GUAC-1132: Rename DirectoryObject to ModeledDirectoryObject.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java

@@ -22,23 +22,16 @@
 
 package org.glyptodon.guacamole.auth.jdbc.base;
 
-import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.GuacamoleSecurityException;
-import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
-import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
-import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
-import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
-import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
 
 /**
  * Service which provides convenience methods for creating, retrieving, and
- * manipulating objects within directories. This service will automatically
- * enforce the permissions of the current user.
+ * manipulating objects that have unique identifiers, such as the objects
+ * within directories. This service will automatically enforce the permissions
+ * of the current user.
  *
  * @author Michael Jumper
  * @param <InternalType>
@@ -48,384 +41,115 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  * @param <ExternalType>
  *     The external interface or implementation of the type of object this
  *     service provides access to, as defined by the guacamole-ext API.
+ */
+public interface DirectoryObjectService<InternalType, ExternalType> {
+
+    /**
+     * Retrieves the single object that has the given identifier, if it exists
+     * and the user has permission to read it.
      *
- * @param <ModelType>
- *     The underlying model object used to represent InternalType in the
- *     database.
- */
-public abstract class DirectoryObjectService<InternalType extends DirectoryObject<ModelType>,
-        ExternalType, ModelType extends ObjectModel>
-    implements IdentifiableObjectService<InternalType, ExternalType> {
-
-    /**
-     * All object permissions which are implicitly granted upon creation to the
-     * creator of the object.
-     */
-    private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = {
-        ObjectPermission.Type.READ,
-        ObjectPermission.Type.UPDATE,
-        ObjectPermission.Type.DELETE,
-        ObjectPermission.Type.ADMINISTER
-    };
-    
-    /**
-     * Returns an instance of a mapper for the type of object used by this
-     * service.
+     * @param user
+     *     The user retrieving the object.
+     *
+     * @param identifier
+     *     The identifier of the object to retrieve.
      *
      * @return
-     *     A mapper which provides access to the model objects associated with
-     *     the objects used by this service.
+     *     The object having the given identifier, or null if no such object
+     *     exists.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested object.
      */
-    protected abstract DirectoryObjectMapper<ModelType> getObjectMapper();
+    InternalType retrieveObject(AuthenticatedUser user, String identifier)
+            throws GuacamoleException;
     
     /**
-     * Returns an instance of a mapper for the type of permissions that affect
-     * the type of object used by this service.
+     * Retrieves all objects that have the identifiers in the given collection.
+     * Only objects that the user has permission to read will be returned.
+     *
+     * @param user
+     *     The user retrieving the objects.
+     *
+     * @param identifiers
+     *     The identifiers of the objects to retrieve.
      *
      * @return
-     *     A mapper which provides access to the model objects associated with
-     *     the permissions that affect the objects used by this service.
+     *     The objects having the given identifiers.
+     *
+     * @throws GuacamoleException
+     *     If an error occurs while retrieving the requested objects.
      */
-    protected abstract ObjectPermissionMapper getPermissionMapper();
+    Collection<InternalType> retrieveObjects(AuthenticatedUser user,
+            Collection<String> identifiers) throws GuacamoleException;
 
     /**
-     * Returns an instance of an object which is backed by the given model
-     * object.
+     * Creates the given object. If the object already exists, an error will be
+     * thrown.
      *
-     * @param currentUser
-     *     The user for whom this object is being created.
-     *
-     * @param model
-     *     The model object to use to back the returned object.
-     *
-     * @return
-     *     An object which is backed by the given model object.
-     */
-    protected abstract InternalType getObjectInstance(AuthenticatedUser currentUser,
-            ModelType model);
-
-    /**
-     * Returns an instance of a model object which is based on the given
-     * object.
-     *
-     * @param currentUser
-     *     The user for whom this model object is being created.
+     * @param user
+     *     The user creating the object.
      *
      * @param object
-     *     The object to use to produce the returned model object.
+     *     The object to create.
      *
      * @return
-     *     A model object which is based on the given object.
-     */
-    protected abstract ModelType getModelInstance(AuthenticatedUser currentUser,
-            ExternalType object);
-
-    /**
-     * Returns whether the given user has permission to create the type of
-     * objects that this directory object service manages.
-     *
-     * @param user
-     *     The user being checked.
-     *
-     * @return
-     *     true if the user has object creation permission relevant to this
-     *     directory object service, false otherwise.
+     *     The newly-created object.
      *
      * @throws GuacamoleException
-     *     If permission to read the user's permissions is denied.
+     *     If the user lacks permission to create the object, or an error
+     *     occurs while creating the object.
      */
-    protected abstract boolean hasCreatePermission(AuthenticatedUser user)
+    InternalType createObject(AuthenticatedUser user, ExternalType object)
             throws GuacamoleException;
 
