mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-07 21:51:23 +00:00
Merge pull request #121 from glyptodon/active-connection-directory
GUAC-1132: Implement active connection directory.
This commit is contained in:
James Muehlner
@@ -31,7 +31,7 @@ import org.glyptodon.guacamole.net.basic.rest.clipboard.ClipboardRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.connection.ConnectionRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.connectiongroup.ConnectionGroupRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.protocol.ProtocolRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.tunnel.TunnelRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.activeconnection.ActiveConnectionRESTService;
|
||||
import org.glyptodon.guacamole.net.basic.rest.user.UserRESTService;
|
||||
|
||||
/**
|
||||
@@ -51,7 +51,7 @@ public class RESTServletModule extends ServletModule {
|
||||
bind(ProtocolRESTService.class);
|
||||
bind(UserRESTService.class);
|
||||
bind(TokenRESTService.class);
|
||||
bind(TunnelRESTService.class);
|
||||
bind(ActiveConnectionRESTService.class);
|
||||
|
||||
// Set up the servlet and JSON mappings
|
||||
bind(GuiceContainer.class);
|
||||
|
||||
@@ -20,22 +20,29 @@
|
||||
* THE SOFTWARE.
|
||||
*/
|
||||
|
||||
package org.glyptodon.guacamole.net.basic.rest.tunnel;
|
||||
package org.glyptodon.guacamole.net.basic.rest.activeconnection;
|
||||
|
||||
import java.util.Date;
|
||||
import org.glyptodon.guacamole.net.auth.ConnectionRecord;
|
||||
import org.glyptodon.guacamole.net.auth.ActiveConnection;
|
||||
|
||||
/**
|
||||
* Tunnel-related information which may be exposed through the REST endpoints.
|
||||
* Information related to active connections which may be exposed through the
|
||||
* REST endpoints.
|
||||
*
|
||||
* @author Michael Jumper
|
||||
*/
|
||||
public class APITunnel {
|
||||
public class APIActiveConnection {
|
||||
|
||||
/**
|
||||
* The identifier of the connection associated with this tunnel.
|
||||
* The identifier of the active connection itself.
|
||||
*/
|
||||
private final String identifier;
|
||||
|
||||
/**
|
||||
* The identifier of the connection associated with this
|
||||
* active connection.
|
||||
*/
|
||||
private final String connectionIdentifier;
|
||||
|
||||
/**
|
||||
* The date and time the connection began.
|
||||
@@ -53,26 +60,18 @@ public class APITunnel {
|
||||
private final String username;
|
||||
|
||||
/**
|
||||
* The UUID of the tunnel.
|
||||
*/
|
||||
private final String uuid;
|
||||
|
||||
/**
|
||||
* Creates a new APITunnel, copying the information from the given
|
||||
* connection record.
|
||||
* Creates a new APIActiveConnection, copying the information from the given
|
||||
* active connection.
|
||||
*
|
||||
* @param record
|
||||
* The record to copy data from.
|
||||
*
|
||||
* @param uuid
|
||||
* The UUID of the associated GuacamoleTunnel.
|
||||
* @param connection
|
||||
* The active connection to copy data from.
|
||||
*/
|
||||
public APITunnel(ConnectionRecord record, String uuid) {
|
||||
this.identifier = record.getIdentifier();
|
||||
this.startDate = record.getStartDate();
|
||||
this.remoteHost = record.getRemoteHost();
|
||||
this.username = record.getUsername();
|
||||
this.uuid = uuid;
|
||||
public APIActiveConnection(ActiveConnection connection) {
|
||||
this.identifier = connection.getIdentifier();
|
||||
this.connectionIdentifier = connection.getConnectionIdentifier();
|
||||
this.startDate = connection.getStartDate();
|
||||
this.remoteHost = connection.getRemoteHost();
|
||||
this.username = connection.getUsername();
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -81,8 +80,8 @@ public class APITunnel {
|
||||
* @return
|
||||
* The identifier of the connection associated with this tunnel.
|
||||
*/
|
||||
public String getIdentifier() {
|
||||
return identifier;
|
||||
public String getConnectionIdentifier() {
|
||||
return connectionIdentifier;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -117,14 +116,15 @@ public class APITunnel {
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the UUID of the underlying Guacamole tunnel. Absolutely every
|
||||
* Guacamole tunnel has an associated UUID.
|
||||
* Returns the identifier of the active connection itself. This is
|
||||
* distinct from the connection identifier, and uniquely identifies a
|
||||
* specific use of a connection.
|
||||
*
|
||||
* @return
|
||||
* The UUID of the underlying Guacamole tunnel.
|
||||
* The identifier of the active connection.
|
||||
*/
|
||||
public String getUUID() {
|
||||
return uuid;
|
||||
public String getIdentifier() {
|
||||
return identifier;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -20,10 +20,9 @@
|
||||
* THE SOFTWARE.
