From d8e8eae48943a8eba2dafa7ed02395c0aa2ab60f Mon Sep 17 00:00:00 2001
From: James Muehlner <james.muehlner@guac-dev.org>
Date: Fri, 16 Aug 2013 21:33:26 -0700
Subject: [PATCH] Ticket #395: Fixed some small bugs.

---
 .../net/auth/mysql/service/PermissionCheckService.java      | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
index 5dad66795..c4884127b 100644
--- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
+++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java
@@ -246,8 +246,10 @@ public class PermissionCheckService {
      */
     public boolean checkConnectionGroupAccess(int userID, Integer affectedConnectionGroupID, String permissionType) {
 
-        // All users have implicit permission to use the root group
-        if(affectedConnectionGroupID == null)
+        // All users have implicit permission to read and update the root connection group
+        if(affectedConnectionGroupID == null && 
+                MySQLConstants.CONNECTION_GROUP_READ.equals(permissionType) ||
+                MySQLConstants.CONNECTION_GROUP_UPDATE.equals(permissionType))
             return true;
         
         // A system administrator has full access to everything.