     /**
-     * Returns whether the given user has permission to perform a certain
-     * action on a specific object managed by this directory object service.
+     * Deletes the object having the given identifier. If no such object
+     * exists, this function has no effect.
      *
      * @param user
-     *     The user being checked.
+     *     The user deleting the object.
      *
      * @param identifier
-     *     The identifier of the object to check.
-     *
-     * @param type
-     *     The type of action that will be performed.
-     *
-     * @return
-     *     true if the user has object permission relevant described, false
-     *     otherwise.
+     *     The identifier of the object to delete.
      *
      * @throws GuacamoleException
-     *     If permission to read the user's permissions is denied.
+     *     If the user lacks permission to delete the object, or an error
+     *     occurs while deleting the object.
      */
-    protected boolean hasObjectPermission(AuthenticatedUser user,
-            String identifier, ObjectPermission.Type type)
-            throws GuacamoleException {
-
-        // Get object permissions
-        ObjectPermissionSet permissionSet = getPermissionSet(user);
-        
-        // Return whether permission is granted
-        return user.getUser().isAdministrator()
-            || permissionSet.hasPermission(type, identifier);
-
-    }
- 
-    /**
-     * Returns the permission set associated with the given user and related
-     * to the type of objects handled by this directory object service.
-     *
-     * @param user
-     *     The user whose permissions are being retrieved.
-     *
-     * @return
-     *     A permission set which contains the permissions associated with the
-     *     given user and related to the type of objects handled by this
-     *     directory object service.
-     * 
-     * @throws GuacamoleException
-     *     If permission to read the user's permissions is denied.
-     */
-    protected abstract ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+    void deleteObject(AuthenticatedUser user, String identifier)
         throws GuacamoleException;
 
