mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-10-31 00:53:21 +00:00
Refactor to support new SystemPermission organization (no more *DirectoryPermission classes).
This commit is contained in:
Michael Jumper
@@ -32,11 +32,9 @@ import net.sourceforge.guacamole.net.auth.ConnectionRecord;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
|
||||
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
|
||||
|
||||
@@ -48,35 +46,6 @@ import net.sourceforge.guacamole.protocol.GuacamoleConfiguration;
|
||||
*/
|
||||
public class List extends AuthenticatingHttpServlet {
|
||||
|
||||
/**
|
||||
* Checks whether the given user has permission to perform the given
|
||||
* system operation. Security exceptions are handled appropriately - only
|
||||
* non-security exceptions pass through.
|
||||
*
|
||||
* @param user The user whose permissions should be verified.
|
||||
* @param type The type of operation to check for permission for.
|
||||
* @return true if permission is granted, false otherwise.
|
||||
*
|
||||
* @throws GuacamoleException If an error occurs while checking permissions.
|
||||
*/
|
||||
private boolean hasConfigPermission(User user, SystemPermission.Type type)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Build permission
|
||||
Permission permission =
|
||||
new ConnectionDirectoryPermission(type);
|
||||
|
||||
try {
|
||||
// Return result of permission check, if possible
|
||||
return user.hasPermission(permission);
|
||||
}
|
||||
catch (GuacamoleSecurityException e) {
|
||||
// If cannot check due to security restrictions, no permission
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether the given user has permission to perform the given
|
||||
* object operation. Security exceptions are handled appropriately - only
|
||||
@@ -148,10 +117,6 @@ public class List extends AuthenticatingHttpServlet {
|
||||
xml.writeStartDocument();
|
||||
xml.writeStartElement("connections");
|
||||
|
||||
// Save connection create permission attribute
|
||||
if (hasConfigPermission(self, SystemPermission.Type.CREATE))
|
||||
xml.writeAttribute("create", "yes");
|
||||
|
||||
// For each entry, write corresponding connection element
|
||||
for (String identifier : directory.getIdentifiers()) {
|
||||
|
||||
@@ -164,22 +129,10 @@ public class List extends AuthenticatingHttpServlet {
|
||||
xml.writeAttribute("protocol",
|
||||
connection.getConfiguration().getProtocol());
|
||||
|
||||
// Save admin permission attribute
|
||||
if (hasConfigPermission(self, ObjectPermission.Type.ADMINISTER,
|
||||
identifier))
|
||||
xml.writeAttribute("admin", "yes");
|
||||
|
||||
// Save delete permission attribute
|
||||
if (hasConfigPermission(self, ObjectPermission.Type.DELETE,
|
||||
identifier))
|
||||
xml.writeAttribute("delete", "yes");
|
||||
|
||||
// Save update permission attribute, include parameters
|
||||
// If update permission available, include parameters
|
||||
if (hasConfigPermission(self, ObjectPermission.Type.UPDATE,
|
||||
identifier)) {
|
||||
|
||||
xml.writeAttribute("update", "yes");
|
||||
|
||||
// As update permission is present, also list parameters
|
||||
GuacamoleConfiguration config = connection.getConfiguration();
|
||||
for (String name : config.getParameterNames()) {
|
||||
|
||||
@@ -30,12 +30,10 @@ import net.sourceforge.guacamole.GuacamoleSecurityException;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
||||
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
|
||||
@@ -61,7 +59,9 @@ public class List extends AuthenticatingHttpServlet {
|
||||
throws GuacamoleException {
|
||||
|
||||
switch (type) {
|
||||
case CREATE: return "create";
|
||||
case CREATE_USER: return "create-user";
|
||||
case CREATE_CONNECTION: return "create-connection";
|
||||
case ADMINISTER: return "admin";
|
||||
}
|
||||
|
||||
throw new GuacamoleException("Unknown permission type: " + type);
|
||||
@@ -136,16 +136,15 @@ public class List extends AuthenticatingHttpServlet {
|
||||
// For each entry, write corresponding user element
|
||||
for (Permission permission : user.getPermissions()) {
|
||||
|
||||
// Config directory permission
|
||||
if (permission instanceof ConnectionDirectoryPermission) {
|
||||
// System permission
|
||||
if (permission instanceof SystemPermission) {
|
||||
|
||||
// Get permission
|
||||
ConnectionDirectoryPermission cdp =
|
||||
(ConnectionDirectoryPermission) permission;
|
||||
SystemPermission sp = (SystemPermission) permission;
|
||||
|
||||
// Write permission
|
||||
xml.writeEmptyElement("connections");
|
||||
xml.writeAttribute("type", toString(cdp.getType()));
|
||||
xml.writeEmptyElement("system");
|
||||
xml.writeAttribute("type", toString(sp.getType()));
|
||||
|
||||
}
|
||||
|
||||
@@ -163,19 +162,6 @@ public class List extends AuthenticatingHttpServlet {
|
||||
|
||||
}
|
||||
|
||||
// User directory permission
|
||||
else if (permission instanceof UserDirectoryPermission) {
|
||||
|
||||
// Get permission
|
||||
UserDirectoryPermission udp =
|
||||
(UserDirectoryPermission) permission;
|
||||
|
||||
// Write permission
|
||||
xml.writeEmptyElement("users");
|
||||
xml.writeAttribute("type", toString(udp.getType()));
|
||||
|
||||
}
|
||||
|
||||
// User permission
|
||||
else if (permission instanceof UserPermission) {
|
||||
|
||||
|
||||
@@ -31,11 +31,6 @@ import net.sourceforge.guacamole.GuacamoleSecurityException;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
||||
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
|
||||
/**
|
||||
@@ -45,65 +40,6 @@ import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
*/
|
||||
public class List extends AuthenticatingHttpServlet {
|
||||
|
||||
/**
|
||||
* Checks whether the given user has permission to perform the given
|
||||
* system operation. Security exceptions are handled appropriately - only
|
||||
* non-security exceptions pass through.
