safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Implement permission inheritance within SQL queries.

Browse Source
This commit is contained in:
Michael Jumper
2018-04-04 21:07:49 -07:00
parent 199f518cdb
commit a155397947
13 changed files with 243 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -23,6 +23,23 @@
<mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" >
<!-- Retrieves the ID of the given entity. If inheritance is enabled, the
IDs of the entities for all applicable user groups are retrieved, as well. -->
<sql id="relatedEntities">
<if test="!${inheritFlag}">${entityID}</if>
<if test="${inheritFlag}">
WITH RECURSIVE related_entity(entity_id) AS (
VALUES (${entityID})
UNION
SELECT guacamole_user_group.entity_id
FROM related_entity
JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
)
SELECT entity_id FROM related_entity
</if>
</sql>
<!-- Insert single entity -->
<insert id="insert" useGeneratedKeys="true" keyProperty="entity.entityID"
parameterType="org.apache.guacamole.auth.jdbc.base.EntityModel">

35
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -68,7 +68,12 @@
SELECT connection_id
FROM guacamole_connection_permission
WHERE
entity_id = #{user.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
</select>
@@ -89,7 +94,12 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
</select>
@@ -165,7 +175,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND guacamole_connection_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
GROUP BY guacamole_connection.connection_id;
@@ -177,7 +192,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
SELECT
@@ -191,7 +211,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
</select>

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -166,13 +166,23 @@
<!-- Restrict to readable connections -->
JOIN guacamole_connection_permission ON
guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id
AND guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER}
AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_connection_permission.permission = 'READ'
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->

42
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -69,7 +69,12 @@
SELECT connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id = #{user.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
</select>
@@ -90,7 +95,12 @@
WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
</select>
@@ -161,7 +171,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
SELECT parent_id, guacamole_connection_group.connection_group_id
@@ -172,7 +187,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
SELECT parent_id, guacamole_connection.connection_id
@@ -183,7 +203,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
SELECT
@@ -197,7 +222,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
</select>

26
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionGroupPermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM guacamole_connection_group_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_group_id
FROM guacamole_connection_group_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND connection_group_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

26
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionPermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM guacamole_connection_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionPermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
connection_id
FROM guacamole_connection_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_id
FROM guacamole_connection_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND connection_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

27
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -35,11 +35,18 @@
<select id="select" resultMap="SharingProfilePermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select>
@@ -47,12 +54,17 @@
<select id="selectOne" resultMap="SharingProfilePermissionResultMap">
SELECT
entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +76,12 @@
SELECT DISTINCT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

23
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -33,23 +33,34 @@
<!-- Select all permissions for a given entity -->
<select id="select" resultMap="SystemPermissionResultMap">
SELECT
entity_id,
SELECT DISTINCT
#{entity.entityID} AS entity_id,
permission
FROM guacamole_system_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER}
WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select>
<!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SystemPermissionResultMap">
SELECT
entity_id,
SELECT DISTINCT
#{entity.entityID} AS entity_id,
permission
FROM guacamole_system_permission
WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type
</select>

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -35,14 +35,19 @@
<select id="select" resultMap="UserPermissionResultMap">
SELECT
guacamole_user_permission.entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND affected_entity.type = 'USER'::guacamole_entity_type
</select>
@@ -51,14 +56,19 @@
<select id="selectOne" resultMap="UserPermissionResultMap">
SELECT
guacamole_user_permission.entity_id,
#{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission,
affected_entity.name AS affected_name
FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER'::guacamole_entity_type
@@ -73,7 +83,12 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER}
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND affected_entity.name IN
<foreach collection="identifiers" item="identifier"
open="(" separator="," close=")">

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -52,7 +52,12 @@
SELECT sharing_profile_id
FROM guacamole_sharing_profile_permission
WHERE
entity_id = #{user.entityID,jdbcType=INTEGER}
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
</select>
@@ -99,7 +104,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
SELECT
@@ -113,7 +123,12 @@
open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer
</foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER}
AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
</select>

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -70,7 +70,12 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
WHERE
guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND permission = 'READ'
</select>
@@ -158,7 +163,12 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -176,7 +186,12 @@
#{identifier,jdbcType=VARCHAR}
</foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER}
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ';
</select>

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -156,7 +156,12 @@
<!-- Restrict to readable users -->
JOIN guacamole_user_permission ON
guacamole_user_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER}
AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_user_permission.permission = 'READ'
<!-- Search terms -->