From bd2d051a19d4cded79f33e1168e97b22ba90fcec Mon Sep 17 00:00:00 2001
From: Nick Couchman <vnick@apache.org>
Date: Tue, 12 Jun 2018 21:50:12 -0400
Subject: [PATCH] GUACAMOLE-360: Make webapp use permission sets for active
 connection management.

---
 .../navigation/services/userPageService.js    | 31 +++++++++++++------
 1 file changed, 21 insertions(+), 10 deletions(-)

diff --git a/guacamole/src/main/webapp/app/navigation/services/userPageService.js b/guacamole/src/main/webapp/app/navigation/services/userPageService.js
index 27ae4d740..07736ed81 100644
--- a/guacamole/src/main/webapp/app/navigation/services/userPageService.js
+++ b/guacamole/src/main/webapp/app/navigation/services/userPageService.js
@@ -71,10 +71,10 @@ angular.module('navigation').factory('userPageService', ['$injector',
         var settingsPages = generateSettingsPages(permissions);
 
         // If user has access to settings pages, return home page and skip
-        // evaluation for automatic connections.  The Preferences and Session
-        // Management pages are "Settings" pages and are always visible, so
-        // we look for more than two to indicate access to administrative pages.
-        if (settingsPages.length > 2)
+        // evaluation for automatic connections.  The Preferences page is
+        // a Settings page and is always visible, so we look for more than
+        // one to indicate access to administrative pages.
+        if (settingsPages.length > 1)
             return SYSTEM_HOME_PAGE;
 
         // Determine whether a connection or balancing group should serve as
@@ -265,8 +265,25 @@ angular.module('navigation').factory('userPageService', ['$injector',
                 canViewConnectionRecords.push(dataSource);
             }
 
+            // Determine whether the current user needs access to view session management
+            if (
+                    // Permission to manage active sessions.
+                       PermissionSet.hasSystemPermission(permissions,           PermissionSet.SystemPermissionType.ADMINISTER)
+                    || PermissionSet.hasActiveConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)
+            ) {
+                canManageSessions.push(dataSource);
+            }
+
         });
 
+        // If user can manage sessions, add link to sessions management page
+        if (canManageSessions.length) {
+            pages.push(new PageDefinition({
+                name : 'USER_MENU.ACTION_MANAGE_SESSIONS',
+                url  : '/settings/sessions'
+            }));
+        }
+
         // If user can manage connections, add links for connection management pages
         angular.forEach(canViewConnectionRecords, function addConnectionHistoryLink(dataSource) {
             pages.push(new PageDefinition({
@@ -297,12 +314,6 @@ angular.module('navigation').factory('userPageService', ['$injector',
             }));
         });
 
-        // Add link to session management (always accessible)
-        pages.push(new PageDefinition({
-            name : 'USER_MENU.ACTION_MANAGE_SESSIONS',
-            url  : '/settings/sessions'
-        }));
-
         // Add link to user preferences (always accessible)
         pages.push(new PageDefinition({
             name : 'USER_MENU.ACTION_MANAGE_PREFERENCES',