safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Implement permission inheritance within SQL queries.

Browse Source
This commit is contained in:
Michael Jumper
2018-04-04 21:07:49 -07:00
parent 199f518cdb
commit a155397947
13 changed files with 243 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/pom.xml
View File

@@ -109,33 +109,33 @@
<dependency> <dependency>
<groupId>org.mybatis</groupId> <groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId> <artifactId>mybatis</artifactId>
<version>3.2.8</version> <version>3.4.6</version>
</dependency> </dependency>
<!-- MyBatis Guice --> <!-- MyBatis Guice -->
<dependency> <dependency>
<groupId>org.mybatis</groupId> <groupId>org.mybatis</groupId>
<artifactId>mybatis-guice</artifactId> <artifactId>mybatis-guice</artifactId>
<version>3.6</version> <version>3.10</version>
</dependency> </dependency>
<!-- Guice --> <!-- Guice -->
<dependency> <dependency>
<groupId>com.google.inject</groupId> <groupId>com.google.inject</groupId>
<artifactId>guice</artifactId> <artifactId>guice</artifactId>
<version>3.0</version> <version>4.1.0</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.google.inject.extensions</groupId> <groupId>com.google.inject.extensions</groupId>
<artifactId>guice-multibindings</artifactId> <artifactId>guice-multibindings</artifactId>
<version>3.0</version> <version>4.1.0</version>
</dependency> </dependency>
<!-- Guava - Utility Library --> <!-- Guava - Utility Library -->
<dependency> <dependency>
<groupId>com.google.guava</groupId> <groupId>com.google.guava</groupId>
<artifactId>guava</artifactId> <artifactId>guava</artifactId>
<version>18.0</version> <version>19.0</version>
</dependency> </dependency>
</dependencies> </dependencies>

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/base/EntityMapper.xml
View File

@@ -23,6 +23,23 @@
<mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" > <mapper namespace="org.apache.guacamole.auth.jdbc.base.EntityMapper" >
<!-- Retrieves the ID of the given entity. If inheritance is enabled, the
IDs of the entities for all applicable user groups are retrieved, as well. -->
<sql id="relatedEntities">
<if test="!${inheritFlag}">${entityID}</if>
<if test="${inheritFlag}">
WITH RECURSIVE related_entity(entity_id) AS (
VALUES (${entityID})
UNION
SELECT guacamole_user_group.entity_id
FROM related_entity
JOIN guacamole_user_group_member ON related_entity.entity_id = guacamole_user_group_member.member_entity_id
JOIN guacamole_user_group ON guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
)
SELECT entity_id FROM related_entity
</if>
</sql>
<!-- Insert single entity --> <!-- Insert single entity -->
<insert id="insert" useGeneratedKeys="true" keyProperty="entity.entityID" <insert id="insert" useGeneratedKeys="true" keyProperty="entity.entityID"
parameterType="org.apache.guacamole.auth.jdbc.base.EntityModel"> parameterType="org.apache.guacamole.auth.jdbc.base.EntityModel">

35
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionMapper.xml
View File

@@ -68,7 +68,12 @@
SELECT connection_id SELECT connection_id
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
entity_id = #{user.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -89,7 +94,12 @@
WHERE WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if> <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -165,7 +175,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND guacamole_connection_permission.entity_id = #{user.entityID,jdbcType=INTEGER} AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
GROUP BY guacamole_connection.connection_id; GROUP BY guacamole_connection.connection_id;
@@ -177,7 +192,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
SELECT SELECT
@@ -191,7 +211,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
</select> </select>

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -166,13 +166,23 @@
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
JOIN guacamole_connection_permission ON JOIN guacamole_connection_permission ON
guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id guacamole_connection_history.connection_id = guacamole_connection_permission.connection_id
AND guacamole_connection_permission.user_id = #{user.objectID,jdbcType=INTEGER} AND guacamole_connection_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_connection_permission.permission = 'READ' AND guacamole_connection_permission.permission = 'READ'
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
JOIN guacamole_user_permission ON JOIN guacamole_user_permission ON
guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id guacamole_connection_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER} AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_user_permission.permission = 'READ' AND guacamole_user_permission.permission = 'READ'
<!-- Search terms --> <!-- Search terms -->