|
||||
*/
|
||||
|
||||
package org.glyptodon.guacamole.net.basic.rest.tunnel;
|
||||
package org.glyptodon.guacamole.net.basic.rest.activeconnection;
|
||||
|
||||
import com.google.inject.Inject;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
@@ -37,9 +36,14 @@ import javax.ws.rs.core.MediaType;
|
||||
import org.glyptodon.guacamole.GuacamoleClientException;
|
||||
import org.glyptodon.guacamole.GuacamoleException;
|
||||
import org.glyptodon.guacamole.GuacamoleUnsupportedException;
|
||||
import org.glyptodon.guacamole.net.GuacamoleTunnel;
|
||||
import org.glyptodon.guacamole.net.auth.ConnectionRecord;
|
||||
import org.glyptodon.guacamole.net.auth.ActiveConnection;
|
||||
import org.glyptodon.guacamole.net.auth.Directory;
|
||||
import org.glyptodon.guacamole.net.auth.User;
|
||||
import org.glyptodon.guacamole.net.auth.UserContext;
|
||||
import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
|
||||
import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||
import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
|
||||
import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
|
||||
import org.glyptodon.guacamole.net.basic.rest.APIPatch;
|
||||
import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
|
||||
import org.glyptodon.guacamole.net.basic.rest.PATCH;
|
||||
@@ -52,15 +56,15 @@ import org.slf4j.LoggerFactory;
|
||||
*
|
||||
* @author Michael Jumper
|
||||
*/
|
||||
@Path("/tunnels")
|
||||
@Path("/activeConnections")
|
||||
@Produces(MediaType.APPLICATION_JSON)
|
||||
@Consumes(MediaType.APPLICATION_JSON)
|
||||
public class TunnelRESTService {
|
||||
public class ActiveConnectionRESTService {
|
||||
|
||||
/**
|
||||
* Logger for this class.
|
||||
*/
|
||||
private static final Logger logger = LoggerFactory.getLogger(TunnelRESTService.class);
|
||||
private static final Logger logger = LoggerFactory.getLogger(ActiveConnectionRESTService.class);
|
||||
|
||||
/**
|
||||
* A service for authenticating users from auth tokens.
|
||||
@@ -69,61 +73,78 @@ public class TunnelRESTService {
|
||||
private AuthenticationService authenticationService;
|
||||
|
||||
/**
|
||||
* Retrieves the tunnels of all active connections visible to the current
|
||||
* user.
|
||||
* Gets a list of active connections in the system, filtering the returned
|
||||
* list by the given permissions, if specified.
|
||||
*
|
||||
* @param authToken
|
||||
* The authentication token that is used to authenticate the user
|
||||
* performing the operation.
|
||||
*
|
||||
* @param permissions
|
||||
* The set of permissions to filter with. A user must have one or more
|
||||
* of these permissions for a user to appear in the result.
|
||||
* If null, no filtering will be performed.
|
||||
*
|
||||
* @return
|
||||
* A map of the tunnels of all active connections visible to the
|
||||
* current user, where the key of each entry is the tunnel's UUID.
|
||||
*
|
||||
* A list of all active connections. If a permission was specified,
|
||||
* this list will contain only those active connections for which the
|
||||
* current user has that permission.
|
||||
*
|
||||
* @throws GuacamoleException
|
||||
* If an error occurs while retrieving the tunnels.
|
||||
* If an error is encountered while retrieving active connections.
|
||||
*/
|
||||
@GET
|
||||
@Path("/")
|
||||
@AuthProviderRESTExposure
|
||||
public Map<String, APITunnel> getTunnels(@QueryParam("token") String authToken)
|
||||
public Map<String, APIActiveConnection> getActiveConnections(@QueryParam("token") String authToken,
|
||||
@QueryParam("permission") List<ObjectPermission.Type> permissions)
|
||||
throws GuacamoleException {
|
||||
|
||||
UserContext userContext = authenticationService.getUserContext(authToken);
|
||||
User self = userContext.self();
|
||||
|
||||
// Do not filter on permissions if no permissions are specified
|
||||
if (permissions != null && permissions.isEmpty())
|
||||
permissions = null;
|
||||
|
||||
// Retrieve all active tunnels
|
||||
Map<String, APITunnel> apiTunnels = new HashMap<String, APITunnel>();
|
||||
for (ConnectionRecord record : userContext.getActiveConnections()) {
|
||||
// An admin user has access to any user
|
||||
SystemPermissionSet systemPermissions = self.getSystemPermissions();
|
||||
boolean isAdmin = systemPermissions.hasPermission(SystemPermission.Type.ADMINISTER);
|
||||
|
||||
// Locate associated tunnel and UUID
|
||||
GuacamoleTunnel tunnel = record.getTunnel();
|
||||
if (tunnel != null) {
|
||||
APITunnel apiTunnel = new APITunnel(record, tunnel.getUUID().toString());
|
||||
apiTunnels.put(apiTunnel.getUUID(), apiTunnel);
|
||||
}
|
||||
// Get the directory
|
||||
Directory<ActiveConnection> activeConnectionDirectory = userContext.getActiveConnectionDirectory();
|
||||
|
||||
// Filter users, if requested
|
||||
Collection<String> activeConnectionIdentifiers = activeConnectionDirectory.getIdentifiers();
|
||||
if (!isAdmin && permissions != null) {
|
||||
ObjectPermissionSet activeConnectionPermissions = self.getActiveConnectionPermissions();
|
||||
activeConnectionIdentifiers = activeConnectionPermissions.getAccessibleObjects(permissions, activeConnectionIdentifiers);
|
||||
}
|
||||
|
||||
// Retrieve all active connections , converting to API active connections
|
||||
Map<String, APIActiveConnection> apiActiveConnections = new HashMap<String, APIActiveConnection>();
|
||||
for (ActiveConnection activeConnection : activeConnectionDirectory.getAll(activeConnectionIdentifiers))
|
||||
apiActiveConnections.put(activeConnection.getIdentifier(), new APIActiveConnection(activeConnection));
|
||||
|
||||
return apiTunnels;
|
||||
return apiActiveConnections;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Applies the given tunnel patches. This operation currently only supports
|
||||
* deletion of tunnels through the "remove" patch operation. Deleting a
|
||||
* tunnel effectively closing the tunnel and kills the associated
|
||||
* connection. The path of each patch operation is of the form "/UUID"
|
||||
* where UUID is the UUID of the tunnel being modified.
