From cdc0581a1a86ab53494951b1550182dc56373649 Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Mon, 12 Jan 2015 22:24:46 -0800
Subject: [PATCH] GUAC-995 Connection permission filter should take admin
 permission into account when filtering connection list.

---
 .../rest/connectiongroup/ConnectionGroupRESTService.java    | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
index 60d094c78..14d8c3ce6 100644
--- a/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
+++ b/guacamole/src/main/java/org/glyptodon/guacamole/net/basic/rest/connectiongroup/ConnectionGroupRESTService.java
@@ -45,6 +45,7 @@ import org.glyptodon.guacamole.net.auth.User;
 import org.glyptodon.guacamole.net.auth.UserContext;
 import org.glyptodon.guacamole.net.auth.permission.ConnectionPermission;
 import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
+import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
 import org.glyptodon.guacamole.net.basic.rest.AuthProviderRESTExposure;
 import org.glyptodon.guacamole.net.basic.rest.ObjectRetrievalService;
 import org.glyptodon.guacamole.net.basic.rest.auth.AuthenticationService;
@@ -111,6 +112,9 @@ public class ConnectionGroupRESTService {
             throws GuacamoleException {
 
         User self = userContext.self();
+        
+        // An admin user has access to any connection or connection group
+        boolean isAdmin = self.hasPermission(new SystemPermission(SystemPermission.Type.ADMINISTER));
 
         // Retrieve specified connection group
         ConnectionGroup connectionGroup;
@@ -139,7 +143,7 @@ public class ConnectionGroupRESTService {
                     continue;
 
                 // Filter based on permission, if requested
-                if (permission == null || self.hasPermission(new ConnectionPermission(permission, childIdentifier)))
+                if (isAdmin || permission == null || self.hasPermission(new ConnectionPermission(permission, childIdentifier)))
                     apiConnections.add(new APIConnection(childConnection));
 
             }