safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-462: Retrieve individual database history records directly (by ID).

Browse Source
This commit is contained in:
Michael Jumper
2022-02-14 10:49:24 -08:00
parent 449fcb828e
commit c386845f24
9 changed files with 116 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ActivityRecordMapper.java
View File

@@ -71,6 +71,11 @@ public interface ActivityRecordMapper<ModelType> {
* retrieved, or null if records related to any such object should be * retrieved, or null if records related to any such object should be
* retrieved. * retrieved.
* *
* @param recordIdentifier
* The identifier of the specific history record to retrieve, if not
* all matching records. Search terms, etc. will still be applied to
* the single record.
*
* @param terms * @param terms
* The search terms that must match the returned records. * The search terms that must match the returned records.
* *
@@ -85,6 +90,7 @@ public interface ActivityRecordMapper<ModelType> {
* The results of the search performed with the given parameters. * The results of the search performed with the given parameters.
*/ */
List<ModelType> search(@Param("identifier") String identifier, List<ModelType> search(@Param("identifier") String identifier,
@Param("recordIdentifier") String recordIdentifier,
@Param("terms") Collection<ActivityRecordSearchTerm> terms, @Param("terms") Collection<ActivityRecordSearchTerm> terms,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates, @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit); @Param("limit") int limit);
@@ -106,6 +112,11 @@ public interface ActivityRecordMapper<ModelType> {
* The user whose permissions should determine whether a record is * The user whose permissions should determine whether a record is
* returned. * returned.
* *
* @param recordIdentifier
* The identifier of the specific history record to retrieve, if not
* all matching records. Search terms, etc. will still be applied to
* the single record.
*
* @param terms * @param terms
* The search terms that must match the returned records. * The search terms that must match the returned records.
* *
@@ -127,6 +138,7 @@ public interface ActivityRecordMapper<ModelType> {
*/ */
List<ModelType> searchReadable(@Param("identifier") String identifier, List<ModelType> searchReadable(@Param("identifier") String identifier,
@Param("user") UserModel user, @Param("user") UserModel user,
@Param("recordIdentifier") String recordIdentifier,
@Param("terms") Collection<ActivityRecordSearchTerm> terms, @Param("terms") Collection<ActivityRecordSearchTerm> terms,
@Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates, @Param("sortPredicates") List<ActivityRecordSortPredicate> sortPredicates,
@Param("limit") int limit, @Param("limit") int limit,

37
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledActivityRecordSet.java
View File

@@ -29,6 +29,8 @@ import org.apache.guacamole.net.auth.ActivityRecord;
import org.apache.guacamole.net.auth.ActivityRecordSet; import org.apache.guacamole.net.auth.ActivityRecordSet;
import org.apache.guacamole.net.auth.ActivityRecordSet.SortableProperty; import org.apache.guacamole.net.auth.ActivityRecordSet.SortableProperty;
import org.apache.guacamole.net.auth.AuthenticatedUser; import org.apache.guacamole.net.auth.AuthenticatedUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/** /**
* A JDBC implementation of ActivityRecordSet. Calls to asCollection() will * A JDBC implementation of ActivityRecordSet. Calls to asCollection() will
@@ -41,6 +43,11 @@ import org.apache.guacamole.net.auth.AuthenticatedUser;
public abstract class ModeledActivityRecordSet<RecordType extends ActivityRecord> public abstract class ModeledActivityRecordSet<RecordType extends ActivityRecord>
extends RestrictedObject implements ActivityRecordSet<RecordType> { extends RestrictedObject implements ActivityRecordSet<RecordType> {
/**
* Logger for this class.
*/
private static final Logger logger = LoggerFactory.getLogger(ModeledActivityRecordSet.class);
/** /**
* The set of strings that each must occur somewhere within the returned * The set of strings that each must occur somewhere within the returned
* records, whether within the associated username, an associated date, or * records, whether within the associated username, an associated date, or
@@ -73,6 +80,11 @@ public abstract class ModeledActivityRecordSet<RecordType extends ActivityRecord
* @param user * @param user
* The user retrieving the history. * The user retrieving the history.
* *
* @param recordIdentifier
* The identifier of the specific history record to retrieve, if not
* all matching records. Search terms, etc. will still be applied to
* the single record.
*
* @param requiredContents * @param requiredContents
* The search terms that must be contained somewhere within each of the * The search terms that must be contained somewhere within each of the
* returned records. * returned records.
@@ -90,16 +102,35 @@ public abstract class ModeledActivityRecordSet<RecordType extends ActivityRecord
* @throws GuacamoleException * @throws GuacamoleException
* If permission to read the history records is denied. * If permission to read the history records is denied.
*/ */
protected abstract Collection<RecordType> retrieveHistory( protected abstract List<RecordType> retrieveHistory(
AuthenticatedUser user, AuthenticatedUser user, String recordIdentifier,
Set<ActivityRecordSearchTerm> requiredContents, Set<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, List<ActivityRecordSortPredicate> sortPredicates,
int limit) throws GuacamoleException; int limit) throws GuacamoleException;
@Override
public RecordType get(String identifier) throws GuacamoleException {
List<RecordType> records = retrieveHistory(getCurrentUser(),
identifier, requiredContents, sortPredicates, limit);
if (records.isEmpty())
return null;
if (records.size() == 1)
return records.get(0);
logger.warn("Multiple history records match ID \"{}\"! This should "
+ "not be possible and may indicate a bug or database "
+ "corruption.", identifier);
return null;
}
@Override @Override
public Collection<RecordType> asCollection() public Collection<RecordType> asCollection()
throws GuacamoleException { throws GuacamoleException {
return retrieveHistory(getCurrentUser(), requiredContents, return retrieveHistory(getCurrentUser(), null, requiredContents,
sortPredicates, limit); sortPredicates, limit);
} }