|
||||
*
|
||||
* @param user The user whose permissions should be verified.
|
||||
* @param type The type of operation to check for permission for.
|
||||
* @return true if permission is granted, false otherwise.
|
||||
*
|
||||
* @throws GuacamoleException If an error occurs while checking permissions.
|
||||
*/
|
||||
private boolean hasUserPermission(User user, SystemPermission.Type type)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Build permission
|
||||
Permission permission = new UserDirectoryPermission(type);
|
||||
|
||||
try {
|
||||
// Return result of permission check, if possible
|
||||
return user.hasPermission(permission);
|
||||
}
|
||||
catch (GuacamoleSecurityException e) {
|
||||
// If cannot check due to security restrictions, no permission
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks whether the given user has permission to perform the given
|
||||
* object operation. Security exceptions are handled appropriately - only
|
||||
* non-security exceptions pass through.
|
||||
*
|
||||
* @param user The user whose permissions should be verified.
|
||||
* @param type The type of operation to check for permission for.
|
||||
* @param identifier The identifier of the user the operation would be
|
||||
* performed upon.
|
||||
* @return true if permission is granted, false otherwise.
|
||||
*
|
||||
* @throws GuacamoleException If an error occurs while checking permissions.
|
||||
*/
|
||||
private boolean hasUserPermission(User user, ObjectPermission.Type type,
|
||||
String identifier)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Build permission
|
||||
Permission permission = new UserPermission(type, identifier);
|
||||
|
||||
try {
|
||||
// Return result of permission check, if possible
|
||||
return user.hasPermission(permission);
|
||||
}
|
||||
catch (GuacamoleSecurityException e) {
|
||||
// If cannot check due to security restrictions, no permission
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void authenticatedService(
|
||||
UserContext context,
|
||||
@@ -135,10 +71,6 @@ public class List extends AuthenticatingHttpServlet {
|
||||
xml.writeStartDocument();
|
||||
xml.writeStartElement("users");
|
||||
|
||||
// Save user create permission attribute
|
||||
if (hasUserPermission(self, SystemPermission.Type.CREATE))
|
||||
xml.writeAttribute("create", "yes");
|
||||
|
||||
// For each entry, write corresponding user element
|
||||
for (String username : users) {
|
||||
|
||||
@@ -149,21 +81,6 @@ public class List extends AuthenticatingHttpServlet {
|
||||
xml.writeEmptyElement("user");
|
||||
xml.writeAttribute("name", user.getUsername());
|
||||
|
||||
// Save update permission attribute
|
||||
if (hasUserPermission(self, ObjectPermission.Type.UPDATE,
|
||||
user.getUsername()))
|
||||
xml.writeAttribute("update", "yes");
|
||||
|
||||
// Save admin permission attribute
|
||||
if (hasUserPermission(self, ObjectPermission.Type.ADMINISTER,
|
||||
user.getUsername()))
|
||||
xml.writeAttribute("admin", "yes");
|
||||
|
||||
// Save delete permission attribute
|
||||
if (hasUserPermission(self, ObjectPermission.Type.DELETE,
|
||||
user.getUsername()))
|
||||
xml.writeAttribute("delete", "yes");
|
||||
|
||||
}
|
||||
|
||||
// End document
|
||||
|
||||
@@ -26,12 +26,10 @@ import net.sourceforge.guacamole.GuacamoleException;
|
||||
import net.sourceforge.guacamole.net.auth.Directory;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
import net.sourceforge.guacamole.net.auth.UserContext;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.ObjectPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.Permission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.SystemPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserDirectoryPermission;
|
||||
import net.sourceforge.guacamole.net.auth.permission.UserPermission;
|
||||
import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
|
||||
@@ -43,9 +41,19 @@ import net.sourceforge.guacamole.net.basic.AuthenticatingHttpServlet;
|
||||
public class Update extends AuthenticatingHttpServlet {
|
||||
|
||||
/**
|
||||
* String given for directory creation permission.
|
||||
* String given for user creation permission.
|
||||
*/
|
||||
private static final String CREATE_PERMISSION = "create";
|
||||
private static final String CREATE_USER_PERMISSION = "create-user";
|
||||
|
||||
/**
|
||||
* String given for connection creation permission.