|
||||
* Applies the given active connection patches. This operation currently
|
||||
* only supports deletion of active connections through the "remove" patch
|
||||
* operation. Deleting an active connection effectively kills the
|
||||
* connection. The path of each patch operation is of the form "/ID"
|
||||
* where ID is the identifier of the active connection being modified.
|
||||
*
|
||||
* @param authToken
|
||||
* The authentication token that is used to authenticate the user
|
||||
* performing the operation.
|
||||
*
|
||||
* @param patches
|
||||
* The tunnel patches to apply for this request.
|
||||
* The active connection patches to apply for this request.
|
||||
*
|
||||
* @throws GuacamoleException
|
||||
* If an error occurs while deleting the tunnels.
|
||||
* If an error occurs while deleting the active connections.
|
||||
*/
|
||||
@PATCH
|
||||
@Path("/")
|
||||
@@ -131,37 +152,28 @@ public class TunnelRESTService {
|
||||
public void patchTunnels(@QueryParam("token") String authToken,
|
||||
List<APIPatch<String>> patches) throws GuacamoleException {
|
||||
|
||||
// Attempt to get all requested tunnels
|
||||
UserContext userContext = authenticationService.getUserContext(authToken);
|
||||
|
||||
// Build list of tunnels to delete
|
||||
Collection<String> tunnelUUIDs = new ArrayList<String>(patches.size());
|
||||
// Get the directory
|
||||
Directory<ActiveConnection> activeConnectionDirectory = userContext.getActiveConnectionDirectory();
|
||||
|
||||
// Close each connection listed for removal
|
||||
for (APIPatch<String> patch : patches) {
|
||||
|
||||
// Only remove is supported
|
||||
if (patch.getOp() != APIPatch.Operation.remove)
|
||||
throw new GuacamoleUnsupportedException("Only the \"remove\" operation is supported when patching tunnels.");
|
||||
throw new GuacamoleUnsupportedException("Only the \"remove\" operation is supported when patching active connections.");
|
||||
|
||||
// Retrieve and validate path
|
||||
String path = patch.getPath();
|
||||
if (!path.startsWith("/"))
|
||||
throw new GuacamoleClientException("Patch paths must start with \"/\".");
|
||||
|
||||
// Add UUID
|
||||
tunnelUUIDs.add(path.substring(1));
|
||||
|
||||
// Close connection
|
||||
activeConnectionDirectory.remove(path.substring(1));
|
||||
|
||||
}
|
||||
|
||||
// Close each tunnel, if not already closed
|
||||
Collection<ConnectionRecord> records = userContext.getActiveConnections(tunnelUUIDs);
|
||||
for (ConnectionRecord record : records) {
|
||||
|
||||
GuacamoleTunnel tunnel = record.getTunnel();
|
||||
if (tunnel != null && tunnel.isOpen())
|
||||
tunnel.close();
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -56,6 +56,12 @@ public class APIPermissionSet {
|
||||
private Map<String, Set<ObjectPermission.Type>> connectionGroupPermissions =
|
||||
new HashMap<String, Set<ObjectPermission.Type>>();
|
||||
|
||||
/**
|
||||
* Map of active connection ID to the set of granted permissions.
|
||||
*/
|
||||
private Map<String, Set<ObjectPermission.Type>> activeConnectionPermissions =
|
||||
new HashMap<String, Set<ObjectPermission.Type>>();
|
||||
|
||||
/**
|
||||
* Map of user ID to the set of granted permissions.
|
||||
*/
|
||||
@@ -149,10 +155,11 @@ public class APIPermissionSet {
|
||||
public APIPermissionSet(User user) throws GuacamoleException {
|
||||
|
||||
// Add all permissions from the provided user
|
||||
addSystemPermissions(systemPermissions, user.getSystemPermissions());
|
||||
addObjectPermissions(connectionPermissions, user.getConnectionPermissions());
|
||||
addObjectPermissions(connectionGroupPermissions, user.getConnectionGroupPermissions());
|
||||
addObjectPermissions(userPermissions, user.getUserPermissions());
|
||||
addSystemPermissions(systemPermissions, user.getSystemPermissions());
|
||||
addObjectPermissions(connectionPermissions, user.getConnectionPermissions());
|
||||
addObjectPermissions(connectionGroupPermissions, user.getConnectionGroupPermissions());
|
||||
addObjectPermissions(activeConnectionPermissions, user.getActiveConnectionPermissions());
|
||||
addObjectPermissions(userPermissions, user.getUserPermissions());
|
||||
|
||||
}
|
||||
|
||||
@@ -186,6 +193,21 @@ public class APIPermissionSet {
|
||||
return connectionGroupPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a map of active connection IDs to the set of permissions granted
|
||||
* for that active connection. If no permissions are granted to a particular
|
||||
* active connection, its ID will not be present as a key in the map. This
|
||||
* map is mutable, and changes to this map will affect the permission set
|
||||
* directly.
|
||||
*
|
||||
* @return
|
||||
* A map of active connection IDs to the set of permissions granted for
|
||||
* that active connection.
|
||||
*/
|
||||
public Map<String, Set<ObjectPermission.Type>> getActiveConnectionPermissions() {
|
||||
return activeConnectionPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a map of user IDs to the set of permissions granted for that
|
||||
* user. If no permissions are granted to a particular user, its ID will
|
||||
@@ -238,6 +260,19 @@ public class APIPermissionSet {
|
||||
this.connectionGroupPermissions = connectionGroupPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the current map of active connection permissions with the give
|
||||
* map, which must map active connection ID to its corresponding set of
|
||||
* granted permissions. If an active connection has no permissions, its ID
|
||||
* must not be present as a key in the map.
|
||||
*
|
||||
* @param activeConnectionPermissions
|
||||
* The map which must replace the currently-stored map of permissions.