12
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordSet.java
View File

@@ -20,7 +20,6 @@
package org.apache.guacamole.auth.jdbc.connection; package org.apache.guacamole.auth.jdbc.connection;
import com.google.inject.Inject; import com.google.inject.Inject;
import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
@@ -79,14 +78,15 @@ public class ConnectionRecordSet extends ModeledActivityRecordSet<ConnectionReco
} }
@Override @Override
protected Collection<ConnectionRecord> retrieveHistory( protected List<ConnectionRecord> retrieveHistory(
AuthenticatedUser user, Set<ActivityRecordSearchTerm> requiredContents, AuthenticatedUser user, String recordIdentifier,
List<ActivityRecordSortPredicate> sortPredicates, int limit) Set<ActivityRecordSearchTerm> requiredContents,
throws GuacamoleException { List<ActivityRecordSortPredicate> sortPredicates,
int limit) throws GuacamoleException {
// Retrieve history from database // Retrieve history from database
return connectionService.retrieveHistory(identifier, getCurrentUser(), return connectionService.retrieveHistory(identifier, getCurrentUser(),
requiredContents, sortPredicates, limit); recordIdentifier, requiredContents, sortPredicates, limit);
} }

86
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java
View File

@@ -390,40 +390,6 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
} }
/**
* Retrieves the connection history of the given connection, including any
* active connections.
*
* @param user
* The user retrieving the connection history.
*
* @param connection
* The connection whose history is being retrieved.
*
* @return
* The connection history of the given connection, including any
* active connections.
*
* @throws GuacamoleException
* If permission to read the connection history is denied.
*/
public List<ConnectionRecord> retrieveHistory(ModeledAuthenticatedUser user,
ModeledConnection connection) throws GuacamoleException {
String identifier = connection.getIdentifier();
// Get current active connections.
List<ConnectionRecord> records = new ArrayList<>(tunnelService.getActiveConnections(connection));
Collections.reverse(records);
// Add in the history records.
records.addAll(retrieveHistory(identifier, user, Collections.emptyList(),
Collections.emptyList(), Integer.MAX_VALUE));
return records;
}
/** /**
* Retrieves the connection history records matching the given criteria. * Retrieves the connection history records matching the given criteria.
* Retrieves up to <code>limit</code> connection history records matching * Retrieves up to <code>limit</code> connection history records matching
@@ -437,6 +403,11 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
* @param user * @param user
* The user retrieving the connection history. * The user retrieving the connection history.
* *
* @param recordIdentifier
* The identifier of the specific history record to retrieve, if not
* all matching records. Search terms, etc. will still be applied to
* the single record.
*
* @param requiredContents * @param requiredContents
* The search terms that must be contained somewhere within each of the * The search terms that must be contained somewhere within each of the
* returned records. * returned records.
@@ -456,7 +427,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
* If permission to read the connection history is denied. * If permission to read the connection history is denied.
*/ */
public List<ConnectionRecord> retrieveHistory(String identifier, public List<ConnectionRecord> retrieveHistory(String identifier,
ModeledAuthenticatedUser user, ModeledAuthenticatedUser user, String recordIdentifier,
Collection<ActivityRecordSearchTerm> requiredContents, Collection<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, int limit) List<ActivityRecordSortPredicate> sortPredicates, int limit)
throws GuacamoleException { throws GuacamoleException {
@@ -465,54 +436,19 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
// Bypass permission checks if the user is privileged // Bypass permission checks if the user is privileged
if (user.isPrivileged()) if (user.isPrivileged())
searchResults = connectionRecordMapper.search(identifier, requiredContents, searchResults = connectionRecordMapper.search(identifier,
sortPredicates, limit); recordIdentifier, requiredContents, sortPredicates, limit);
// Otherwise only return explicitly readable history records // Otherwise only return explicitly readable history records
else else
searchResults = connectionRecordMapper.searchReadable(identifier, searchResults = connectionRecordMapper.searchReadable(identifier,
user.getUser().getModel(), requiredContents, sortPredicates, user.getUser().getModel(), recordIdentifier,
limit, user.getEffectiveUserGroups()); requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups());
return getObjectInstances(searchResults); return getObjectInstances(searchResults);
} }
/**
* Retrieves the connection history records matching the given criteria.
* Retrieves up to <code>limit</code> connection history records matching
* the given terms and sorted by the given predicates. Only history records
* associated with data that the given user can read are returned.
*
* @param user
* The user retrieving the connection history.
*
* @param requiredContents
* The search terms that must be contained somewhere within each of the
* returned records.
*
* @param sortPredicates
* A list of predicates to sort the returned records by, in order of
* priority.
*
* @param limit
* The maximum number of records that should be returned.
*
* @return
* The connection history of the given connection, including any
* active connections.
*
* @throws GuacamoleException
* If permission to read the connection history is denied.
*/
public List<ConnectionRecord> retrieveHistory(ModeledAuthenticatedUser user,
Collection<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, int limit)
throws GuacamoleException {
return retrieveHistory(null, user, requiredContents, sortPredicates, limit);
}
/** /**
* Connects to the given connection as the given user, using the given * Connects to the given connection as the given user, using the given

