From 8ad3f2537119d61becad38558dc1365742ba7444 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Thu, 19 Apr 2018 23:51:25 -0700 Subject: [PATCH] GUACAMOLE-220: Add management tab and editor for user groups. --- .../app/index/config/indexRouteConfig.js | 9 + .../main/webapp/app/index/styles/lists.css | 4 + .../src/main/webapp/app/index/styles/ui.css | 8 + .../controllers/manageUserGroupController.js | 538 ++++++++++++++++++ .../directives/systemPermissionEditor.js | 4 + .../app/manage/styles/manage-user-group.css | 71 +++ .../app/manage/templates/manageUserGroup.html | 101 ++++ .../app/manage/types/ManageableUserGroup.js | 53 ++ .../navigation/services/userPageService.js | 27 + .../controllers/settingsController.js | 4 +- .../directives/guacSettingsUserGroups.js | 270 +++++++++ .../webapp/app/settings/styles/buttons.css | 6 + .../app/settings/styles/user-group-list.css | 36 ++ .../app/settings/templates/settings.html | 1 + .../templates/settingsUserGroups.html | 48 ++ .../action-icons/guac-user-group-add.png | Bin 0 -> 1222 bytes .../images/user-icons/guac-user-group.png | Bin 0 -> 1428 bytes .../src/main/webapp/translations/en.json | 67 ++- 18 files changed, 1244 insertions(+), 3 deletions(-) create mode 100644 guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js create mode 100644 guacamole/src/main/webapp/app/manage/styles/manage-user-group.css create mode 100644 guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html create mode 100644 guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js create mode 100644 guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js create mode 100644 guacamole/src/main/webapp/app/settings/styles/user-group-list.css create mode 100644 guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html create mode 100644 guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png create mode 100644 guacamole/src/main/webapp/images/user-icons/guac-user-group.png diff --git a/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js b/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js index 47bc48e55..5a8c3fb8a 100644 --- a/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js +++ b/guacamole/src/main/webapp/app/index/config/indexRouteConfig.js @@ -171,6 +171,15 @@ angular.module('index').config(['$routeProvider', '$locationProvider', resolve : { updateCurrentToken: updateCurrentToken } }) + // User group editor + .when('/manage/:dataSource/userGroups/:id?', { + title : 'APP.NAME', + bodyClassName : 'manage', + templateUrl : 'app/manage/templates/manageUserGroup.html', + controller : 'manageUserGroupController', + resolve : { updateCurrentToken: updateCurrentToken } + }) + // Client view .when('/client/:id/:params?', { bodyClassName : 'client', diff --git a/guacamole/src/main/webapp/app/index/styles/lists.css b/guacamole/src/main/webapp/app/index/styles/lists.css index 0c761aef3..80df4917c 100644 --- a/guacamole/src/main/webapp/app/index/styles/lists.css +++ b/guacamole/src/main/webapp/app/index/styles/lists.css @@ -18,12 +18,14 @@ */ .user, +.user-group, .connection-group, .connection { cursor: pointer; } .user a, +.user-group a, .connection a, .connection-group a { text-decoration:none; @@ -31,6 +33,7 @@ } .user a:hover, +.user-group a:hover, .connection a:hover, .connection-group a:hover { text-decoration:none; @@ -38,6 +41,7 @@ } .user a:visited, +.user-group a:visited, .connection a:visited, .connection-group a:visited { text-decoration:none; diff --git a/guacamole/src/main/webapp/app/index/styles/ui.css b/guacamole/src/main/webapp/app/index/styles/ui.css index 434f443f6..58406ebc6 100644 --- a/guacamole/src/main/webapp/app/index/styles/ui.css +++ b/guacamole/src/main/webapp/app/index/styles/ui.css @@ -156,6 +156,14 @@ div.section { background-image: url('images/action-icons/guac-user-add.png'); } +.icon.user-group { + background-image: url('images/user-icons/guac-user-group.png'); +} + +.icon.user-group.add { + background-image: url('images/action-icons/guac-user-group-add.png'); +} + .icon.connection { background-image: url('images/protocol-icons/guac-plug.png'); } diff --git a/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js b/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js new file mode 100644 index 000000000..229b3b858 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserGroupController.js @@ -0,0 +1,538 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * The controller for editing user groups. + */ +angular.module('manage').controller('manageUserGroupController', ['$scope', '$injector', + function manageUserGroupController($scope, $injector) { + + // Required types + var ManagementPermissions = $injector.get('ManagementPermissions'); + var PermissionFlagSet = $injector.get('PermissionFlagSet'); + var PermissionSet = $injector.get('PermissionSet'); + var UserGroup = $injector.get('UserGroup'); + + // Required services + var $location = $injector.get('$location'); + var $routeParams = $injector.get('$routeParams'); + var $q = $injector.get('$q'); + var authenticationService = $injector.get('authenticationService'); + var dataSourceService = $injector.get('dataSourceService'); + var membershipService = $injector.get('membershipService'); + var permissionService = $injector.get('permissionService'); + var