|
||||
*/
|
||||
public void setActiveConnectionPermissions(Map<String, Set<ObjectPermission.Type>> activeConnectionPermissions) {
|
||||
this.activeConnectionPermissions = activeConnectionPermissions;
|
||||
}
|
||||
|
||||
/**
|
||||
* Replaces the current map of user permissions with the given map, which
|
||||
* must map user ID to its corresponding set of granted permissions. If a
|
||||
|
||||
@@ -95,4 +95,10 @@ public class APIUserWrapper implements User {
|
||||
throw new GuacamoleUnsupportedException("APIUserWrapper does not provide permission access.");
|
||||
}
|
||||
|
||||
@Override
|
||||
public ObjectPermissionSet getActiveConnectionPermissions()
|
||||
throws GuacamoleException {
|
||||
throw new GuacamoleUnsupportedException("APIUserWrapper does not provide permission access.");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -92,6 +92,12 @@ public class UserRESTService {
|
||||
*/
|
||||
private static final String CONNECTION_GROUP_PERMISSION_PATCH_PATH_PREFIX = "/connectionGroupPermissions/";
|
||||
|
||||
/**
|
||||
* The prefix of any path within an operation of a JSON patch which
|
||||
* modifies the permissions of a user regarding a specific active connection.
|
||||
*/
|
||||
private static final String ACTIVE_CONNECTION_PERMISSION_PATCH_PATH_PREFIX = "/activeConnectionPermissions/";
|
||||
|
||||
/**
|
||||
* The prefix of any path within an operation of a JSON patch which
|
||||
* modifies the permissions of a user regarding another, specific user.
|
||||
@@ -503,10 +509,11 @@ public class UserRESTService {
|
||||
throw new GuacamoleResourceNotFoundException("No such user: \"" + username + "\"");
|
||||
|
||||
// Permission patches for all types of permissions
|
||||
PermissionSetPatch<ObjectPermission> connectionPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<ObjectPermission> connectionGroupPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<ObjectPermission> userPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<SystemPermission> systemPermissionPatch = new PermissionSetPatch<SystemPermission>();
|
||||
PermissionSetPatch<ObjectPermission> connectionPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<ObjectPermission> connectionGroupPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<ObjectPermission> activeConnectionPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<ObjectPermission> userPermissionPatch = new PermissionSetPatch<ObjectPermission>();
|
||||
PermissionSetPatch<SystemPermission> systemPermissionPatch = new PermissionSetPatch<SystemPermission>();
|
||||
|
||||
// Apply all patch operations individually
|
||||
for (APIPatch<String> patch : patches) {
|
||||
@@ -539,6 +546,19 @@ public class UserRESTService {
|
||||
|
||||
}
|
||||
|
||||
// Create active connection permission if path has active connection prefix
|
||||
else if (path.startsWith(ACTIVE_CONNECTION_PERMISSION_PATCH_PATH_PREFIX)) {
|
||||
|
||||
// Get identifier and type from patch operation
|
||||
String identifier = path.substring(ACTIVE_CONNECTION_PERMISSION_PATCH_PATH_PREFIX.length());
|
||||
ObjectPermission.Type type = ObjectPermission.Type.valueOf(patch.getValue());
|
||||
|
||||
// Create and update corresponding permission
|
||||
ObjectPermission permission = new ObjectPermission(type, identifier);
|
||||
updatePermissionSet(patch.getOp(), activeConnectionPermissionPatch, permission);
|
||||
|
||||
}
|
||||
|
||||
// Create user permission if path has user prefix
|
||||
else if (path.startsWith(USER_PERMISSION_PATCH_PATH_PREFIX)) {
|
||||
|
||||
@@ -573,6 +593,7 @@ public class UserRESTService {
|
||||
// Save the permission changes
|
||||
connectionPermissionPatch.apply(user.getConnectionPermissions());
|
||||
connectionGroupPermissionPatch.apply(user.getConnectionGroupPermissions());
|
||||
activeConnectionPermissionPatch.apply(user.getActiveConnectionPermissions());
|
||||
userPermissionPatch.apply(user.getUserPermissions());
|
||||
systemPermissionPatch.apply(user.getSystemPermissions());
|
||||
|
||||
|
||||
@@ -27,15 +27,15 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
function manageSessionsController($scope, $injector) {
|
||||
|
||||
// Required types
|
||||
var ActiveTunnelWrapper = $injector.get('ActiveTunnelWrapper');
|
||||
var ConnectionGroup = $injector.get('ConnectionGroup');
|
||||
var ActiveConnectionWrapper = $injector.get('ActiveConnectionWrapper');
|
||||
var ConnectionGroup = $injector.get('ConnectionGroup');
|
||||
|
||||
// Required services
|
||||
var authenticationService = $injector.get('authenticationService');
|
||||
var connectionGroupService = $injector.get('connectionGroupService');
|
||||
var guacNotification = $injector.get('guacNotification');
|
||||
var permissionService = $injector.get('permissionService');
|
||||
var tunnelService = $injector.get('tunnelService');
|
||||
var activeConnectionService = $injector.get('activeConnectionService');
|
||||
var authenticationService = $injector.get('authenticationService');
|
||||
var connectionGroupService = $injector.get('connectionGroupService');
|
||||
var guacNotification = $injector.get('guacNotification');
|
||||
var permissionService = $injector.get('permissionService');
|
||||
|
||||
/**
|
||||
* The root connection group of the connection group hierarchy.
|
||||
@@ -53,10 +53,10 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
$scope.permissions = null;
|
||||
|
||||
/**
|
||||
* The ActiveTunnelWrappers of all active sessions accessible by the current
|
||||
* user, or null if the tunnels have not yet been loaded.
|
||||
* The ActiveConnectionWrappers of all active sessions accessible by the
|
||||
* current user, or null if the active sessions have not yet been loaded.
