safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ticket #263: Fixed permissions to use identifiers instead of names.

Browse Source
This commit is contained in:
James Muehlner
2013-08-07 22:43:08 -07:00
parent 52490ca8ab
commit a631180699
6 changed files with 71 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java
View File

@@ -331,6 +331,12 @@ public class ConnectionDirectory implements Directory<String, Connection>{
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name.
MySQLConnection previousConnection =
connectionService.retrieveConnection(mySQLConnection.getName(), user_id, parentID);
if(previousConnection != null)
throw new GuacamoleClientException("That connection name is already in use.");
// Update the connection
mySQLConnection.setParentID(toConnectionGroupID);
connectionService.updateConnection(mySQLConnection);

8
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionGroupDirectory.java
View File

@@ -275,11 +275,15 @@ public class ConnectionGroupDirectory implements Directory<String, ConnectionGro
permissionCheckService.verifyConnectionGroupAccess(this.user_id,
toConnectionGroupID, MySQLConstants.CONNECTION_GROUP_UPDATE);
// Verify that no connection already exists with this name.
MySQLConnectionGroup previousConnectionGroup =
connectionGroupService.retrieveConnectionGroup(mySQLConnectionGroup.getName(), user_id, parentID);
if(previousConnectionGroup != null)
throw new GuacamoleClientException("That connection group name is already in use.");
// Update the connection
mySQLConnectionGroup.setParentID(toConnectionGroupID);
connectionGroupService.updateConnectionGroup(mySQLConnectionGroup);
}
}

53
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java
View File

@@ -38,6 +38,7 @@ package net.sourceforge.guacamole.net.auth.mysql;
* ***** END LICENSE BLOCK ***** */
import com.google.common.base.Preconditions;
import com.google.common.collect.Sets;
import com.google.inject.Inject;
import java.util.ArrayList;
import java.util.Collection;
@@ -419,24 +420,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return;
// Get list of administerable connection IDs
List<Integer> administerableConnectionIDs =
Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id,
MySQLConstants.CONNECTION_ADMINISTER);
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
MySQLConstants.CONNECTION_ADMINISTER));
// Insert all given permissions
for (ConnectionPermission permission : permissions) {
// Get original ID
Integer connection_id =
administerableConnections.get(permission.getObjectIdentifier());
Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
// Throw exception if permission to administer this connection
// is not granted
if (connection_id == null)
if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException(
"User #" + this.user_id
+ " does not have permission to administrate connection "
@@ -472,24 +468,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return;
// Get list of administerable connection group IDs
List<Integer> administerableConnectionGroupIDs =
Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
MySQLConstants.CONNECTION_GROUP_ADMINISTER);
// Get set of names corresponding to administerable connection groups
Map<String, Integer> administerableConnectionGroups =
connectionGroupService.translateNames(administerableConnectionGroupIDs);
MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Insert all given permissions
for (ConnectionGroupPermission permission : permissions) {
// Get original ID
Integer connection_group_id =
administerableConnectionGroups.get(permission.getObjectIdentifier());
Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
// Throw exception if permission to administer this connection group
// is not granted
if (connection_group_id == null)
if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException(
"User #" + this.user_id
+ " does not have permission to administrate connection group"
@@ -524,24 +515,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return;
// Get list of administerable connection IDs
List<Integer> administerableConnectionIDs =
Set<Integer> administerableConnectionIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionIDs(this.user_id,
MySQLConstants.CONNECTION_ADMINISTER);
// Get set of names corresponding to administerable connections
Map<String, Integer> administerableConnections =
connectionService.translateNames(administerableConnectionIDs);
MySQLConstants.CONNECTION_ADMINISTER));
// Delete requested permissions
for (ConnectionPermission permission : permissions) {
// Get original ID
Integer connection_id =
administerableConnections.get(permission.getObjectIdentifier());
Integer connection_id = Integer.valueOf(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate
// every one of these connections
if (connection_id == null)
if (!administerableConnectionIDs.contains(connection_id))
throw new GuacamoleSecurityException(
"User #" + this.user_id
+ " does not have permission to administrate connection "
@@ -576,24 +562,19 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
return;
// Get list of administerable connection group IDs
List<Integer> administerableConnectionGroupIDs =
Set<Integer> administerableConnectionGroupIDs = Sets.<Integer>newHashSet(
permissionCheckService.retrieveConnectionGroupIDs(this.user_id,
MySQLConstants.CONNECTION_GROUP_ADMINISTER);
// Get set of names corresponding to administerable connection groups
Map<String, Integer> administerableConnectionGroups =
connectionGroupService.translateNames(administerableConnectionGroupIDs);
MySQLConstants.CONNECTION_GROUP_ADMINISTER));
// Delete requested permissions
for (ConnectionGroupPermission permission : permissions) {
// Get original ID
Integer connection_group_id =
administerableConnectionGroups.get(permission.getObjectIdentifier());
Integer connection_group_id = Integer.valueOf(permission.getObjectIdentifier());
// Verify that the user actually has permission to administrate
// every one of these connection groups
if (connection_group_id == null)
if (!administerableConnectionGroupIDs.contains(connection_group_id))
throw new GuacamoleSecurityException(
"User #" + this.user_id
+ " does not have permission to administrate connection group"

