GUACAMOLE-220: Deprecate built-in support for storage of permissions in SimpleUser. Add convenience constructors for SimpleObjectPermissionSet.

extensions/guacamole-auth-ldap/src/main/java/org/apache/guacamole/auth/ldap/user/UserContext.java

@@ -34,8 +34,10 @@ import org.apache.guacamole.net.auth.ConnectionGroup;
 import org.apache.guacamole.net.auth.Directory;
 import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.net.auth.UserGroup;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
 import org.apache.guacamole.net.auth.simple.SimpleConnectionGroup;
 import org.apache.guacamole.net.auth.simple.SimpleDirectory;
+import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 import org.apache.guacamole.net.auth.simple.SimpleUser;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -149,13 +151,29 @@ public class UserContext extends AbstractUserContext {
         );
 
         // Init self with basic permissions
-        self = new SimpleUser(
-            user.getIdentifier(),
-            userDirectory.getIdentifiers(),
-            userGroupDirectory.getIdentifiers(),
-            connectionDirectory.getIdentifiers(),
-            Collections.singleton(LDAPAuthenticationProvider.ROOT_CONNECTION_GROUP)
-        );
+        self = new SimpleUser(user.getIdentifier()) {
+
+            @Override
+            public ObjectPermissionSet getUserPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(userDirectory.getIdentifiers());
+            }
+
+            @Override
+            public ObjectPermissionSet getUserGroupPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(userGroupDirectory.getIdentifiers());
+            }
+
+            @Override
+            public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(connectionDirectory.getIdentifiers());
+            }
+
+            @Override
+            public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(Collections.singleton(LDAPAuthenticationProvider.ROOT_CONNECTION_GROUP));
+            }
+
+        };
 
     }
 

extensions/guacamole-auth-quickconnect/src/main/java/org/apache/guacamole/auth/quickconnect/QuickConnectUserContext.java

@@ -26,6 +26,8 @@ import org.apache.guacamole.net.auth.AbstractUserContext;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
 import org.apache.guacamole.net.auth.ConnectionGroup;
 import org.apache.guacamole.net.auth.User;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+import org.apache.guacamole.net.auth.simple.SimpleObjectPermissionSet;
 import org.apache.guacamole.net.auth.simple.SimpleUser;
 
 /**
@@ -93,10 +95,19 @@ public class QuickConnectUserContext extends AbstractUserContext {
 
         // Initialize the user to a SimpleUser with the provided username,
         // no connections, and the single root group.
-        this.self = new SimpleUser(username,
-            connectionDirectory.getIdentifiers(),
-            Collections.singleton(ROOT_IDENTIFIER)
-        );
+        this.self = new SimpleUser(username) {
+
+            @Override
+            public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(connectionDirectory.getIdentifiers());
+            }
+
+            @Override
+            public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException {
+                return new SimpleObjectPermissionSet(Collections.singleton(ROOT_IDENTIFIER));
+            }
+
+        };
 
         // Set the authProvider to the calling authProvider object.
         this.authProvider = authProvider;