diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java index 788aea4df..7d755a68f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java @@ -22,23 +22,16 @@ package org.glyptodon.guacamole.auth.jdbc.base; -import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; import java.util.Set; import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser; import org.glyptodon.guacamole.GuacamoleException; -import org.glyptodon.guacamole.GuacamoleSecurityException; -import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper; -import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel; -import org.glyptodon.guacamole.auth.jdbc.user.UserModel; -import org.glyptodon.guacamole.net.auth.permission.ObjectPermission; -import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet; /** * Service which provides convenience methods for creating, retrieving, and - * manipulating objects within directories. This service will automatically - * enforce the permissions of the current user. + * manipulating objects that have unique identifiers, such as the objects + * within directories. This service will automatically enforce the permissions + * of the current user. * * @author Michael Jumper * @param @@ -48,384 +41,115 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet; * @param * The external interface or implementation of the type of object this * service provides access to, as defined by the guacamole-ext API. - * - * @param - * The underlying model object used to represent InternalType in the - * database. */ -public abstract class DirectoryObjectService, - ExternalType, ModelType extends ObjectModel> - implements IdentifiableObjectService { +public interface DirectoryObjectService { /** - * All object permissions which are implicitly granted upon creation to the - * creator of the object. + * Retrieves the single object that has the given identifier, if it exists + * and the user has permission to read it. + * + * @param user + * The user retrieving the object. + * + * @param identifier + * The identifier of the object to retrieve. + * + * @return + * The object having the given identifier, or null if no such object + * exists. + * + * @throws GuacamoleException + * If an error occurs while retrieving the requested object. */ - private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = { - ObjectPermission.Type.READ, - ObjectPermission.Type.UPDATE, - ObjectPermission.Type.DELETE, - ObjectPermission.Type.ADMINISTER - }; + InternalType retrieveObject(AuthenticatedUser user, String identifier) + throws GuacamoleException; /** - * Returns an instance of a mapper for the type of object used by this - * service. - * - * @return - * A mapper which provides access to the model objects associated with - * the objects used by this service. - */ - protected abstract DirectoryObjectMapper getObjectMapper(); - - /** - * Returns an instance of a mapper for the type of permissions that affect - * the type of object used by this service. - * - * @return - * A mapper which provides access to the model objects associated with - * the permissions that affect the objects used by this service. - */ - protected abstract ObjectPermissionMapper getPermissionMapper(); - - /** - * Returns an instance of an object which is backed by the given model - * object. - * - * @param currentUser - * The user for whom this object is being created. - * - * @param model - * The model object to use to back the returned object. - * - * @return - * An object which is backed by the given model object. - */ - protected abstract InternalType getObjectInstance(AuthenticatedUser currentUser, - ModelType model); - - /** - * Returns an instance of a model object which is based on the given - * object. - * - * @param currentUser - * The user for whom this model object is being created. - * - * @param object - * The object to use to produce the returned model object. - * - * @return - * A model object which is based on the given object. - */ - protected abstract ModelType getModelInstance(AuthenticatedUser currentUser, - ExternalType object); - - /** - * Returns whether the given user has permission to create the type of - * objects that this directory object service manages. + * Retrieves all objects that have the identifiers in the given collection. + * Only objects that the user has permission to read will be returned. * * @param user - * The user being checked. + * The user retrieving the objects. + * + * @param identifiers + * The identifiers of the objects to retrieve. * * @return - * true if the user has object creation permission relevant to this - * directory object service, false otherwise. - * + * The objects having the given identifiers. + * * @throws GuacamoleException - * If permission to read the user's permissions is denied. + * If an error occurs while retrieving the requested objects. */ - protected abstract boolean hasCreatePermission(AuthenticatedUser user) - throws GuacamoleException; + Collection retrieveObjects(AuthenticatedUser user, + Collection identifiers) throws GuacamoleException; /** - * Returns whether the given user has permission to perform a certain - * action on a specific object managed by this directory object service. - * - * @param user - * The user being checked. - * - * @param identifier - * The identifier of the object to check. - * - * @param type - * The type of action that will