requestService = $injector.get('requestService'); + var schemaService = $injector.get('schemaService'); + var userGroupService = $injector.get('userGroupService'); + var userService = $injector.get('userService'); + + /** + * The identifiers of all data sources currently available to the + * authenticated user. + * + * @type String[] + */ + var dataSources = authenticationService.getAvailableDataSources(); + + /** + * The username of the current, authenticated user. + * + * @type String + */ + var currentUsername = authenticationService.getCurrentUsername(); + + /** + * The identifier of the original user group from which this user group is + * being cloned. Only valid if this is a new user group. + * + * @type String + */ + var cloneSourceIdentifier = $location.search().clone; + + /** + * The identifier of the user group being edited. If a new user group is + * being created, this will not be defined. + * + * @type String + */ + var identifier = $routeParams.id; + + /** + * The unique identifier of the data source containing the user group being + * edited. + * + * @type String + */ + $scope.dataSource = $routeParams.dataSource; + + /** + * All user groups associated with the same identifier as the group being + * created or edited, as a map of data source identifier to the UserGroup + * object within that data source. + * + * @type Object. + */ + $scope.userGroups = null; + + /** + * The user group being modified. + * + * @type UserGroup + */ + $scope.userGroup = null; + + /** + * All permissions associated with the user group being modified. + * + * @type PermissionFlagSet + */ + $scope.permissionFlags = null; + + /** + * The set of permissions that will be added to the user group when the + * user group is saved. Permissions will only be present in this set if they + * are manually added, and not later manually removed before saving. + * + * @type PermissionSet + */ + $scope.permissionsAdded = new PermissionSet(); + + /** + * The set of permissions that will be removed from the user group when the + * user group is saved. Permissions will only be present in this set if they + * are manually removed, and not later manually added before saving. + * + * @type PermissionSet + */ + $scope.permissionsRemoved = new PermissionSet(); + + /** + * The identifiers of all user groups which can be manipulated (all groups + * for which the user accessing this interface has UPDATE permission), + * whether that means changing the members of those groups or changing the + * groups of which those groups are members. If this information has not + * yet been retrieved, this will be null. + * + * @type String[] + */ + $scope.availableGroups = null; + + /** + * The identifiers of all users which can be manipulated (all users for + * which the user accessing this interface has UPDATE permission), either + * through adding those users as a member of the current group or removing + * those users from the current group. If this information has not yet been + * retrieved, this will be null. + * + * @type String[] + */ + $scope.availableUsers = null; + + /** + * The identifiers of all user groups of which this group is a member, + * taking into account any user groups which will be added/removed when + * saved. If this information has not yet been retrieved, this will be + * null. + * + * @type String[] + */ + $scope.parentGroups = null; + + /** + * The set of identifiers of all parent user groups to which this group + * will be added when saved. Parent groups will only be present in this set + * if they are manually added, and not later manually removed before + * saving. + * + * @type String[] + */ + $scope.parentGroupsAdded = []; + + /** + * The set of identifiers of all parent user groups from which this group + * will be removed when saved. Parent groups will only be present in this + * set if they are manually removed, and not later manually added before + * saving. + * + * @type String[] + */ + $scope.parentGroupsRemoved = []; + + /** + * The identifiers of all user groups which are members of this group, + * taking into account any user groups which will be added/removed when + * saved. If this information has not yet been retrieved, this will be + * null. + * + * @type String[] + */ + $scope.memberGroups = null; + + /** + * The set of identifiers of all member user groups which will be added to + * this group when saved. Member groups will only be present in this set if + * they are manually added, and not later manually removed before saving. + * + * @type String[] + */ + $scope.memberGroupsAdded = []; + + /** + * The set of identifiers of all member user groups which will be removed + * from this group when saved. Member groups will only be present in this + * set if they are manually removed, and not later manually added before + * saving. + * + * @type String[] + */ + $scope.memberGroupsRemoved = []; + + /** + * The identifiers of all users which are members of this group, taking + * into account any users which will be added/removed when saved. If this + * information has not yet been retrieved, this will be null. + * + * @type String[] + */ + $scope.memberUsers = null; + + /** + * The set of identifiers of all member users which will be added to this + * group