safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor to support new SystemPermission organization (no more *DirectoryPermission classes).

Browse Source
This commit is contained in:
Michael Jumper
2013-02-27 16:20:09 -08:00
parent 65a31775b6
commit a84b9d2094
5 changed files with 99 additions and 195 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/connections/List.java
View File

@@ -32,11 +32,9 @@ import net.sourceforge.guacamole.net.auth.ConnectionRecord;
import net.sourceforge.guacamole.net.auth.Directory;
import net.sourceforge.guacamole.net.auth.User;
import net.sourceforge.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
@@ -48,35 +46,6 @@ import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
*/
public class List extends AuthenticatingHttpServlet {
/**
* Checks whether the given user has permission to perform the given
* system operation. Security exceptions are handled appropriately - only
* non-security exceptions pass through.
*
* @param user The user whose permissions should be verified.
* @param type The type of operation to check for permission for.
* @return true if permission is granted, false otherwise.
*
* @throws GuacamoleException If an error occurs while checking permissions.
*/
private boolean hasConfigPermission(User user, SystemPermission.Type type)
throws GuacamoleException {
// Build permission
Permission permission =
new ConnectionDirectoryPermission(type);
try {
// Return result of permission check, if possible
return user.hasPermission(permission);
}
catch (GuacamoleSecurityException e) {
// If cannot check due to security restrictions, no permission
return false;
}
}
/**
* Checks whether the given user has permission to perform the given
* object operation. Security exceptions are handled appropriately - only
@@ -148,10 +117,6 @@ public class List extends AuthenticatingHttpServlet {
xml.writeStartDocument();
xml.writeStartElement("connections");
// Save connection create permission attribute
if (hasConfigPermission(self, SystemPermission.Type.CREATE))
xml.writeAttribute("create", "yes");
// For each entry, write corresponding connection element
for (String identifier : directory.getIdentifiers()) {
@@ -164,22 +129,10 @@ public class List extends AuthenticatingHttpServlet {
xml.writeAttribute("protocol",
connection.getConfiguration().getProtocol());
// Save admin permission attribute
if (hasConfigPermission(self, ObjectPermission.Type.ADMINISTER,
identifier))
xml.writeAttribute("admin", "yes");
// Save delete permission attribute
if (hasConfigPermission(self, ObjectPermission.Type.DELETE,
identifier))
xml.writeAttribute("delete", "yes");
// Save update permission attribute, include parameters
// If update permission available, include parameters
if (hasConfigPermission(self, ObjectPermission.Type.UPDATE,
identifier)) {
xml.writeAttribute("update", "yes");
// As update permission is present, also list parameters
GuacamoleConfiguration config = connection.getConfiguration();
for (String name : config.getParameterNames()) {

30
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/permissions/List.java
View File

@@ -30,12 +30,10 @@ import net.sourceforge.guacamole.GuacamoleSecurityException;
import net.sourceforge.guacamole.net.auth.Directory;
import net.sourceforge.guacamole.net.auth.User;
import net.sourceforge.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
@@ -61,7 +59,9 @@ public class List extends AuthenticatingHttpServlet {
throws GuacamoleException {
switch (type) {
case CREATE: return "create";
case CREATE_USER: return "create-user";
case CREATE_CONNECTION: return "create-connection";
case ADMINISTER: return "admin";
}
throw new GuacamoleException("Unknown permission type: " + type);
@@ -136,16 +136,15 @@ public class List extends AuthenticatingHttpServlet {
// For each entry, write corresponding user element
for (Permission permission : user.getPermissions()) {
// Config directory permission
if (permission instanceof ConnectionDirectoryPermission) {
// System permission
if (permission instanceof SystemPermission) {
// Get permission
ConnectionDirectoryPermission cdp =
(ConnectionDirectoryPermission) permission;
SystemPermission sp = (SystemPermission) permission;
// Write permission
xml.writeEmptyElement("connections");
xml.writeAttribute("type", toString(cdp.getType()));
xml.writeEmptyElement("system");
xml.writeAttribute("type", toString(sp.getType()));
}
@@ -163,19 +162,6 @@ public class List extends AuthenticatingHttpServlet {
}
// User directory permission
else if (permission instanceof UserDirectoryPermission) {
// Get permission
UserDirectoryPermission udp =
(UserDirectoryPermission) permission;
// Write permission
xml.writeEmptyElement("users");
xml.writeAttribute("type", toString(udp.getType()));
}
// User permission
else if (permission instanceof UserPermission) {

