GUAC-1000 User list should be filtered based on update and delete permission - furthermore admins should always have access to any user.

2025-09-09 06:31:22 +00:00 · 2015-01-20 19:22:09 -08:00
parent e758fac0c0
commit 9489eaa122
6 changed files with 94 additions and 21 deletions
--- a/guacamole/src/main/webapp/app/manage/controllers/manageController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageController.js
@@ -185,8 +185,9 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
        $scope.rootGroup = rootGroup;
    });

-    // Retrieve all users for whom we have UPDATE permission
-    userService.getUsers(PermissionSet.ObjectPermissionType.UPDATE)
+    // Retrieve all users for whom we have UPDATE or DELETE permission
+    userService.getUsers([PermissionSet.ObjectPermissionType.UPDATE, 
+        PermissionSet.ObjectPermissionType.DELETE])
    .success(function usersReceived(users) {
        $scope.users = users;
    });
--- a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
@@ -34,6 +34,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    // Required services
    var $location              = $injector.get('$location');
    var $routeParams           = $injector.get('$routeParams');
+    var authenticationService  = $injector.get('authenticationService');
    var connectionGroupService = $injector.get('connectionGroupService');
    var userService            = $injector.get('userService');
    var permissionService      = $injector.get('permissionService');
@@ -77,6 +78,21 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     * @type ConnectionGroup
     */
    $scope.rootGroup = null;
+    
+    
+    /**
+     * Whether the authenticated user has UPDATE permission for the user being edited.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the authenticated user has DELETE permission for the user being edited.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;

    /**
     * Returns whether critical data has completed being loaded.
@@ -87,9 +103,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     */
    $scope.isLoaded = function isLoaded() {

-        return $scope.user            !== null
-            && $scope.permissionFlags !== null
-            && $scope.rootGroup       !== null;
+        return $scope.user                !== null
+            && $scope.permissionFlags     !== null
+            && $scope.rootGroup           !== null
+            && $scope.hasUpdatePermission !== null
+            && $scope.hasDeletePermission !== null;

    };

@@ -108,6 +126,22 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
+    
+    // Query the user's permissions for the current connection
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, username);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, username);
+    
+    });

    /**
     * Available system permission types, as translation string / internal
--- a/guacamole/src/main/webapp/app/manage/templates/manageUser.html
+++ b/guacamole/src/main/webapp/app/manage/templates/manageUser.html
@@ -73,9 +73,9 @@ THE SOFTWARE.

    <!-- Form action buttons -->
    <div class="action-buttons">
-        <button ng-click="saveUser()">{{'MANAGE_USER.ACTION_SAVE' | translate}}</button>
+        <button ng-show="hasUpdatePermission" ng-click="saveUser()">{{'MANAGE_USER.ACTION_SAVE' | translate}}</button>
        <button ng-click="cancel()">{{'MANAGE_USER.ACTION_CANCEL' | translate}}</button>
-        <button ng-click="deleteUser()" class="danger">{{'MANAGE_USER.ACTION_DELETE' | translate}}</button>
+        <button ng-show="hasDeletePermission" ng-click="deleteUser()" class="danger">{{'MANAGE_USER.ACTION_DELETE' | translate}}</button>
    </div>

 </div>
--- a/guacamole/src/main/webapp/app/rest/services/connectionGroupService.js
+++ b/guacamole/src/main/webapp/app/rest/services/connectionGroupService.js
@@ -39,7 +39,7 @@ angular.module('rest').factory('connectionGroupService', ['$http', 'authenticati
     *     The ID of the connection group to retrieve. If not provided, the
     *     root connection group will be retrieved by default.
     *     
-     * @param {String[]} [permissionType]
+     * @param {String[]} [permissionTypes]
     *     The set of permissions to filter with. A user must have one or more
     *     of these permissions for a connection to appear in the result. 
     *     If null, no filtering will be performed. Valid values are listed
--- a/guacamole/src/main/webapp/app/rest/services/userService.js
+++ b/guacamole/src/main/webapp/app/rest/services/userService.js
@@ -33,16 +33,17 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
     * returning a promise that provides an array of @link{User} objects if
     * successful.
     * 
-     * @param {String} [permissionType]
-     *     The permission type string of the permission that the current user
-     *     must have for a given user to appear within the list. Valid values
-     *     are listed within PermissionSet.ObjectType.
+     * @param {String[]} [permissionTypes]
+     *     The set of permissions to filter with. A user must have one or more
+     *     of these permissions for a user to appear in the result. 
+     *     If null, no filtering will be performed. Valid values are listed
+     *     within PermissionSet.ObjectType.
     *                          
     * @returns {Promise.<User[]>}
     *     A promise which will resolve with an array of @link{User} objects
     *     upon success.
     */
-    service.getUsers = function getUsers(permissionType) {
+    service.getUsers = function getUsers(permissionTypes) {

        // Build HTTP parameters set
        var httpParameters = {
@@ -50,8 +51,8 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
        };

        // Add permission filter if specified
-        if (permissionType)
-            httpParameters.permission = permissionType;
+        if (permissionTypes)
+            httpParameters.permission = permissionTypes;

        // Retrieve users
        return $http({