|
||||
*
|
||||
* @type ActiveTunnelWrapper[]
|
||||
* @type ActiveConnectionWrapper[]
|
||||
*/
|
||||
$scope.wrappers = null;
|
||||
|
||||
@@ -74,9 +74,9 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
$scope.connections = {};
|
||||
|
||||
/**
|
||||
* Map of all currently-selected tunnel wrappers by UUID.
|
||||
* Map of all currently-selected active connection wrappers by identifier.
|
||||
*
|
||||
* @type Object.<String, ActiveTunnelWrapper>
|
||||
* @type Object.<String, ActiveConnectionWrapper>
|
||||
*/
|
||||
var selectedWrappers = {};
|
||||
|
||||
@@ -122,12 +122,12 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
});
|
||||
|
||||
// Query active sessions
|
||||
tunnelService.getActiveTunnels().success(function sessionsRetrieved(tunnels) {
|
||||
activeConnectionService.getActiveConnections().success(function sessionsRetrieved(activeConnections) {
|
||||
|
||||
// Wrap all active tunnels for sake of display
|
||||
// Wrap all active connections for sake of display
|
||||
$scope.wrappers = [];
|
||||
for (var tunnelUUID in tunnels) {
|
||||
$scope.wrappers.push(new ActiveTunnelWrapper(tunnels[tunnelUUID]));
|
||||
for (var identifier in activeConnections) {
|
||||
$scope.wrappers.push(new ActiveConnectionWrapper(activeConnections[identifier]));
|
||||
}
|
||||
|
||||
});
|
||||
@@ -192,12 +192,12 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
var deleteSessionsImmediately = function deleteSessionsImmediately() {
|
||||
|
||||
// Perform deletion
|
||||
tunnelService.deleteActiveTunnels(Object.keys(selectedWrappers))
|
||||
.success(function tunnelsDeleted() {
|
||||
activeConnectionService.deleteActiveConnections(Object.keys(selectedWrappers))
|
||||
.success(function activeConnectionsDeleted() {
|
||||
|
||||
// Remove deleted tunnels from wrapper array
|
||||
$scope.wrappers = $scope.wrappers.filter(function tunnelStillExists(wrapper) {
|
||||
return !(wrapper.tunnel.uuid in selectedWrappers);
|
||||
// Remove deleted connections from wrapper array
|
||||
$scope.wrappers = $scope.wrappers.filter(function activeConnectionStillExists(wrapper) {
|
||||
return !(wrapper.activeConnection.identifier in selectedWrappers);
|
||||
});
|
||||
|
||||
// Clear selection
|
||||
@@ -206,7 +206,7 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
})
|
||||
|
||||
// Notify of any errors
|
||||
.error(function tunnelDeletionFailed(error) {
|
||||
.error(function activeConnectionDeletionFailed(error) {
|
||||
guacNotification.showStatus({
|
||||
'className' : 'error',
|
||||
'title' : 'MANAGE_SESSION.DIALOG_HEADER_ERROR',
|
||||
@@ -239,7 +239,7 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
$scope.canDeleteSessions = function canDeleteSessions() {
|
||||
|
||||
// We can delete sessions if at least one is selected
|
||||
for (var tunnelUUID in selectedWrappers)
|
||||
for (var identifier in selectedWrappers)
|
||||
return true;
|
||||
|
||||
return false;
|
||||
@@ -247,20 +247,20 @@ angular.module('manage').controller('manageSessionsController', ['$scope', '$inj
|
||||
};
|
||||
|
||||
/**
|
||||
* Called whenever a tunnel wrapper changes selected status.
|
||||
* Called whenever an active connection wrapper changes selected status.
|
||||
*
|
||||
* @param {ActiveTunnelWrapper} wrapper
|
||||
* @param {ActiveConnectionWrapper} wrapper
|
||||
* The wrapper whose selected status has changed.
|
||||
*/
|
||||
$scope.wrapperSelectionChange = function wrapperSelectionChange(wrapper) {
|
||||
|
||||
// Add wrapper to map if selected
|
||||
if (wrapper.checked)
|
||||
selectedWrappers[wrapper.tunnel.uuid] = wrapper;
|
||||
selectedWrappers[wrapper.activeConnection.identifier] = wrapper;
|
||||
|
||||
// Otherwise, remove wrapper from map
|
||||
else
|
||||
delete selectedWrappers[wrapper.tunnel.uuid];
|
||||
delete selectedWrappers[wrapper.activeConnection.identifier];
|
||||
|
||||
};
|
||||
|
||||
|
||||
@@ -52,10 +52,10 @@ THE SOFTWARE.
|
||||
<td class="select-session">
|
||||
<input ng-change="wrapperSelectionChange(wrapper)" type="checkbox" ng-model="wrapper.checked" />
|
||||
</td>
|
||||
<td>{{wrapper.tunnel.username}}</td>
|
||||
<td>{{wrapper.tunnel.startDate | date:'short'}}</td>
|
||||
<td>{{wrapper.tunnel.remoteHost}}</td>
|
||||
<td>{{connections[wrapper.tunnel.identifier].name}}</td>
|
||||
<td>{{wrapper.activeConnection.username}}</td>
|
||||
<td>{{wrapper.activeConnection.startDate | date:'short'}}</td>
|
||||
<td>{{wrapper.activeConnection.remoteHost}}</td>
|
||||
<td>{{connections[wrapper.activeConnection.connectionIdentifier].name}}</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@@ -21,30 +21,30 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* A service for defining the ActiveTunnelWrapper class.
|
||||
* A service for defining the ActiveConnectionWrapper class.