83
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/List.java
View File

@@ -31,11 +31,6 @@ import net.sourceforge.guacamole.GuacamoleSecurityException;
import net.sourceforge.guacamole.net.auth.Directory;
import net.sourceforge.guacamole.net.auth.User;
import net.sourceforge.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
/**
@@ -45,65 +40,6 @@ import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
*/
public class List extends AuthenticatingHttpServlet {
/**
* Checks whether the given user has permission to perform the given
* system operation. Security exceptions are handled appropriately - only
* non-security exceptions pass through.
*
* @param user The user whose permissions should be verified.
* @param type The type of operation to check for permission for.
* @return true if permission is granted, false otherwise.
*
* @throws GuacamoleException If an error occurs while checking permissions.
*/
private boolean hasUserPermission(User user, SystemPermission.Type type)
throws GuacamoleException {
// Build permission
Permission permission = new UserDirectoryPermission(type);
try {
// Return result of permission check, if possible
return user.hasPermission(permission);
}
catch (GuacamoleSecurityException e) {
// If cannot check due to security restrictions, no permission
return false;
}
}
/**
* Checks whether the given user has permission to perform the given
* object operation. Security exceptions are handled appropriately - only
* non-security exceptions pass through.
*
* @param user The user whose permissions should be verified.
* @param type The type of operation to check for permission for.
* @param identifier The identifier of the user the operation would be
* performed upon.
* @return true if permission is granted, false otherwise.
*
* @throws GuacamoleException If an error occurs while checking permissions.
*/
private boolean hasUserPermission(User user, ObjectPermission.Type type,
String identifier)
throws GuacamoleException {
// Build permission
Permission permission = new UserPermission(type, identifier);
try {
// Return result of permission check, if possible
return user.hasPermission(permission);
}
catch (GuacamoleSecurityException e) {
// If cannot check due to security restrictions, no permission
return false;
}
}
@Override
protected void authenticatedService(
UserContext context,
@@ -135,10 +71,6 @@ public class List extends AuthenticatingHttpServlet {
xml.writeStartDocument();
xml.writeStartElement("users");
// Save user create permission attribute
if (hasUserPermission(self, SystemPermission.Type.CREATE))
xml.writeAttribute("create", "yes");
// For each entry, write corresponding user element
for (String username : users) {
@@ -149,21 +81,6 @@ public class List extends AuthenticatingHttpServlet {
xml.writeEmptyElement("user");
xml.writeAttribute("name", user.getUsername());
// Save update permission attribute
if (hasUserPermission(self, ObjectPermission.Type.UPDATE,
user.getUsername()))
xml.writeAttribute("update", "yes");
// Save admin permission attribute
if (hasUserPermission(self, ObjectPermission.Type.ADMINISTER,
user.getUsername()))
xml.writeAttribute("admin", "yes");
// Save delete permission attribute
if (hasUserPermission(self, ObjectPermission.Type.DELETE,
user.getUsername()))
xml.writeAttribute("delete", "yes");
}
// End document

