mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-06 13:17:41 +00:00
GUACAMOLE-220: Merge correct handling of permission-filtered directory search.
This commit is contained in:
Nick Couchman
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
|
|||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.ActiveConnection;
|
import org.apache.guacamole.net.auth.ActiveConnection;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryResource;
|
import org.apache.guacamole.rest.directory.DirectoryResource;
|
||||||
@@ -67,4 +70,10 @@ public class ActiveConnectionDirectoryResource
|
|||||||
super(userContext, directory, translator, resourceFactory);
|
super(userContext, directory, translator, resourceFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getActiveConnectionPermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
|
|||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.Connection;
|
import org.apache.guacamole.net.auth.Connection;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryResource;
|
import org.apache.guacamole.rest.directory.DirectoryResource;
|
||||||
@@ -66,4 +69,10 @@ public class ConnectionDirectoryResource
|
|||||||
super(userContext, directory, translator, resourceFactory);
|
super(userContext, directory, translator, resourceFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getConnectionPermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -27,7 +27,9 @@ import javax.ws.rs.core.MediaType;
|
|||||||
import org.apache.guacamole.GuacamoleException;
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.ConnectionGroup;
|
import org.apache.guacamole.net.auth.ConnectionGroup;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResource;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResource;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
@@ -102,4 +104,10 @@ public class ConnectionGroupDirectoryResource
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getConnectionGroupPermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -119,6 +119,26 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter
|
|||||||
this.resourceFactory = resourceFactory;
|
this.resourceFactory = resourceFactory;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns the ObjectPermissionSet defined within the given Permissions
|
||||||
|
* that represents the permissions affecting objects available within this
|
||||||
|
* DirectoryResource.
|
||||||
|
*
|
||||||
|
* @param permissions
|
||||||
|
* The Permissions object from which the ObjectPermissionSet should be
|
||||||
|
* retrieved.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* The ObjectPermissionSet defined within the given Permissions object
|
||||||
|
* that represents the permissions affecting objects available within
|
||||||
|
* this DirectoryResource.
|
||||||
|
*
|
||||||
|
* @throws GuacamoleException
|
||||||
|
* If an error prevents retrieval of permissions.
|
||||||
|
*/
|
||||||
|
protected abstract ObjectPermissionSet getObjectPermissions(
|
||||||
|
Permissions permissions) throws GuacamoleException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a map of all objects available within this DirectoryResource,
|
* Returns a map of all objects available within this DirectoryResource,
|
||||||
* filtering the returned map by the given permission, if specified.
|
* filtering the returned map by the given permission, if specified.
|
||||||
@@ -149,7 +169,7 @@ public abstract class DirectoryResource<InternalType extends Identifiable, Exter
|
|||||||
// Filter objects, if requested
|
// Filter objects, if requested
|
||||||
Collection<String> identifiers = directory.getIdentifiers();
|
Collection<String> identifiers = directory.getIdentifiers();
|
||||||
if (!isAdmin && permissions != null && !permissions.isEmpty()) {
|
if (!isAdmin && permissions != null && !permissions.isEmpty()) {
|
||||||
ObjectPermissionSet objectPermissions = effective.getUserPermissions();
|
ObjectPermissionSet objectPermissions = getObjectPermissions(effective);
|
||||||
identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers);
|
identifiers = objectPermissions.getAccessibleObjects(permissions, identifiers);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
|
|||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.SharingProfile;
|
import org.apache.guacamole.net.auth.SharingProfile;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryResource;
|
import org.apache.guacamole.rest.directory.DirectoryResource;
|
||||||
@@ -67,4 +70,10 @@ public class SharingProfileDirectoryResource
|
|||||||
super(userContext, directory, translator, resourceFactory);
|
super(userContext, directory, translator, resourceFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getSharingProfilePermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
|
|||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.User;
|
import org.apache.guacamole.net.auth.User;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryResource;
|
import org.apache.guacamole.rest.directory.DirectoryResource;
|
||||||
@@ -65,4 +68,10 @@ public class UserDirectoryResource extends DirectoryResource<User, APIUser> {
|
|||||||
super(userContext, directory, translator, resourceFactory);
|
super(userContext, directory, translator, resourceFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getUserPermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -24,9 +24,12 @@ import com.google.inject.assistedinject.AssistedInject;
|
|||||||
import javax.ws.rs.Consumes;
|
import javax.ws.rs.Consumes;
|
||||||
import javax.ws.rs.Produces;
|
import javax.ws.rs.Produces;
|
||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
import org.apache.guacamole.GuacamoleException;
|
||||||
import org.apache.guacamole.net.auth.UserGroup;
|
import org.apache.guacamole.net.auth.UserGroup;
|
||||||
import org.apache.guacamole.net.auth.Directory;
|
import org.apache.guacamole.net.auth.Directory;
|
||||||
|
import org.apache.guacamole.net.auth.Permissions;
|
||||||
import org.apache.guacamole.net.auth.UserContext;
|
import org.apache.guacamole.net.auth.UserContext;
|
||||||
|
import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
import org.apache.guacamole.rest.directory.DirectoryObjectResourceFactory;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
import org.apache.guacamole.rest.directory.DirectoryObjectTranslator;
|
||||||
import org.apache.guacamole.rest.directory.DirectoryResource;
|
import org.apache.guacamole.rest.directory.DirectoryResource;
|
||||||
@@ -65,4 +68,10 @@ public class UserGroupDirectoryResource extends DirectoryResource<UserGroup, API
|
|||||||
super(userContext, directory, translator, resourceFactory);
|
super(userContext, directory, translator, resourceFactory);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected ObjectPermissionSet getObjectPermissions(Permissions permissions)
|
||||||
|
throws GuacamoleException {
|
||||||
|
return permissions.getUserGroupPermissions();
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user