|
||||
*/
|
||||
angular.module('manage').factory('ActiveTunnelWrapper', [
|
||||
function defineActiveTunnelWrapper() {
|
||||
angular.module('manage').factory('ActiveConnectionWrapper', [
|
||||
function defineActiveConnectionWrapper() {
|
||||
|
||||
/**
|
||||
* Wrapper for ActiveTunnel which adds display-specific
|
||||
* Wrapper for ActiveConnection which adds display-specific
|
||||
* properties, such as a checked option.
|
||||
*
|
||||
* @constructor
|
||||
* @param {ActiveTunnel} activeTunnel
|
||||
* The ActiveTunnel to wrap.
|
||||
* @param {ActiveConnection} activeConnection
|
||||
* The ActiveConnection to wrap.
|
||||
*/
|
||||
var ActiveTunnelWrapper = function ActiveTunnelWrapper(activeTunnel) {
|
||||
var ActiveConnectionWrapper = function ActiveConnectionWrapper(activeConnection) {
|
||||
|
||||
/**
|
||||
* The wrapped ActiveTunnel.
|
||||
* The wrapped ActiveConnection.
|
||||
*
|
||||
* @type ActiveTunnel
|
||||
* @type ActiveConnection
|
||||
*/
|
||||
this.tunnel = activeTunnel;
|
||||
this.activeConnection = activeConnection;
|
||||
|
||||
/**
|
||||
* A flag indicating that the tunnel has been selected.
|
||||
* A flag indicating that the active connection has been selected.
|
||||
*
|
||||
* @type Boolean
|
||||
*/
|
||||
@@ -52,6 +52,6 @@ angular.module('manage').factory('ActiveTunnelWrapper', [
|
||||
|
||||
};
|
||||
|
||||
return ActiveTunnelWrapper;
|
||||
return ActiveConnectionWrapper;
|
||||
|
||||
}]);
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (C) 2014 Glyptodon LLC
|
||||
* Copyright (C) 2015 Glyptodon LLC
|
||||
*
|
||||
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
* of this software and associated documentation files (the "Software"), to deal
|
||||
@@ -21,72 +21,84 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* Service for operating on tunnels via the REST API.
|
||||
* Service for operating on active connections via the REST API.
|
||||
*/
|
||||
angular.module('rest').factory('tunnelService', ['$http', 'authenticationService',
|
||||
function tunnelService($http, authenticationService) {
|
||||
angular.module('rest').factory('activeConnectionService', ['$http', 'authenticationService',
|
||||
function activeConnectionService($http, authenticationService) {
|
||||
|
||||
var service = {};
|
||||
|
||||
/**
|
||||
* Makes a request to the REST API to get the list of active tunnels,
|
||||
* returning a promise that provides a map of @link{ActiveTunnel}
|
||||
* returning a promise that provides a map of @link{ActiveConnection}
|
||||
* objects if successful.
|
||||
*
|
||||
* @returns {Promise.<Object.<String, ActiveTunnel>>}
|
||||
* A promise which will resolve with a map of @link{ActiveTunnel}
|
||||
* objects, where each key is the UUID of the corresponding tunnel.
|
||||
* @param {String[]} [permissionTypes]
|
||||
* The set of permissions to filter with. A user must have one or more
|
||||
* of these permissions for an active connection to appear in the
|
||||
* result. If null, no filtering will be performed. Valid values are
|
||||
* listed within PermissionSet.ObjectType.
|
||||
*
|
||||
|
||||
* @returns {Promise.<Object.<String, ActiveConnection>>}
|
||||
* A promise which will resolve with a map of @link{ActiveConnection}
|
||||
* objects, where each key is the identifier of the corresponding
|
||||
* active connection.
|
||||
*/
|
||||
service.getActiveTunnels = function getActiveTunnels() {
|
||||
service.getActiveConnections = function getActiveConnections(permissionTypes) {
|
||||
|
||||
// Build HTTP parameters set
|
||||
var httpParameters = {
|
||||
token : authenticationService.getCurrentToken()
|
||||
};
|
||||
|
||||
// Add permission filter if specified
|
||||
if (permissionTypes)
|
||||
httpParameters.permission = permissionTypes;
|
||||
|
||||
// Retrieve tunnels
|
||||
return $http({
|
||||
method : 'GET',
|
||||
url : 'api/tunnels',
|
||||
url : 'api/activeConnections',
|
||||
params : httpParameters
|
||||
});
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* Makes a request to the REST API to delete the tunnels having the given
|
||||
* UUIDs, effectively disconnecting the tunnels, returning a promise that
|
||||
* can be used for processing the results of the call.
|
||||
* Makes a request to the REST API to delete the active connections having
|
||||
* the given identifiers, effectively disconnecting them, returning a
|
||||
* promise that can be used for processing the results of the call.
|
||||
*
|
||||
* @param {String[]} uuids
|
||||
* The UUIDs of the tunnels to delete.
|
||||
* @param {String[]} identifiers
|
||||
* The identifiers of the active connections to delete.
|
||||
*
|
||||
* @returns {Promise}
|
||||
* A promise for the HTTP call which will succeed if and only if the
|
||||
* delete operation is successful.