80
guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java
View File

@@ -26,12 +26,10 @@ import net.sourceforge.guacamole.GuacamoleException;
import net.sourceforge.guacamole.net.auth.Directory;
import net.sourceforge.guacamole.net.auth.User;
import net.sourceforge.guacamole.net.auth.UserContext;
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
import net.sourceforge.guacamole.net.auth.permission.Permission;
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
@@ -43,9 +41,19 @@ import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
public class Update extends AuthenticatingHttpServlet {
/**
* String given for directory creation permission.
* String given for user creation permission.
*/
private static final String CREATE_PERMISSION = "create";
private static final String CREATE_USER_PERMISSION = "create-user";
/**
* String given for connection creation permission.
*/
private static final String CREATE_CONNECTION_PERMISSION = "create-connection";
/**
* String given for system administration permission.
*/
private static final String ADMIN_PERMISSION = "admin";
/**
* Prefix given before an object identifier for read permission.
@@ -67,6 +75,32 @@ public class Update extends AuthenticatingHttpServlet {
*/
private static final String ADMIN_PREFIX = "admin:";
/**
* Given a permission string, returns the corresponding system permission.
*
* @param str The permission string to parse.
* @return The parsed system permission.
* @throws GuacamoleException If the given string could not be parsed.
*/
private Permission parseSystemPermission(String str)
throws GuacamoleException {
// Create user
if (str.startsWith(CREATE_USER_PERMISSION))
return new SystemPermission(SystemPermission.Type.CREATE_USER);
// Create connection
if (str.startsWith(CREATE_CONNECTION_PERMISSION))
return new SystemPermission(SystemPermission.Type.CREATE_CONNECTION);
// Administration
if (str.startsWith(ADMIN_PERMISSION))
return new SystemPermission(SystemPermission.Type.ADMINISTER);
throw new GuacamoleException("Invalid permission string.");
}
/**
* Given a permission string, returns the corresponding user permission.
*
@@ -77,10 +111,6 @@ public class Update extends AuthenticatingHttpServlet {
private Permission parseUserPermission(String str)
throws GuacamoleException {
// Create permission
if (str.equals(CREATE_PERMISSION))
return new UserDirectoryPermission(SystemPermission.Type.CREATE);
// Read
if (str.startsWith(READ_PREFIX))
return new UserPermission(ObjectPermission.Type.READ,
@@ -116,10 +146,6 @@ public class Update extends AuthenticatingHttpServlet {
private Permission parseConnectionPermission(String str)
throws GuacamoleException {
// Create permission
if (str.equals(CREATE_PERMISSION))
return new ConnectionDirectoryPermission(SystemPermission.Type.CREATE);
// Read
if (str.startsWith(READ_PREFIX))
return new ConnectionPermission(ObjectPermission.Type.READ,
@@ -166,28 +192,50 @@ public class Update extends AuthenticatingHttpServlet {
if (password != null)
user.setPassword(password);
// Set user permissions
/*
* NEW PERMISSIONS
*/
// Set added system permissions
String[] add_sys_permission = request.getParameterValues("+sys");
if (add_sys_permission != null) {
for (String str : add_sys_permission)
user.addPermission(parseSystemPermission(str));
}
// Set added user permissions
String[] add_user_permission = request.getParameterValues("+user");
if (add_user_permission != null) {
for (String str : add_user_permission)
user.addPermission(parseUserPermission(str));
}
// Set connection permissions
// Set added connection permissions
String[] add_connection_permission = request.getParameterValues("+connection");
if (add_connection_permission != null) {
for (String str : add_connection_permission)
user.addPermission(parseConnectionPermission(str));
}
// Set user permissions
/*
* REMOVED PERMISSIONS
*/
// Unset removed system permissions
String[] remove_sys_permission = request.getParameterValues("-sys");
if (remove_sys_permission != null) {
for (String str : remove_sys_permission)
user.removePermission(parseSystemPermission(str));
}
// Unset removed user permissions
String[] remove_user_permission = request.getParameterValues("-user");
if (remove_user_permission != null) {
for (String str : remove_user_permission)
user.removePermission(parseUserPermission(str));
}
// Set connection permissions
// Unset removed connection permissions
String[] remove_connection_permission = request.getParameterValues("-connection");
if (remove_connection_permission != null) {
for (String str : remove_connection_permission)

52
guacamole/src/main/webapp/scripts/service.js
View File

@@ -117,6 +117,11 @@ GuacamoleService.PermissionSet = function() {
*/
this.create_connection = false;
/**
* Whether permission to administer the system in general is granted.
*/
this.administer = false;
/**
* Object with a property entry for each readable user.
*/
@@ -416,9 +421,10 @@ GuacamoleService.Users = {
var name;
// Creation permissions
if (permissions_added.create_user) data += "&%2Buser=create";
if (permissions_added.create_connection) data += "&%2Bconnection=create";
// System permissions
if (permissions_added.create_user) data += "&%2Bsys=create-user";
if (permissions_added.create_connection) data += "&%2Bsys=create-connection";
if (permissions_added.administer) data += "&%2Bsys=admin";
// User permissions
for (name in permissions_added.read_user)
@@ -441,8 +447,9 @@ GuacamoleService.Users = {
data += "&%2Bconnection=delete:" + encodeURIComponent(name);
// Creation permissions
if (permissions_removed.create_user) data += "&-user=create";
if (permissions_removed.create_connection) data += "&-connection=create";
if (permissions_removed.create_user) data += "&-sys=create-user";
if (permissions_removed.create_connection) data += "&-sys=create-connection";
if (permissions_removed.administer) data += "&-sys=admin";
// User permissions
for (name in permissions_removed.read_user)
@@ -574,19 +581,29 @@ GuacamoleService.Permissions = {
var i, type, name;
var permissions = new GuacamoleService.PermissionSet();
// Read connections permissions
var connectionsElements = xhr.responseXML.getElementsByTagName("connections");
// Read system permissions
var connectionsElements = xhr.responseXML.getElementsByTagName("system");
for (i=0; i<connectionsElements.length; i++) {
// Get type
type = connectionsElements[i].getAttribute("type");
switch (type) {
// Create permission
case "create":
// Create connection permission
case "create-connection":
permissions.create_connection = true;
break;
// Create user permission
case "create-user":
permissions.create_user = true;
break;
// System admin permission
case "admin":
permissions.administer = true;
break;
}
}
@@ -625,23 +642,6 @@ GuacamoleService.Permissions = {
}
// Read users permissions
var usersElements = xhr.responseXML.getElementsByTagName("users");
for (i=0; i<usersElements.length; i++) {
// Get type
type = usersElements[i].getAttribute("type");
switch (type) {
// Create permission
case "create":
permissions.create_user = true;
break;
}
}
// Read user permissions
var userElements = xhr.responseXML.getElementsByTagName("user");
for (i=0; i<userElements.length; i++) {