be performed. - * - * @return - * true if the user has object permission relevant described, false - * otherwise. - * - * @throws GuacamoleException - * If permission to read the user's permissions is denied. - */ - protected boolean hasObjectPermission(AuthenticatedUser user, - String identifier, ObjectPermission.Type type) - throws GuacamoleException { - - // Get object permissions - ObjectPermissionSet permissionSet = getPermissionSet(user); - - // Return whether permission is granted - return user.getUser().isAdministrator() - || permissionSet.hasPermission(type, identifier); - - } - - /** - * Returns the permission set associated with the given user and related - * to the type of objects handled by this directory object service. - * - * @param user - * The user whose permissions are being retrieved. - * - * @return - * A permission set which contains the permissions associated with the - * given user and related to the type of objects handled by this - * directory object service. - * - * @throws GuacamoleException - * If permission to read the user's permissions is denied. - */ - protected abstract ObjectPermissionSet getPermissionSet(AuthenticatedUser user) - throws GuacamoleException; - - /** - * Returns a collection of objects which are backed by the models in the - * given collection. - * - * @param currentUser - * The user for whom these objects are being created. - * - * @param models - * The model objects to use to back the objects within the returned - * collection. - * - * @return - * A collection of objects which are backed by the models in the given - * collection. - */ - protected Collection getObjectInstances(AuthenticatedUser currentUser, - Collection models) { - - // Create new collection of objects by manually converting each model - Collection objects = new ArrayList(models.size()); - for (ModelType model : models) - objects.add(getObjectInstance(currentUser, model)); - - return objects; - - } - - /** - * Called before any object is created through this directory object - * service. This function serves as a final point of validation before - * the create operation occurs. In its default implementation, - * beforeCreate() performs basic permissions checks. + * Creates the given object. If the object already exists, an error will be + * thrown. * * @param user * The user creating the object. * - * @param model - * The model of the object being created. + * @param object + * The object to create. + * + * @return + * The newly-created object. * * @throws GuacamoleException - * If the object is invalid, or an error prevents validating the given - * object. + * If the user lacks permission to create the object, or an error + * occurs while creating the object. */ - protected void beforeCreate(AuthenticatedUser user, - ModelType model ) throws GuacamoleException { - - // Verify permission to create objects - if (!user.getUser().isAdministrator() && !hasCreatePermission(user)) - throw new GuacamoleSecurityException("Permission denied."); - - } + InternalType createObject(AuthenticatedUser user, ExternalType object) + throws GuacamoleException; /** - * Called before any object is updated through this directory object - * service. This function serves as a final point of validation before - * the update operation occurs. In its default implementation, - * beforeUpdate() performs basic permissions checks. + * Deletes the object having the given identifier. If no such object + * exists, this function has no effect. * * @param user - * The user updating the existing object. - * - * @param model - * The model of the object being updated. - * - * @throws GuacamoleException - * If the object is invalid, or an error prevents validating the given - * object. - */ - protected void beforeUpdate(AuthenticatedUser user, - ModelType model) throws GuacamoleException { - - // By default, do nothing. - if (!hasObjectPermission(user, model.getIdentifier(), ObjectPermission.Type.UPDATE)) - throw new GuacamoleSecurityException("Permission denied."); - - } - - /** - * Called before any object is deleted through this directory object - * service. This function serves as a final point of validation before - * the delete operation occurs. In its default implementation, - * beforeDelete() performs basic permissions checks. - * - * @param user - * The user deleting the existing object. + * The user deleting the object. * * @param identifier - * The identifier of the object being deleted. + * The identifier of the object to delete. * * @throws GuacamoleException - * If the object is invalid, or an error prevents validating the given - * object. + * If the user lacks permission to delete the object, or an error + * occurs while deleting the object. */ - protected void beforeDelete(AuthenticatedUser user, - String identifier) throws GuacamoleException { - - // Verify permission to delete objects - if (!hasObjectPermission(user, identifier, ObjectPermission.Type.DELETE)) - throw new GuacamoleSecurityException("Permission denied."); - - } - - @Override - public InternalType retrieveObject(AuthenticatedUser user, - String identifier) throws GuacamoleException { - - // Pull objects having given identifier - Collection objects = retrieveObjects(user, Collections.singleton(identifier)); - - // If no such object, return null - if (objects.isEmpty()) - return null; - - // The object collection will have