42
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.xml
View File

@@ -69,7 +69,12 @@
SELECT connection_group_id SELECT connection_group_id
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
entity_id = #{user.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -90,7 +95,12 @@
WHERE WHERE
<if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if> <if test="parentIdentifier != null">parent_id = #{parentIdentifier,jdbcType=INTEGER}::integer</if>
<if test="parentIdentifier == null">parent_id IS NULL</if> <if test="parentIdentifier == null">parent_id IS NULL</if>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -161,7 +171,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
SELECT parent_id, guacamole_connection_group.connection_group_id SELECT parent_id, guacamole_connection_group.connection_group_id
@@ -172,7 +187,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
SELECT parent_id, guacamole_connection.connection_id SELECT parent_id, guacamole_connection.connection_id
@@ -183,7 +203,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
SELECT SELECT
@@ -197,7 +222,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
</select> </select>

26
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml
View File

@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionGroupPermissionResultMap"> <select id="select" resultMap="ConnectionGroupPermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
connection_group_id connection_group_id
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select> </select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionGroupPermissionResultMap"> <select id="selectOne" resultMap="ConnectionGroupPermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
connection_group_id connection_group_id
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer AND connection_group_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_group_id SELECT DISTINCT connection_group_id
FROM guacamole_connection_group_permission FROM guacamole_connection_group_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND connection_group_id IN AND connection_group_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">

26
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml
View File

@@ -35,11 +35,17 @@
<select id="select" resultMap="ConnectionPermissionResultMap"> <select id="select" resultMap="ConnectionPermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
connection_id connection_id
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select> </select>
@@ -47,12 +53,17 @@
<select id="selectOne" resultMap="ConnectionPermissionResultMap"> <select id="selectOne" resultMap="ConnectionPermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
connection_id connection_id
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND connection_id = #{identifier,jdbcType=INTEGER}::integer AND connection_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +75,12 @@
SELECT DISTINCT connection_id SELECT DISTINCT connection_id
FROM guacamole_connection_permission FROM guacamole_connection_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND connection_id IN AND connection_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">

27
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml
View File

@@ -35,11 +35,18 @@
<select id="select" resultMap="SharingProfilePermissionResultMap"> <select id="select" resultMap="SharingProfilePermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
sharing_profile_id sharing_profile_id
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select> </select>
@@ -47,12 +54,17 @@
<select id="selectOne" resultMap="SharingProfilePermissionResultMap"> <select id="selectOne" resultMap="SharingProfilePermissionResultMap">
SELECT SELECT
entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
sharing_profile_id sharing_profile_id
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer AND sharing_profile_id = #{identifier,jdbcType=INTEGER}::integer
@@ -64,7 +76,12 @@
SELECT DISTINCT sharing_profile_id SELECT DISTINCT sharing_profile_id
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND sharing_profile_id IN AND sharing_profile_id IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">

23
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml
View File

@@ -33,23 +33,34 @@
<!-- Select all permissions for a given entity --> <!-- Select all permissions for a given entity -->
<select id="select" resultMap="SystemPermissionResultMap"> <select id="select" resultMap="SystemPermissionResultMap">
SELECT SELECT DISTINCT
entity_id, #{entity.entityID} AS entity_id,
permission permission
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE entity_id = #{entity.entityID,jdbcType=INTEGER} WHERE
entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
</select> </select>
<!-- Select the single permission matching the given criteria --> <!-- Select the single permission matching the given criteria -->
<select id="selectOne" resultMap="SystemPermissionResultMap"> <select id="selectOne" resultMap="SystemPermissionResultMap">
SELECT SELECT DISTINCT
entity_id, #{entity.entityID} AS entity_id,
permission permission
FROM guacamole_system_permission FROM guacamole_system_permission
WHERE WHERE
entity_id = #{entity.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_system_permission_type
</select> </select>