     /**
-     * Returns a collection of objects which are backed by the models in the
-     * given collection.
+     * Updates the given object, applying any changes that have been made. If
+     * no such object exists, this function has no effect.
      *
-     * @param currentUser
-     *     The user for whom these objects are being created.
+     * @param user
+     *     The user updating the object.
      *
-     * @param models
-     *     The model objects to use to back the objects within the returned
-     *     collection.
+     * @param object
+     *     The object to update.
+     *
+     * @throws GuacamoleException
+     *     If the user lacks permission to update the object, or an error
+     *     occurs while updating the object.
+     */
+    void updateObject(AuthenticatedUser user, InternalType object)
+            throws GuacamoleException;
+
+    /**
+     * Returns the set of all identifiers for all objects that the user has
+     * read access to.
+     *
+     * @param user
+     *     The user retrieving the identifiers.
      *
      * @return
-     *     A collection of objects which are backed by the models in the given
-     *     collection.
-     */
-    protected Collection<InternalType> getObjectInstances(AuthenticatedUser currentUser,
-            Collection<ModelType> models) {
-
-        // Create new collection of objects by manually converting each model
-        Collection<InternalType> objects = new ArrayList<InternalType>(models.size());
-        for (ModelType model : models)
-            objects.add(getObjectInstance(currentUser, model));
-
-        return objects;
-        
-    }
-
-    /**
-     * Called before any object is created through this directory object
-     * service. This function serves as a final point of validation before
-     * the create operation occurs. In its default implementation,
-     * beforeCreate() performs basic permissions checks.
-     *
-     * @param user
-     *     The user creating the object.
-     *
-     * @param model
-     *     The model of the object being created.
+     *     The set of all identifiers for all objects.
      *
      * @throws GuacamoleException
-     *     If the object is invalid, or an error prevents validating the given
-     *     object.
+     *     If an error occurs while reading identifiers.
      */
-    protected void beforeCreate(AuthenticatedUser user,
-            ModelType model ) throws GuacamoleException {
-
-        // Verify permission to create objects
-        if (!user.getUser().isAdministrator() && !hasCreatePermission(user))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    /**
-     * Called before any object is updated through this directory object
-     * service. This function serves as a final point of validation before
-     * the update operation occurs. In its default implementation,
-     * beforeUpdate() performs basic permissions checks.
-     *
-     * @param user
-     *     The user updating the existing object.
-     *
-     * @param model
-     *     The model of the object being updated.
-     *
-     * @throws GuacamoleException
-     *     If the object is invalid, or an error prevents validating the given
-     *     object.
-     */
-    protected void beforeUpdate(AuthenticatedUser user,
-            ModelType model) throws GuacamoleException {
-
-        // By default, do nothing.
-        if (!hasObjectPermission(user, model.getIdentifier(), ObjectPermission.Type.UPDATE))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    /**
-     * Called before any object is deleted through this directory object
-     * service. This function serves as a final point of validation before
-     * the delete operation occurs. In its default implementation,
-     * beforeDelete() performs basic permissions checks.
-     *
-     * @param user
-     *     The user deleting the existing object.
-     *
-     * @param identifier
-     *     The identifier of the object being deleted.
-     *
-     * @throws GuacamoleException
-     *     If the object is invalid, or an error prevents validating the given
-     *     object.
-     */
-    protected void beforeDelete(AuthenticatedUser user,
-            String identifier) throws GuacamoleException {
-
-        // Verify permission to delete objects
-        if (!hasObjectPermission(user, identifier, ObjectPermission.Type.DELETE))
-            throw new GuacamoleSecurityException("Permission denied.");
-
-    }
-
-    @Override
-    public InternalType retrieveObject(AuthenticatedUser user,
-            String identifier) throws GuacamoleException {
-
-        // Pull objects having given identifier
-        Collection<InternalType> objects = retrieveObjects(user, Collections.singleton(identifier));
-
-        // If no such object, return null
-        if (objects.isEmpty())
-            return null;
-
-        // The object collection will have exactly one element unless the
-        // database has seriously lost integrity
-        assert(objects.size() == 1);
-
-        // Return first and only object 
-        return objects.iterator().next();
-
-    }
-
-    @Override
-    public Collection<InternalType> retrieveObjects(AuthenticatedUser user,
-            Collection<String> identifiers) throws GuacamoleException {
-
-        // Do not query if no identifiers given
-        if (identifiers.isEmpty())
-            return Collections.EMPTY_LIST;
-
-        Collection<ModelType> objects;
-
-        // Bypass permission checks if the user is a system admin
-        if (user.getUser().isAdministrator())
-            objects = getObjectMapper().select(identifiers);
-
-        // Otherwise only return explicitly readable identifiers
-        else
-            objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers);
-        
-        // Return collection of requested objects
-        return getObjectInstances(user, objects);
-        
-    }
-
-    /**
-     * Returns a collection of permissions that should be granted due to the
-     * creation of the given object. These permissions need not be granted
-     * solely to the user creating the object.
-     * 
-     * @param user
-     *     The user creating the object.
-     * 
-     * @param model
-     *     The object being created.
-     * 
-     * @return
-     *     The collection of implicit permissions that should be granted due to
-     *     the creation of the given object.
-     */
-    protected Collection<ObjectPermissionModel> getImplicitPermissions(AuthenticatedUser user,
-            ModelType model) {
-        
-        // Build list of implicit permissions
-        Collection<ObjectPermissionModel> implicitPermissions =
-                new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
-
-        UserModel userModel = user.getUser().getModel();
-        for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
-
-            // Create model which grants this permission to the current user
-            ObjectPermissionModel permissionModel = new ObjectPermissionModel();
-            permissionModel.setUserID(userModel.getObjectID());
-            permissionModel.setUsername(userModel.getIdentifier());
-            permissionModel.setType(permission);
-            permissionModel.setObjectIdentifier(model.getIdentifier());
-
-            // Add permission
-            implicitPermissions.add(permissionModel);
-
-        }
-        
-        return implicitPermissions;
-
-    }
-
-    @Override
-    public InternalType createObject(AuthenticatedUser user, ExternalType object)
-        throws GuacamoleException {
-
-        ModelType model = getModelInstance(user, object);
-        beforeCreate(user, model);
-        
-        // Create object
-        getObjectMapper().insert(model);
-
-        // Add implicit permissions
-        getPermissionMapper().insert(getImplicitPermissions(user, model));
-
-        return getObjectInstance(user, model);
-
-    }
-
-    @Override
-    public void deleteObject(AuthenticatedUser user, String identifier)
-        throws GuacamoleException {
-
-        beforeDelete(user, identifier);
-        
-        // Delete object
-        getObjectMapper().delete(identifier);
-
-    }
-
-    @Override
-    public void updateObject(AuthenticatedUser user, InternalType object)
-        throws GuacamoleException {
-
-        ModelType model = object.getModel();
-        beforeUpdate(user, model);
-        
-        // Update object
-        getObjectMapper().update(model);
-
-    }
-
-    @Override
-    public Set<String> getIdentifiers(AuthenticatedUser user)
-        throws GuacamoleException {
-
-        // Bypass permission checks if the user is a system admin
-        if (user.getUser().isAdministrator())
-            return getObjectMapper().selectIdentifiers();
-
-        // Otherwise only return explicitly readable identifiers
-        else
-            return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel());
-
-    }
+    Set<String> getIdentifiers(AuthenticatedUser user) throws GuacamoleException;
 
 }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/IdentifiableObjectService.java