|
||||
*/
|
||||
service.deleteActiveTunnels = function deleteActiveTunnels(uuids) {
|
||||
service.deleteActiveConnections = function deleteActiveConnections(identifiers) {
|
||||
|
||||
// Build HTTP parameters set
|
||||
var httpParameters = {
|
||||
token : authenticationService.getCurrentToken()
|
||||
};
|
||||
|
||||
// Convert provided array of UUIDs to a patch
|
||||
var tunnelPatch = [];
|
||||
uuids.forEach(function addTunnelPatch(uuid) {
|
||||
tunnelPatch.push({
|
||||
// Convert provided array of identifiers to a patch
|
||||
var activeConnectionPatch = [];
|
||||
identifiers.forEach(function addActiveConnectionPatch(identifier) {
|
||||
activeConnectionPatch.push({
|
||||
op : 'remove',
|
||||
path : '/' + uuid
|
||||
path : '/' + identifier
|
||||
});
|
||||
});
|
||||
|
||||
// Perform tunnel deletion via PATCH
|
||||
// Perform active connection deletion via PATCH
|
||||
return $http({
|
||||
method : 'PATCH',
|
||||
url : 'api/tunnels',
|
||||
url : 'api/activeConnections',
|
||||
params : httpParameters,
|
||||
data : tunnelPatch
|
||||
data : activeConnectionPatch
|
||||
});
|
||||
|
||||
};
|
||||
@@ -153,6 +153,10 @@ angular.module('rest').factory('permissionService', ['$http', 'authenticationSer
|
||||
addObjectPatchOperations(patch, operation, "/connectionGroupPermissions",
|
||||
permissions.connectionGroupPermissions);
|
||||
|
||||
// Add active connection permission operations to patch
|
||||
addObjectPatchOperations(patch, operation, "/activeConnectionPermissions",
|
||||
permissions.activeConnectionPermissions);
|
||||
|
||||
// Add user permission operations to patch
|
||||
addObjectPatchOperations(patch, operation, "/userPermissions",
|
||||
permissions.userPermissions);
|
||||
|
||||
@@ -21,34 +21,44 @@
|
||||
*/
|
||||
|
||||
/**
|
||||
* Service which defines the ActiveTunnel class.
|
||||
* Service which defines the ActiveConnection class.
|
||||
*/
|
||||
angular.module('rest').factory('ActiveTunnel', [function defineActiveTunnel() {
|
||||
angular.module('rest').factory('ActiveConnection', [function defineActiveConnection() {
|
||||
|
||||
/**
|
||||
* The object returned by REST API calls when representing the data
|
||||
* associated with an active tunnel. Each tunnel denotes an active
|
||||
* connection, uniquely identified by the tunnel UUID.
|
||||
* associated with an active connection. Each active connection is
|
||||
* effectively a pairing of a connection and the user currently using it,
|
||||
* along with other information.
|
||||
*
|
||||
* @constructor
|
||||
* @param {ActiveTunnel|Object} [template={}]
|
||||
* @param {ActiveConnection|Object} [template={}]
|
||||
* The object whose properties should be copied within the new
|
||||
* ActiveTunnel.
|
||||
* ActiveConnection.
|
||||
*/
|
||||
var ActiveTunnel = function ActiveTunnel(template) {
|
||||
var ActiveConnection = function ActiveConnection(template) {
|
||||
|
||||
// Use empty object by default
|
||||
template = template || {};
|
||||
|
||||
/**
|
||||
* The identifier of the connection associated with this tunnel.
|
||||
*
|
||||
* The identifier which uniquely identifies this specific active
|
||||
* connection.
|
||||
*
|
||||
* @type String
|
||||
*/
|
||||
this.identifier = template.identifier;
|
||||
|
||||
/**
|
||||
* The time that the tunnel began, in seconds since
|
||||
* The identifier of the connection associated with this active
|
||||
* connection.
|
||||
*
|
||||
* @type String
|
||||
*/
|
||||
this.connectionIdentifier = template.connectionIdentifier;
|
||||
|
||||
/**
|
||||
* The time that the connection began, in seconds since
|
||||
* 1970-01-01 00:00:00 UTC.
|
||||
*
|
||||
* @type Number
|
||||
@@ -56,28 +66,21 @@ angular.module('rest').factory('ActiveTunnel', [function defineActiveTunnel() {
|
||||
this.startDate = template.startDate;
|
||||
|
||||
/**
|
||||
* The remote host that initiated the tunnel, if known.
|
||||
* The remote host that initiated the connection, if known.
|
||||
*
|
||||
* @type String
|
||||
*/
|
||||
this.remoteHost = template.remoteHost;
|
||||
|
||||
/**
|
||||
* The username of the user associated with the tunnel.
|
||||
* The username of the user associated with the connection.
|
||||
*
|
||||
* @type String
|
||||
*/
|
||||
this.username = template.username;
|
||||
|
||||
/**
|
||||
* The UUID which uniquely identifies the tunnel.
|
||||
*
|
||||
* @type String
|
||||
*/
|
||||
this.uuid = template.uuid;
|
||||
|
||||
};
|
||||
|
||||
return ActiveTunnel;
|
||||
return ActiveConnection;
|
||||
|
||||
}]);
|
||||
@@ -90,6 +90,25 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
|
||||
'ADMINISTER' : {}
|
||||
};
|
||||
|
||||
/**
|
||||
* The granted state of each permission for each active connection, as
|
||||
* a map of object permission type string to permission map. The
|
||||
* permission map is, in turn, a map of active connection identifier to
|
||||
* boolean value. A particular permission is granted if its
|
||||
* corresponding boolean value is set to true. Valid permission type
|
||||
* strings are defined within PermissionSet.ObjectPermissionType.
|
||||
* Permissions which are not granted may be set to false, but this is
|
||||
* not required.
|
||||
*
|
||||
* @type Object.<String, Object.<String, Boolean>>
|
||||
*/
|
||||
this.activeConnectionPermissions = template.activeConnectionPermissions || {
|
||||
'READ' : {},
|
||||
'UPDATE' : {},
|
||||
'DELETE' : {},
|
||||
'ADMINISTER' : {}
|
||||
};
|
||||
|
||||
/**
|
||||
* The granted state of each permission for each user, as a map of
|
||||
* object permission type string to permission map. The permission map
|
||||
@@ -110,6 +129,20 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
|
||||
|
||||
};
|
||||
|
||||
/**
|
||||
* Iterates through all permissions in the given permission map, setting
|
||||
* the corresponding permission flags in the given permission flag map.