exactly one element unless the - // database has seriously lost integrity - assert(objects.size() == 1); - - // Return first and only object - return objects.iterator().next(); - - } - - @Override - public Collection retrieveObjects(AuthenticatedUser user, - Collection identifiers) throws GuacamoleException { - - // Do not query if no identifiers given - if (identifiers.isEmpty()) - return Collections.EMPTY_LIST; - - Collection objects; - - // Bypass permission checks if the user is a system admin - if (user.getUser().isAdministrator()) - objects = getObjectMapper().select(identifiers); - - // Otherwise only return explicitly readable identifiers - else - objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers); - - // Return collection of requested objects - return getObjectInstances(user, objects); - - } + void deleteObject(AuthenticatedUser user, String identifier) + throws GuacamoleException; /** - * Returns a collection of permissions that should be granted due to the - * creation of the given object. These permissions need not be granted - * solely to the user creating the object. - * + * Updates the given object, applying any changes that have been made. If + * no such object exists, this function has no effect. + * * @param user - * The user creating the object. - * - * @param model - * The object being created. - * - * @return - * The collection of implicit permissions that should be granted due to - * the creation of the given object. + * The user updating the object. + * + * @param object + * The object to update. + * + * @throws GuacamoleException + * If the user lacks permission to update the object, or an error + * occurs while updating the object. */ - protected Collection getImplicitPermissions(AuthenticatedUser user, - ModelType model) { - - // Build list of implicit permissions - Collection implicitPermissions = - new ArrayList(IMPLICIT_OBJECT_PERMISSIONS.length); + void updateObject(AuthenticatedUser user, InternalType object) + throws GuacamoleException; - UserModel userModel = user.getUser().getModel(); - for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) { - - // Create model which grants this permission to the current user - ObjectPermissionModel permissionModel = new ObjectPermissionModel(); - permissionModel.setUserID(userModel.getObjectID()); - permissionModel.setUsername(userModel.getIdentifier()); - permissionModel.setType(permission); - permissionModel.setObjectIdentifier(model.getIdentifier()); - - // Add permission - implicitPermissions.add(permissionModel); - - } - - return implicitPermissions; - - } - - @Override - public InternalType createObject(AuthenticatedUser user, ExternalType object) - throws GuacamoleException { - - ModelType model = getModelInstance(user, object); - beforeCreate(user, model); - - // Create object - getObjectMapper().insert(model); - - // Add implicit permissions - getPermissionMapper().insert(getImplicitPermissions(user, model)); - - return getObjectInstance(user, model); - - } - - @Override - public void deleteObject(AuthenticatedUser user, String identifier) - throws GuacamoleException { - - beforeDelete(user, identifier); - - // Delete object - getObjectMapper().delete(identifier); - - } - - @Override - public void updateObject(AuthenticatedUser user, InternalType object) - throws GuacamoleException { - - ModelType model = object.getModel(); - beforeUpdate(user, model); - - // Update object - getObjectMapper().update(model); - - } - - @Override - public Set getIdentifiers(AuthenticatedUser user) - throws GuacamoleException { - - // Bypass permission checks if the user is a system admin - if (user.getUser().isAdministrator()) - return getObjectMapper().selectIdentifiers(); - - // Otherwise only return explicitly readable identifiers - else - return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel()); - - } + /** + * Returns the set of all identifiers for all objects that the user has + * read access to. + * + * @param user + * The user retrieving the identifiers. + * + * @return + * The set of all identifiers for all objects. + * + * @throws GuacamoleException + * If an error occurs while reading identifiers. + */ + Set getIdentifiers(AuthenticatedUser user) throws GuacamoleException; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/IdentifiableObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/IdentifiableObjectService.java deleted file mode 100644 index c76b223b1..000000000 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/IdentifiableObjectService.java +++ /dev/null @@ -1,155 +0,0 @@ -/* - * Copyright (C) 2013 Glyptodon LLC - * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. - */ - -package org.glyptodon.guacamole.auth.jdbc.base; - -import java.util.Collection; -import java.util.Set; -import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser; -import org.glyptodon.guacamole.GuacamoleException; - -/** - * Service which provides convenience methods for creating, retrieving, and - * manipulating objects that have unique identifiers, such as the objects - * within directories. This service will automatically enforce the permissions - * of the current user. - * - * @author Michael Jumper - * @param - * The specific internal implementation of the type of object this service - * provides access to. - * - * @param - * The external interface or implementation of the type of object