@@ -1,155 +0,0 @@
-/*
- * Copyright (C) 2013 Glyptodon LLC
- *
- * Permission is hereby granted, free of charge, to any person obtaining a copy
- * of this software and associated documentation files (the "Software"), to deal
- * in the Software without restriction, including without limitation the rights
- * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
- * copies of the Software, and to permit persons to whom the Software is
- * furnished to do so, subject to the following conditions:
- *
- * The above copyright notice and this permission notice shall be included in
- * all copies or substantial portions of the Software.
- *
- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
- * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
- * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
- * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
- * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
- * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
- * THE SOFTWARE.
- */
-
-package org.glyptodon.guacamole.auth.jdbc.base;
-
-import java.util.Collection;
-import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.GuacamoleException;
-
-/**
- * Service which provides convenience methods for creating, retrieving, and
- * manipulating objects that have unique identifiers, such as the objects
- * within directories. This service will automatically enforce the permissions
- * of the current user.
- *
- * @author Michael Jumper
- * @param <InternalType>
- *     The specific internal implementation of the type of object this service
- *     provides access to.
- *
- * @param <ExternalType>
- *     The external interface or implementation of the type of object this
- *     service provides access to, as defined by the guacamole-ext API.
- */
-public interface IdentifiableObjectService<InternalType, ExternalType> {
-
-    /**
-     * Retrieves the single object that has the given identifier, if it exists
-     * and the user has permission to read it.
-     *
-     * @param user
-     *     The user retrieving the object.
-     *
-     * @param identifier
-     *     The identifier of the object to retrieve.
-     *
-     * @return
-     *     The object having the given identifier, or null if no such object
-     *     exists.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while retrieving the requested object.
-     */
-    InternalType retrieveObject(AuthenticatedUser user, String identifier)
-            throws GuacamoleException;
-    
-    /**
-     * Retrieves all objects that have the identifiers in the given collection.
-     * Only objects that the user has permission to read will be returned.
-     *
-     * @param user
-     *     The user retrieving the objects.
-     *
-     * @param identifiers
-     *     The identifiers of the objects to retrieve.
-     *
-     * @return
-     *     The objects having the given identifiers.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while retrieving the requested objects.
-     */
-    Collection<InternalType> retrieveObjects(AuthenticatedUser user,
-            Collection<String> identifiers) throws GuacamoleException;
-
-    /**
-     * Creates the given object. If the object already exists, an error will be
-     * thrown.
-     *
-     * @param user
-     *     The user creating the object.
-     *
-     * @param object
-     *     The object to create.
-     *
-     * @return
-     *     The newly-created object.
-     *
-     * @throws GuacamoleException
-     *     If the user lacks permission to create the object, or an error
-     *     occurs while creating the object.
-     */
-    InternalType createObject(AuthenticatedUser user, ExternalType object)
-            throws GuacamoleException;
-
-    /**
-     * Deletes the object having the given identifier. If no such object
-     * exists, this function has no effect.
-     *
-     * @param user
-     *     The user deleting the object.
-     *
-     * @param identifier
-     *     The identifier of the object to delete.
-     *
-     * @throws GuacamoleException
-     *     If the user lacks permission to delete the object, or an error
-     *     occurs while deleting the object.
-     */
-    void deleteObject(AuthenticatedUser user, String identifier)
-        throws GuacamoleException;
-
-    /**
-     * Updates the given object, applying any changes that have been made. If
-     * no such object exists, this function has no effect.
-     *
-     * @param user
-     *     The user updating the object.
-     *
-     * @param object
-     *     The object to update.
-     *
-     * @throws GuacamoleException
-     *     If the user lacks permission to update the object, or an error
-     *     occurs while updating the object.
-     */
-    void updateObject(AuthenticatedUser user, InternalType object)
-            throws GuacamoleException;
-
-    /**
-     * Returns the set of all identifiers for all objects that the user has
-     * read access to.
-     *
-     * @param user
-     *     The user retrieving the identifiers.
-     *
-     * @return
-     *     The set of all identifiers for all objects.
-     *
-     * @throws GuacamoleException
-     *     If an error occurs while reading identifiers.
-     */
-    Set<String> getIdentifiers(AuthenticatedUser user) throws GuacamoleException;
-
-}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObject.java

@@ -26,14 +26,15 @@ import org.glyptodon.guacamole.net.auth.Identifiable;
 
 /**
  * Common base class for objects that will ultimately be made available through
- * the Directory class. All such objects will need the same base set of queries
- * to fulfill the needs of the Directory class.
+ * the Directory class and are persisted to an underlying database model. All
+ * such objects will need the same base set of queries to fulfill the needs of
+ * the Directory class.
  *
  * @author Michael Jumper
  * @param <ModelType>
  *     The type of model object that corresponds to this object.
  */
-public abstract class DirectoryObject<ModelType extends ObjectModel>
+public abstract class ModeledDirectoryObject<ModelType extends ObjectModel>
     extends ModeledObject<ModelType> implements Identifiable {
 
     @Override

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectMapper.java

@@ -37,7 +37,7 @@ import org.apache.ibatis.annotations.Param;
  *     The type of object contained within the directory whose objects are
  *     mapped by this mapper.
  */
-public interface DirectoryObjectMapper<ModelType> {
+public interface ModeledDirectoryObjectMapper<ModelType> {
 
