GUACAMOLE-76: Query child object identifiers directly.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionModel.java

@@ -19,6 +19,8 @@
 
 package org.apache.guacamole.auth.jdbc.connection;
 
+import java.util.HashSet;
+import java.util.Set;
 import org.apache.guacamole.auth.jdbc.base.GroupedObjectModel;
 
 /**
@@ -53,6 +55,12 @@ public class ConnectionModel extends GroupedObjectModel {
      */
     private Integer maxConnectionsPerUser;
 
+    /**
+     * The identifiers of all readable sharing profiles associated with this
+     * connection.
+     */
+    private Set<String> sharingProfileIdentifiers = new HashSet<String>();
+
     /**
      * Creates a new, empty connection.
      */
@@ -152,6 +160,32 @@ public class ConnectionModel extends GroupedObjectModel {
         this.maxConnectionsPerUser = maxConnectionsPerUser;
     }
 
+    /**
+     * Returns the identifiers of all readable sharing profiles associated with
+     * this connection. This is set only when the connection is queried, and has
+     * no effect when a connection is inserted, updated, or deleted.
+     *
+     * @return
+     *     The identifiers of all readable sharing profiles associated with
+     *     this connection.
+     */
+    public Set<String> getSharingProfileIdentifiers() {
+        return sharingProfileIdentifiers;
+    }
+
+    /**
+     * Sets the identifiers of all readable sharing profiles associated with
+     * this connection. This should be set only when the connection is queried,
+     * as it has no effect when a connection is inserted, updated, or deleted.
+     *
+     * @param sharingProfileIdentifiers
+     *     The identifiers of all readable sharing profiles associated with
+     *     this connection.
+     */
+    public void setSharingProfileIdentifiers(Set<String> sharingProfileIdentifiers) {
+        this.sharingProfileIdentifiers = sharingProfileIdentifiers;
+    }
+
     @Override
     public String getIdentifier() {
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ModeledConnection.java

@@ -32,7 +32,6 @@ import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
-import org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileService;
 import org.apache.guacamole.form.Field;
 import org.apache.guacamole.form.Form;
 import org.apache.guacamole.form.NumericField;
@@ -100,12 +99,6 @@ public class ModeledConnection extends ModeledGroupedDirectoryObject<ConnectionM
     @Inject
     private ConnectionService connectionService;
 
-    /**
-     * Service for managing sharing profiles.
-     */
-    @Inject
-    private SharingProfileService sharingProfileService;
-
     /**
      * Service for creating and tracking tunnels.
      */
@@ -167,7 +160,7 @@ public class ModeledConnection extends ModeledGroupedDirectoryObject<ConnectionM
     @Override
     public Set<String> getSharingProfileIdentifiers()
             throws GuacamoleException {
-        return sharingProfileService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
+        return getModel().getSharingProfileIdentifiers();
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupModel.java

@@ -19,6 +19,8 @@
 
 package org.apache.guacamole.auth.jdbc.connectiongroup;
 
+import java.util.HashSet;
+import java.util.Set;
 import org.apache.guacamole.auth.jdbc.base.GroupedObjectModel;
 import org.apache.guacamole.net.auth.ConnectionGroup;
 
@@ -60,6 +62,18 @@ public class ConnectionGroupModel extends GroupedObjectModel {
      */
     private boolean sessionAffinityEnabled;
 
+    /**
+     * The identifiers of all readable child connections within this connection
+     * group.
+     */
+    private Set<String> connectionIdentifiers = new HashSet<String>();
+
+    /**
+     * The identifiers of all readable child connection groups within this
+     * connection group.
+     */
+    private Set<String> connectionGroupIdentifiers = new HashSet<String>();
+
     /**
      * Creates a new, empty connection group.
      */
@@ -186,6 +200,62 @@ public class ConnectionGroupModel extends GroupedObjectModel {
         this.sessionAffinityEnabled = sessionAffinityEnabled;
     }
 
+    /**
+     * Returns the identifiers of all readable child connections within this
+     * connection group. This is set only when the parent connection group is
+     * queried, and has no effect when a connection group is inserted, updated,
+     * or deleted.
+     *
+     * @return
+     *     The identifiers of all readable child connections within this
+     *     connection group.
+     */
+    public Set<String> getConnectionIdentifiers() {
+        return connectionIdentifiers;
+    }
+
+    /**
+     * Sets the identifiers of all readable child connections within this
+     * connection group. This should be set only when the parent connection
+     * group is queried, as it has no effect when a connection group is
+     * inserted, updated, or deleted.
+     *
+     * @param connectionIdentifiers
+     *     The identifiers of all readable child connections within this
+     *     connection group.
+     */
+    public void setConnectionIdentifiers(Set<String> connectionIdentifiers) {
+        this.connectionIdentifiers = connectionIdentifiers;
+    }
+
+    /**
+     * Returns the identifiers of all readable child connection groups within
+     * this connection group. This is set only when the parent connection group
+     * is queried, and has no effect when a connection group is inserted,
+     * updated, or deleted.
+     *
+     * @return
+     *     The identifiers of all readable child connection groups within this
+     *     connection group.
+     */
+    public Set<String> getConnectionGroupIdentifiers() {
+        return connectionGroupIdentifiers;
+    }
+
+    /**
+     * Sets the identifiers of all readable child connection groups within this
+     * connection group. This should be set only when the parent connection
+     * group is queried, as it has no effect when a connection group is
+     * inserted, updated, or deleted.
+     *
+     * @param connectionGroupIdentifiers
+     *     The identifiers of all readable child connection groups within this
+     *     connection group.
+     */
+    public void setConnectionGroupIdentifiers(Set<String> connectionGroupIdentifiers) {
+        this.connectionGroupIdentifiers = connectionGroupIdentifiers;
+    }
+
     @Override
     public String getIdentifier() {
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java

