Merge pull request #138 from glyptodon/user-pass-perm

GUAC-800: Add checkbox for managing permission to change password

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.xml

@@ -93,10 +93,10 @@
     <delete id="delete" parameterType="org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel">
 
         DELETE FROM guacamole_user_permission
-        USING guacamole_user_permission
-        JOIN guacamole_user affected ON guacamole_user_permission.affected_user_id = affected.user_id
+        USING guacamole_user affected
         WHERE
-            (guacamole_user_permission.user_id, permission, affected.username) IN
+            guacamole_user_permission.affected_user_id = affected.user_id
+            AND (guacamole_user_permission.user_id, permission, affected.username) IN
                 <foreach collection="permissions" item="permission"
                          open="(" separator="," close=")">
                     (#{permission.userID,jdbcType=INTEGER},

guacamole/src/main/webapp/app/manage/controllers/manageUserController.js

@@ -205,7 +205,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
      * reflect the addition of the given system permission.
      * 
      * @param {String} type
-     *     The system permission to remove, as defined by
+     *     The system permission to add, as defined by
      *     PermissionSet.SystemPermissionType.
      */
     var addSystemPermission = function addSystemPermission(type) {
@@ -225,7 +225,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
      * reflect the removal of the given system permission.
      *
      * @param {String} type
-     *     The system permission to add, as defined by
+     *     The system permission to remove, as defined by
      *     PermissionSet.SystemPermissionType.
      */
     var removeSystemPermission = function removeSystemPermission(type) {
@@ -241,8 +241,8 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     };
 
     /**
-     * Notifies of a change to the selected system permissions for the user
-     * being edited.
+     * Notifies the controller that a change has been made to the given
+     * system permission for the user being edited.
      *
      * @param {String} type
      *     The system permission that was changed, as defined by
@@ -261,6 +261,76 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
 
     };
 
+    /**
+     * Updates the permissionsAdded and permissionsRemoved permission sets to
+     * reflect the addition of the given user permission.
+     * 
+     * @param {String} type
+     *     The user permission to add, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the user affected by the permission being added.
+     */
+    var addUserPermission = function addUserPermission(type, identifier) {
+
+        // If permission was previously removed, simply un-remove it
+        if (PermissionSet.hasUserPermission(permissionsRemoved, type, identifier))
+            PermissionSet.removeUserPermission(permissionsRemoved, type, identifier);
+
+        // Otherwise, explicitly add the permission
+        else
+            PermissionSet.addUserPermission(permissionsAdded, type, identifier);
+
+    };
+
+    /**
+     * Updates the permissionsAdded and permissionsRemoved permission sets to
+     * reflect the removal of the given user permission.
+     *
+     * @param {String} type
+     *     The user permission to remove, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the user affected by the permission being removed.
+     */
+    var removeUserPermission = function removeUserPermission(type, identifier) {
+
+        // If permission was previously added, simply un-add it
+        if (PermissionSet.hasUserPermission(permissionsAdded, type, identifier))
+            PermissionSet.removeUserPermission(permissionsAdded, type, identifier);
+
+        // Otherwise, explicitly remove the permission
+        else
+            PermissionSet.addUserPermission(permissionsRemoved, type, identifier);
+
+    };
+
+    /**
+     * Notifies the controller that a change has been made to the given user
+     * permission for the user being edited.
+     *
+     * @param {String} type
+     *     The user permission that was changed, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the user affected by the changed permission.
+     */
+    $scope.userPermissionChanged = function userPermissionChanged(type, identifier) {
+
+        // Determine current permission setting
+        var value = $scope.permissionFlags.userPermissions[type][identifier];
+
+        // Add/remove permission depending on flag state
+        if (value)
+            addUserPermission(type, identifier);
+        else
+            removeUserPermission(type, identifier);
+
+    };
+
     /**
      * Updates the permissionsAdded and permissionsRemoved permission sets to
      * reflect the addition of the given connection permission.
@@ -353,8 +423,9 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
         },
 
         /**
-         * Notifies of a change to the selected connection permission for the
-         * user being edited. This only applies to READ permissions.
+         * Notifies the controller that a change has been made to the given
+         * connection permission for the user being edited. This only applies
+         * to READ permissions.
          *
          * @param {String} identifier
          *     The identifier of the connection affected by the changed
@@ -374,8 +445,9 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
         },
 
         /**
-         * Notifies of a change to the selected connection group permission for
-         * the user being edited. This only applies to READ permissions.
+         * Notifies the controller that a change has been made to the given
+         * connection group permission for the user being edited. This only
+         * applies to READ permissions.
          *
          * @param {String} identifier
          *     The identifier of the connection group affected by the changed

guacamole/src/main/webapp/app/manage/templates/manageUser.html

@@ -56,6 +56,11 @@ THE SOFTWARE.
                 <td><input type="checkbox" ng-model="permissionFlags.systemPermissions[systemPermissionType.value]"
                                            ng-change="systemPermissionChanged(systemPermissionType.value)"/></td>
             </tr>
+            <tr>
+                <th>{{'MANAGE_USER.FIELD_HEADER_CHANGE_OWN_PASSWORD' | translate}}</th>
+                <td><input type="checkbox" ng-model="permissionFlags.userPermissions.UPDATE[user.username]"
+                                           ng-change="userPermissionChanged('UPDATE', user.username)"/></td>
+            </tr>
         </table>
     </div>
         

guacamole/src/main/webapp/translations/en_US.json

@@ -220,6 +220,7 @@
         "ERROR_PASSWORD_MISMATCH" : "@:APP.ERROR_PASSWORD_MISMATCH",
 
         "FIELD_HEADER_ADMINISTER_SYSTEM"             : "Administer system:",
+        "FIELD_HEADER_CHANGE_OWN_PASSWORD"           : "Change own password:",
         "FIELD_HEADER_CREATE_NEW_USERS"              : "Create new users:",
         "FIELD_HEADER_CREATE_NEW_CONNECTIONS"        : "Create new connections:",
         "FIELD_HEADER_CREATE_NEW_CONNECTION_GROUPS"  : "Create new connection groups:",