this - * service provides access to, as defined by the guacamole-ext API. - */ -public interface IdentifiableObjectService { - - /** - * Retrieves the single object that has the given identifier, if it exists - * and the user has permission to read it. - * - * @param user - * The user retrieving the object. - * - * @param identifier - * The identifier of the object to retrieve. - * - * @return - * The object having the given identifier, or null if no such object - * exists. - * - * @throws GuacamoleException - * If an error occurs while retrieving the requested object. - */ - InternalType retrieveObject(AuthenticatedUser user, String identifier) - throws GuacamoleException; - - /** - * Retrieves all objects that have the identifiers in the given collection. - * Only objects that the user has permission to read will be returned. - * - * @param user - * The user retrieving the objects. - * - * @param identifiers - * The identifiers of the objects to retrieve. - * - * @return - * The objects having the given identifiers. - * - * @throws GuacamoleException - * If an error occurs while retrieving the requested objects. - */ - Collection retrieveObjects(AuthenticatedUser user, - Collection identifiers) throws GuacamoleException; - - /** - * Creates the given object. If the object already exists, an error will be - * thrown. - * - * @param user - * The user creating the object. - * - * @param object - * The object to create. - * - * @return - * The newly-created object. - * - * @throws GuacamoleException - * If the user lacks permission to create the object, or an error - * occurs while creating the object. - */ - InternalType createObject(AuthenticatedUser user, ExternalType object) - throws GuacamoleException; - - /** - * Deletes the object having the given identifier. If no such object - * exists, this function has no effect. - * - * @param user - * The user deleting the object. - * - * @param identifier - * The identifier of the object to delete. - * - * @throws GuacamoleException - * If the user lacks permission to delete the object, or an error - * occurs while deleting the object. - */ - void deleteObject(AuthenticatedUser user, String identifier) - throws GuacamoleException; - - /** - * Updates the given object, applying any changes that have been made. If - * no such object exists, this function has no effect. - * - * @param user - * The user updating the object. - * - * @param object - * The object to update. - * - * @throws GuacamoleException - * If the user lacks permission to update the object, or an error - * occurs while updating the object. - */ - void updateObject(AuthenticatedUser user, InternalType object) - throws GuacamoleException; - - /** - * Returns the set of all identifiers for all objects that the user has - * read access to. - * - * @param user - * The user retrieving the identifiers. - * - * @return - * The set of all identifiers for all objects. - * - * @throws GuacamoleException - * If an error occurs while reading identifiers. - */ - Set getIdentifiers(AuthenticatedUser user) throws GuacamoleException; - -} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObject.java similarity index 86% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObject.java index 8568d8995..8986f4f2c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObject.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObject.java @@ -26,14 +26,15 @@ import org.glyptodon.guacamole.net.auth.Identifiable; /** * Common base class for objects that will ultimately be made available through - * the Directory class. All such objects will need the same base set of queries - * to fulfill the needs of the Directory class. + * the Directory class and are persisted to an underlying database model. All + * such objects will need the same base set of queries to fulfill the needs of + * the Directory class. * * @author Michael Jumper * @param * The type of model object that corresponds to this object. */ -public abstract class DirectoryObject +public abstract class ModeledDirectoryObject extends ModeledObject implements Identifiable { @Override diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java similarity index 98% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java index d63cf3814..f3dc98582 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java @@ -37,7 +37,7 @@ import org.apache.ibatis.annotations.Param; * The type of object contained within the directory whose objects are * mapped by this mapper. */ -public interface DirectoryObjectMapper { +public interface ModeledDirectoryObjectMapper { /** * Selects the identifiers of all objects, regardless of whether they diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java new file mode 100644 index 000000000..7d9137075 --- /dev/null +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java @@ -0,0 +1,431 @@ +/* + * Copyright (C) 2013 Glyptodon LLC + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.glyptodon.guacamole.auth.jdbc.base; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser; +import org.glyptodon.guacamole.GuacamoleException; +import org.glyptodon.guacamole.GuacamoleSecurityException; +import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper; +import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel; +import org.glyptodon.guacamole.auth.jdbc.user.UserModel; +import