111
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionGroupService.java
View File

@@ -162,87 +162,6 @@ public class ConnectionGroupService {
throw new UnsupportedOperationException("Not yet implemented");
}
/**
* Retrieves a map of all connection group names for the given IDs.
*
* @param ids The IDs of the connection groups to retrieve the names of.
* @return A map containing the names of all connection groups and their
* corresponding IDs.
*/
public Map<Integer, String> retrieveNames(Collection<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<Integer, String> names = new HashMap<Integer, String>();
// Get all connection groups having the given IDs
ConnectionGroupExample example = new ConnectionGroupExample();
example.createCriteria().andConnection_group_idIn(Lists.newArrayList(ids));
List<ConnectionGroup> connectionGroups = connectionGroupDAO.selectByExample(example);
// Produce set of names
for (ConnectionGroup connectionGroup : connectionGroups)
names.put(connectionGroup.getConnection_group_id(),
connectionGroup.getConnection_group_name());
return names;
}
/**
* Get the names of all the connection groups defined in the system.
*
* @return A Set of names of all the connection groups defined in the system.
*/
public Set<String> getAllConnectionGroupNames() {
// Set of all present connection group names
Set<String> names = new HashSet<String>();
// Query all connection group names
List<ConnectionGroup> connectionGroups =
connectionGroupDAO.selectByExample(new ConnectionGroupExample());
for (ConnectionGroup connectionGroup : connectionGroups)
names.add(connectionGroup.getConnection_group_name());
return names;
}
/**
* Retrieves a translation map of connection group names to their
* corresponding IDs.
*
* @param ids The IDs of the connection groups to retrieve the names of.
* @return A map containing the names of all connection groups and their
* corresponding IDs.
*/
public Map<String, Integer> translateNames(List<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<String, Integer> names = new HashMap<String, Integer>();
// Get all connections having the given IDs
ConnectionGroupExample example = new ConnectionGroupExample();
example.createCriteria().andConnection_group_idIn(ids);
List<ConnectionGroup> connectionGroups = connectionGroupDAO.selectByExample(example);
// Produce set of names
for (ConnectionGroup connectionGroup : connectionGroups)
names.put(connectionGroup.getConnection_group_name(),
connectionGroup.getConnection_group_id());
return names;
}
/**
* Returns a list of the IDs of all connection groups with a given parent ID.
* @param parentID The ID of the parent for all the queried connection groups.
@@ -272,6 +191,36 @@ public class ConnectionGroupService {
return connectionGroupIDs;
}
/**
* Get the identifiers of all the connection groups defined in the system
* with a certain parentID.
*
* @return A Set of identifiers of all the connection groups defined
* in the system with the given parentID.
*/
public Set<String> getAllConnectionGroupIdentifiers(Integer parentID) {
// Set of all present connection identifiers
Set<String> identifiers = new HashSet<String>();
// Set up Criteria
ConnectionGroupExample example = new ConnectionGroupExample();
Criteria criteria = example.createCriteria();
if(parentID != null)
criteria.andParent_idEqualTo(parentID);
else
criteria.andParent_idIsNull();
// Query connection identifiers
List<ConnectionGroup> connectionGroups =
connectionGroupDAO.selectByExample(example);
for (ConnectionGroup connectionGroup : connectionGroups)
identifiers.add(String.valueOf(connectionGroup.getConnection_group_id()));
return identifiers;
}
/**
* Convert the given database-retrieved Connection into a MySQLConnection.
* The parameters of the given connection will be read and added to the

