GUAC-1101: Implement querying of user permissions.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java

@@ -55,6 +55,9 @@ import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionSet
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionSet;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionSet;
 import org.glyptodon.guacamole.environment.Environment;
 import org.mybatis.guice.MyBatisModule;
 import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
@@ -103,6 +106,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         addMapperClass(ParameterMapper.class);
         addMapperClass(SystemPermissionMapper.class);
         addMapperClass(UserMapper.class);
+        addMapperClass(UserPermissionMapper.class);
         
         // Bind core implementations of guacamole-ext classes
         bind(Environment.class).toInstance(environment);
@@ -118,6 +122,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(SystemPermissionSet.class);
         bind(UserContext.class);
         bind(UserDirectory.class);
+        bind(UserPermissionSet.class);
         
         // Bind services
         bind(ConnectionGroupPermissionService.class);
@@ -127,6 +132,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
         bind(PasswordEncryptionService.class).to(SHA256PasswordEncryptionService.class);
         bind(SaltService.class).to(SecureRandomSaltService.class);
         bind(SystemPermissionService.class);
+        bind(UserPermissionService.class);
         bind(UserService.class);
         
         // Bind appropriate socket service based on policy

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionMapper.java

@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+/**
+ * Mapper for user permissions.
+ *
+ * @author Michael Jumper
+ */
+public interface UserPermissionMapper extends ObjectPermissionMapper {}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionService.java

@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+import com.google.inject.Provider;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.auth.jdbc.user.ModeledUser;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * deleting user permissions. This service will automatically enforce the
+ * permissions of the current user.
+ *
+ * @author Michael Jumper
+ */
+public class UserPermissionService extends ObjectPermissionService {
+
+    /**
+     * Mapper for user permissions.
+     */
+    @Inject
+    private UserPermissionMapper userPermissionMapper;
+    
+    /**
+     * Provider for user permission sets.
+     */
+    @Inject
+    private Provider<UserPermissionSet> userPermissionSetProvider;
+    
+    @Override
+    protected ObjectPermissionMapper getPermissionMapper() {
+        return userPermissionMapper;
+    }
+
+    @Override
+    public ObjectPermissionSet getPermissionSet(AuthenticatedUser user,
+            ModeledUser targetUser) throws GuacamoleException {
+
+        // Create permission set for requested user
+        ObjectPermissionSet permissionSet = userPermissionSetProvider.get();
+        permissionSet.init(user, targetUser);
+
+        return permissionSet;
+        
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/permission/UserPermissionSet.java

@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2015 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.permission;
+
+import com.google.inject.Inject;
+
+/**
+ * A database implementation of ObjectPermissionSet which uses an injected
+ * service to query and manipulate the user permissions associated with a
+ * particular user.
+ *
+ * @author Michael Jumper
+ */
+public class UserPermissionSet extends ObjectPermissionSet {
+
+    /**
+     * Service for querying and manipulating user permissions.
+     */
+    @Inject
+    private UserPermissionService userPermissionService;
+    
+    @Override
+    protected ObjectPermissionService getObjectPermissionService() {
+        return userPermissionService;
+    }
+ 
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java

@@ -30,11 +30,11 @@ import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionService;
+import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionService;
 import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
-import org.glyptodon.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 
 /**
  * An implementation of the User object which is backed by a database model.
@@ -73,6 +73,12 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
      */
     @Inject
     private ConnectionGroupPermissionService connectionGroupPermissionService;
+    
+    /**
+     * Service for retrieving user permissions.
+     */
+    @Inject
+    private UserPermissionService userPermissionService;
 
     /**
      * The plaintext password previously set by a call to setPassword(), if
@@ -157,8 +163,7 @@ public class ModeledUser extends DirectoryObject<UserModel> implements User {
     @Override
     public ObjectPermissionSet getUserPermissions()
             throws GuacamoleException {
-        // STUB
-        return new SimpleObjectPermissionSet();
+        return userPermissionService.getPermissionSet(getCurrentUser(), this);
     }
 
 }