injector', canManageUsers.push(dataSource); } + // Determine whether the current user needs access to the group management UI + if ( + // System permissions + PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) + || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER_GROUP) + + // Permission to update user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE) + + // Permission to delete user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE) + + // Permission to administer user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER) + ) { + canManageUserGroups.push(dataSource); + } + // Determine whether the current user needs access to the connection management UI if ( // System permissions @@ -295,6 +314,14 @@ angular.module('navigation').factory('userPageService', ['$injector', })); } + // If user can manage user groups, add link to group management page + if (canManageUserGroups.length) { + pages.push(new PageDefinition({ + name : 'USER_MENU.ACTION_MANAGE_USER_GROUPS', + url : '/settings/userGroups' + })); + } + // If user can manage connections, add links for connection management pages angular.forEach(canManageConnections, function addConnectionManagementLink(dataSource) { pages.push(new PageDefinition({ diff --git a/guacamole/src/main/webapp/app/settings/controllers/settingsController.js b/guacamole/src/main/webapp/app/settings/controllers/settingsController.js index 91ef633a0..a462d8715 100644 --- a/guacamole/src/main/webapp/app/settings/controllers/settingsController.js +++ b/guacamole/src/main/webapp/app/settings/controllers/settingsController.js @@ -36,8 +36,8 @@ angular.module('manage').controller('settingsController', ['$scope', '$injector' $scope.settingsPages = null; /** - * The currently-selected settings tab. This may be 'users', 'connections', - * or 'sessions'. + * The currently-selected settings tab. This may be 'users', 'userGroups', + * 'connections', 'history', 'preferences', or 'sessions'. * * @type String */ diff --git a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js new file mode 100644 index 000000000..5d45bc141 --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js @@ -0,0 +1,270 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * A directive for managing all user groups in the system. + */ +angular.module('settings').directive('guacSettingsUserGroups', ['$injector', + function guacSettingsUserGroups($injector) { + + // Required types + var ManageableUserGroup = $injector.get('ManageableUserGroup'); + var PermissionSet = $injector.get('PermissionSet'); + var SortOrder = $injector.get('SortOrder'); + + // Required services + var $location = $injector.get('$location'); + var authenticationService = $injector.get('authenticationService'); + var dataSourceService = $injector.get('dataSourceService'); + var permissionService = $injector.get('permissionService'); + var requestService = $injector.get('requestService'); + var userGroupService = $injector.get('userGroupService'); + + var directive = { + restrict : 'E', + replace : true, + templateUrl : 'app/settings/templates/settingsUserGroups.html', + scope : {} + }; + + directive.controller = ['$scope', function settingsUserGroupsController($scope) { + + // Identifier of the current user + var currentUsername = authenticationService.getCurrentUsername(); + + /** + * The identifiers of all data sources accessible by the current + * user. + * + * @type String[] + */ + var dataSources = authenticationService.getAvailableDataSources(); + + /** + * Map of data source identifiers to all permissions associated + * with the current user within that data source, or null if the + * user's permissions have not yet been loaded. + * + * @type Object. + */ + var permissions = null; + + /** + * All visible user groups, along with their corresponding data + * sources. + * + * @type ManageableUserGroup[] + */ + $scope.manageableUserGroups = null; + + /** + * Array of all user group properties that are filterable. + * + * @type String[] + */ + $scope.filteredUserGroupProperties = [ + 'userGroup.identifier' + ]; + + /** + * SortOrder instance which stores the sort order of the listed + * user groups. + * + * @type SortOrder + */ + $scope.order = new SortOrder([ + 'userGroup.identifier' + ]); + + /** + * Returns whether critical data has completed being loaded. + * + * @returns {Boolean} + * true if enough data has been loaded for the user group + * interface to be useful, false otherwise. + */ + $scope.isLoaded = function isLoaded() { + return $scope.manageableUserGroups !