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserRecordSet.java
View File

@@ -20,7 +20,6 @@
package org.apache.guacamole.auth.jdbc.user; package org.apache.guacamole.auth.jdbc.user;
import com.google.inject.Inject; import com.google.inject.Inject;
import java.util.Collection;
import java.util.List; import java.util.List;
import java.util.Set; import java.util.Set;
import java.util.UUID; import java.util.UUID;
@@ -80,14 +79,15 @@ public class UserRecordSet extends ModeledActivityRecordSet<ActivityRecord> {
} }
@Override @Override
protected Collection<ActivityRecord> retrieveHistory( protected List<ActivityRecord> retrieveHistory(
AuthenticatedUser user, Set<ActivityRecordSearchTerm> requiredContents, AuthenticatedUser user, String recordIdentifier,
Set<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, int limit) List<ActivityRecordSortPredicate> sortPredicates, int limit)
throws GuacamoleException { throws GuacamoleException {
// Retrieve history from database // Retrieve history from database
return userService.retrieveHistory(identifier, getCurrentUser(), return userService.retrieveHistory(identifier, getCurrentUser(),
requiredContents, sortPredicates, limit); recordIdentifier, requiredContents, sortPredicates, limit);
} }

77
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
View File

@@ -572,32 +572,6 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
} }
/**
* Retrieves the login history of the given user, including any active
* sessions.
*
* @param authenticatedUser
* The user retrieving the login history.
*
* @param user
* The user whose history is being retrieved.
*
* @return
* The login history of the given user, including any active sessions.
*
* @throws GuacamoleException
* If permission to read the login history is denied.
*/
public List<ActivityRecord> retrieveHistory(ModeledAuthenticatedUser authenticatedUser,
ModeledUser user) throws GuacamoleException {
String username = user.getIdentifier();
return retrieveHistory(username, authenticatedUser, Collections.emptyList(),
Collections.emptyList(), Integer.MAX_VALUE);
}
/** /**
* Retrieves user login history records matching the given criteria. * Retrieves user login history records matching the given criteria.
* Retrieves up to <code>limit</code> user history records matching the * Retrieves up to <code>limit</code> user history records matching the
@@ -611,6 +585,11 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
* @param user * @param user
* The user retrieving the login history. * The user retrieving the login history.
* *
* @param recordIdentifier
* The identifier of the specific history record to retrieve, if not
* all matching records. Search terms, etc. will still be applied to
* the single record.
*
* @param requiredContents * @param requiredContents
* The search terms that must be contained somewhere within each of the * The search terms that must be contained somewhere within each of the
* returned records. * returned records.
@@ -629,7 +608,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
* If permission to read the user login history is denied. * If permission to read the user login history is denied.
*/ */
public List<ActivityRecord> retrieveHistory(String username, public List<ActivityRecord> retrieveHistory(String username,
ModeledAuthenticatedUser user, ModeledAuthenticatedUser user, String recordIdentifier,
Collection<ActivityRecordSearchTerm> requiredContents, Collection<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, int limit) List<ActivityRecordSortPredicate> sortPredicates, int limit)
throws GuacamoleException { throws GuacamoleException {
@@ -638,52 +617,18 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
// Bypass permission checks if the user is privileged // Bypass permission checks if the user is privileged
if (user.isPrivileged()) if (user.isPrivileged())
searchResults = userRecordMapper.search(username, requiredContents, searchResults = userRecordMapper.search(username, recordIdentifier,
sortPredicates, limit); requiredContents, sortPredicates, limit);
// Otherwise only return explicitly readable history records // Otherwise only return explicitly readable history records
else else
searchResults = userRecordMapper.searchReadable(username, searchResults = userRecordMapper.searchReadable(username,
user.getUser().getModel(), user.getUser().getModel(), recordIdentifier,
requiredContents, sortPredicates, limit, user.getEffectiveUserGroups()); requiredContents, sortPredicates, limit,
user.getEffectiveUserGroups());
return getObjectInstances(searchResults); return getObjectInstances(searchResults);
} }
/**
* Retrieves user login history records matching the given criteria.
* Retrieves up to <code>limit</code> user history records matching the
* given terms and sorted by the given predicates. Only history records
* associated with data that the given user can read are returned.
*
* @param user
* The user retrieving the login history.
*
* @param requiredContents
* The search terms that must be contained somewhere within each of the
* returned records.
*
* @param sortPredicates
* A list of predicates to sort the returned records by, in order of
* priority.
*
* @param limit
* The maximum number of records that should be returned.
*
* @return
* The login history of the given user, including any active sessions.
*
* @throws GuacamoleException
* If permission to read the user login history is denied.
*/
public List<ActivityRecord> retrieveHistory(ModeledAuthenticatedUser user,
Collection<ActivityRecordSearchTerm> requiredContents,
List<ActivityRecordSortPredicate> sortPredicates, int limit)
throws GuacamoleException {
return retrieveHistory(null, user, requiredContents, sortPredicates, limit);
}
} }