org.glyptodon.guacamole.net.auth.permission.ObjectPermission; +import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet; + +/** + * Service which provides convenience methods for creating, retrieving, and + * manipulating objects within directories. This service will automatically + * enforce the permissions of the current user. + * + * @author Michael Jumper + * @param + * The specific internal implementation of the type of object this service + * provides access to. + * + * @param + * The external interface or implementation of the type of object this + * service provides access to, as defined by the guacamole-ext API. + * + * @param + * The underlying model object used to represent InternalType in the + * database. + */ +public abstract class ModeledDirectoryObjectService, + ExternalType, ModelType extends ObjectModel> + implements DirectoryObjectService { + + /** + * All object permissions which are implicitly granted upon creation to the + * creator of the object. + */ + private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = { + ObjectPermission.Type.READ, + ObjectPermission.Type.UPDATE, + ObjectPermission.Type.DELETE, + ObjectPermission.Type.ADMINISTER + }; + + /** + * Returns an instance of a mapper for the type of object used by this + * service. + * + * @return + * A mapper which provides access to the model objects associated with + * the objects used by this service. + */ + protected abstract ModeledDirectoryObjectMapper getObjectMapper(); + + /** + * Returns an instance of a mapper for the type of permissions that affect + * the type of object used by this service. + * + * @return + * A mapper which provides access to the model objects associated with + * the permissions that affect the objects used by this service. + */ + protected abstract ObjectPermissionMapper getPermissionMapper(); + + /** + * Returns an instance of an object which is backed by the given model + * object. + * + * @param currentUser + * The user for whom this object is being created. + * + * @param model + * The model object to use to back the returned object. + * + * @return + * An object which is backed by the given model object. + */ + protected abstract InternalType getObjectInstance(AuthenticatedUser currentUser, + ModelType model); + + /** + * Returns an instance of a model object which is based on the given + * object. + * + * @param currentUser + * The user for whom this model object is being created. + * + * @param object + * The object to use to produce the returned model object. + * + * @return + * A model object which is based on the given object. + */ + protected abstract ModelType getModelInstance(AuthenticatedUser currentUser, + ExternalType object); + + /** + * Returns whether the given user has permission to create the type of + * objects that this directory object service manages. + * + * @param user + * The user being checked. + * + * @return + * true if the user has object creation permission relevant to this + * directory object service, false otherwise. + * + * @throws GuacamoleException + * If permission to read the user's permissions is denied. + */ + protected abstract boolean hasCreatePermission(AuthenticatedUser user) + throws GuacamoleException; + + /** + * Returns whether the given user has permission to perform a certain + * action on a specific object managed by this directory object service. + * + * @param user + * The user being checked. + * + * @param identifier + * The identifier of the object to check. + * + * @param type + * The type of action that will be performed. + * + * @return + * true if the user has object permission relevant described, false + * otherwise. + * + * @throws GuacamoleException + * If permission to read the user's permissions is denied. + */ + protected boolean hasObjectPermission(AuthenticatedUser user, + String identifier, ObjectPermission.Type type) + throws GuacamoleException { + + // Get object permissions + ObjectPermissionSet permissionSet = getPermissionSet(user); + + // Return whether permission is granted + return user.getUser().isAdministrator() + || permissionSet.hasPermission(type, identifier); + + } + + /** + * Returns the permission set associated with the given user and related + * to the type of objects handled by this directory object service. + * + * @param user + * The user whose permissions are being retrieved. + * + * @return + * A permission set which contains the permissions associated with the + * given user and related to the type of objects handled by this + * directory object service. + * + * @throws GuacamoleException + * If permission to read the user's permissions is denied. + */ + protected abstract ObjectPermissionSet getPermissionSet(AuthenticatedUser user) + throws GuacamoleException; + + /** + * Returns a collection of objects which are backed by the models in the + * given collection. + * + * @param currentUser + * The user for whom these objects are being created. + * + * @param models + * The model objects to use to back the objects within the returned + * collection. + * + * @return + * A collection of objects which are backed by the models in the given + * collection. + */ + protected Collection getObjectInstances(AuthenticatedUser currentUser, + Collection models) { + + // Create new collection of objects by manually converting each model + Collection objects = new ArrayList(models.size()); + for (ModelType model : models) + objects.add(getObjectInstance(currentUser, model)); + + return objects; + + } + + /** + * Called before any object is created through this directory object + * service. This function serves as a final point of validation before + * the create operation occurs. In its default implementation, + * beforeCreate() performs basic permissions checks. + * + * @param user + * The user creating the object. + * + * @param model + * The model of the object being created. + * + * @throws GuacamoleException + * If the object is invalid, or an error prevents validating the given + * object. + */ + protected void beforeCreate(AuthenticatedUser user, + ModelType model ) throws GuacamoleException { + + // Verify permission to create objects + if (!user.getUser().isAdministrator() && !hasCreatePermission(user)) + throw new GuacamoleSecurityException("Permission denied."); + + } + + /** + * Called before any object is updated through this directory object + * service. This function serves as a final point of validation before + * the update operation occurs. In its default implementation, + * beforeUpdate() performs basic permissions checks. + * + * @param user + * The user updating the existing object. + * + * @param model + * The model of the object being updated. + * + * @throws GuacamoleException + * If the object is invalid, or an error prevents validating the given + * object. + */ + protected void beforeUpdate(AuthenticatedUser user, + ModelType model) throws GuacamoleException { + + // By default, do nothing. + if (!hasObjectPermission(user, model.getIdentifier(), ObjectPermission.Type.UPDATE)) + throw new GuacamoleSecurityException("Permission denied."); + + } + + /** + * Called before any object is deleted through this directory object + * service. This function serves as a final point of validation before + * the delete operation occurs. In its default implementation, + * beforeDelete() performs basic permissions checks. + * + * @param user + * The user deleting the existing object. + * + * @param identifier + * The identifier of the object being deleted. + * + * @throws GuacamoleException + * If the object is invalid, or an error prevents validating the given + * object. + */ + protected void beforeDelete(AuthenticatedUser user, + String identifier) throws GuacamoleException { + + // Verify permission to delete objects + if (!hasObjectPermission(user, identifier, ObjectPermission.Type.DELETE)) + throw new GuacamoleSecurityException("Permission denied."); + + } + + @Override + public InternalType retrieveObject(AuthenticatedUser user, + String identifier) throws GuacamoleException { + + // Pull objects having given identifier + Collection objects = retrieveObjects(user, Collections.singleton(identifier)); + + // If no such object, return null + if (objects.isEmpty()) + return null; + + // The object collection will have exactly one element unless the + // database has seriously lost integrity + assert(objects.size() == 1); + + // Return first and only object + return objects.iterator().next(); + + } + + @Override + public Collection retrieveObjects(AuthenticatedUser user, + Collection identifiers) throws GuacamoleException { + + // Do not query if no identifiers given + if (identifiers.isEmpty()) + return Collections.EMPTY_LIST; + + Collection objects; + + // Bypass permission checks if the user is a system admin + if (user.getUser().isAdministrator()) + objects = getObjectMapper().select(identifiers); + + // Otherwise only return explicitly readable identifiers + else + objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers); + + // Return collection of requested objects + return getObjectInstances(user, objects); + + } + + /** + * Returns a collection of permissions that should be granted due to the + * creation of the given object. These permissions need not be granted + * solely to the user creating the object. + * + * @param user + * The user creating the object. + * + * @param model + * The object being created. + * + * @return + * The collection of implicit permissions that should be granted due to + * the creation of the given object. + */ + protected Collection getImplicitPermissions(AuthenticatedUser user, + ModelType model) { + + // Build list of implicit permissions + Collection implicitPermissions = + new ArrayList(IMPLICIT_OBJECT_PERMISSIONS.length); + + UserModel userModel = user.getUser().getModel(); + for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) { + + // Create model which grants this permission to the current user + ObjectPermissionModel permissionModel = new ObjectPermissionModel(); + permissionModel.setUserID(userModel.getObjectID()); + permissionModel.setUsername(userModel.getIdentifier()); + permissionModel.setType(permission); + permissionModel.setObjectIdentifier(model.getIdentifier()); + + // Add permission + implicitPermissions.add(permissionModel); + + } + + return implicitPermissions; + + } + + @Override + public InternalType createObject(AuthenticatedUser user, ExternalType object) + throws GuacamoleException { + + ModelType model = getModelInstance(user, object); + beforeCreate(user, model); + + // Create object + getObjectMapper().insert(model); + + // Add implicit permissions + getPermissionMapper().insert(getImplicitPermissions(user, model)); + + return getObjectInstance(user, model); + + } + + @Override + public void deleteObject(AuthenticatedUser