GUACAMOLE-708: Update comments to reflect generalization of privileged access beyond administrators.

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java

@@ -82,8 +82,9 @@ public class ActiveConnectionPermissionService
         // Retrieve permissions only if allowed
         if (canReadPermissions(user, targetEntity)) {
 
-            // Administrators may always access active connections
-            boolean isAdmin = targetEntity.isPrivileged();
+            // Privileged accounts (such as administrators or UserContexts
+            // returned by getPrivileged()) may always access active connections
+            boolean isPrivileged = targetEntity.isPrivileged();
 
             // Get all active connections
             Collection<ActiveConnectionRecord> records = tunnelService.getActiveConnections(user);
@@ -96,9 +97,9 @@ public class ActiveConnectionPermissionService
                 String identifier = record.getUUID().toString();
                 permissions.add(new ObjectPermission(ObjectPermission.Type.READ, identifier));
 
-                // If the target use is an admin, or the connection belongs to
-                // the target user, then they can DELETE
-                if (isAdmin || targetEntity.isUser(record.getUsername()))
+                // If the target user is privileged, or the connection belongs
+                // to the target user, then they can DELETE
+                if (isPrivileged || targetEntity.isUser(record.getUsername()))
                     permissions.add(new ObjectPermission(ObjectPermission.Type.DELETE, identifier));
 
             }

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java

@@ -81,7 +81,7 @@ public class ActiveConnectionService
             Collection<String> identifiers) throws GuacamoleException {
 
         String username = user.getIdentifier();
-        boolean isAdmin = user.isPrivileged();
+        boolean isPrivileged = user.isPrivileged();
         Set<String> identifierSet = new HashSet<String>(identifiers);
 
         // Retrieve all visible connections (permissions enforced by tunnel service)
@@ -95,7 +95,7 @@ public class ActiveConnectionService
             // be able to connect to (join) the active connection if they are
             // the user that started the connection OR the user is an admin
             boolean hasPrivilegedAccess =
-                    isAdmin || username.equals(record.getUsername());
+                    isPrivileged || username.equals(record.getUsername());
 
             // Add connection if within requested identifiers
             if (identifierSet.contains(record.getUUID().toString())) {

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledChildDirectoryObjectService.java

@@ -148,7 +148,7 @@ public abstract class ModeledChildDirectoryObjectService<InternalType extends Mo
     protected boolean canUpdateModifiedParents(ModeledAuthenticatedUser user,
             String identifier, ModelType model) throws GuacamoleException {
 
-        // If user is an administrator, no need to check
+        // If user is privileged, no need to check
         if (user.isPrivileged())
             return true;
         

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java

@@ -395,7 +395,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
 
         Collection<ModelType> objects;
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             objects = getObjectMapper().select(identifiers);
 
@@ -507,7 +507,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
     public Set<String> getIdentifiers(ModeledAuthenticatedUser user)
         throws GuacamoleException {
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             return getObjectMapper().selectIdentifiers();
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/RelatedObjectSet.java

@@ -140,7 +140,8 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
     private boolean canAlterRelation(Collection<String> identifiers)
             throws GuacamoleException {
 
-        // System administrators may alter any relations
+        // Privileged users (such as system administrators) may alter any
+        // relations
         if (getCurrentUser().isPrivileged())
             return true;
 
@@ -162,7 +163,7 @@ public abstract class RelatedObjectSet<ParentObjectType extends ModeledDirectory
     @Override
     public Set<String> getObjects() throws GuacamoleException {
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is a privileged
         ModeledAuthenticatedUser user = getCurrentUser();
         if (user.isPrivileged())
             return getObjectRelationMapper().selectChildIdentifiers(parent.getModel());

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connection/ConnectionService.java

@@ -297,7 +297,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
             String identifier)
             throws GuacamoleException {
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             return connectionMapper.selectIdentifiersWithin(identifier);
 
@@ -470,7 +470,7 @@ public class ConnectionService extends ModeledChildDirectoryObjectService<Modele
 
         List<ConnectionRecordModel> searchResults;
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             searchResults = connectionRecordMapper.search(requiredContents,
                     sortPredicates, limit);

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/connectiongroup/ConnectionGroupService.java

@@ -218,7 +218,7 @@ public class ConnectionGroupService extends ModeledChildDirectoryObjectService<M
             String identifier)
             throws GuacamoleException {
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             return connectionGroupMapper.selectIdentifiersWithin(identifier);
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java

@@ -104,7 +104,7 @@ public abstract class AbstractPermissionService<PermissionSetType extends Permis
         if (targetEntity.isUser(user.getUser().getIdentifier()))
             return true;
         
-        // A system adminstrator can do anything
+        // Privileged users (such as system administrators) may do anything
         if (user.isPrivileged())
             return true;
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java

@@ -95,7 +95,7 @@ public abstract class ModeledObjectPermissionService
             Collection<ObjectPermission> permissions)
             throws GuacamoleException {
 
-        // A system adminstrator can do anything
+        // Privileged users (such as system administrators) may do anything
         if (user.isPrivileged())
             return true;
         
@@ -187,7 +187,7 @@ public abstract class ModeledObjectPermissionService
         if (identifiers.isEmpty())
             return identifiers;
         
-        // If user is an admin, everything is accessible
+        // Privileged users (such as system administrators) may access everything
         if (user.isPrivileged())
             return identifiers;
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java

@@ -94,7 +94,8 @@ public class SystemPermissionService
             ModeledPermissions<? extends EntityModel> targetEntity,
             Collection<SystemPermission> permissions) throws GuacamoleException {
 
-        // Only an admin can create system permissions
+        // Only privileged users (such as system administrators) can create
+        // system permissions
         if (user.isPrivileged()) {
             Collection<SystemPermissionModel> models = getModelInstances(targetEntity, permissions);
             systemPermissionMapper.insert(models);
@@ -111,7 +112,8 @@ public class SystemPermissionService
             ModeledPermissions<? extends EntityModel> targetEntity,
             Collection<SystemPermission> permissions) throws GuacamoleException {
 
-        // Only an admin can delete system permissions
+        // Only privileged users (such as system administrators) can delete
+        // system permissions
         if (user.isPrivileged()) {
 
             // Do not allow users to remove their own admin powers

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/tunnel/AbstractGuacamoleTunnelService.java

@@ -628,7 +628,8 @@ public abstract class AbstractGuacamoleTunnelService implements GuacamoleTunnelS
         if (records.isEmpty())
             return Collections.<ActiveConnectionRecord>emptyList();
 
-        // A system administrator can view all connections; no need to filter
+        // Privileged users (such as system administrators) can view all
+        // connections; no need to filter
         if (user.isPrivileged())
             return records;
 

extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java

@@ -278,7 +278,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
         // Verify new password does not violate defined policies (if specified)
         if (object.getPassword() != null) {
 
-            // Enforce password age only for non-adminstrators
+            // Enforce password age only for non-privileged users
             if (!user.isPrivileged())
                 passwordPolicyService.verifyPasswordAge(object);
 
@@ -626,7 +626,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
 
         List<ActivityRecordModel> searchResults;
 
-        // Bypass permission checks if the user is a system admin
+        // Bypass permission checks if the user is privileged
         if (user.isPrivileged())
             searchResults = userRecordMapper.search(requiredContents,
                     sortPredicates, limit);