safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1656: Fix user preferences permissioning.

Browse Source
This commit is contained in:
James Muehlner
2022-11-22 20:32:18 +00:00
parent b315e6aac8
commit c82ca370e2
5 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmAttributeService.java
View File

@@ -145,11 +145,6 @@ public class KsmAttributeService implements VaultAttributeService {
@Override
public Collection<Form> getUserAttributes() {
return KSM_ATTRIBUTES;
}
@Override
public Collection<Form> getUserPreferenceAttributes() {
try {
@@ -161,15 +156,24 @@ public class KsmAttributeService implements VaultAttributeService {
catch (GuacamoleException e) {
logger.warn(
"Unable to determine if user preference attributes "
"Unable to determine if KSM user attributes "
+ "should be exposed due to config parsing error: {}.", e.getMessage());
logger.debug(
"Config parsing error prevented checking user preference configuration",
"Config parsing error prevented checking user attribute configuration",
e);
// If the configuration can't be parsed, default to not exposing the attribute
// If the configuration can't be parsed, default to not exposing the attributes
return Collections.emptyList();
}
}
@Override
public Collection<Form> getUserPreferenceAttributes() {
// KSM-specific user preference attributes have the same semantics as
// user attributes
return getUserAttributes();
}
/**

8
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/conf/KsmConfigurationService.java
View File

@@ -150,11 +150,13 @@ public class KsmConfigurationService extends VaultConfigurationService {
}
/**
* Return whether users should be able to provide their own KSM configs.
* Return whether user-level KSM configs should be enabled. If this
* flag is set to true, users can edit their own KSM configs, as can
* admins. If set to false, no existing user-specific KSM configuration
* will be exposed through the UI or used when looking up secrets.
*
* @return
* true if users should be able to provide their own KSM configs,
* false otherwise.
* true if user-specific KSM configuration is enabled, false otherwise.
*
* @throws GuacamoleException
* If the value specified within guacamole.properties cannot be

1
extensions/guacamole-vault/modules/guacamole-vault-ksm/src/main/java/org/apache/guacamole/vault/ksm/user/KsmDirectoryService.java
View File

@@ -23,7 +23,6 @@ import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.ConnectionGroup;
import org.apache.guacamole.net.auth.DecoratingDirectory;
import org.apache.guacamole.net.auth.DelegatingDirectory;
import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.vault.ksm.conf.KsmAttributeService;

15
guacamole/src/main/frontend/src/app/settings/directives/guacSettingsPreferences.js
View File

@@ -143,12 +143,13 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
$scope.newPasswordMatch = null;
/**
* Whether the current user can change their own password, or null
* if this is not yet known.
* Whether the current user can edit themselves - i.e. update their
* password or change user preference attributes, or null if this
* is not yet known.
*
* @type Boolean
*/
$scope.canChangePassword = null;
$scope.canUpdateSelf = null;
/**
* Update the current user's password to the password currently set within
@@ -206,13 +207,13 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
permissionService.getEffectivePermissions(dataSource, username)
.then(function permissionsRetrieved(permissions) {
// Add action for changing password if permission is granted
$scope.canChangePassword = PermissionSet.hasUserPermission(permissions,
// Add action for updaing password or user preferences if permission is granted
$scope.canUpdateSelf = PermissionSet.hasUserPermission(permissions,
PermissionSet.ObjectPermissionType.UPDATE, username);
})
['catch'](requestService.createErrorCallback(function permissionsFailed(error) {
$scope.canChangePassword = false;
$scope.canUpdateSelf = false;
}));
/**
@@ -224,7 +225,7 @@ angular.module('settings').directive('guacSettingsPreferences', [function guacSe
*/
$scope.isLoaded = function isLoaded() {
return $scope.canChangePassword !== null
return $scope.canUpdateSelf !== null
&& $scope.languages !== null;
};

6
guacamole/src/main/frontend/src/app/settings/templates/settingsPreferences.html
View File

@@ -7,8 +7,8 @@
</div>
<!-- Password update -->
<h2 class="header" ng-show="canChangePassword">{{'SETTINGS_PREFERENCES.SECTION_HEADER_UPDATE_PASSWORD' | translate}}</h2>
<div class="settings section update-password" ng-show="canChangePassword">
<h2 class="header" ng-show="canUpdateSelf">{{'SETTINGS_PREFERENCES.SECTION_HEADER_UPDATE_PASSWORD' | translate}}</h2>
<div class="settings section update-password" ng-show="canUpdateSelf">
<p>{{'SETTINGS_PREFERENCES.HELP_UPDATE_PASSWORD' | translate}}</p>
<!-- Password editor -->
@@ -90,7 +90,7 @@
</div>
<!-- User attributes section -->
<div class="attributes" ng-show="attributes.length">
<div class="attributes" ng-show="canUpdateSelf && attributes.length">
<guac-form namespace="'USER_ATTRIBUTES'" content="attributes"
model="user.attributes"></guac-form>