when saved. Member users will only be present in this set if they + * are manually added, and not later manually removed before saving. + * + * @type String[] + */ + $scope.memberUsersAdded = []; + + /** + * The set of identifiers of all member users which will be removed from + * this group when saved. Member users will only be present in this set if + * they are manually removed, and not later manually added before saving. + * + * @type String[] + */ + $scope.memberUsersRemoved = []; + + /** + * For each applicable data source, the management-related actions that the + * current user may perform on the user group currently being created + * or modified, as a map of data source identifier to the + * {@link ManagementPermissions} object describing the actions available + * within that data source, or null if the current user's permissions have + * not yet been loaded. + * + * @type Object. + */ + $scope.managementPermissions = null; + + /** + * All available user group attributes. This is only the set of attribute + * definitions, organized as logical groupings of attributes, not attribute + * values. + * + * @type Form[] + */ + $scope.attributes = null; + + /** + * Returns whether critical data has completed being loaded. + * + * @returns {Boolean} + * true if enough data has been loaded for the user group interface to + * be useful, false otherwise. + */ + $scope.isLoaded = function isLoaded() { + + return $scope.userGroups !== null + && $scope.permissionFlags !== null + && $scope.managementPermissions !== null + && $scope.availableGroups !== null + && $scope.availableUsers !== null + && $scope.parentGroups !== null + && $scope.memberGroups !== null + && $scope.memberUsers !== null + && $scope.attributes !== null; + + }; + + /** + * Returns whether the current user can edit the identifier of the user + * group being edited. + * + * @returns {Boolean} + * true if the current user can edit the identifier of the user group + * being edited, false otherwise. + */ + $scope.canEditIdentifier = function canEditIdentifier() { + return !identifier; + }; + + /** + * Loads the data associated with the user group having the given + * identifier, preparing the interface for making modifications to that + * existing user group. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group + * to load. + * + * @param {String} identifier + * The unique identifier of the user group to load. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * editing the given user group. + */ + var loadExistingUserGroup = function loadExistingGroup(dataSource, identifier) { + return $q.all({ + userGroups : dataSourceService.apply(userGroupService.getUserGroup, dataSources, identifier), + permissions : permissionService.getPermissions(dataSource, identifier, true), + parentGroups : membershipService.getUserGroups(dataSource, identifier, true), + memberGroups : membershipService.getMemberUserGroups(dataSource, identifier), + memberUsers : membershipService.getMemberUsers(dataSource, identifier) + }) + .then(function userGroupDataRetrieved(values) { + + $scope.userGroups = values.userGroups; + $scope.userGroup = values.userGroups[dataSource]; + $scope.parentGroups = values.parentGroups; + $scope.memberGroups = values.memberGroups; + $scope.memberUsers = values.memberUsers; + + // Create skeleton user group if user group does not exist + if (!$scope.userGroup) + $scope.userGroup = new UserGroup({ + 'identifier' : identifier + }); + + $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions); + + }); + }; + + /** + * Loads the data associated with the user group having the given + * identifier, preparing the interface for cloning that existing user + * group. + * + * @param {String} dataSource + * The unique identifier of the data source containing the user group to + * be cloned. + * + * @param {String} identifier + * The unique identifier of the user group being cloned. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * cloning the given user group. + */ + var loadClonedUserGroup = function loadClonedUserGroup(dataSource, identifier) { + return $q.all({ + userGroups : dataSourceService.apply(userGroupService.getUserGroup, [dataSource], identifier), + permissions : permissionService.getPermissions(dataSource, identifier, true), + parentGroups : membershipService.getUserGroups(dataSource, identifier, true), + memberGroups : membershipService.getMemberUserGroups(dataSource, identifier), + memberUsers : membershipService.getMemberUsers(dataSource, identifier) + }) + .then(function userGroupDataRetrieved(values) { + + $scope.userGroups = {}; + $scope.userGroup = values.userGroups[dataSource]; + $scope.parentGroups = values.parentGroups; + $scope.parentGroupsAdded = values.parentGroups; + $scope.memberGroups = values.memberGroups; + $scope.memberGroupsAdded = values.memberGroups; + $scope.memberUsers = values.memberUsers; + $scope.memberUsersAdded = values.memberUsers; + + $scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions); + $scope.permissionsAdded = values.permissions; + + }); + }; + + /** + * Loads skeleton user group data, preparing the interface for creating a + * new user group. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared for + * creating a new user group. + */ + var loadSkeletonUserGroup = function loadSkeletonUserGroup() { + + // No user groups exist regardless of data source if the user group is + // being created + $scope.userGroups = {}; + + // Use skeleton user group object with no associated permissions + $scope.userGroup = new UserGroup(); + $scope.parentGroups = []; + $scope.memberGroups = []; + $scope.memberUsers = []; + $scope.permissionFlags = new PermissionFlagSet(); + + return $q.resolve(); + + }; + + /** + * Loads the data required for performing the management task requested + * through the route parameters given at load time, automatically preparing + * the interface for editing an existing user group, cloning an existing + * user group, or creating an entirely new user group. + * + * @returns {Promise} + * A promise which is resolved when the interface has been prepared + * for performing the requested management task. + */ + var loadRequestedUserGroup = function loadRequestedUserGroup() { + + // Pull user group data and permissions if we are editing an existing + // user group + if (identifier) + return loadExistingUserGroup($scope.dataSource, identifier); + + // If we are cloning an existing user group, pull its data instead + if (cloneSourceIdentifier) + return loadClonedUserGroup($scope.dataSource, cloneSourceIdentifier); + + // If we are creating a new user group, populate skeleton user group data + return loadSkeletonUserGroup(); + + }; + + // Populate interface with requested data + $q.all({ + userGroupData : loadRequestedUserGroup(), + permissions : dataSourceService.apply(permissionService.getEffectivePermissions, dataSources, currentUsername), + userGroups : userGroupService.getUserGroups($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]), + users : userService.getUsers($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]), + attributes : schemaService.getUserGroupAttributes($scope.dataSource) + }) + .then(function dataReceived(values) { + + $scope.attributes = values.attributes; + + $scope.managementPermissions = {}; + angular.forEach(dataSources, function deriveManagementPermissions(dataSource) { + + // Determine whether data source contains this user group + var exists = (dataSource in $scope.userGroups); + + // Add the identifiers of all modifiable user groups + $scope.availableGroups = []; + angular.forEach(values.userGroups, function addUserGroupIdentifier(userGroup) { + $scope.availableGroups.push(userGroup.identifier); + }); + + // Add the identifiers of all modifiable users + $scope.availableUsers = []; + angular.forEach(values.users, function addUserIdentifier(user) { + $scope.availableUsers.push(user.username); + }); + + // Calculate management actions available for this specific group + $scope.managementPermissions[dataSource] = ManagementPermissions.fromPermissionSet( + values.permissions[dataSource], + PermissionSet.SystemPermissionType.CREATE_USER_GROUP, + PermissionSet.hasUserGroupPermission, + exists ? identifier : null); + + }); + + }, requestService.WARN); + + /** + * Returns the URL for the page which manages the user group currently + * being edited under the given data source. The given data source need not + * be the same as the data source currently selected. + * + * @param {String} dataSource + * The unique identifier of the data source that the URL is being + * generated for. + * + * @returns {String} + * The URL for the page which manages the user group currently being + * edited under the given data source. + */ + $scope.getUserGroupURL = function getUserGroupURL(dataSource) { + return '/manage/' + encodeURIComponent(dataSource) + '/userGroups/' + encodeURIComponent(identifier || ''); + }; + + /** + * Cancels all pending edits, returning to the main list of user groups. + */ + $scope.returnToUserGroupList = function returnToUserGroupList() { + $location.url('/settings/userGroups'); + }; + + /** + * Cancels all pending edits, opening an edit page for a new user group + * which is prepopulated with the data from the user currently being edited. + */ + $scope.cloneUserGroup = function cloneUserGroup() { + $location.path('/manage/' + encodeURIComponent($scope.dataSource) + '/userGroups').search('clone', identifier); + }; + + /** + * Saves the current user group, creating a new user group or updating the + * existing user group depending on context, returning a promise which is + * resolved if the save operation succeeds and rejected if the save + * operation fails. + * + * @returns {Promise} + * A promise which is resolved if the save operation succeeds and is + * rejected with an {@link Error} if the save operation fails. + */ + $scope.saveUserGroup = function saveUserGroup() { + + // Save or create the user group, depending on whether the user group exists + var saveUserGroupPromise; + if ($scope.dataSource in $scope.userGroups) + saveUserGroupPromise = userGroupService.saveUserGroup($scope.dataSource, $scope.userGroup); + else + saveUserGroupPromise = userGroupService.createUserGroup($scope.dataSource, $scope.userGroup); + + return saveUserGroupPromise.then(function savedUserGroup() { + return $q.all([ + permissionService.patchPermissions($scope.dataSource, $scope.userGroup.identifier, $scope.permissionsAdded, $scope.permissionsRemoved, true), + membershipService.patchUserGroups($scope.dataSource, $scope.userGroup.identifier, $scope.parentGroupsAdded, $scope.parentGroupsRemoved, true), + membershipService.patchMemberUserGroups($scope.dataSource, $scope.userGroup.identifier, $scope.memberGroupsAdded, $scope.memberGroupsRemoved), + membershipService.patchMemberUsers($scope.dataSource, $scope.userGroup.identifier, $scope.memberUsersAdded, $scope.memberUsersRemoved) + ]); + }); + + }; + + /** + * Deletes the current user group, returning a promise which is resolved if + * the delete operation succeeds and rejected if the delete operation + * fails. + * + * @returns {Promise} + * A promise which is resolved if the delete operation succeeds and is + * rejected with an {@link Error} if the delete operation fails. + */ + $scope.deleteUserGroup = function deleteUserGroup() { + return userGroupService.deleteUserGroup($scope.dataSource, $scope.userGroup); + }; + +}]); diff --git a/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js b/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js index ec4187256..67fd3f4e7 100644 --- a/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js +++ b/guacamole/src/main/webapp/app/manage/directives/systemPermissionEditor.js @@ -125,6 +125,10 @@ angular.module('manage').directive('systemPermissionEditor', ['$injector', label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_USERS", value: PermissionSet.SystemPermissionType.CREATE_USER }, + { + label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_USER_GROUPS", + value: PermissionSet.SystemPermissionType.CREATE_USER_GROUP + }, { label: "MANAGE_USER.FIELD_HEADER_CREATE_NEW_CONNECTIONS", value: PermissionSet.SystemPermissionType.CREATE_CONNECTION diff --git a/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css b/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css new file mode 100644 index 000000000..df9e80df9 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/styles/manage-user-group.css @@ -0,0 +1,71 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.manage-user-group .page-tabs .page-list li.read-only a[href], +.manage-user-group .page-tabs .page-list li.unlinked a[href], +.manage-user-group .page-tabs .page-list li.linked a[href] { + padding-right: 2.5em; + position: relative; +} + +.manage-user-group .page-tabs .page-list li.read-only a[href]:before, +.manage-user-group .page-tabs .page-list li.unlinked a[href]:before, +.manage-user-group .page-tabs .page-list li.linked a[href]:before { + content: ' '; + position: absolute; + right: 0; + bottom: 0; + top: 0; + width: 2.5em; + background-size: 1.25em; + background-repeat: no-repeat; + background-position: center; +} + +.manage-user-group .page-tabs .page-list li.read-only a[href]:before { + background-image: url('images/lock.png'); +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href]:before { + background-image: url('images/plus.png'); +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href] { + opacity: 0.5; +} + +.manage-user-group .page-tabs .page-list li.unlinked a[href]:hover, +.manage-user-group .page-tabs .page-list li.unlinked a[href].current { + opacity: 1; +} + +.manage-user-group .page-tabs .page-list li.linked a[href]:before { + background-image: url('images/checkmark.png'); +} + +.manage-user-group .notice.read-only { + + background: #FDA; + border: 1px solid rgba(0, 0, 0, 0.125); + border-radius: 0.25em; + + text-align: center; + padding: 1em; + +} \ No newline at end of file diff --git a/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html b/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html new file mode 100644 index 000000000..c65991505 --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/templates/manageUserGroup.html @@ -0,0 +1,101 @@ +
+ + +
+

{{'MANAGE_USER_GROUP.SECTION_HEADER_EDIT_USER_GROUP' | translate}}

+ +
+ + + + +
+

{{'MANAGE_USER_GROUP.INFO_READ_ONLY' | translate}}

+
+ + +
+ + +
+ + + + + +
{{'MANAGE_USER_GROUP.FIELD_HEADER_USER_GROUP_NAME' | translate}} + + {{userGroup.identifier}} +
+
+ + +
+ +
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+ +
diff --git a/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js b/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js new file mode 100644 index 000000000..6853fa0fc --- /dev/null +++ b/guacamole/src/main/webapp/app/manage/types/ManageableUserGroup.js @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * A service for defining the ManageableUserGroup class. + */ +angular.module('manage').factory('ManageableUserGroup', [function defineManageableUserGroup() { + + /** + * A pairing of an @link{UserGroup} with the identifier of its corresponding + * data source. + * + * @constructor + * @param {Object|ManageableUserGroup} template + */ + var ManageableUserGroup = function ManageableUserGroup(template) { + + /** + * The unique identifier of the data source containing this user. + * + * @type String + */ + this.dataSource = template.dataSource; + + /** + * The @link{UserGroup} object represented by this ManageableUserGroup + * and contained within the associated data source. + * + * @type UserGroup + */ + this.userGroup = template.userGroup; + + }; + + return ManageableUserGroup; + +}]); diff --git a/guacamole/src/main/webapp/app/navigation/services/userPageService.js