safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1656: Fix user preferences permissioning.

Browse Source
This commit is contained in:
James Muehlner
2022-11-22 20:32:18 +00:00
parent b315e6aac8
commit c82ca370e2
5 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java
View File

@@ -145,11 +145,6 @@ public class KsmAttributeService implements VaultAttributeService {
@Override @Override
public Collection<Form> getUserAttributes() { public Collection<Form> getUserAttributes() {
return KSM_ATTRIBUTES;
}
@Override
public Collection<Form> getUserPreferenceAttributes() {
try { try {
@@ -161,15 +156,24 @@ public class KsmAttributeService implements VaultAttributeService {
catch (GuacamoleException e) { catch (GuacamoleException e) {
logger.warn( logger.warn(
"Unable to determine if user preference attributes " "Unable to determine if KSM user attributes "
+ "should be exposed due to config parsing error: {}.", e.getMessage()); + "should be exposed due to config parsing error: {}.", e.getMessage());
logger.debug( logger.debug(
"Config parsing error prevented checking user preference configuration", "Config parsing error prevented checking user attribute configuration",
e); e);
// If the configuration can't be parsed, default to not exposing the attribute // If the configuration can't be parsed, default to not exposing the attributes
return Collections.emptyList(); return Collections.emptyList();
} }
}
@Override
public Collection<Form> getUserPreferenceAttributes() {
// KSM-specific user preference attributes have the same semantics as
// user attributes
return getUserAttributes();
} }
/** /**

8
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmConfigurationService.java
View File

@@ -150,11 +150,13 @@ public class KsmConfigurationService extends VaultConfigurationService {
} }
/** /**
* Return whether users should be able to provide their own KSM configs. * Return whether user-level KSM configs should be enabled. If this
* flag is set to true, users can edit their own KSM configs, as can
* admins. If set to false, no existing user-specific KSM configuration
* will be exposed through the UI or used when looking up secrets.
* *
* @return * @return
* true if users should be able to provide their own KSM configs, * true if user-specific KSM configuration is enabled, false otherwise.
* false otherwise.
* *
* @throws GuacamoleException * @throws GuacamoleException
* If the value specified within guacamole.properties cannot be * If the value specified within guacamole.properties cannot be

1
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/user/KsmDirectoryService.java
View File

@@ -23,7 +23,6 @@ import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Connection; import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.ConnectionGroup; import org.apache.guacamole.net.auth.ConnectionGroup;
import org.apache.guacamole.net.auth.DecoratingDirectory; import org.apache.guacamole.net.auth.DecoratingDirectory;
import org.apache.guacamole.net.auth.DelegatingDirectory;
import org.apache.guacamole.net.auth.Directory; import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.User; import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.vault.ksm.conf.KsmAttributeService; import org.apache.guacamole.vault.ksm.conf.KsmAttributeService;

17
guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js
View File

@@ -143,12 +143,13 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
$scope.newPasswordMatch = null; $scope.newPasswordMatch = null;
/** /**
* Whether the current user can change their own password, or null * Whether the current user can edit themselves - i.e. update their
* if this is not yet known. * password or change user preference attributes, or null if this
* is not yet known.
* *
* @type Boolean * @type Boolean
*/ */
$scope.canChangePassword = null; $scope.canUpdateSelf = null;
/** /**
* Update the current user's password to the password currently set within * Update the current user's password to the password currently set within
@@ -206,13 +207,13 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
permissionService.getEffectivePermissions(dataSource, username) permissionService.getEffectivePermissions(dataSource, username)
.then(function permissionsRetrieved(permissions) { .then(function permissionsRetrieved(permissions) {
// Add action for changing password if permission is granted // Add action for updaing password or user preferences if permission is granted
$scope.canChangePassword = PermissionSet.hasUserPermission(permissions, $scope.canUpdateSelf = PermissionSet.hasUserPermission(permissions,
PermissionSet.ObjectPermissionType.UPDATE, username); PermissionSet.ObjectPermissionType.UPDATE, username);
}) })
['catch'](requestService.createErrorCallback(function permissionsFailed(error) { ['catch'](requestService.createErrorCallback(function permissionsFailed(error) {
$scope.canChangePassword = false; $scope.canUpdateSelf = false;
})); }));
/** /**
@@ -224,8 +225,8 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
*/ */
$scope.isLoaded = function isLoaded() { $scope.isLoaded = function isLoaded() {
return $scope.canChangePassword !== null return $scope.canUpdateSelf !== null
&& $scope.languages !== null; && $scope.languages !== null;
}; };

6
guacamole/src/main/frontend/src/app/settings/templates/settingsPreferences.html
View File

@@ -7,8 +7,8 @@
</div> </div>
<!-- Password update --> <!-- Password update -->
<h2 class="header" ng-show="canChangePassword">{{'SETTINGS_PREFERENCES.SECTION_HEADER_UPDATE_PASSWORD' | translate}}</h2> <h2 class="header" ng-show="canUpdateSelf">{{'SETTINGS_PREFERENCES.SECTION_HEADER_UPDATE_PASSWORD' | translate}}</h2>
<div class="settings section update-password" ng-show="canChangePassword"> <div class="settings section update-password" ng-show="canUpdateSelf">
<p>{{'SETTINGS_PREFERENCES.HELP_UPDATE_PASSWORD' | translate}}</p> <p>{{'SETTINGS_PREFERENCES.HELP_UPDATE_PASSWORD' | translate}}</p>
<!-- Password editor --> <!-- Password editor -->
@@ -90,7 +90,7 @@
</div> </div>
<!-- User attributes section --> <!-- User attributes section -->
<div class="attributes" ng-show="attributes.length"> <div class="attributes" ng-show="canUpdateSelf && attributes.length">
<guac-form namespace="'USER_ATTRIBUTES'" content="attributes" <guac-form namespace="'USER_ATTRIBUTES'" content="attributes"
model="user.attributes"></guac-form> model="user.attributes"></guac-form>