|
||||
*
|
||||
* @param {Object.<String, String[]>} permMap
|
||||
* Map of object identifiers to the set of granted permissions. Each
|
||||
* permission is represented by a string listed within
|
||||
* PermissionSet.ObjectPermissionType.
|
||||
*
|
||||
* @param {Object.<String, Object.<String, Boolean>>} flagMap
|
||||
* Map of permission type strings to identifier/flag pairs representing
|
||||
* whether the permission of that type is granted for the object having
|
||||
* having the associated identifier.
|
||||
*/
|
||||
var addObjectPermissions = function addObjectPermissions(permMap, flagMap) {
|
||||
|
||||
// For each defined identifier in the permission map
|
||||
@@ -158,6 +191,9 @@ angular.module('rest').factory('PermissionFlagSet', ['PermissionSet',
|
||||
// Add all granted connection group permissions
|
||||
addObjectPermissions(permissionSet.connectionGroupPermissions, permissionFlagSet.connectionGroupPermissions);
|
||||
|
||||
// Add all granted active connection permissions
|
||||
addObjectPermissions(permissionSet.activeConnectionPermissions, permissionFlagSet.activeConnectionPermissions);
|
||||
|
||||
// Add all granted user permissions
|
||||
addObjectPermissions(permissionSet.userPermissions, permissionFlagSet.userPermissions);
|
||||
|
||||
|
||||
@@ -57,6 +57,15 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
|
||||
*/
|
||||
this.connectionGroupPermissions = template.connectionGroupPermissions || {};
|
||||
|
||||
/**
|
||||
* Map of active connection identifiers to the corresponding array of
|
||||
* granted permissions. Each permission is represented by a string
|
||||
* listed within PermissionSet.ObjectPermissionType.
|
||||
*
|
||||
* @type Object.<String, String[]>
|
||||
*/
|
||||
this.activeConnectionPermissions = template.activeConnectionPermissions || {};
|
||||
|
||||
/**
|
||||
* Map of user identifiers to the corresponding array of granted
|
||||
* permissions. Each permission is represented by a string listed
|
||||
@@ -237,6 +246,28 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
|
||||
return hasPermission(permSet.connectionGroupPermissions, type, identifier);
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns whether the given permission is granted for the active
|
||||
* connection having the given ID.
|
||||
*
|
||||
* @param {PermissionSet|Object} permSet
|
||||
* The permission set to check.
|
||||
*
|
||||
* @param {String} type
|
||||
* The permission to search for, as defined by
|
||||
* PermissionSet.ObjectPermissionType.
|
||||
*
|
||||
* @param {String} identifier
|
||||
* The identifier of the active connection to which the permission
|
||||
* applies.
|
||||
*
|
||||
* @returns {Boolean}
|
||||
* true if the permission is present (granted), false otherwise.
|
||||
*/
|
||||
PermissionSet.hasActiveConnectionPermission = function hasActiveConnectionPermission(permSet, type, identifier) {
|
||||
return hasPermission(permSet.activeConnectionPermissions, type, identifier);
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns whether the given permission is granted for the user having the
|
||||
* given ID.
|
||||
@@ -507,6 +538,55 @@ angular.module('rest').factory('PermissionSet', [function definePermissionSet()
|
||||
return removeObjectPermission(permSet.connectionGroupPermissions, type, identifier);
|
||||
};
|
||||
|
||||
/**
|
||||
* Adds the given active connection permission applying to the connection
|
||||
* group with the given ID to the given permission set, if not already
|
||||
* present. If the permission is already present, this function has no
|
||||
* effect.
|
||||
*
|
||||
* @param {PermissionSet} permSet
|
||||
* The permission set to modify.
|
||||
*
|
||||
* @param {String} type
|
||||
* The permission to add, as defined by
|
||||
* PermissionSet.ObjectPermissionType.
|
||||
*
|
||||
* @param {String} identifier
|
||||
* The identifier of the active connection to which the permission
|
||||
* applies.
|
||||
*
|
||||
* @returns {Boolean}
|
||||
* true if the permission was added, false if the permission was
|
||||
* already present in the given permission set.
|
||||
*/
|
||||
PermissionSet.addActiveConnectionPermission = function addActiveConnectionPermission(permSet, type, identifier) {
|
||||
return addObjectPermission(permSet.activeConnectionPermissions, type, identifier);
|
||||
};
|
||||
|
||||
/**
|
||||
* Removes the given active connection permission applying to the
|
||||
* connection group with the given ID from the given permission set, if
|
||||
* present. If the permission is not present, this function has no effect.
|
||||
*
|
||||
* @param {PermissionSet} permSet
|
||||
* The permission set to modify.
|
||||
*
|
||||
* @param {String} type
|
||||
* The permission to remove, as defined by
|
||||
* PermissionSet.ObjectPermissionType.
|
||||
*
|
||||
* @param {String} identifier
|
||||
* The identifier of the active connection to which the permission
|
||||
* applies.
|
||||
*
|
||||
* @returns {Boolean}
|
||||
* true if the permission was removed, false if the permission was not
|
||||
* present in the given permission set.
|
||||
*/
|
||||
PermissionSet.removeActiveConnectionPermission = function removeActiveConnectionPermission(permSet, type, identifier) {
|
||||
return removeObjectPermission(permSet.activeConnectionPermissions, type, identifier);
|
||||
};
|
||||
|
||||
/**
|
||||
* Adds the given user permission applying to the user with the given ID to
|
||||
* the given permission set, if not already present. If the permission is
|
||||
|
||||
Reference in New Issue
Block a user