From ad937defa6f185444e7bf4cc2564a588d0a5fe6a Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Mon, 1 Oct 2018 11:35:32 -0700
Subject: [PATCH] GUACAMOLE-360: Update active connection permission check to
 support user groups.

---
 .../activeconnection/ActiveConnectionPermissionService.java     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
index 123a32069..cb29c5acb 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java
@@ -97,7 +97,7 @@ public class ActiveConnectionPermissionService
                 permissions.add(new ObjectPermission(ObjectPermission.Type.READ, identifier));
 
                 // If we're an admin, or the connection is ours, then we can DELETE
-                if (isAdmin || targetUser.getIdentifier().equals(record.getUsername()))
+                if (isAdmin || (targetEntity.isUser() && targetEntity.getIdentifier().equals(record.getUsername())))
                     permissions.add(new ObjectPermission(ObjectPermission.Type.DELETE, identifier));
 
             }