     /**
      * Selects the identifiers of all objects, regardless of whether they

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java

@@ -0,0 +1,431 @@
+/*
+ * Copyright (C) 2013 Glyptodon LLC
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+
+package org.glyptodon.guacamole.auth.jdbc.base;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
+import org.glyptodon.guacamole.GuacamoleException;
+import org.glyptodon.guacamole.GuacamoleSecurityException;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
+import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
+import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
+
+/**
+ * Service which provides convenience methods for creating, retrieving, and
+ * manipulating objects within directories. This service will automatically
+ * enforce the permissions of the current user.
+ *
+ * @author Michael Jumper
+ * @param <InternalType>
+ *     The specific internal implementation of the type of object this service
+ *     provides access to.
+ *
+ * @param <ExternalType>
+ *     The external interface or implementation of the type of object this
+ *     service provides access to, as defined by the guacamole-ext API.
+ *
+ * @param <ModelType>
+ *     The underlying model object used to represent InternalType in the
+ *     database.
+ */
+public abstract class ModeledDirectoryObjectService<InternalType extends ModeledDirectoryObject<ModelType>,
+        ExternalType, ModelType extends ObjectModel>
+    implements DirectoryObjectService<InternalType, ExternalType> {
+
+    /**
+     * All object permissions which are implicitly granted upon creation to the
+     * creator of the object.
+     */
+    private static final ObjectPermission.Type[] IMPLICIT_OBJECT_PERMISSIONS = {
+        ObjectPermission.Type.READ,
+        ObjectPermission.Type.UPDATE,
+        ObjectPermission.Type.DELETE,
+        ObjectPermission.Type.ADMINISTER
+    };
+    
+    /**
+     * Returns an instance of a mapper for the type of object used by this
+     * service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the objects used by this service.
+     */
+    protected abstract ModeledDirectoryObjectMapper<ModelType> getObjectMapper();
+
+    /**
+     * Returns an instance of a mapper for the type of permissions that affect
+     * the type of object used by this service.
+     *
+     * @return
+     *     A mapper which provides access to the model objects associated with
+     *     the permissions that affect the objects used by this service.
+     */
+    protected abstract ObjectPermissionMapper getPermissionMapper();
+
+    /**
+     * Returns an instance of an object which is backed by the given model
+     * object.
+     *
+     * @param currentUser
+     *     The user for whom this object is being created.
+     *
+     * @param model
+     *     The model object to use to back the returned object.
+     *
+     * @return
+     *     An object which is backed by the given model object.
+     */
+    protected abstract InternalType getObjectInstance(AuthenticatedUser currentUser,
+            ModelType model);
+
+    /**
+     * Returns an instance of a model object which is based on the given
+     * object.
+     *
+     * @param currentUser
+     *     The user for whom this model object is being created.
+     *
+     * @param object 
+     *     The object to use to produce the returned model object.
+     *
+     * @return
+     *     A model object which is based on the given object.
+     */
+    protected abstract ModelType getModelInstance(AuthenticatedUser currentUser,
+            ExternalType object);
+
+    /**
+     * Returns whether the given user has permission to create the type of
+     * objects that this directory object service manages.
+     *
+     * @param user
+     *     The user being checked.
+     *
+     * @return
+     *     true if the user has object creation permission relevant to this
+     *     directory object service, false otherwise.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected abstract boolean hasCreatePermission(AuthenticatedUser user)
+            throws GuacamoleException;
+
+    /**
+     * Returns whether the given user has permission to perform a certain
+     * action on a specific object managed by this directory object service.
+     *
+     * @param user
+     *     The user being checked.
+     *
+     * @param identifier
+     *     The identifier of the object to check.
+     *
+     * @param type
+     *     The type of action that will be performed.
+     *
+     * @return
+     *     true if the user has object permission relevant described, false
+     *     otherwise.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected boolean hasObjectPermission(AuthenticatedUser user,
+            String identifier, ObjectPermission.Type type)
+            throws GuacamoleException {
+
+        // Get object permissions
+        ObjectPermissionSet permissionSet = getPermissionSet(user);
+        
+        // Return whether permission is granted
+        return user.getUser().isAdministrator()
+            || permissionSet.hasPermission(type, identifier);
+
+    }
+ 
+    /**
+     * Returns the permission set associated with the given user and related
+     * to the type of objects handled by this directory object service.
+     *
+     * @param user
+     *     The user whose permissions are being retrieved.
+     *
+     * @return
+     *     A permission set which contains the permissions associated with the
+     *     given user and related to the type of objects handled by this
+     *     directory object service.
+     * 
+     * @throws GuacamoleException
+     *     If permission to read the user's permissions is denied.
+     */
+    protected abstract ObjectPermissionSet getPermissionSet(AuthenticatedUser user)
+            throws GuacamoleException;
+
+    /**
+     * Returns a collection of objects which are backed by the models in the
+     * given collection.
+     *
+     * @param currentUser
+     *     The user for whom these objects are being created.
+     *
+     * @param models
+     *     The model objects to use to back the objects within the returned
+     *     collection.
+     *
+     * @return
+     *     A collection of objects which are backed by the models in the given
+     *     collection.
+     */
+    protected Collection<InternalType> getObjectInstances(AuthenticatedUser currentUser,
+            Collection<ModelType> models) {
+
+        // Create new collection of objects by manually converting each model
+        Collection<InternalType> objects = new ArrayList<InternalType>(models.size());
+        for (ModelType model : models)
+            objects.add(getObjectInstance(currentUser, model));
+
+        return objects;
+        
+    }
+
+    /**
+     * Called before any object is created through this directory object
+     * service. This function serves as a final point of validation before
