GUACAMOLE-360: Allow user to kill their own active sessions.

2025-09-07 05:31:22 +00:00 · 2018-06-12 10:55:28 -04:00
parent 3eda313519
commit 85c7b511e1
2 changed files with 14 additions and 12 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
@@ -110,14 +110,12 @@ public class ActiveConnectionService
    @Override
    public void deleteObject(ModeledAuthenticatedUser user, String identifier)
        throws GuacamoleException {
-
-        // Only administrators may delete active connections
-        if (!user.getUser().isAdministrator())
-            throw new GuacamoleSecurityException("Permission denied.");
-
+        
        // Close connection, if it exists (and we have permission)
        ActiveConnection activeConnection = retrieveObject(user, identifier);
-        if (activeConnection != null) {
+        if (activeConnection != null && 
+                (user.getUser().isAdministrator() 
+                || user.getIdentifier().equals(activeConnection.getUsername()))) {

            // Close connection if not already closed
            GuacamoleTunnel tunnel = activeConnection.getTunnel();
@@ -125,6 +123,8 @@ public class ActiveConnectionService
                tunnel.close();

        }
+        else
+            throw new GuacamoleSecurityException("Permission denied.");
        
    }