b/guacamole/src/main/webapp/app/navigation/services/userPageService.js index 4d1e61246..f5bc30815 100644 --- a/guacamole/src/main/webapp/app/navigation/services/userPageService.js +++ b/guacamole/src/main/webapp/app/navigation/services/userPageService.js @@ -192,6 +192,7 @@ angular.module('navigation').factory('userPageService', ['$injector', var pages = []; var canManageUsers = []; + var canManageUserGroups = []; var canManageConnections = []; var canViewConnectionRecords = []; var canManageSessions = []; @@ -235,6 +236,24 @@ angular.module('navigation').factory('userPageService', ['$injector', canManageUsers.push(dataSource); } + // Determine whether the current user needs access to the group management UI + if ( + // System permissions + PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) + || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER_GROUP) + + // Permission to update user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE) + + // Permission to delete user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE) + + // Permission to administer user groups + || PermissionSet.hasUserGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER) + ) { + canManageUserGroups.push(dataSource); + } + // Determine whether the current user needs access to the connection management UI if ( // System permissions @@ -295,6 +314,14 @@ angular.module('navigation').factory('userPageService', ['$injector', })); } + // If user can manage user groups, add link to group management page + if (canManageUserGroups.length) { + pages.push(new PageDefinition({ + name : 'USER_MENU.ACTION_MANAGE_USER_GROUPS', + url : '/settings/userGroups' + })); + } + // If user can manage connections, add links for connection management pages angular.forEach(canManageConnections, function addConnectionManagementLink(dataSource) { pages.push(new PageDefinition({ diff --git a/guacamole/src/main/webapp/app/settings/controllers/settingsController.js b/guacamole/src/main/webapp/app/settings/controllers/settingsController.js index 91ef633a0..a462d8715 100644 --- a/guacamole/src/main/webapp/app/settings/controllers/settingsController.js +++ b/guacamole/src/main/webapp/app/settings/controllers/settingsController.js @@ -36,8 +36,8 @@ angular.module('manage').controller('settingsController', ['$scope', '$injector' $scope.settingsPages = null; /** - * The currently-selected settings tab. This may be 'users', 'connections', - * or 'sessions'. + * The currently-selected settings tab. This may be 'users', 'userGroups', + * 'connections', 'history', 'preferences', or 'sessions'. * * @type String */ diff --git a/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js new file mode 100644 index 000000000..5d45bc141 --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/directives/guacSettingsUserGroups.js @@ -0,0 +1,270 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +/** + * A directive for managing all user groups in the system. + */ +angular.module('settings').directive('guacSettingsUserGroups', ['$injector', + function guacSettingsUserGroups($injector) { + + // Required types + var ManageableUserGroup = $injector.get('ManageableUserGroup'); + var PermissionSet = $injector.get('PermissionSet'); + var SortOrder = $injector.get('SortOrder'); + + // Required services + var $location = $injector.get('$location'); + var authenticationService = $injector.get('authenticationService'); + var dataSourceService = $injector.get('dataSourceService'); + var permissionService = $injector.get('permissionService'); + var requestService = $injector.get('requestService'); + var userGroupService = $injector.get('userGroupService'); + + var directive = { + restrict : 'E', + replace : true, + templateUrl : 'app/settings/templates/settingsUserGroups.html', + scope : {} + }; + + directive.controller = ['$scope', function settingsUserGroupsController($scope) { + + // Identifier of the current user + var currentUsername = authenticationService.getCurrentUsername(); + + /** + * The identifiers of all data sources accessible by the current + * user. + * + * @type String[] + */ + var dataSources = authenticationService.getAvailableDataSources(); + + /** + * Map of data source identifiers to all permissions associated + * with the current user within that data source, or null if the + * user's permissions have not yet been loaded. + * + * @type Object. + */ + var permissions = null; + + /** + * All visible user groups, along with their corresponding data + * sources. + * + * @type ManageableUserGroup[] + */ + $scope.manageableUserGroups = null; + + /** + * Array of all user group properties that are filterable. + * + * @type String[] + */ + $scope.filteredUserGroupProperties = [ + 'userGroup.identifier' + ]; + + /** + * SortOrder instance which stores the sort order of the listed + * user groups. + * + * @type SortOrder + */ + $scope.order = new SortOrder([ + 'userGroup.identifier' + ]); + + /** + * Returns whether critical data has completed being loaded. + * + * @returns {Boolean} + * true if enough data has been loaded for the user group + * interface to be useful, false otherwise. + */ + $scope.isLoaded = function isLoaded() { + return $scope.manageableUserGroups !