+     * the create operation occurs. In its default implementation,
+     * beforeCreate() performs basic permissions checks.
+     *
+     * @param user
+     *     The user creating the object.
+     *
+     * @param model
+     *     The model of the object being created.
+     *
+     * @throws GuacamoleException
+     *     If the object is invalid, or an error prevents validating the given
+     *     object.
+     */
+    protected void beforeCreate(AuthenticatedUser user,
+            ModelType model ) throws GuacamoleException {
+
+        // Verify permission to create objects
+        if (!user.getUser().isAdministrator() && !hasCreatePermission(user))
+            throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+    /**
+     * Called before any object is updated through this directory object
+     * service. This function serves as a final point of validation before
+     * the update operation occurs. In its default implementation,
+     * beforeUpdate() performs basic permissions checks.
+     *
+     * @param user
+     *     The user updating the existing object.
+     *
+     * @param model
+     *     The model of the object being updated.
+     *
+     * @throws GuacamoleException
+     *     If the object is invalid, or an error prevents validating the given
+     *     object.
+     */
+    protected void beforeUpdate(AuthenticatedUser user,
+            ModelType model) throws GuacamoleException {
+
+        // By default, do nothing.
+        if (!hasObjectPermission(user, model.getIdentifier(), ObjectPermission.Type.UPDATE))
+            throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+    /**
+     * Called before any object is deleted through this directory object
+     * service. This function serves as a final point of validation before
+     * the delete operation occurs. In its default implementation,
+     * beforeDelete() performs basic permissions checks.
+     *
+     * @param user
+     *     The user deleting the existing object.
+     *
+     * @param identifier
+     *     The identifier of the object being deleted.
+     *
+     * @throws GuacamoleException
+     *     If the object is invalid, or an error prevents validating the given
+     *     object.
+     */
+    protected void beforeDelete(AuthenticatedUser user,
+            String identifier) throws GuacamoleException {
+
+        // Verify permission to delete objects
+        if (!hasObjectPermission(user, identifier, ObjectPermission.Type.DELETE))
+            throw new GuacamoleSecurityException("Permission denied.");
+
+    }
+
+    @Override
+    public InternalType retrieveObject(AuthenticatedUser user,
+            String identifier) throws GuacamoleException {
+
+        // Pull objects having given identifier
+        Collection<InternalType> objects = retrieveObjects(user, Collections.singleton(identifier));
+
+        // If no such object, return null
+        if (objects.isEmpty())
+            return null;
+
+        // The object collection will have exactly one element unless the
+        // database has seriously lost integrity
+        assert(objects.size() == 1);
+
+        // Return first and only object 
+        return objects.iterator().next();
+
+    }
+
+    @Override
+    public Collection<InternalType> retrieveObjects(AuthenticatedUser user,
+            Collection<String> identifiers) throws GuacamoleException {
+
+        // Do not query if no identifiers given
+        if (identifiers.isEmpty())
+            return Collections.EMPTY_LIST;
+
+        Collection<ModelType> objects;
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            objects = getObjectMapper().select(identifiers);
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            objects = getObjectMapper().selectReadable(user.getUser().getModel(), identifiers);
+        
+        // Return collection of requested objects
+        return getObjectInstances(user, objects);
+        
+    }
+
+    /**
+     * Returns a collection of permissions that should be granted due to the
+     * creation of the given object. These permissions need not be granted
+     * solely to the user creating the object.
+     * 
+     * @param user
+     *     The user creating the object.
+     * 
+     * @param model
+     *     The object being created.
+     * 
+     * @return
+     *     The collection of implicit permissions that should be granted due to
+     *     the creation of the given object.
+     */
+    protected Collection<ObjectPermissionModel> getImplicitPermissions(AuthenticatedUser user,
+            ModelType model) {
+        
+        // Build list of implicit permissions
+        Collection<ObjectPermissionModel> implicitPermissions =
+                new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
+
+        UserModel userModel = user.getUser().getModel();
+        for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
+
+            // Create model which grants this permission to the current user
+            ObjectPermissionModel permissionModel = new ObjectPermissionModel();
+            permissionModel.setUserID(userModel.getObjectID());
+            permissionModel.setUsername(userModel.getIdentifier());
+            permissionModel.setType(permission);
+            permissionModel.setObjectIdentifier(model.getIdentifier());
+
+            // Add permission
+            implicitPermissions.add(permissionModel);
+
+        }
+        
+        return implicitPermissions;
+
+    }
+
+    @Override
+    public InternalType createObject(AuthenticatedUser user, ExternalType object)
+        throws GuacamoleException {
+
+        ModelType model = getModelInstance(user, object);
+        beforeCreate(user, model);
+        
+        // Create object
+        getObjectMapper().insert(model);
+
+        // Add implicit permissions
+        getPermissionMapper().insert(getImplicitPermissions(user, model));
+
+        return getObjectInstance(user, model);
+
+    }
+
+    @Override
+    public void deleteObject(AuthenticatedUser user, String identifier)
+        throws GuacamoleException {
+
+        beforeDelete(user, identifier);
+        
+        // Delete object
+        getObjectMapper().delete(identifier);
+
+    }
+
+    @Override
+    public void updateObject(AuthenticatedUser user, InternalType object)
+        throws GuacamoleException {
+
+        ModelType model = object.getModel();
+        beforeUpdate(user, model);
+        
+        // Update object
+        getObjectMapper().update(model);
+
+    }
+
+    @Override
+    public Set<String> getIdentifiers(AuthenticatedUser user)
+        throws GuacamoleException {
+
+        // Bypass permission checks if the user is a system admin
+        if (user.getUser().isAdministrator())
+            return getObjectMapper().selectIdentifiers();
+
+        // Otherwise only return explicitly readable identifiers
+        else
+            return getObjectMapper().selectReadableIdentifiers(user.getUser().getModel());
+
+    }
+
+}