@@ -29,7 +29,6 @@ import java.util.Set;
 import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.auth.jdbc.JDBCEnvironment;
 import org.apache.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
-import org.apache.guacamole.auth.jdbc.connection.ConnectionService;
 import org.apache.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.apache.guacamole.form.BooleanField;
 import org.apache.guacamole.form.Field;
@@ -99,12 +98,6 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
     @Inject
     private JDBCEnvironment environment;
 
-    /**
-     * Service for managing connections.
-     */
-    @Inject
-    private ConnectionService connectionService;
-
     /**
      * Service for managing connection groups.
      */
@@ -157,13 +150,13 @@ public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<Connec
     @Override
     public Set<String> getConnectionIdentifiers()
             throws GuacamoleException {
-        return connectionService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
+        return getModel().getConnectionIdentifiers();
     }
 
     @Override
     public Set<String> getConnectionGroupIdentifiers()
             throws GuacamoleException {
-        return connectionGroupService.getIdentifiersWithin(getCurrentUser(), getIdentifier());
+        return getModel().getConnectionGroupIdentifiers();
     }
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java

@@ -19,9 +19,7 @@
 
 package org.apache.guacamole.auth.jdbc.sharingprofile;
 
-import java.util.Set;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
-import org.apache.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
@@ -32,43 +30,6 @@ import org.apache.ibatis.annotations.Param;
 public interface SharingProfileMapper
         extends ModeledDirectoryObjectMapper<SharingProfileModel> {
 
-    /**
-     * Selects the identifiers of all sharing profiles associated with the given
-     * primary connection, regardless of whether they are readable by any
-     * particular user. This should only be called on behalf of a system
-     * administrator. If identifiers are needed by a non-administrative user who
-     * must have explicit read rights, use selectReadableIdentifiersWithin()
-     * instead.
-     *
-     * @param primaryConnectionIdentifier
-     *     The identifier of the primary connection.
-     *
-     * @return
-     *     A Set containing all identifiers of all objects.
-     */
-    Set<String> selectIdentifiersWithin(
-            @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier);
-    
-    /**
-     * Selects the identifiers of all sharing profiles associated with the given
-     * primary connection that are explicitly readable by the given user. If
-     * identifiers are needed by a system administrator (who, by definition,
-     * does not need explicit read rights), use selectIdentifiersWithin()
-     * instead.
-     *
-     * @param user
-     *    The user whose permissions should determine whether an identifier
-     *    is returned.
-     *
-     * @param primaryConnectionIdentifier
-     *     The identifier of the primary connection.
-     *
-     * @return
-     *     A Set containing all identifiers of all readable objects.
-     */
-    Set<String> selectReadableIdentifiersWithin(@Param("user") UserModel user,
-            @Param("primaryConnectionIdentifier") String primaryConnectionIdentifier);
-
     /**
      * Selects the sharing profile associated with the given primary connection
      * and having the given name. If no such sharing profile exists, null is

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java

@@ -25,7 +25,6 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Set;
 import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
 import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.guacamole.GuacamoleClientException;
@@ -244,43 +243,6 @@ public class SharingProfileService
         
     }
 
-    /**
-     * Returns the set of all identifiers for all sharing profiles associated
-     * with the given primary connection. Only sharing profiles that the user
-     * has read access to will be returned.
-     *
-     * Permission to read the primary connection having the given identifier is
-     * NOT checked.
-     *
-     * @param user
-     *     The user retrieving the identifiers.
-     * 
-     * @param identifier
-     *     The identifier of the primary connection.
-     *
-     * @return
-     *     The set of all identifiers for all sharing profiles associated with
-     *     the primary connection having the given identifier that the user has
-     *     read access to.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while reading identifiers.
-     */
-    public Set<String> getIdentifiersWithin(ModeledAuthenticatedUser user,
-            String identifier)
-            throws GuacamoleException {
-
-        // Bypass permission checks if the user is a system admin
-        if (user.getUser().isAdministrator())
-            return sharingProfileMapper.selectIdentifiersWithin(identifier);
-
-        // Otherwise only return explicitly readable identifiers
-        else
-            return sharingProfileMapper.selectReadableIdentifiersWithin(
-                    user.getUser().getModel(), identifier);
-
-    }
-
     /**
      * Retrieves all parameters visible to the given user and associated with
      * the sharing profile having the given identifier. If the given user has no