user, String identifier) + throws GuacamoleException { + + beforeDelete(user, identifier); + + // Delete object + getObjectMapper().delete(identifier); + + } + + @Override + public void updateObject(AuthenticatedUser user, InternalType object) + throws GuacamoleException { + + ModelType model = object.getModel(); + beforeUpdate(user, model); + + // Update object + getObjectMapper().update(model); + + } + + @Override + public Set getIdentifiers(AuthenticatedUser user) + throws GuacamoleException { + + // Bypass permission checks if the user is a system admin + if (user.getUser().isAdministrator()) + return getObjectMapper().selectIdentifiers(); + + // Otherwise only return explicitly readable identifiers + else + return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel()); + + } + +} diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObject.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObject.java similarity index 95% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObject.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObject.java index 2b804be85..50c527f9d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObject.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObject.java @@ -33,8 +33,8 @@ import org.glyptodon.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup; * @param * The type of model object that corresponds to this object. */ -public abstract class GroupedDirectoryObject - extends DirectoryObject { +public abstract class ModeledGroupedDirectoryObject + extends ModeledDirectoryObject { /** * Returns the identifier of the parent connection group, which cannot be diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObjectService.java similarity index 97% rename from extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObjectService.java rename to extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObjectService.java index 4fb169f35..1cfa734d0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/GroupedDirectoryObjectService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObjectService.java @@ -49,9 +49,9 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet; * The underlying model object used to represent InternalType in the * database. */ -public abstract class GroupedDirectoryObjectService, +public abstract class ModeledGroupedDirectoryObjectService, ExternalType, ModelType extends GroupedObjectModel> - extends DirectoryObjectService { + extends ModeledDirectoryObjectService { /** * Returns the set of parent connection groups that are modified by the diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java index faa7f21d1..77c29046f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java @@ -23,7 +23,7 @@ package org.glyptodon.guacamole.auth.jdbc.connection; import java.util.Set; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.glyptodon.guacamole.auth.jdbc.user.UserModel; import org.apache.ibatis.annotations.Param; @@ -32,7 +32,7 @@ import org.apache.ibatis.annotations.Param; * * @author Michael Jumper */ -public interface ConnectionMapper extends DirectoryObjectMapper { +public interface ConnectionMapper extends ModeledDirectoryObjectMapper { /** * Selects the identifiers of all connections within the given parent diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java index 8386d1a6d..27a74207c 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java @@ -32,12 +32,12 @@ import java.util.List; import java.util.Map; import java.util.Set; import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService; import org.glyptodon.guacamole.GuacamoleClientException; import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleSecurityException; -import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObjectService; import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper; import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.glyptodon.guacamole.net.GuacamoleTunnel; @@ -55,7 +55,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation; * * @author Michael Jumper, James Muehlner */ -public class ConnectionService extends GroupedDirectoryObjectService { +public class ConnectionService extends ModeledGroupedDirectoryObjectService { /** * Mapper for accessing connections. @@ -94,7 +94,7 @@ public class ConnectionService extends GroupedDirectoryObjectService getObjectMapper() { + protected ModeledDirectoryObjectMapper getObjectMapper() { return connectionMapper; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java index 0502f2272..477b58175 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java @@ -27,7 +27,7 @@ import com.google.inject.Provider; import java.util.List; import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService; import org.glyptodon.guacamole.GuacamoleException; -import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject; import org.glyptodon.guacamole.net.GuacamoleTunnel; import org.glyptodon.guacamole.net.auth.Connection; import org.glyptodon.guacamole.net.auth.ConnectionRecord; @@ -41,7 +41,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration; * @author James Muehlner * @author Michael Jumper */ -public class ModeledConnection extends GroupedDirectoryObject +public class ModeledConnection extends ModeledGroupedDirectoryObject implements Connection { /** diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java index a08ef7c20..ee4df9beb 