GUACAMOLE-1656: Fix user preferences permissioning.

2025-09-06 05:07:41 +00:00 · 2022-11-22 20:32:18 +00:00
parent b315e6aac8
commit c82ca370e2
5 changed files with 29 additions and 23 deletions
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java
@@ -145,11 +145,6 @@ public class KsmAttributeService implements VaultAttributeService {

    @Override
    public Collection<Form> getUserAttributes() {
-        return KSM_ATTRIBUTES;
-    }
-
-    @Override
-    public Collection<Form> getUserPreferenceAttributes() {

        try {

@@ -161,15 +156,24 @@ public class KsmAttributeService implements VaultAttributeService {
        catch (GuacamoleException e) {

            logger.warn(
-                    "Unable to determine if user preference attributes "
+                    "Unable to determine if KSM user attributes "
                    + "should be exposed due to config parsing error: {}.", e.getMessage());
            logger.debug(
-                    "Config parsing error prevented checking user preference configuration",
+                    "Config parsing error prevented checking user attribute configuration",
                    e);

-            // If the configuration can't be parsed, default to not exposing the attribute
+            // If the configuration can't be parsed, default to not exposing the attributes
            return Collections.emptyList();
        }
+
+    }
+
+    @Override
+    public Collection<Form> getUserPreferenceAttributes() {
+
+        // KSM-specific user preference attributes have the same semantics as
+        // user attributes
+        return getUserAttributes();
    }

    /**
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmConfigurationService.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmConfigurationService.java
@@ -150,11 +150,13 @@ public class KsmConfigurationService extends VaultConfigurationService {
    }

    /**
-     * Return whether users should be able to provide their own KSM configs.
+     * Return whether user-level KSM configs should be enabled. If this
+     * flag is set to true, users can edit their own KSM configs, as can
+     * admins. If set to false, no existing user-specific KSM configuration
+     * will be exposed through the UI or used when looking up secrets.
     *
     * @return
-     *     true if users should be able to provide their own KSM configs,
-     *     false otherwise.
+     *     true if user-specific KSM configuration is enabled, false otherwise.
     *
     * @throws GuacamoleException
     *     If the value specified within guacamole.properties cannot be
--- a/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/user/KsmDirectoryService.java
+++ b/extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/user/KsmDirectoryService.java
@@ -23,7 +23,6 @@ import org.apache.guacamole.GuacamoleException;
 import org.apache.guacamole.net.auth.Connection;
 import org.apache.guacamole.net.auth.ConnectionGroup;
 import org.apache.guacamole.net.auth.DecoratingDirectory;
-import org.apache.guacamole.net.auth.DelegatingDirectory;
 import org.apache.guacamole.net.auth.Directory;
 import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.vault.ksm.conf.KsmAttributeService;