GUACAMOLE-5: Add support for sharing profile permissions to JavaScript implementations of REST API objects.

2025-09-06 13:17:41 +00:00 · 2016-08-04 18:15:28 -07:00
parent 85f15b7cd1
commit 8a8ae8496c
3 changed files with 113 additions and 1 deletions
--- a/guacamole/src/main/webapp/app/rest/services/permissionService.js
+++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js
@@ -175,6 +175,10 @@ angular.module('rest').factory('permissionService', ['$injector',
        addObjectPatchOperations(patch, operation, "/connectionGroupPermissions",
            permissions.connectionGroupPermissions);

+        // Add sharing profile permission operations to patch
+        addObjectPatchOperations(patch, operation, "/sharingProfilePermissions",
+            permissions.sharingProfilePermissions);
+
        // Add active connection permission operations to patch
        addObjectPatchOperations(patch, operation, "/activeConnectionPermissions",
            permissions.activeConnectionPermissions);
--- a/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js
+++ b/guacamole/src/main/webapp/app/rest/types/PermissionFlagSet.js
@@ -87,6 +87,25 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
            'ADMINISTER' : {}
        };

+        /**
+         * The granted state of each permission for each sharing profile, as a
+         * map of object permission type string to permission map. The
+         * permission map is, in turn, a map of sharing profile identifier to
+         * boolean value. A particular permission is granted if its
+         * corresponding boolean value is set to true. Valid permission type
+         * strings are defined within PermissionSet.ObjectPermissionType.
+         * Permissions which are not granted may be set to false, but this is
+         * not required.
+         *
+         * @type Object.<String, Object.<String, Boolean>>
+         */
+        this.sharingProfilePermissions = template.sharingProfilePermissions || {
+            'READ'       : {},
+            'UPDATE'     : {},
+            'DELETE'     : {},
+            'ADMINISTER' : {}
+        };
+
        /**
         * The granted state of each permission for each active connection, as
         * a map of object permission type string to permission map. The
@@ -188,6 +207,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
        // Add all granted connection group permissions
        addObjectPermissions(permissionSet.connectionGroupPermissions, permissionFlagSet.connectionGroupPermissions);

+        // Add all granted sharing profile permissions
+        addObjectPermissions(permissionSet.sharingProfilePermissions, permissionFlagSet.sharingProfilePermissions);
+
        // Add all granted active connection permissions
        addObjectPermissions(permissionSet.activeConnectionPermissions, permissionFlagSet.activeConnectionPermissions);

--- a/guacamole/src/main/webapp/app/rest/types/PermissionSet.js
+++ b/guacamole/src/main/webapp/app/rest/types/PermissionSet.js
@@ -53,6 +53,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
         * @type Object.<String, String[]>
         */
        this.connectionGroupPermissions = template.connectionGroupPermissions || {};
+
+        /**
+         * Map of sharing profile identifiers to the corresponding array of
+         * granted permissions. Each permission is represented by a string
+         * listed within PermissionSet.ObjectPermissionType.
+         *
+         * @type Object.<String, String[]>
+         */
+        this.sharingProfilePermissions = template.sharingProfilePermissions || {};
        
        /**
         * Map of active connection identifiers to the corresponding array of
@@ -132,7 +141,12 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
        /**
         * Permission to create new connection groups.
         */
-        CREATE_CONNECTION_GROUP : "CREATE_CONNECTION_GROUP"
+        CREATE_CONNECTION_GROUP : "CREATE_CONNECTION_GROUP",
+
+        /**
+         * Permission to create new sharing profiles.
+         */
+        CREATE_SHARING_PROFILE : "CREATE_SHARING_PROFILE"

    };

@@ -247,6 +261,28 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
        return hasPermission(permSet.connectionGroupPermissions, type, identifier);
    };

+    /**
+     * Returns whether the given permission is granted for the sharing profile
+     * having the given ID.
+     *
+     * @param {PermissionSet|Object} permSet
+     *     The permission set to check.
+     *
+     * @param {String} type
+     *     The permission to search for, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the sharing profile to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission is present (granted), false otherwise.
+     */
+    PermissionSet.hasSharingProfilePermission = function hasSharingProfilePermission(permSet, type, identifier) {
+        return hasPermission(permSet.sharingProfilePermissions, type, identifier);
+    };
+
    /**
     * Returns whether the given permission is granted for the active
     * connection having the given ID.
@@ -548,6 +584,56 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
        return removeObjectPermission(permSet.connectionGroupPermissions, type, identifier);
    };

+    /**
+     * Adds the given sharing profile permission applying to the sharing profile
+     * with the given ID to the given permission set, if not already present. If
+     * the permission is already present, this function has no effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to add, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the sharing profile to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was added, false if the permission was
+     *     already present in the given permission set.
+     */
+    PermissionSet.addSharingProfilePermission = function addSharingProfilePermission(permSet, type, identifier) {
+        permSet.sharingProfilePermissions = permSet.sharingProfilePermissions || {};
+        return addObjectPermission(permSet.sharingProfilePermissions, type, identifier);
+    };
+
+    /**
+     * Removes the given sharing profile permission applying to the sharing
+     * profile with the given ID from the given permission set, if present. If
+     * the permission is not present, this function has no effect.
+     *
+     * @param {PermissionSet} permSet
+     *     The permission set to modify.
+     *
+     * @param {String} type
+     *     The permission to remove, as defined by
+     *     PermissionSet.ObjectPermissionType.
+     *
+     * @param {String} identifier
+     *     The identifier of the sharing profile to which the permission
+     *     applies.
+     *
+     * @returns {Boolean}
+     *     true if the permission was removed, false if the permission was not
+     *     present in the given permission set.
+     */
+    PermissionSet.removeSharingProfilePermission = function removeSharingProfilePermission(permSet, type, identifier) {
+        permSet.sharingProfilePermissions = permSet.sharingProfilePermissions || {};
+        return removeObjectPermission(permSet.sharingProfilePermissions, type, identifier);
+    };
+
    /**
     * Adds the given active connection permission applying to the connection
     * group with the given ID to the given permission set, if not already