From c6e414025a3ef7cf10837ebd6ec1f9ebf93b921c Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Wed, 30 Jan 2013 13:12:59 -0800 Subject: [PATCH] Allow per-user permissions listing, query by username. --- .../net/auth/PermissionDirectory.java | 25 +++++++++--- .../simple/SimplePermissionDirectory.java | 38 ++++++++++++++++--- 2 files changed, 51 insertions(+), 12 deletions(-) diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/PermissionDirectory.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/PermissionDirectory.java index 30b4f2c38..26d51acec 100644 --- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/PermissionDirectory.java +++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/PermissionDirectory.java @@ -36,6 +36,7 @@ package net.sourceforge.guacamole.net.auth; * * ***** END LICENSE BLOCK ***** */ +import java.util.Set; import net.sourceforge.guacamole.GuacamoleException; import net.sourceforge.guacamole.net.auth.permission.Permission; @@ -48,10 +49,22 @@ import net.sourceforge.guacamole.net.auth.permission.Permission; */ public interface PermissionDirectory { + /** + * Lists all permissions given to the specified user. + * + * @param user The username of the user to list permissions of. + * @return A Set of all permissions granted to the specified user. + * + * @throws GuacamoleException If an error occurs while retrieving + * permissions, or if reading all permissions + * is not allowed. + */ + Set getPermissions(String user) throws GuacamoleException; + /** * Tests whether the specified user has the specified permission. * - * @param user The user to check permissions for. + * @param user The username of the user to check permissions for. * @param permission The permission to check. * @return true if the permission is granted to the user specified, false * otherwise. @@ -60,33 +73,33 @@ public interface PermissionDirectory { * or if permissions cannot be checked due to * lack of permissions to do so. */ - boolean hasPermission(User user, Permission permission) + boolean hasPermission(String user, Permission permission) throws GuacamoleException; /** * Adds the specified permission to the specified user. * - * @param user The user to add the permission to. + * @param user The username of the user to add the permission to. * @param permission The permission to add. * * @throws GuacamoleException If an error occurs while adding the * permission. or if permission to add * permissions is denied. */ - void addPermission(User user, Permission permission) + void addPermission(String user, Permission permission) throws GuacamoleException; /** * Removes the specified permission from the specified user. * - * @param user The user to remove the permission from. + * @param user The username of the user to remove the permission from. * @param permission The permission to remove. * * @throws GuacamoleException If an error occurs while removing the * permission. or if permission to remove * permissions is denied. */ - void removePermission(User user, Permission permission) + void removePermission(String user, Permission permission) throws GuacamoleException; } diff --git a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimplePermissionDirectory.java b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimplePermissionDirectory.java index 7b2c6a42e..2498cd902 100644 --- a/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimplePermissionDirectory.java +++ b/guacamole-ext/src/main/java/net/sourceforge/guacamole/net/auth/simple/SimplePermissionDirectory.java @@ -37,6 +37,7 @@ package net.sourceforge.guacamole.net.auth.simple; * * ***** END LICENSE BLOCK ***** */ +import java.util.HashSet; import java.util.Map; import java.util.Set; import net.sourceforge.guacamole.GuacamoleException; @@ -58,9 +59,9 @@ import net.sourceforge.guacamole.protocol.GuacamoleConfiguration; public class SimplePermissionDirectory implements PermissionDirectory { /** - * The user that has access to all given configs. + * The username of the user that has access to all given configs. */ - private User user; + private String user; /** * The identifiers of all available configs. @@ -78,13 +79,38 @@ public class SimplePermissionDirectory implements PermissionDirectory { public SimplePermissionDirectory(User user, Map configs) { - this.user = user; + this.user = user.getUsername(); configIdentifiers = configs.keySet(); } @Override - public boolean hasPermission(User user, Permission permission) throws GuacamoleException { + public Set getPermissions(String user) throws GuacamoleException { + + // No permssion to check permissions of other users + if (!this.user.equals(user)) + throw new GuacamoleSecurityException("Permission denied."); + + // If correct user, build list all permissions + Set permissions = new HashSet(); + for (String identifier : configIdentifiers) { + + // Add permission to set + permissions.add( + new GuacamoleConfigurationPermission( + ObjectPermission.Type.READ, + identifier + ) + ); + + } + + return permissions; + + } + + @Override + public boolean hasPermission(String user, Permission permission) throws GuacamoleException { // No permssion to check permissions of other users if (!this.user.equals(user)) @@ -109,12 +135,12 @@ public class SimplePermissionDirectory implements PermissionDirectory { } @Override - public void addPermission(User user, Permission permission) throws GuacamoleException { + public void addPermission(String user, Permission permission) throws GuacamoleException { throw new GuacamoleSecurityException("Permission denied."); } @Override - public void removePermission(User user, Permission permission) throws GuacamoleException { + public void removePermission(String user, Permission permission) throws GuacamoleException { throw new GuacamoleSecurityException("Permission denied."); }