== null; + }; + + /** + * Returns the identifier of the data source that should be used by + * default when creating a new user group. + * + * @return {String} + * The identifier of the data source that should be used by + * default when creating a new user group, or null if user group + * creation is not allowed. + */ + $scope.getDefaultDataSource = function getDefaultDataSource() { + + // Abort if permissions have not yet loaded + if (!permissions) + return null; + + // For each data source + for (var dataSource in permissions) { + + // Retrieve corresponding permission set + var permissionSet = permissions[dataSource]; + + // Can create user groups if adminstrator or have explicit permission + if (PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.ADMINISTER) + || PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.CREATE_USER_GROUP)) + return dataSource; + + } + + // No data sources allow user group creation + return null; + + }; + + /** + * Returns whether the current user can create new user groups + * within at least one data source. + * + * @return {Boolean} + * true if the current user can create new user groups within at + * least one data source, false otherwise. + */ + $scope.canCreateUserGroups = function canCreateUserGroups() { + return $scope.getDefaultDataSource() !== null; + }; + + /** + * Returns whether the current user can create new user groups or + * make changes to existing user groups within at least one data + * source. The user group management interface as a whole is useless + * if this function returns false. + * + * @return {Boolean} + * true if the current user can create new user groups or make + * changes to existing user groups within at least one data + * source, false otherwise. + */ + var canManageUserGroups = function canManageUserGroups() { + + // Abort if permissions have not yet loaded + if (!permissions) + return false; + + // Creating user groups counts as management + if ($scope.canCreateUserGroups()) + return true; + + // For each data source + for (var dataSource in permissions) { + + // Retrieve corresponding permission set + var permissionSet = permissions[dataSource]; + + // Can manage user groups if granted explicit update or delete + if (PermissionSet.hasUserGroupPermission(permissionSet, PermissionSet.ObjectPermissionType.UPDATE) + || PermissionSet.hasUserGroupPermission(permissionSet, PermissionSet.ObjectPermissionType.DELETE)) + return true; + + } + + // No data sources allow management of user groups + return false; + + }; + + /** + * Sets the displayed list of user groups. If any user groups are + * already shown within the interface, those user groups are replaced + * with the given user groups. + * + * @param {Object.} permissions + * A map of data source identifiers to all permissions associated + * with the current user within that data source. + * + * @param {Object.>} userGroups + * A map of all user groups which should be displayed, where each + * key is the data source identifier from which the user groups + * were retrieved and each value is a map of user group identifiers + * to their corresponding @link{UserGroup} objects. + */ + var setDisplayedUserGroups = function setDisplayedUserGroups(permissions, userGroups) { + + var addedUserGroups = {}; + $scope.manageableUserGroups = []; + + // For each user group in each data source + angular.forEach(dataSources, function addUserGroupList(dataSource) { + angular.forEach(userGroups[dataSource], function addUserGroup(userGroup) { + + // Do not add the same user group twice + if (addedUserGroups[userGroup.identifier]) + return; + + // Link to default creation data source if we cannot manage this user + if (!PermissionSet.hasSystemPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.ADMINISTER) + && !PermissionSet.hasUserGroupPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.UPDATE, userGroup.identifier) + && !PermissionSet.hasUserGroupPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.DELETE, userGroup.identifier)) + dataSource = $scope.getDefaultDataSource(); + + // Add user group to overall list + addedUserGroups[userGroup.identifier] = userGroup; + $scope.manageableUserGroups.push(new ManageableUserGroup ({ + 'dataSource' : dataSource, + 'userGroup' : userGroup + })); + + }); + }); + + }; + + // Retrieve current permissions + dataSourceService.apply( + permissionService.getEffectivePermissions, + dataSources, + currentUsername + ) + .then(function permissionsRetrieved(retrievedPermissions) { + + // Store retrieved permissions + permissions = retrievedPermissions; + + // Return to home if there's nothing to do here + if (!canManageUserGroups()) + $location.path('/'); + + // If user groups can be created, list all readable user groups + if ($scope.canCreateUserGroups()) + return dataSourceService.apply(userGroupService.getUserGroups, dataSources); + + // Otherwise, list only updateable/deletable users + return dataSourceService.apply(userGroupService.getUserGroups, dataSources, [ + PermissionSet.ObjectPermissionType.UPDATE, + PermissionSet.ObjectPermissionType.DELETE + ]); + + }) + .then(function userGroupsReceived(userGroups) { + setDisplayedUserGroups(permissions, userGroups); + }, requestService.WARN); + + }]; + + return directive; + +}]); diff --git a/guacamole/src/main/webapp/app/settings/styles/buttons.css b/guacamole/src/main/webapp/app/settings/styles/buttons.css index 17401c313..e530510a6 100644 --- a/guacamole/src/main/webapp/app/settings/styles/buttons.css +++ b/guacamole/src/main/webapp/app/settings/styles/buttons.css @@ -18,6 +18,7 @@ */ a.button.add-user, +a.button.add-user-group, a.button.add-connection, a.button.add-connection-group { font-size: 0.8em; @@ -26,6 +27,7 @@ a.button.add-connection-group { } a.button.add-user::before, +a.button.add-user-group::before, a.button.add-connection::before, a.button.add-connection-group::before { @@ -46,6 +48,10 @@ a.button.add-user::before { background-image: url('images/action-icons/guac-user-add.png'); } +a.button.add-user-group::before { + background-image: url('images/action-icons/guac-user-group-add.png'); +} + a.button.add-connection::before { background-image: url('images/action-icons/guac-monitor-add.png'); } diff --git a/guacamole/src/main/webapp/app/settings/styles/user-group-list.css b/guacamole/src/main/webapp/app/settings/styles/user-group-list.css new file mode 100644 index 000000000..2040eb440 --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/styles/user-group-list.css @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.settings.user-groups table.user-group-list { + width: 100%; +} + +.settings.user-groups table.user-group-list th.user-group-name, +.settings.user-groups table.user-group-list td.user-group-name { + width: 100%; +} + +.settings.user-groups table.user-group-list tr.user td.user-group-name a[href] { + display: block; + padding: .5em 1em; +} + +.settings.user-groups table.user-group-list tr.user td.user-group-name { + padding: 0; +} diff --git a/guacamole/src/main/webapp/app/settings/templates/settings.html b/guacamole/src/main/webapp/app/settings/templates/settings.html index b29d809c8..2bae3ae97 100644 --- a/guacamole/src/main/webapp/app/settings/templates/settings.html +++ b/guacamole/src/main/webapp/app/settings/templates/settings.html @@ -13,6 +13,7 @@ + diff --git a/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html b/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html new file mode 100644 index 000000000..19437731b --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html @@ -0,0 +1,48 @@ +
+ + +

{{'SETTINGS_USER_GROUPS.HELP_USER_GROUPS' | translate}}

+ + + +
+ + +
+ {{'SETTINGS_USER_GROUPS.ACTION_NEW_USER_GROUP' | translate}} +
+ + + + +
+ + + + + + + + + + + + + +
+ {{'SETTINGS_USER_GROUPS.TABLE_HEADER_USER_GROUP_NAME' | translate}} +
+ +
+ {{manageableUserGroup.userGroup.identifier}} + +
+ + + + +