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObject.java

@@ -33,8 +33,8 @@ import org.glyptodon.guacamole.auth.jdbc.connectiongroup.RootConnectionGroup;
  * @param <ModelType>
  *     The type of model object that corresponds to this object.
  */
-public abstract class GroupedDirectoryObject<ModelType extends GroupedObjectModel>
-    extends DirectoryObject<ModelType> {
+public abstract class ModeledGroupedDirectoryObject<ModelType extends GroupedObjectModel>
+    extends ModeledDirectoryObject<ModelType> {
 
     /**
      * Returns the identifier of the parent connection group, which cannot be

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/ModeledGroupedDirectoryObjectService.java

@@ -49,9 +49,9 @@ import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
  *     The underlying model object used to represent InternalType in the
  *     database.
  */
-public abstract class GroupedDirectoryObjectService<InternalType extends GroupedDirectoryObject<ModelType>,
+public abstract class ModeledGroupedDirectoryObjectService<InternalType extends ModeledGroupedDirectoryObject<ModelType>,
         ExternalType, ModelType extends GroupedObjectModel>
-        extends DirectoryObjectService<InternalType, ExternalType, ModelType> {
+        extends ModeledDirectoryObjectService<InternalType, ExternalType, ModelType> {
 
     /**
      * Returns the set of parent connection groups that are modified by the

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionMapper.java

@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.auth.jdbc.connection;
 
 import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
@@ -32,7 +32,7 @@ import org.apache.ibatis.annotations.Param;
  *
  * @author Michael Jumper
  */
-public interface ConnectionMapper extends DirectoryObjectMapper<ConnectionModel> {
+public interface ConnectionMapper extends ModeledDirectoryObjectMapper<ConnectionModel> {
 
     /**
      * Selects the identifiers of all connections within the given parent

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ConnectionService.java

@@ -32,12 +32,12 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
-import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObjectService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
@@ -55,7 +55,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class ConnectionService extends GroupedDirectoryObjectService<ModeledConnection, Connection, ConnectionModel> {
+public class ConnectionService extends ModeledGroupedDirectoryObjectService<ModeledConnection, Connection, ConnectionModel> {
 
     /**
      * Mapper for accessing connections.
@@ -94,7 +94,7 @@ public class ConnectionService extends GroupedDirectoryObjectService<ModeledConn
     private GuacamoleTunnelService tunnelService;
     
     @Override
-    protected DirectoryObjectMapper<ConnectionModel> getObjectMapper() {
+    protected ModeledDirectoryObjectMapper<ConnectionModel> getObjectMapper() {
         return connectionMapper;
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connection/ModeledConnection.java

@@ -27,7 +27,7 @@ import com.google.inject.Provider;
 import java.util.List;
 import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.Connection;
 import org.glyptodon.guacamole.net.auth.ConnectionRecord;
@@ -41,7 +41,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleConfiguration;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class ModeledConnection extends GroupedDirectoryObject<ConnectionModel>
+public class ModeledConnection extends ModeledGroupedDirectoryObject<ConnectionModel>
     implements Connection {
 
     /**

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupMapper.java

@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.auth.jdbc.connectiongroup;
 
 import java.util.Set;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.user.UserModel;
 import org.apache.ibatis.annotations.Param;
 