== null; + }; + + /** + * Returns the identifier of the data source that should be used by + * default when creating a new user group. + * + * @return {String} + * The identifier of the data source that should be used by + * default when creating a new user group, or null if user group + * creation is not allowed. + */ + $scope.getDefaultDataSource = function getDefaultDataSource() { + + // Abort if permissions have not yet loaded + if (!permissions) + return null; + + // For each data source + for (var dataSource in permissions) { + + // Retrieve corresponding permission set + var permissionSet = permissions[dataSource]; + + // Can create user groups if adminstrator or have explicit permission + if (PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.ADMINISTER) + || PermissionSet.hasSystemPermission(permissionSet, PermissionSet.SystemPermissionType.CREATE_USER_GROUP)) + return dataSource; + + } + + // No data sources allow user group creation + return null; + + }; + + /** + * Returns whether the current user can create new user groups + * within at least one data source. + * + * @return {Boolean} + * true if the current user can create new user groups within at + * least one data source, false otherwise. + */ + $scope.canCreateUserGroups = function canCreateUserGroups() { + return $scope.getDefaultDataSource() !== null; + }; + + /** + * Returns whether the current user can create new user groups or + * make changes to existing user groups within at least one data + * source. The user group management interface as a whole is useless + * if this function returns false. + * + * @return {Boolean} + * true if the current user can create new user groups or make + * changes to existing user groups within at least one data + * source, false otherwise. + */ + var canManageUserGroups = function canManageUserGroups() { + + // Abort if permissions have not yet loaded + if (!permissions) + return false; + + // Creating user groups counts as management + if ($scope.canCreateUserGroups()) + return true; + + // For each data source + for (var dataSource in permissions) { + + // Retrieve corresponding permission set + var permissionSet = permissions[dataSource]; + + // Can manage user groups if granted explicit update or delete + if (PermissionSet.hasUserGroupPermission(permissionSet, PermissionSet.ObjectPermissionType.UPDATE) + || PermissionSet.hasUserGroupPermission(permissionSet, PermissionSet.ObjectPermissionType.DELETE)) + return true; + + } + + // No data sources allow management of user groups + return false; + + }; + + /** + * Sets the displayed list of user groups. If any user groups are + * already shown within the interface, those user groups are replaced + * with the given user groups. + * + * @param {Object.} permissions + * A map of data source identifiers to all permissions associated + * with the current user within that data source. + * + * @param {Object.>} userGroups + * A map of all user groups which should be displayed, where each + * key is the data source identifier from which the user groups + * were retrieved and each value is a map of user group identifiers + * to their corresponding @link{UserGroup} objects. + */ + var setDisplayedUserGroups = function setDisplayedUserGroups(permissions, userGroups) { + + var addedUserGroups = {}; + $scope.manageableUserGroups = []; + + // For each user group in each data source + angular.forEach(dataSources, function addUserGroupList(dataSource) { + angular.forEach(userGroups[dataSource], function addUserGroup(userGroup) { + + // Do not add the same user group twice + if (addedUserGroups[userGroup.identifier]) + return; + + // Link to default creation data source if we cannot manage this user + if (!PermissionSet.hasSystemPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.ADMINISTER) + && !PermissionSet.hasUserGroupPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.UPDATE, userGroup.identifier) + && !PermissionSet.hasUserGroupPermission(permissions[dataSource], PermissionSet.ObjectPermissionType.DELETE, userGroup.identifier)) + dataSource = $scope.getDefaultDataSource(); + + // Add user group to overall list + addedUserGroups[userGroup.identifier] = userGroup; + $scope.manageableUserGroups.push(new ManageableUserGroup ({ + 'dataSource' : dataSource, + 'userGroup' : userGroup + })); + + }); + }); + + }; + + // Retrieve current permissions + dataSourceService.apply( + permissionService.getEffectivePermissions, + dataSources, + currentUsername + ) + .then(function permissionsRetrieved(retrievedPermissions) { + + // Store retrieved permissions + permissions = retrievedPermissions; + + // Return to home if there's nothing to do here + if (!canManageUserGroups()) + $location.path('/'); + + // If user groups can be created, list all readable user groups + if ($scope.canCreateUserGroups()) + return dataSourceService.apply(userGroupService.getUserGroups, dataSources); + + // Otherwise, list only updateable/deletable users + return dataSourceService.apply(userGroupService.getUserGroups, dataSources, [ + PermissionSet.ObjectPermissionType.UPDATE, + PermissionSet.ObjectPermissionType.DELETE + ]); + + }) + .then(function userGroupsReceived(userGroups) { + setDisplayedUserGroups(permissions, userGroups); + }, requestService.WARN); + + }]; + + return directive; + +}]); diff --git a/guacamole/src/main/webapp/app/settings/styles/buttons.css b/guacamole/src/main/webapp/app/settings/styles/buttons.css index 17401c313..e530510a6 100644 --- a/guacamole/src/main/webapp/app/settings/styles/buttons.css +++ b/guacamole/src/main/webapp/app/settings/styles/buttons.css @@ -18,6 +18,7 @@ */ a.button.add-user, +a.button.add-user-group, a.button.add-connection, a.button.add-connection-group { font-size: 0.8em; @@ -26,6 +27,7 @@ a.button.add-connection-group { } a.button.add-user::before, +a.button.add-user-group::before, a.button.add-connection::before, a.button.add-connection-group::before { @@ -46,6 +48,10 @@ a.button.add-user::before { background-image: url('images/action-icons/guac-user-add.png'); } +a.button.add-user-group::before { + background-image: url('images/action-icons/guac-user-group-add.png'); +} + a.button.add-connection::before { background-image: url('images/action-icons/guac-monitor-add.png'); } diff --git a/guacamole/src/main/webapp/app/settings/styles/user-group-list.css b/guacamole/src/main/webapp/app/settings/styles/user-group-list.css new file mode 100644 index 000000000..2040eb440 --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/styles/user-group-list.css @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +.settings.user-groups table.user-group-list { + width: 100%; +} + +.settings.user-groups table.user-group-list th.user-group-name, +.settings.user-groups table.user-group-list td.user-group-name { + width: 100%; +} + +.settings.user-groups table.user-group-list tr.user td.user-group-name a[href] { + display: block; + padding: .5em 1em; +} + +.settings.user-groups table.user-group-list tr.user td.user-group-name { + padding: 0; +} diff --git a/guacamole/src/main/webapp/app/settings/templates/settings.html b/guacamole/src/main/webapp/app/settings/templates/settings.html index b29d809c8..2bae3ae97 100644 --- a/guacamole/src/main/webapp/app/settings/templates/settings.html +++ b/guacamole/src/main/webapp/app/settings/templates/settings.html @@ -13,6 +13,7 @@ + diff --git a/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html b/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html new file mode 100644 index 000000000..19437731b --- /dev/null +++ b/guacamole/src/main/webapp/app/settings/templates/settingsUserGroups.html @@ -0,0 +1,48 @@ +
+ + +

{{'SETTINGS_USER_GROUPS.HELP_USER_GROUPS' | translate}}

+ + + +
+ + +
+ {{'SETTINGS_USER_GROUPS.ACTION_NEW_USER_GROUP' | translate}} +
+ + + + +
+ + + + + + + + + + + + + +
+ {{'SETTINGS_USER_GROUPS.TABLE_HEADER_USER_GROUP_NAME' | translate}} +
+ +
+ {{manageableUserGroup.userGroup.identifier}} + +
+ + + + +
\ No newline at end of file diff --git a/guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png b/guacamole/src/main/webapp/images/action-icons/guac-user-group-add.png new file mode 100644 index 0000000000000000000000000000000000000000..a8334333e8e07edaac02829847cfc0d181ae8c03 GIT binary patch literal 1222 zcmV;%1UdVOP)w zK~#9!?V4MNl~okSe`~yyiq{lHYf#2YQ!H%qAxJBwix5N)J@gPIH7^A{L_!et)??8_ zg%2g9MG0YP7MUgaWKkGoVp@&lkT**6)_9ro>t!2qnDc#SX1+OR8oxgr_QPIl@3sH? zTYFtNP@+VM5+$x&#Q()mbp|l5#`L*}=o;2HrG9K}?C$TnEmyh=lmwInlmwInlzG4q z3UyiGtQ8nvD-QsE$=o*NOrmM%~dP!doQP!dpukweU$O&N1bfEhLB zP6699bkCIKaOnai0VM$?0VM$q41?+{U?ngcmr*P)J3_c$>8pth*b_A>W}x~f@+Z&BCPFuGfv zpgw3ZxLci`9?9OYMvX=j@N$O1JCe-Wf(Upmt+y*f=J|#tLhALva~ZlnrSay1Y*|#b zZf|%|y{=K2U`I}(bUcmI3$kTq8vn|Wxf)p2C<2z}=uSxE*@A32UA1n1?JA6bYjbpG zrLm|#CUn)gZ^K;RT#oMI^eTTO}SSj0*A+ z4yac(G7-98y;w&YJ6>I=cJ=Y_o$6e5in=#P_Pn~R8R_uD>X{tlHYVAb>KAn$ezQ6? z>21xCJ*hs>%z~&*eMdcAW!OKdR%ok|zgOLm48I)5)%Vo9s^sUX@2C2r`rvP=twW(4 z9s}G6EKKF_G2nZkDYL;$Bl@vVd-^J}I!Q;8%d9T?YlvP9nh3lEJVEWhq+Ci!J^Z9u69Nlj9p&}1IJ3UfaII1p9@{80D`_KffH!MD$ zNSLbbs3SDaD~f=1Ih!3)7pSAvR|`IPHNHzBb*#EGM|OQt1RTt1VJ}g~sGr&xbgHfD zoSZylZ&3tfWqfOs%qun)ThhL-XULo=Bnqe(GCDwardNAEFsi{3xeb^DY^yPUA|fUi zQ4Lly2r$P@Y!U&LoW4b6Ad6q_ z^9yongG!SKFg0G=2EzsZBOoF=>$r)gd;t+r0e%~d#asG#6U}mgK|{+>F{D|<_oW{& kAGo6l1Z07*qoM6N<$f&kVfrT_o{ literal 0 HcmV?d00001 diff --git a/guacamole/src/main/webapp/images/user-icons/guac-user-group.png b/guacamole/src/main/webapp/images/user-icons/guac-user-group.png new file mode 100644 index 0000000000000000000000000000000000000000..4eb0aa4e2eacc2bedec465854d50d87a8c517f54 GIT binary patch literal 1428 zcmV;F1#9|=P)TEwW7Lht7+sT?$N~*UgW@BG_(+TrCDcTSI%-s+s9>SC(ordWjf-=x zGrgU;_k8!>>9l(P$;oXq=Y7w2zVm%EkRnBj6e&`qNbx^Krb%|s0hR&h>i@mK55Vyz z`7hIHIu6`N^C~nkoB`~@9=M-gRUI=D zvw^)t58k7XfVL_2-Go+P5zq;&0@{6_Zzq269zE~V-L5t})rZzZBMZSbz{|iNOmuP- z*sMGoNG^DfZc^Qw)mHUq1Hew;>V`zD=s?zFJqHJX954&`JVv1P=%DJ(11AFbUSV=I z#>N7m7~j1K5wxYjtEcpotuQ z5=NiE_I55-{?Cm3QK(04tTggJ7B~2_fRfQzUS)o3U;>V)jdmmdATT#h0`4>#8bhYG z43j%_k~CUnXUr&bM^J!aJ>bTW&#U!h)nLge69r!PZ^PEVAS8w`B@2y401Em%>LB9^ zZwV9vxh5hohOh+W91LBe&jSuJt~ltkWkEjZ!>|POIvBcMpKmzGxMH_H*Ez_o-s zH>mHB=9CA1caXDEA5xJS;ClzTr{g4GjiZwrRPNyhB;Wznz0pzb+BgZw;5OJ4k=M({ram#MBbz>tIN)}(?5DWh)emCz3?SJ?%?2N8mQ516Mqma9(do8L-ng~B0VG*jpX^3pAGL3UJsJl-rP542WRWWLU&8olKb7s+geY0c09OH4OoAvRi&ONi~jVeIR- zgj|Qm+JhBm1CJuxvGt@m2)vKX4)cSQ*QdR`Rk67e()=I!nM&TEge>T$eni06a8dj=LT}GLjv&OJNu%F8M+c6D-_vl+> zXK6w1CBpcJYb9XBAo!&6-aHM0_EVSo_K<u-Dwc8pZ2M5s|>vV&KK2# z&=9h&>!FOy-rnGn$k$E@Vi@r$i^LK%<_{rb^n^>%@el(gHPX)X3m#;8%_BaBeK%3| z{%}cvCuIFXq8aesdO47*>Y!Bp%Zh&LbVtRX`V31{GvWDmf?z+rSR&mA