77
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java
View File

@@ -202,67 +202,6 @@ public class ConnectionService {
return toMySQLConnection(connection, userID);
}
/**
* Retrieves a translation map of connection names to their corresponding
* IDs.
*
* @param ids The IDs of the connections to retrieve the names of.
* @return A map containing the names of all connections and their
* corresponding IDs.
*/
public Map<String, Integer> translateNames(List<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<String, Integer> names = new HashMap<String, Integer>();
// Get all connections having the given IDs
ConnectionExample example = new ConnectionExample();
example.createCriteria().andConnection_idIn(ids);
List<Connection> connections = connectionDAO.selectByExample(example);
// Produce set of names
for (Connection connection : connections)
names.put(connection.getConnection_name(),
connection.getConnection_id());
return names;
}
/**
* Retrieves a map of all connection names for the given IDs.
*
* @param ids The IDs of the connections to retrieve the names of.
* @return A map containing the names of all connections and their
* corresponding IDs.
*/
public Map<Integer, String> retrieveNames(Collection<Integer> ids) {
// If no IDs given, just return empty map
if (ids.isEmpty())
return Collections.EMPTY_MAP;
// Map of all names onto their corresponding IDs.
Map<Integer, String> names = new HashMap<Integer, String>();
// Get all connections having the given IDs
ConnectionExample example = new ConnectionExample();
example.createCriteria().andConnection_idIn(Lists.newArrayList(ids));
List<Connection> connections = connectionDAO.selectByExample(example);
// Produce set of names
for (Connection connection : connections)
names.put(connection.getConnection_id(),
connection.getConnection_name());
return names;
}
/**
* Returns a list of the IDs of all connections with a given parent ID.
* @param parentID The ID of the parent for all the queried connections.
@@ -483,16 +422,16 @@ public class ConnectionService {
}
/**
* Get the names of all the connections defined in the system
* Get the identifiers of all the connections defined in the system
* with a certain parentID.
*
* @return A Set of names of all the connections defined in the system
* @return A Set of identifiers of all the connections defined in the system
* with the given parentID.
*/
public Set<String> getAllConnectionNames(Integer parentID) {
public Set<String> getAllConnectionIdentifiers(Integer parentID) {
// Set of all present connection names
Set<String> names = new HashSet<String>();
// Set of all present connection identifiers
Set<String> identifiers = new HashSet<String>();
// Set up Criteria
ConnectionExample example = new ConnectionExample();
@@ -502,13 +441,13 @@ public class ConnectionService {
else
criteria.andParent_idIsNull();
// Query connection names
// Query connection identifiers
List<Connection> connections =
connectionDAO.selectByExample(example);
for (Connection connection : connections)
names.add(connection.getConnection_name());
identifiers.add(String.valueOf(connection.getConnection_id()));
return names;
return identifiers;
}

26
extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
View File

@@ -577,7 +577,7 @@ public class PermissionCheckService {
// A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID))
return connectionService.getAllConnectionNames(parentID);
return connectionService.getAllConnectionIdentifiers(parentID);
// List of all connection IDs for which this user has access
List<Integer> connectionIDs =
@@ -607,7 +607,7 @@ public class PermissionCheckService {
// A system administrator has access to all connections.
if(checkSystemAdministratorAccess(userID))
return connectionService.getAllConnectionNames(parentID);
return connectionGroupService.getAllConnectionGroupIdentifiers(parentID);
// List of all connection group IDs for which this user has access
List<Integer> connectionGroupIDs =
@@ -686,22 +686,13 @@ public class PermissionCheckService {
List<ConnectionPermissionKey> connectionPermissions =
connectionPermissionDAO.selectByExample(connectionPermissionExample);
// Get list of affected connection IDs
List<Integer> connectionIDs = new ArrayList<Integer>();
for(ConnectionPermissionKey connectionPermission : connectionPermissions)
connectionIDs.add(connectionPermission.getConnection_id());
// Get corresponding names
Map<Integer, String> affectedConnections =
connectionService.retrieveNames(connectionIDs);
// Add connection permissions
for(ConnectionPermissionKey connectionPermission : connectionPermissions) {
// Construct permission from data
ConnectionPermission permission = new ConnectionPermission(
ConnectionPermission.Type.valueOf(connectionPermission.getPermission()),
affectedConnections.get(connectionPermission.getConnection_id())
String.valueOf(connectionPermission.getConnection_id())
);
// Add to set
@@ -732,22 +723,13 @@ public class PermissionCheckService {
List<ConnectionGroupPermissionKey> connectionGroupPermissions =
connectionGroupPermissionDAO.selectByExample(connectionGroupPermissionExample);
// Get list of affected connection IDs
List<Integer> connectionGroupIDs = new ArrayList<Integer>();
for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions)
connectionGroupIDs.add(connectionGroupPermission.getConnection_group_id());
// Get corresponding names
Map<Integer, String> affectedConnectionGroups =
connectionGroupService.retrieveNames(connectionGroupIDs);
// Add connection permissions
for(ConnectionGroupPermissionKey connectionGroupPermission : connectionGroupPermissions) {
// Construct permission from data
ConnectionGroupPermission permission = new ConnectionGroupPermission(
ConnectionGroupPermission.Type.valueOf(connectionGroupPermission.getPermission()),
affectedConnectionGroups.get(connectionGroupPermission.getConnection_group_id())
String.valueOf(connectionGroupPermission.getConnection_group_id())
);
// Add to set