@@ -32,7 +32,7 @@ import org.apache.ibatis.annotations.Param;
  *
  * @author Michael Jumper
  */
-public interface ConnectionGroupMapper extends DirectoryObjectMapper<ConnectionGroupModel> {
+public interface ConnectionGroupMapper extends ModeledDirectoryObjectMapper<ConnectionGroupModel> {
 
     /**
      * Selects the identifiers of all connection groups within the given parent

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java

@@ -26,13 +26,13 @@ import com.google.inject.Inject;
 import com.google.inject.Provider;
 import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.user.AuthenticatedUser;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleSecurityException;
 import org.glyptodon.guacamole.GuacamoleUnsupportedException;
-import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObjectService;
 import org.glyptodon.guacamole.auth.jdbc.permission.ConnectionGroupPermissionMapper;
 import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
@@ -49,7 +49,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class ConnectionGroupService extends GroupedDirectoryObjectService<ModeledConnectionGroup,
+public class ConnectionGroupService extends ModeledGroupedDirectoryObjectService<ModeledConnectionGroup,
         ConnectionGroup, ConnectionGroupModel> {
 
     /**
@@ -77,7 +77,7 @@ public class ConnectionGroupService extends GroupedDirectoryObjectService<Modele
     private GuacamoleTunnelService tunnelService;
     
     @Override
-    protected DirectoryObjectMapper<ConnectionGroupModel> getObjectMapper() {
+    protected ModeledDirectoryObjectMapper<ConnectionGroupModel> getObjectMapper() {
         return connectionGroupMapper;
     }
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/connectiongroup/ModeledConnectionGroup.java

@@ -27,7 +27,7 @@ import java.util.Set;
 import org.glyptodon.guacamole.auth.jdbc.connection.ConnectionService;
 import org.glyptodon.guacamole.auth.jdbc.tunnel.GuacamoleTunnelService;
 import org.glyptodon.guacamole.GuacamoleException;
-import org.glyptodon.guacamole.auth.jdbc.base.GroupedDirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledGroupedDirectoryObject;
 import org.glyptodon.guacamole.net.GuacamoleTunnel;
 import org.glyptodon.guacamole.net.auth.ConnectionGroup;
 import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
@@ -38,7 +38,7 @@ import org.glyptodon.guacamole.protocol.GuacamoleClientInformation;
  *
  * @author James Muehlner
  */
-public class ModeledConnectionGroup extends GroupedDirectoryObject<ConnectionGroupModel>
+public class ModeledConnectionGroup extends ModeledGroupedDirectoryObject<ConnectionGroupModel>
     implements ConnectionGroup {
 
     /**

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/ModeledUser.java

@@ -23,7 +23,7 @@
 package org.glyptodon.guacamole.auth.jdbc.user;
 
 import com.google.inject.Inject;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObject;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObject;
 import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
 import org.glyptodon.guacamole.auth.jdbc.security.SaltService;
 import org.glyptodon.guacamole.auth.jdbc.permission.SystemPermissionService;
@@ -42,7 +42,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
  * @author James Muehlner
  * @author Michael Jumper
  */
-public class ModeledUser extends DirectoryObject<UserModel> implements User {
+public class ModeledUser extends ModeledDirectoryObject<UserModel> implements User {
 
     /**
      * Service for hashing passwords.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserMapper.java

@@ -22,7 +22,7 @@
 
 package org.glyptodon.guacamole.auth.jdbc.user;
 
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
 import org.apache.ibatis.annotations.Param;
 
 /**
@@ -30,7 +30,7 @@ import org.apache.ibatis.annotations.Param;
  *
  * @author Michael Jumper
  */
-public interface UserMapper extends DirectoryObjectMapper<UserModel> {
+public interface UserMapper extends ModeledDirectoryObjectMapper<UserModel> {
 
     /**
      * Returns the user having the given username, if any. If no such user

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java

@@ -28,8 +28,8 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import org.glyptodon.guacamole.net.auth.Credentials;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectMapper;
-import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
+import org.glyptodon.guacamole.auth.jdbc.base.ModeledDirectoryObjectService;
 import org.glyptodon.guacamole.GuacamoleClientException;
 import org.glyptodon.guacamole.GuacamoleException;
 import org.glyptodon.guacamole.GuacamoleUnsupportedException;
@@ -49,7 +49,7 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
  *
  * @author Michael Jumper, James Muehlner
  */
-public class UserService extends DirectoryObjectService<ModeledUser, User, UserModel> {
+public class UserService extends ModeledDirectoryObjectService<ModeledUser, User, UserModel> {
     
     /**
      * All user permissions which are implicitly granted to the new user upon
@@ -85,7 +85,7 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
     private PasswordEncryptionService encryptionService;
 
     @Override
-    protected DirectoryObjectMapper<UserModel> getObjectMapper() {
+    protected ModeledDirectoryObjectMapper<UserModel> getObjectMapper() {
         return userMapper;
     }