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -97,9 +97,13 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="recordIdentifier != null">
guacamole_connection_history.history_id = #{recordIdentifier,jdbcType=VARCHAR}
</if>
<if test="identifier != null"> <if test="identifier != null">
guacamole_connection_history.connection_id = #{identifier,jdbcType=VARCHAR} AND guacamole_connection_history.connection_id = #{identifier,jdbcType=VARCHAR}
</if> </if>
<foreach collection="terms" item="term" open=" AND " separator=" AND "> <foreach collection="terms" item="term" open=" AND " separator=" AND ">
@@ -163,9 +167,13 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="recordIdentifier != null">
guacamole_connection_history.history_id = #{recordIdentifier,jdbcType=VARCHAR}
</if>
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
guacamole_connection_history.connection_id IN ( AND guacamole_connection_history.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>

20
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -95,11 +95,15 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="identifier != null"> <if test="recordIdentifier != null">
guacamole_connection_history.connection_id = #{identifier,jdbcType=INTEGER}::integer guacamole_connection_history.history_id = #{recordIdentifier,jdbcType=INTEGER}::integer
</if> </if>
<if test="identifier != null">
AND guacamole_connection_history.connection_id = #{identifier,jdbcType=INTEGER}::integer
</if>
<foreach collection="terms" item="term" open=" AND " separator=" AND "> <foreach collection="terms" item="term" open=" AND " separator=" AND ">
( (
@@ -161,9 +165,13 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="recordIdentifier != null">
guacamole_connection_history.history_id = #{recordIdentifier,jdbcType=INTEGER}::integer
</if>
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
guacamole_connection_history.connection_id IN ( AND guacamole_connection_history.connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>

16
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-sqlserver/src/main/resources/org/apache/guacamole/auth/jdbc/connection/ConnectionRecordMapper.xml
View File

@@ -95,9 +95,13 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="recordIdentifier != null">
[guacamole_connection_history].history_id = #{recordIdentifier,jdbcType=INTEGER}
</if>
<if test="identifier != null"> <if test="identifier != null">
[guacamole_connection_history].connection_id = #{identifier,jdbcType=INTEGER} AND [guacamole_connection_history].connection_id = #{identifier,jdbcType=INTEGER}
</if> </if>
<foreach collection="terms" item="term" open=" AND " separator=" AND "> <foreach collection="terms" item="term" open=" AND " separator=" AND ">
@@ -159,9 +163,13 @@
<!-- Search terms --> <!-- Search terms -->
<where> <where>
<if test="recordIdentifier != null">
[guacamole_connection_history].history_id = #{recordIdentifier,jdbcType=INTEGER}
</if>
<!-- Restrict to readable connections --> <!-- Restrict to readable connections -->
[guacamole_connection_history].connection_id IN ( AND [guacamole_connection_history].connection_id IN (
<include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs"> <include refid="org.apache.guacamole.auth.jdbc.connection.ConnectionMapper.getReadableIDs">
<property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/> <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
<property name="groups" value="effectiveGroups"/> <property name="groups" value="effectiveGroups"/>