\ No newline at end of file diff --git a/guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png b/guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png new file mode 100644 index 0000000000000000000000000000000000000000..a8334333e8e07edaac02829847cfc0d181ae8c03 GIT binary patch literal 1222 zcmV;%1UdVOP)w zK~#9!?V4MNl~okSe`~yyiq{lHYf#2YQ!H%qAxJBwix5N)J@gPIH7^A{L_!et)??8_ zg%2g9MG0YP7MUgaWKkGoVp@&lkT**6)_9ro>t!2qnDc#SX1+OR8oxgr_QPIl@3sH? zTYFtNP@+VM5+$x&#Q()mbp|l5#`L*}=o;2HrG9K}?C$TnEmyh=lmwInlmwInlzG4q z3UyiGtQ8nvD-QsE$=o*NOrmM%~dP!doQP!dpukweU$O&N1bfEhLB zP6699bkCIKaOnai0VM$?0VM$q41?+{U?ngcmr*P)J3_c$>8pth*b_A>W}x~f@+Z&BCPFuGfv zpgw3ZxLci`9?9OYMvX=j@N$O1JCe-Wf(Upmt+y*f=J|#tLhALva~ZlnrSay1Y*|#b zZf|%|y{=K2U`I}(bUcmI3$kTq8vn|Wxf)p2C<2z}=uSxE*@A32UA1n1?JA6bYjbpG zrLm|#CUn)gZ^K;RT#oMI^eTTO}SSj0*A+ z4yac(G7-98y;w&YJ6>I=cJ=Y_o$6e5in=#P_Pn~R8R_uD>X{tlHYVAb>KAn$ezQ6? z>21xCJ*hs>%z~&*eMdcAW!OKdR%ok|zgOLm48I)5)%Vo9s^sUX@2C2r`rvP=twW(4 z9s}G6EKKF_G2nZkDYL;$Bl@vVd-^J}I!Q;8%d9T?YlvP9nh3lEJVEWhq+Ci!J^Z9u69Nlj9p&}1IJ3UfaII1p9@{80D`_KffH!MD$ zNSLbbs3SDaD~f=1Ih!3)7pSAvR|`IPHNHzBb*#EGM|OQt1RTt1VJ}g~sGr&xbgHfD zoSZylZ&3tfWqfOs%qun)ThhL-XULo=Bnqe(GCDwardNAEFsi{3xeb^DY^yPUA|fUi zQ4Lly2r$P@Y!U&LoW4b6Ad6q_ z^9yongG!SKFg0G=2EzsZBOoF=>$r)gd;t+r0e%~d#asG#6U}mgK|{+>F{D|<_oW{& kAGo6l1Z07*qoM6N<$f&kVfrT_o{ literal 0 HcmV?d00001 diff --git a/guacamole/src/main/webapp/images/user-icons/guac-user-group.png b/guacamole/src/main/webapp/images/user-icons/guac-user-group.png new file mode 100644 index 0000000000000000000000000000000000000000..4eb0aa4e2eacc2bedec465854d50d87a8c517f54 GIT binary patch literal 1428 zcmV;F1#9|=P)TEwW7Lht7+sT?$N~*UgW@BG_(+TrCDcTSI%-s+s9>SC(ordWjf-=x zGrgU;_k8!>>9l(P$;oXq=Y7w2zVm%EkRnBj6e&`qNbx^Krb%|s0hR&h>i@mK55Vyz z`7hIHIu6`N^C~nkoB`~@9=M-gRUI=D zvw^)t58k7XfVL_2-Go+P5zq;&0@{6_Zzq269zE~V-L5t})rZzZBMZSbz{|iNOmuP- z*sMGoNG^DfZc^Qw)mHUq1Hew;>V`zD=s?zFJqHJX954&`JVv1P=%DJ(11AFbUSV=I z#>N7m7~j1K5wxYjtEcpotuQ z5=NiE_I55-{?Cm3QK(04tTggJ7B~2_fRfQzUS)o3U;>V)jdmmdATT#h0`4>#8bhYG z43j%_k~CUnXUr&bM^J!aJ>bTW&#U!h)nLge69r!PZ^PEVAS8w`B@2y401Em%>LB9^ zZwV9vxh5hohOh+W91LBe&jSuJt~ltkWkEjZ!>|POIvBcMpKmzGxMH_H*Ez_o-s zH>mHB=9CA1caXDEA5xJS;ClzTr{g4GjiZwrRPNyhB;Wznz0pzb+BgZw;5OJ4k=M({ram#MBbz>tIN)}(?5DWh)emCz3?SJ?%?2N8mQ516Mqma9(do8L-ng~B0VG*jpX^3pAGL3UJsJl-rP542WRWWLU&8olKb7s+geY0c09OH4OoAvRi&ONi~jVeIR- zgj|Qm+JhBm1CJuxvGt@m2)vKX4)cSQ*QdR`Rk67e()=I!nM&TEge>T$eni06a8dj=LT}GLjv&OJNu%F8M+c6D-_vl+> zXK6w1CBpcJYb9XBAo!&6-aHM0_EVSo_K<u-Dwc8pZ2M5s|>vV&KK2# z&=9h&>!FOy-rnGn$k$E@Vi@r$i^LK%<_{rb^n^>%@el(gHPX)X3m#;8%_BaBeK%3| z{%}cvCuIFXq8aesdO47*>Y!Bp%Zh&LbVtRX`V31{GvWDmf?z+rSR&mA Date: Wed, 8 Aug 2018 22:56:07 -0700 Subject: [PATCH 10/11] GUACAMOLE-220: Select from multiple datasources deterministically. --- .../src/main/webapp/app/manage/directives/dataSourceTabs.js | 5 ++++- .../webapp/app/settings/directives/guacSettingsUserGroups.js | 4 +++- .../main/webapp/app/settings/directives/guacSettingsUsers.js | 4 +++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/guacamole/src/main/webapp/app/manage/directives/dataSourceTabs.js b/guacamole/src/main/webapp/app/manage/directives/dataSourceTabs.js index cf7068f27..627197bf4 100644 --- a/guacamole/src/main/webapp/app/manage/directives/dataSourceTabs.js +++ b/guacamole/src/main/webapp/app/manage/directives/dataSourceTabs.js @@ -76,9 +76,12 @@ angular.module('manage').directive('dataSourceTabs', ['$injector', $scope.$watch('permissions', function permissionsChanged(permissions) { $scope.pages = []; - angular.forEach(permissions, function addDataSourcePage(managementPermissions, dataSource) { + + var dataSources = _.keys($scope.permissions).sort(); + angular.forEach(dataSources, function addDataSourcePage(dataSource) { // Determine whether data source contains this object + var managementPermissions = permissions[dataSource]; var exists = !!managementPermissions.identifier; // Data source is not relevant if the associated object does not diff --git a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js index 5d45bc141..a8f2dd37c 100644 --- a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js +++ b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js @@ -119,9 +119,11 @@ angular.module('settings').directive('guacSettingsUserGroups', ['$injector', return null; // For each data source - for (var dataSource in permissions) { + var