25
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml
View File

@@ -35,14 +35,19 @@
<select id="select" resultMap="UserPermissionResultMap"> <select id="select" resultMap="UserPermissionResultMap">
SELECT SELECT
guacamole_user_permission.entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
affected_entity.name AS affected_name affected_entity.name AS affected_name
FROM guacamole_user_permission FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER} guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND affected_entity.type = 'USER'::guacamole_entity_type AND affected_entity.type = 'USER'::guacamole_entity_type
</select> </select>
@@ -51,14 +56,19 @@
<select id="selectOne" resultMap="UserPermissionResultMap"> <select id="selectOne" resultMap="UserPermissionResultMap">
SELECT SELECT
guacamole_user_permission.entity_id, #{entity.entityID,jdbcType=INTEGER} AS entity_id,
permission, permission,
affected_entity.name AS affected_name affected_entity.name AS affected_name
FROM guacamole_user_permission FROM guacamole_user_permission
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER} guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type AND permission = #{type,jdbcType=VARCHAR}::guacamole_object_permission_type
AND affected_entity.name = #{identifier,jdbcType=VARCHAR} AND affected_entity.name = #{identifier,jdbcType=VARCHAR}
AND affected_entity.type = 'USER'::guacamole_entity_type AND affected_entity.type = 'USER'::guacamole_entity_type
@@ -73,7 +83,12 @@
JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id JOIN guacamole_user affected_user ON guacamole_user_permission.affected_user_id = affected_user.user_id
JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id JOIN guacamole_entity affected_entity ON affected_user.entity_id = affected_entity.entity_id
WHERE WHERE
guacamole_user_permission.entity_id = #{entity.entityID,jdbcType=INTEGER} guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="inherit"/>
<property name="entityID" value="#{entity.entityID,jdbcType=INTEGER}"/>
</include>
)
AND affected_entity.name IN AND affected_entity.name IN
<foreach collection="identifiers" item="identifier" <foreach collection="identifiers" item="identifier"
open="(" separator="," close=")"> open="(" separator="," close=")">

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -52,7 +52,12 @@
SELECT sharing_profile_id SELECT sharing_profile_id
FROM guacamole_sharing_profile_permission FROM guacamole_sharing_profile_permission
WHERE WHERE
entity_id = #{user.entityID,jdbcType=INTEGER} entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -99,7 +104,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
SELECT SELECT
@@ -113,7 +123,12 @@
open="(" separator="," close=")"> open="(" separator="," close=")">
#{identifier,jdbcType=INTEGER}::integer #{identifier,jdbcType=INTEGER}::integer
</foreach> </foreach>
AND entity_id = #{user.entityID,jdbcType=INTEGER} AND entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
</select> </select>

21
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserMapper.xml
View File

@@ -70,7 +70,12 @@
JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id JOIN guacamole_entity ON guacamole_user.entity_id = guacamole_entity.entity_id
JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id JOIN guacamole_user_permission ON affected_user_id = guacamole_user.user_id
WHERE WHERE
guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND permission = 'READ' AND permission = 'READ'
</select> </select>
@@ -158,7 +163,12 @@
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ' AND permission = 'READ'
GROUP BY guacamole_user.user_id, guacamole_entity.entity_id; GROUP BY guacamole_user.user_id, guacamole_entity.entity_id;
@@ -176,7 +186,12 @@
#{identifier,jdbcType=VARCHAR} #{identifier,jdbcType=VARCHAR}
</foreach> </foreach>
AND guacamole_entity.type = 'USER'::guacamole_entity_type AND guacamole_entity.type = 'USER'::guacamole_entity_type
AND guacamole_user_permission.entity_id = #{user.entityID,jdbcType=INTEGER} AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND permission = 'READ'; AND permission = 'READ';
</select> </select>

7
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserRecordMapper.xml
View File

@@ -156,7 +156,12 @@
<!-- Restrict to readable users --> <!-- Restrict to readable users -->
JOIN guacamole_user_permission ON JOIN guacamole_user_permission ON
guacamole_user_history.user_id = guacamole_user_permission.affected_user_id guacamole_user_history.user_id = guacamole_user_permission.affected_user_id
AND guacamole_user_permission.user_id = #{user.objectID,jdbcType=INTEGER} AND guacamole_user_permission.entity_id IN (
<include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.relatedEntities">
<property name="inheritFlag" value="true"/>
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
</include>
)
AND guacamole_user_permission.permission = 'READ' AND guacamole_user_permission.permission = 'READ'
<!-- Search terms --> <!-- Search terms -->