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java @@ -23,7 +23,7 @@ package org.glyptodon.guacamole.auth.jdbc.connectiongroup; import java.util.Set; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.glyptodon.guacamole.auth.jdbc.user.UserModel; import org.apache.ibatis.annotations.Param; @@ -32,7 +32,7 @@ import org.apache.ibatis.annotations.Param; * * @author Michael Jumper */ -public interface ConnectionGroupMapper extends DirectoryObjectMapper { +public interface ConnectionGroupMapper extends ModeledDirectoryObjectMapper { /** * Selects the identifiers of all connection groups within the given parent diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java index 4fa9ef9c8..954b5e0ac 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java @@ -26,13 +26,13 @@ import com.google.inject.Inject; import com.google.inject.Provider; import java.util.Set; import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService; import org.glyptodon.guacamole.GuacamoleClientException; import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleSecurityException; import org.glyptodon.guacamole.GuacamoleUnsupportedException; -import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObjectService; import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper; import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.glyptodon.guacamole.net.GuacamoleTunnel; @@ -49,7 +49,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation; * * @author Michael Jumper, James Muehlner */ -public class ConnectionGroupService extends GroupedDirectoryObjectService { /** @@ -77,7 +77,7 @@ public class ConnectionGroupService extends GroupedDirectoryObjectService getObjectMapper() { + protected ModeledDirectoryObjectMapper getObjectMapper() { return connectionGroupMapper; } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java index 0b5d6c67c..01f09006f 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java @@ -27,7 +27,7 @@ import java.util.Set; import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService; import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService; import org.glyptodon.guacamole.GuacamoleException; -import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject; import org.glyptodon.guacamole.net.GuacamoleTunnel; import org.glyptodon.guacamole.net.auth.ConnectionGroup; import org.glyptodon.guacamole.protocol.GuacamoleClientInformation; @@ -38,7 +38,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation; * * @author James Muehlner */ -public class ModeledConnectionGroup extends GroupedDirectoryObject +public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject implements ConnectionGroup { /** diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java index e9f79d2fd..2ec2ca0b2 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java @@ -23,7 +23,7 @@ package org.glyptodon.guacamole.auth.jdbc.user; import com.google.inject.Inject; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObject; import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService; import org.glyptodon.guacamole.auth.jdbc.security.SaltService; import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService; @@ -42,7 +42,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet; * @author James Muehlner * @author Michael Jumper */ -public class ModeledUser extends DirectoryObject implements User { +public class ModeledUser extends ModeledDirectoryObject implements User { /** * Service for hashing passwords. @@ -73,7 +73,7 @@ public class ModeledUser extends DirectoryObject implements User { */ @Inject private ConnectionGroupPermissionService connectionGroupPermissionService; - + /** * Service for retrieving user permissions. */ diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java index 5ef96cc2e..862739026 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java @@ -22,7 +22,7 @@ package org.glyptodon.guacamole.auth.jdbc.user; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.ibatis.annotations.Param; /** @@ -30,7 +30,7 @@ import org.apache.ibatis.annotations.Param; * * @author Michael Jumper */ -public interface UserMapper extends DirectoryObjectMapper { +public interface UserMapper extends ModeledDirectoryObjectMapper { /** * Returns the user having the given username, if any. If no such user diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java index f552ce7a6..a84643ed7 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java @@ -28,8 +28,8 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; import org.glyptodon.guacamole.net.auth.Credentials; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper; -import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; +import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.glyptodon.guacamole.GuacamoleClientException; import org.glyptodon.guacamole.GuacamoleException; import org.glyptodon.guacamole.GuacamoleUnsupportedException; @@ -49,7 +49,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet; * * @author Michael Jumper, James Muehlner */ -public class UserService extends DirectoryObjectService { +public class UserService extends ModeledDirectoryObjectService { /** * All user permissions which are implicitly granted to the new user upon @@ -85,7 +85,7 @@ public class UserService extends DirectoryObjectService getObjectMapper() { + protected ModeledDirectoryObjectMapper getObjectMapper() { return userMapper; }