|
||||
*/
|
||||
private static final String CREATE_CONNECTION_PERMISSION = "create-connection";
|
||||
|
||||
/**
|
||||
* String given for system administration permission.
|
||||
*/
|
||||
private static final String ADMIN_PERMISSION = "admin";
|
||||
|
||||
/**
|
||||
* Prefix given before an object identifier for read permission.
|
||||
@@ -67,6 +75,32 @@ public class Update extends AuthenticatingHttpServlet {
|
||||
*/
|
||||
private static final String ADMIN_PREFIX = "admin:";
|
||||
|
||||
/**
|
||||
* Given a permission string, returns the corresponding system permission.
|
||||
*
|
||||
* @param str The permission string to parse.
|
||||
* @return The parsed system permission.
|
||||
* @throws GuacamoleException If the given string could not be parsed.
|
||||
*/
|
||||
private Permission parseSystemPermission(String str)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Create user
|
||||
if (str.startsWith(CREATE_USER_PERMISSION))
|
||||
return new SystemPermission(SystemPermission.Type.CREATE_USER);
|
||||
|
||||
// Create connection
|
||||
if (str.startsWith(CREATE_CONNECTION_PERMISSION))
|
||||
return new SystemPermission(SystemPermission.Type.CREATE_CONNECTION);
|
||||
|
||||
// Administration
|
||||
if (str.startsWith(ADMIN_PERMISSION))
|
||||
return new SystemPermission(SystemPermission.Type.ADMINISTER);
|
||||
|
||||
throw new GuacamoleException("Invalid permission string.");
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Given a permission string, returns the corresponding user permission.
|
||||
*
|
||||
@@ -77,10 +111,6 @@ public class Update extends AuthenticatingHttpServlet {
|
||||
private Permission parseUserPermission(String str)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Create permission
|
||||
if (str.equals(CREATE_PERMISSION))
|
||||
return new UserDirectoryPermission(SystemPermission.Type.CREATE);
|
||||
|
||||
// Read
|
||||
if (str.startsWith(READ_PREFIX))
|
||||
return new UserPermission(ObjectPermission.Type.READ,
|
||||
@@ -116,10 +146,6 @@ public class Update extends AuthenticatingHttpServlet {
|
||||
private Permission parseConnectionPermission(String str)
|
||||
throws GuacamoleException {
|
||||
|
||||
// Create permission
|
||||
if (str.equals(CREATE_PERMISSION))
|
||||
return new ConnectionDirectoryPermission(SystemPermission.Type.CREATE);
|
||||
|
||||
// Read
|
||||
if (str.startsWith(READ_PREFIX))
|
||||
return new ConnectionPermission(ObjectPermission.Type.READ,
|
||||
@@ -166,28 +192,50 @@ public class Update extends AuthenticatingHttpServlet {
|
||||
if (password != null)
|
||||
user.setPassword(password);
|
||||
|
||||
// Set user permissions
|
||||
/*
|
||||
* NEW PERMISSIONS
|
||||
*/
|
||||
|
||||
// Set added system permissions
|
||||
String[] add_sys_permission = request.getParameterValues("+sys");
|
||||
if (add_sys_permission != null) {
|
||||
for (String str : add_sys_permission)
|
||||
user.addPermission(parseSystemPermission(str));
|
||||
}
|
||||
|
||||
// Set added user permissions
|
||||
String[] add_user_permission = request.getParameterValues("+user");
|
||||
if (add_user_permission != null) {
|
||||
for (String str : add_user_permission)
|
||||
user.addPermission(parseUserPermission(str));
|
||||
}
|
||||
|
||||
// Set connection permissions
|
||||
// Set added connection permissions
|
||||
String[] add_connection_permission = request.getParameterValues("+connection");
|
||||
if (add_connection_permission != null) {
|
||||
for (String str : add_connection_permission)
|
||||
user.addPermission(parseConnectionPermission(str));
|
||||
}
|
||||
|
||||
// Set user permissions
|
||||
/*
|
||||
* REMOVED PERMISSIONS
|
||||
*/
|
||||
|
||||
// Unset removed system permissions
|
||||
String[] remove_sys_permission = request.getParameterValues("-sys");
|
||||
if (remove_sys_permission != null) {
|
||||
for (String str : remove_sys_permission)
|
||||
user.removePermission(parseSystemPermission(str));
|
||||
}
|
||||
|
||||
// Unset removed user permissions
|
||||
String[] remove_user_permission = request.getParameterValues("-user");
|
||||
if (remove_user_permission != null) {
|
||||
for (String str : remove_user_permission)
|
||||
user.removePermission(parseUserPermission(str));
|
||||
}
|
||||
|
||||
// Set connection permissions
|
||||
// Unset removed connection permissions
|
||||
String[] remove_connection_permission = request.getParameterValues("-connection");
|
||||
if (remove_connection_permission != null) {
|
||||
for (String str : remove_connection_permission)
|
||||
|
||||
Reference in New Issue
Block a user