dataSources = _.keys(permissions).sort(); + for (var i = 0; i < dataSources.length; i++) { // Retrieve corresponding permission set + var dataSource = dataSources[i]; var permissionSet = permissions[dataSource]; // Can create user groups if adminstrator or have explicit permission diff --git a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUsers.js b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUsers.js index 870a86256..4adf04eb8 100644 --- a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUsers.js +++ b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUsers.js @@ -150,9 +150,11 @@ angular.module('settings').directive('guacSettingsUsers', [function guacSettings return null; // For each data source - for (var dataSource in $scope.permissions) { + var dataSources = _.keys($scope.permissions).sort(); + for (var i = 0; i < dataSources.length; i++) { // Retrieve corresponding permission set + var dataSource = dataSources[i]; var permissionSet = $scope.permissions[dataSource]; // Can create users if adminstrator or have explicit permission From 7917f46b36fb04565c0e1d4119c0136c8f987fcd Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 9 Aug 2018 10:43:46 -0700 Subject: [PATCH 11/11] GUACAMOLE-220: Allow attributes to be specified via the template supplied to REST object constructors, for consistency's sake. --- guacamole/src/main/webapp/app/rest/types/Connection.js | 2 +- guacamole/src/main/webapp/app/rest/types/ConnectionGroup.js | 2 +- guacamole/src/main/webapp/app/rest/types/SharingProfile.js | 2 +- guacamole/src/main/webapp/app/rest/types/User.js | 2 +- guacamole/src/main/webapp/app/rest/types/UserGroup.js | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/guacamole/src/main/webapp/app/rest/types/Connection.js b/guacamole/src/main/webapp/app/rest/types/Connection.js index 76ece9d58..89da4e117 100644 --- a/guacamole/src/main/webapp/app/rest/types/Connection.js +++ b/guacamole/src/main/webapp/app/rest/types/Connection.js @@ -84,7 +84,7 @@ angular.module('rest').factory('Connection', [function defineConnection() { * * @type Object. */ - this.attributes = {}; + this.attributes = template.attributes || {}; /** * The count of currently active connections using this connection. diff --git a/guacamole/src/main/webapp/app/rest/types/ConnectionGroup.js b/guacamole/src/main/webapp/app/rest/types/ConnectionGroup.js index a40dba19b..6da754c0c 100644 --- a/guacamole/src/main/webapp/app/rest/types/ConnectionGroup.js +++ b/guacamole/src/main/webapp/app/rest/types/ConnectionGroup.js @@ -95,7 +95,7 @@ angular.module('rest').factory('ConnectionGroup', [function defineConnectionGrou * * @type Object. */ - this.attributes = {}; + this.attributes = template.attributes || {}; /** * The count of currently active connections using this connection diff --git a/guacamole/src/main/webapp/app/rest/types/SharingProfile.js b/guacamole/src/main/webapp/app/rest/types/SharingProfile.js index ea8287d0a..50f1307d5 100644 --- a/guacamole/src/main/webapp/app/rest/types/SharingProfile.js +++ b/guacamole/src/main/webapp/app/rest/types/SharingProfile.js @@ -76,7 +76,7 @@ angular.module('rest').factory('SharingProfile', [function defineSharingProfile( * * @type Object. */ - this.attributes = {}; + this.attributes = template.attributes || {}; }; diff --git a/guacamole/src/main/webapp/app/rest/types/User.js b/guacamole/src/main/webapp/app/rest/types/User.js index f796147d6..3ca138d3b 100644 --- a/guacamole/src/main/webapp/app/rest/types/User.js +++ b/guacamole/src/main/webapp/app/rest/types/User.js @@ -69,7 +69,7 @@ angular.module('rest').factory('User', [function defineUser() { * * @type Object. */ - this.attributes = {}; + this.attributes = template.attributes || {}; }; diff --git a/guacamole/src/main/webapp/app/rest/types/UserGroup.js b/guacamole/src/main/webapp/app/rest/types/UserGroup.js index 03b73e29f..f4bf26cfe 100644 --- a/guacamole/src/main/webapp/app/rest/types/UserGroup.js +++ b/guacamole/src/main/webapp/app/rest/types/UserGroup.js @@ -50,7 +50,7 @@ angular.module('rest').factory('UserGroup', [function defineUserGroup() { * * @type Object. */ - this.attributes = {}; + this.attributes = template.attributes || {}; };