GUAC-1193: Add searchReadable() query, limited by available permissions.

2025-09-06 21:27:40 +00:00 · 2015-10-08 16:32:55 -07:00
parent b02fdb673a
commit 9b99fd7323
3 changed files with 197 additions and 11 deletions
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionRecordMapper.java
@@ -22,9 +22,10 @@

 package org.glyptodon.guacamole.auth.jdbc.connection;

+import java.util.Collection;
 import java.util.List;
-import java.util.Set;
 import org.apache.ibatis.annotations.Param;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;

 /**
 * Mapper for connection record objects.
@@ -59,24 +60,57 @@ public interface ConnectionRecordMapper {
    int insert(@Param("record") ConnectionRecordModel record);

    /**
-     * Searches for up to <code>limit</code> connection records that contain 
-     * the given terms, sorted by the given predicates.
-     * 
+     * Searches for up to <code>limit</code> connection records that contain
+     * the given terms, sorted by the given predicates, regardless of whether
+     * the data they are associated with is is readable by any particular user.
+     * This should only be called on behalf of a system administrator. If
+     * records are needed by a non-administrative user who must have explicit
+     * read rights, use searchReadable() instead.
+     *
     * @param terms
     *     The search terms that must match the returned records.
-     * 
+     *
     * @param sortPredicates
     *     A list of predicates to sort the returned records by, in order of
     *     priority.
     *
-     * @param limit 
+     * @param limit
     *     The maximum number of records that should be returned.
-     * 
+     *
     * @return
-     *     The results of the search performed with the given parameters. 
+     *     The results of the search performed with the given parameters.
     */
-    List<ConnectionRecordModel> search(@Param("terms") Set<ConnectionRecordSearchTerm> terms,
+    List<ConnectionRecordModel> search(@Param("terms") Collection<ConnectionRecordSearchTerm> terms,
            @Param("sortPredicates") List<ConnectionRecordSortPredicate> sortPredicates,
            @Param("limit") int limit);
-    
+
+    /**
+     * Searches for up to <code>limit</code> connection records that contain
+     * the given terms, sorted by the given predicates. Only records that are
+     * associated with data explicitly readable by the given user will be
+     * returned. If records are needed by a system administrator (who, by
+     * definition, does not need explicit read rights), use search() instead.
+     *
+     * @param user
+     *    The user whose permissions should determine whether a record is
+     *    returned.
+     *
+     * @param terms
+     *     The search terms that must match the returned records.
+     *
+     * @param sortPredicates
+     *     A list of predicates to sort the returned records by, in order of
+     *     priority.
+     *
+     * @param limit
+     *     The maximum number of records that should be returned.
+     *
+     * @return
+     *     The results of the search performed with the given parameters.
+     */
+    List<ConnectionRecordModel> searchReadable(@Param("user") UserModel user,
+            @Param("terms") Collection<ConnectionRecordSearchTerm> terms,
+            @Param("sortPredicates") List<ConnectionRecordSortPredicate> sortPredicates,
+            @Param("limit") int limit);
+
 }