From 85c7b511e15fe68401166054c6cbd1bc1fb63563 Mon Sep 17 00:00:00 2001
From: Nick Couchman <nick_couchman@cotyinc.com>
Date: Tue, 12 Jun 2018 10:55:28 -0400
Subject: [PATCH] GUACAMOLE-360: Allow user to kill their own active sessions.

---
 .../activeconnection/ActiveConnectionService.java  | 12 ++++++------
 .../settings/directives/guacSettingsSessions.js    | 14 ++++++++------
 2 files changed, 14 insertions(+), 12 deletions(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
index 5e459b154..c14d341ba 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
@@ -110,14 +110,12 @@ public class ActiveConnectionService
     @Override
     public void deleteObject(ModeledAuthenticatedUser user, String identifier)
         throws GuacamoleException {
-
-        // Only administrators may delete active connections
-        if (!user.getUser().isAdministrator())
-            throw new GuacamoleSecurityException("Permission denied.");
-
+        
         // Close connection, if it exists (and we have permission)
         ActiveConnection activeConnection = retrieveObject(user, identifier);
-        if (activeConnection != null) {
+        if (activeConnection != null && 
+                (user.getUser().isAdministrator() 
+                || user.getIdentifier().equals(activeConnection.getUsername()))) {
 
             // Close connection if not already closed
             GuacamoleTunnel tunnel = activeConnection.getTunnel();
@@ -125,6 +123,8 @@ public class ActiveConnectionService
                 tunnel.close();
 
         }
+        else
+            throw new GuacamoleSecurityException("Permission denied.");
         
     }
 
diff --git a/guacamole/src/main/webapp/app/settings/directives/guacSettingsSessions.js b/guacamole/src/main/webapp/app/settings/directives/guacSettingsSessions.js
index 67776f0ab..ccb75c974 100644
--- a/guacamole/src/main/webapp/app/settings/directives/guacSettingsSessions.js
+++ b/guacamole/src/main/webapp/app/settings/directives/guacSettingsSessions.js
@@ -189,12 +189,14 @@ angular.module('settings').directive('guacSettingsSessions', [function guacSetti
                         var connection = allConnections[dataSource][activeConnection.connectionIdentifier];
 
                         // Add wrapper
-                        $scope.wrappers.push(new ActiveConnectionWrapper({
-                            dataSource       : dataSource,
-                            name             : connection.name,
-                            startDate        : $filter('date')(activeConnection.startDate, sessionDateFormat),
-                            activeConnection : activeConnection
-                        }));
+                        if (activeConnection.username !== null) {
+                            $scope.wrappers.push(new ActiveConnectionWrapper({
+                                dataSource       : dataSource,
+                                name             : connection.name,
+                                startDate        : $filter('date')(activeConnection.startDate, sessionDateFormat),
+                                activeConnection : activeConnection
+                            }));
+                        }
 
                     });
                 });