GUAC-1000 User list should be filtered based on update and delete permission - furthermore admins should always have access to any user.

2025-10-31 17:13:21 +00:00 · 2015-01-20 19:22:09 -08:00
parent e758fac0c0
commit 9489eaa122
6 changed files with 94 additions and 21 deletions
--- a/guacamole/src/main/webapp/app/manage/controllers/manageController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageController.js
@@ -185,8 +185,9 @@ angular.module('manage').controller('manageController', ['$scope', '$injector',
        $scope.rootGroup = rootGroup;
    });

-    // Retrieve all users for whom we have UPDATE permission
-    userService.getUsers(PermissionSet.ObjectPermissionType.UPDATE)
+    // Retrieve all users for whom we have UPDATE or DELETE permission
+    userService.getUsers([PermissionSet.ObjectPermissionType.UPDATE, 
+        PermissionSet.ObjectPermissionType.DELETE])
    .success(function usersReceived(users) {
        $scope.users = users;
    });
--- a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
@@ -34,6 +34,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    // Required services
    var $location              = $injector.get('$location');
    var $routeParams           = $injector.get('$routeParams');
+    var authenticationService  = $injector.get('authenticationService');
    var connectionGroupService = $injector.get('connectionGroupService');
    var userService            = $injector.get('userService');
    var permissionService      = $injector.get('permissionService');
@@ -77,6 +78,21 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     * @type ConnectionGroup
     */
    $scope.rootGroup = null;
+    
+    
+    /**
+     * Whether the authenticated user has UPDATE permission for the user being edited.
+     * 
+     * @type boolean
+     */
+    $scope.hasUpdatePermission = null;
+    
+    /**
+     * Whether the authenticated user has DELETE permission for the user being edited.
+     * 
+     * @type boolean
+     */
+    $scope.hasDeletePermission = null;

    /**
     * Returns whether critical data has completed being loaded.
@@ -87,9 +103,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     */
    $scope.isLoaded = function isLoaded() {

-        return $scope.user            !== null
-            && $scope.permissionFlags !== null
-            && $scope.rootGroup       !== null;
+        return $scope.user                !== null
+            && $scope.permissionFlags     !== null
+            && $scope.rootGroup           !== null
+            && $scope.hasUpdatePermission !== null
+            && $scope.hasDeletePermission !== null;

    };

@@ -108,6 +126,22 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    .success(function connectionGroupReceived(rootGroup) {
        $scope.rootGroup = rootGroup;
    });
+    
+    // Query the user's permissions for the current connection
+    permissionService.getPermissions(authenticationService.getCurrentUserID())
+            .success(function permissionsReceived(permissions) {
+                
+         // Check if the user has UPDATE permission
+         $scope.hasUpdatePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, username);
+            
+         // Check if the user has DELETE permission
+         $scope.hasDeletePermission =
+               PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+            || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, username);
+    
+    });

    /**
     * Available system permission types, as translation string / internal