GUAC-1000 User list should be filtered based on update and delete permission - furthermore admins should always have access to any user.

2025-09-09 22:51:22 +00:00 · 2015-01-20 19:22:09 -08:00
parent e758fac0c0
commit 9489eaa122
6 changed files with 94 additions and 21 deletions
--- a/guacamole/src/main/webapp/app/rest/services/userService.js
+++ b/guacamole/src/main/webapp/app/rest/services/userService.js
@@ -33,16 +33,17 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
     * returning a promise that provides an array of @link{User} objects if
     * successful.
     * 
-     * @param {String} [permissionType]
-     *     The permission type string of the permission that the current user
-     *     must have for a given user to appear within the list. Valid values
-     *     are listed within PermissionSet.ObjectType.
+     * @param {String[]} [permissionTypes]
+     *     The set of permissions to filter with. A user must have one or more
+     *     of these permissions for a user to appear in the result. 
+     *     If null, no filtering will be performed. Valid values are listed
+     *     within PermissionSet.ObjectType.
     *                          
     * @returns {Promise.<User[]>}
     *     A promise which will resolve with an array of @link{User} objects
     *     upon success.
     */
-    service.getUsers = function getUsers(permissionType) {
+    service.getUsers = function getUsers(permissionTypes) {

        // Build HTTP parameters set
        var httpParameters = {
@@ -50,8 +51,8 @@ angular.module('rest').factory('userService', ['$http', 'authenticationService',
        };

        // Add permission filter if specified
-        if (permissionType)
-            httpParameters.permission = permissionType;
+        if (permissionTypes)
+            httpParameters.permission = permissionTypes;

        // Retrieve users
        return $http({