diff --git a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java index 955b3fd64..c459cbbc4 100644 --- a/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java +++ b/guacamole/src/main/java/net/sourceforge/guacamole/net/basic/crud/users/Update.java @@ -25,6 +25,7 @@ import net.sourceforge.guacamole.GuacamoleException; import net.sourceforge.guacamole.net.auth.Directory; import net.sourceforge.guacamole.net.auth.User; import net.sourceforge.guacamole.net.auth.UserContext; +import net.sourceforge.guacamole.net.auth.permission.ConnectionGroupPermission; import net.sourceforge.guacamole.net.auth.permission.ConnectionPermission; import net.sourceforge.guacamole.net.auth.permission.ObjectPermission; import net.sourceforge.guacamole.net.auth.permission.Permission; @@ -49,6 +50,11 @@ public class Update extends AuthenticatingHttpServlet { */ private static final String CREATE_CONNECTION_PERMISSION = "create-connection"; + /** + * String given for connection group creation permission. + */ + private static final String CREATE_CONNECTION_GROUP_PERMISSION = "create-connection-group"; + /** * String given for system administration permission. */ @@ -169,6 +175,41 @@ public class Update extends AuthenticatingHttpServlet { } + /** + * Given a permission string, returns the corresponding connection group + * permission. + * + * @param str The permission string to parse. + * @return The parsed connection group permission. + * @throws GuacamoleException If the given string could not be parsed. + */ + private Permission parseConnectionGroupPermission(String str) + throws GuacamoleException { + + // Read + if (str.startsWith(READ_PREFIX)) + return new ConnectionGroupPermission(ObjectPermission.Type.READ, + str.substring(READ_PREFIX.length())); + + // Update + if (str.startsWith(UPDATE_PREFIX)) + return new ConnectionGroupPermission(ObjectPermission.Type.UPDATE, + str.substring(UPDATE_PREFIX.length())); + + // Delete + if (str.startsWith(DELETE_PREFIX)) + return new ConnectionGroupPermission(ObjectPermission.Type.DELETE, + str.substring(DELETE_PREFIX.length())); + + // Administration + if (str.startsWith(ADMIN_PREFIX)) + return new ConnectionGroupPermission(ObjectPermission.Type.ADMINISTER, + str.substring(ADMIN_PREFIX.length())); + + throw new GuacamoleClientException("Invalid permission string."); + + } + @Override protected void authenticatedService( UserContext context, @@ -214,6 +255,13 @@ public class Update extends AuthenticatingHttpServlet { user.addPermission(parseConnectionPermission(str)); } + // Set added connection group permissions + String[] add_connection_group_permission = request.getParameterValues("+connection-group"); + if (add_connection_group_permission != null) { + for (String str : add_connection_group_permission) + user.addPermission(parseConnectionGroupPermission(str)); + } + /* * REMOVED PERMISSIONS */ @@ -239,6 +287,13 @@ public class Update extends AuthenticatingHttpServlet { user.removePermission(parseConnectionPermission(str)); } + // Unset removed connection group permissions + String[] remove_connection_group_permission = request.getParameterValues("-connection-group"); + if (remove_connection_group_permission != null) { + for (String str : remove_connection_group_permission) + user.removePermission(parseConnectionGroupPermission(str)); + } + // Update user directory.update(user);