safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-10-31 17:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Deprecate built-in support for storage of permissions in SimpleUser. Add convenience constructors for SimpleObjectPermissionSet.

Browse Source
This commit is contained in:
Michael Jumper
2018-11-03 13:58:50 -07:00
parent aa0c654231
commit d10256e151
5 changed files with 128 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleObjectPermissionSet.java
View File

@@ -22,6 +22,7 @@ package org.apache.guacamole.net.auth.simple;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleSecurityException;
@@ -45,6 +46,66 @@ public class SimpleObjectPermissionSet implements ObjectPermissionSet {
public SimpleObjectPermissionSet() {
}
/**
* Creates a new set of ObjectPermissions for each possible combination of
* the given identifiers and permission types.
*
* @param identifiers
* The identifiers which should have one ObjectPermission for each of
* the given permission types.
*
* @param types
* The permissions which should be granted for each of the given
* identifiers.
*
* @return
* A new set of ObjectPermissions containing one ObjectPermission for
* each possible combination of the given identifiers and permission
* types.
*/
private static Set<ObjectPermission> createPermissions(Collection<String> identifiers,
Collection<ObjectPermission.Type> types) {
// Add a permission of each type to the set for each identifier given
Set<ObjectPermission> permissions = new HashSet<>(identifiers.size());
types.forEach(type -> {
identifiers.forEach(identifier -> permissions.add(new ObjectPermission(type, identifier)));
});
return permissions;
}
/**
* Creates a new SimpleObjectPermissionSet which contains permissions for
* all possible unique combinations of the given identifiers and permission
* types.
*
* @param identifiers
* The identifiers which should be associated permissions having each
* of the given permission types.
*
* @param types
* The types of permissions which should be granted for each of the
* given identifiers.
*/
public SimpleObjectPermissionSet(Collection<String> identifiers,
Collection<ObjectPermission.Type> types) {
this(createPermissions(identifiers, types));
}
/**
* Creates a new SimpleObjectPermissionSet which contains only READ
* permissions for each of the given identifiers.
*
* @param identifiers
* The identifiers which should each be associated with READ
* permission.
*/
public SimpleObjectPermissionSet(Collection<String> identifiers) {
this(identifiers, Collections.singletonList(ObjectPermission.Type.READ));
}
/**
* Creates a new SimpleObjectPermissionSet which contains the permissions
* within the given Set.

58
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUser.java
View File

@@ -45,11 +45,6 @@ public class SimpleUser extends AbstractUser {
*/
private final Set<ObjectPermission> userPermissions = new HashSet<>();
/**
* All user group permissions granted to this user.
*/
private final Set<ObjectPermission> userGroupPermissions = new HashSet<>();
/**
* All connection permissions granted to this user.
*/
@@ -115,7 +110,15 @@ public class SimpleUser extends AbstractUser {
* @param connectionGroupIdentifiers
* The identifiers of all connection groups this user has READ access
* to.
*
* @deprecated
* Extend and override the applicable permission set getters instead,
* relying on SimpleUser to expose no permissions by default for all
* permission sets that aren't overridden. See {@link SimpleObjectPermissionSet}
* for convenient methods of providing a read-only permission set with
* specific permissions.
*/
@Deprecated
public SimpleUser(String username,
Collection<String> connectionIdentifiers,
Collection<String> connectionGroupIdentifiers) {
@@ -128,43 +131,6 @@ public class SimpleUser extends AbstractUser {
}
/**
* Creates a new SimpleUser having the given username and READ access to
* the users, user groups, connections, and connection groups having the
* given identifiers.
*
* @param username
* The username to assign to this SimpleUser.
*
* @param userIdentifiers
* The identifiers of all users this user has READ access to.
*
* @param userGroupIdentifiers
* The identifiers of all user groups this user has READ access to.
*
* @param connectionIdentifiers
* The identifiers of all connections this user has READ access to.
*
* @param connectionGroupIdentifiers
* The identifiers of all connection groups this user has READ access
* to.
*/
public SimpleUser(String username,
Collection<String> userIdentifiers,
Collection<String> userGroupIdentifiers,
Collection<String> connectionIdentifiers,
Collection<String> connectionGroupIdentifiers) {
this(username);
// Add permissions
addReadPermissions(userPermissions, userIdentifiers);
addReadPermissions(userGroupPermissions, userGroupIdentifiers);
addReadPermissions(connectionPermissions, connectionIdentifiers);
addReadPermissions(connectionGroupPermissions, connectionGroupIdentifiers);
}
/**
* Creates a new SimpleUser having the given username and READ access to
* the users, connections, and groups having the given identifiers.
@@ -181,7 +147,15 @@ public class SimpleUser extends AbstractUser {
* @param connectionGroupIdentifiers
* The identifiers of all connection groups this user has READ access
* to.
*
* @deprecated
* Extend and override the applicable permission set getters instead,
* relying on SimpleUser to expose no permissions by default for all
* permission sets that aren't overridden. See {@link SimpleObjectPermissionSet}
* for convenient methods of providing a read-only permission set with
* specific permissions.
*/
@Deprecated
public SimpleUser(String username,
Collection<String> userIdentifiers,
Collection<String> connectionIdentifiers,

23
guacamole-ext/src/main/java/org/apache/guacamole/net/auth/simple/SimpleUserContext.java
View File

@@ -19,7 +19,6 @@
package org.apache.guacamole.net.auth.simple;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.guacamole.GuacamoleException;
@@ -29,6 +28,7 @@ import org.apache.guacamole.net.auth.AuthenticationProvider;
import org.apache.guacamole.net.auth.Connection;
import org.apache.guacamole.net.auth.Directory;
import org.apache.guacamole.net.auth.User;
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
import org.apache.guacamole.protocol.GuacamoleConfiguration;
/**
@@ -113,20 +113,19 @@ public class SimpleUserContext extends AbstractUserContext {
@Override
public User self() {
return new SimpleUser(username) {
try {
return new SimpleUser(username,
getConnectionDirectory().getIdentifiers(),
getConnectionGroupDirectory().getIdentifiers()
);
}
@Override
public ObjectPermissionSet getConnectionGroupPermissions() throws GuacamoleException {
return new SimpleObjectPermissionSet(getConnectionDirectory().getIdentifiers());
}
catch (GuacamoleException e) {
return new SimpleUser(username,
Collections.<String>emptySet(),
Collections.<String>emptySet());
}
@Override
public ObjectPermissionSet getConnectionPermissions() throws GuacamoleException {
return new SimpleObjectPermissionSet(getConnectionGroupDirectory().getIdentifiers());
}
};
}
@Override