Return the truth in user permissions. Simplify SimpleUserContext.

2025-09-06 13:17:41 +00:00 · 2013-08-22 17:28:36 -07:00
parent 8a5c18f90d
commit 8afc25abcf
3 changed files with 32 additions and 17 deletions
--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleAuthenticationProvider.java
@@ -41,7 +41,6 @@ import java.util.Map;
 import net.sourceforge.guacamole.GuacamoleException;
 import net.sourceforge.guacamole.net.auth.AuthenticationProvider;
 import net.sourceforge.guacamole.net.auth.Credentials;
-import net.sourceforge.guacamole.net.auth.User;
 import net.sourceforge.guacamole.net.auth.UserContext;
 import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;

@@ -89,11 +88,8 @@ public abstract class SimpleAuthenticationProvider
        if (configs == null)
            return null;

-        // Build new user from credentials
-        User user = new SimpleUser(credentials.getUsername(), configs);
-
        // Return user context restricted to authorized configs
-        return new SimpleUserContext(user, configs);
+        return new SimpleUserContext(configs);

    }

--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleUser.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleUser.java
@@ -37,12 +37,15 @@ package net.sourceforge.guacamole.net.auth.simple;
 *
 * ***** END LICENSE BLOCK ***** */

+import java.util.Collection;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import net.sourceforge.guacamole.GuacamoleException;
 import net.sourceforge.guacamole.GuacamoleSecurityException;
 import net.sourceforge.guacamole.net.auth.AbstractUser;
+import net.sourceforge.guacamole.net.auth.ConnectionGroup;
+import net.sourceforge.guacamole.net.auth.permission.ConnectionGroupPermission;
 import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
 import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
 import net.sourceforge.guacamole.net.auth.permission.Permission;
@@ -72,14 +75,16 @@ public class SimpleUser extends AbstractUser {
     *
     * @param username The username to assign to this SimpleUser.
     * @param configs All configurations this user has read access to.
+     * @param groups All groups this user has read access to.
     */
    public SimpleUser(String username,
-            Map<String, GuacamoleConfiguration> configs) {
+            Map<String, GuacamoleConfiguration> configs,
+            Collection<ConnectionGroup> groups) {

        // Set username
        setUsername(username);

-        // Add permissions
+        // Add connection permissions
        for (String identifier : configs.keySet()) {

            // Create permission
@@ -93,6 +98,20 @@ public class SimpleUser extends AbstractUser {

        }

+        // Add group permissions
+        for (ConnectionGroup group : groups) {
+
+            // Create permission
+            Permission permission = new ConnectionGroupPermission(
+                ObjectPermission.Type.READ,
+                group.getIdentifier()
+            );
+
+            // Add to set
+            permissions.add(permission);
+
+        }
+
    }

    @Override
--- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleUserContext.java
+++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimpleUserContext.java
@@ -75,25 +75,25 @@ public class SimpleUserContext implements UserContext {

    /**
     * Creates a new SimpleUserContext which provides access to only those
-     * configurations within the given Map. The User given must be the user
-     * that owns this UserContext, and the Map given must contain only
-     * GuacamoleConfigurations that the given User has read access to.
-     *
-     * @param self The owner of this UserContext.
+     * configurations within the given Map.
+     * 
     * @param configs A Map of all configurations for which the user associated
     *                with this UserContext has read access.
     */
-    public SimpleUserContext(User self,
-            Map<String, GuacamoleConfiguration> configs) {
+    public SimpleUserContext(Map<String, GuacamoleConfiguration> configs) {

-        this.self = self;
-        this.userDirectory = new SimpleUserDirectory(self);
-        
        // Add root group that contains only configurations
        this.connectionGroup = new SimpleConnectionGroup("ROOT", "ROOT",
                new SimpleConnectionDirectory(configs),
                new SimpleConnectionGroupDirectory(Collections.EMPTY_LIST));

+        // Build new user from credentials, giving the user an arbitrary name
+        this.self = new SimpleUser("user",
+                configs, Collections.singleton(connectionGroup));
+
+        // Create user directory for new user
+        this.userDirectory = new SimpleUserDirectory(self);
+        
    }

    @Override