diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml index d99534c91..ab56499c2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml @@ -109,33 +109,33 @@ org.mybatis mybatis - 3.2.8 + 3.4.6 org.mybatis mybatis-guice - 3.6 + 3.10 com.google.inject guice - 3.0 + 4.1.0 com.google.inject.extensions guice-multibindings - 3.0 + 4.1.0 com.google.guava guava - 18.0 + 19.0 diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml index f05c2875b..dd262d1e9 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml @@ -23,6 +23,23 @@ + + + ${entityID} + + WITH RECURSIVE related_entity(entity_id) AS ( + VALUES (${entityID}) + UNION + SELECT guacamole_user_group.entity_id + FROM related_entity + JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id + JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id + ) + SELECT entity_id FROM related_entity + + + diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml index c238c78e7..94855e168 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml @@ -68,7 +68,12 @@ SELECT connection_id FROM guacamole_connection_permission WHERE - entity_id = #{user.entityID,jdbcType=INTEGER} + entity_id IN ( + + + + + ) AND permission = 'READ' @@ -89,7 +94,12 @@ WHERE parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer parent_id IS NULL - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ' @@ -165,7 +175,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND guacamole_connection_permission.entity_id = #{user.entityID,jdbcType=INTEGER} + AND guacamole_connection_permission.entity_id IN ( + + + + + ) AND permission = 'READ' GROUP BY guacamole_connection.connection_id; @@ -177,7 +192,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; SELECT @@ -191,7 +211,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml index b4407bd08..b04c9ca6f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml @@ -166,13 +166,23 @@ JOIN guacamole_connection_permission ON guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id - AND guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER} + AND guacamole_connection_permission.entity_id IN ( + + + + + ) AND guacamole_connection_permission.permission = 'READ' JOIN guacamole_user_permission ON guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id - AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER} + AND guacamole_user_permission.entity_id IN ( + + + + + ) AND guacamole_user_permission.permission = 'READ' diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml index 7e0b1883e..ffca72d25 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml @@ -69,7 +69,12 @@ SELECT connection_group_id FROM guacamole_connection_group_permission WHERE - entity_id = #{user.entityID,jdbcType=INTEGER} + entity_id IN ( + + + + + ) AND permission = 'READ' @@ -90,7 +95,12 @@ WHERE parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer parent_id IS NULL - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ' @@ -161,7 +171,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; SELECT parent_id, guacamole_connection_group.connection_group_id @@ -172,7 +187,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; SELECT parent_id, guacamole_connection.connection_id @@ -183,7 +203,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; SELECT @@ -197,7 +222,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index c8ec936fc..a21b7d5b7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -35,11 +35,17 @@ @@ -47,12 +53,17 @@ SELECT - entity_id, + #{entity.entityID,jdbcType=INTEGER} AS entity_id, permission, connection_id FROM guacamole_connection_permission - WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} + WHERE + entity_id IN ( + + + + + ) @@ -47,12 +53,17 @@ SELECT - entity_id, + #{entity.entityID,jdbcType=INTEGER} AS entity_id, permission, sharing_profile_id FROM guacamole_sharing_profile_permission - WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} + WHERE + entity_id IN ( + + + + + ) + @@ -47,12 +54,17 @@ - SELECT - entity_id, + SELECT DISTINCT + #{entity.entityID} AS entity_id, permission FROM guacamole_system_permission - WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} + WHERE + entity_id IN ( + + + + + ) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index d6680ea98..e5a844afb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -35,14 +35,19 @@ @@ -51,14 +56,19 @@ @@ -99,7 +104,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; SELECT @@ -113,7 +123,12 @@ open="(" separator="," close=")"> #{identifier,jdbcType=INTEGER}::integer - AND entity_id = #{user.entityID,jdbcType=INTEGER} + AND entity_id IN ( + + + + + ) AND permission = 'READ'; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml index 796962d69..654351fe5 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml @@ -70,7 +70,12 @@ JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id WHERE - guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} + guacamole_user_permission.entity_id IN ( + + + + + ) AND guacamole_entity.type = 'USER'::guacamole_entity_type AND permission = 'READ' @@ -158,7 +163,12 @@ #{identifier,jdbcType=VARCHAR} AND guacamole_entity.type = 'USER'::guacamole_entity_type - AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} + AND guacamole_user_permission.entity_id IN ( + + + + + ) AND permission = 'READ' GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; @@ -176,7 +186,12 @@ #{identifier,jdbcType=VARCHAR} AND guacamole_entity.type = 'USER'::guacamole_entity_type - AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} + AND guacamole_user_permission.entity_id IN ( + + + + + ) AND permission = 'READ'; diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml index 20cb2a809..862e2d719 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml @@ -156,7 +156,12 @@ JOIN guacamole_user_permission ON guacamole_user_history.user_id = guacamole_user_permission.affected_user_id - AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER} + AND guacamole_user_permission.entity_id IN ( + + + + + ) AND guacamole_user_permission.permission = 'READ'