From d95e05961275a773aa689adac6dae7d204426201 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Tue, 3 Apr 2018 11:17:31 -0700
Subject: [PATCH] GUACAMOLE-220: Refactor user-related model objects and
 services to leverage the base "entity" model.

---
 .../guacamole/auth/jdbc/base/EntityModel.java | 113 ++++++++++++++++++
 .../guacamole/auth/jdbc/base/EntityType.java  |  38 ++++++
 .../base/ModeledDirectoryObjectService.java   |   3 +-
 .../ModeledObjectPermissionService.java       |   3 +-
 .../permission/ObjectPermissionMapper.java    |  20 ++--
 .../jdbc/permission/PermissionMapper.java     |  13 +-
 .../auth/jdbc/permission/PermissionModel.java |  50 ++------
 .../permission/SystemPermissionMapper.java    |  12 +-
 .../permission/SystemPermissionService.java   |   3 +-
 .../guacamole/auth/jdbc/user/UserModel.java   |   6 +-
 .../guacamole/auth/jdbc/user/UserService.java |   5 +-
 11 files changed, 195 insertions(+), 71 deletions(-)
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityModel.java
 create mode 100644 extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityType.java

diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityModel.java
new file mode 100644
index 000000000..c42db16b9
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityModel.java
@@ -0,0 +1,113 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.base;
+
+/**
+ * Base representation of a Guacamole object that can be granted permissions
+ * (an "entity"), such as a user or user group, as represented in the database.
+ * Each entity has three base properties:
+ *
+ *   1. The "entityID", which points to the common entry in the
+ *      guacamole_entity table and is common to any type of entity.
+ *
+ *   2. The "objectID", which points to the type-specific entry for the object
+ *      in question (ie: an entry in guacamole_user or guacamole_user_group).
+ *
+ *   3. The "identifier", which contains the unique "name" value defined for
+ *      the entity within the guacamole_entity table.
+ */
+public abstract class EntityModel extends ObjectModel {
+
+    /**
+     * The ID of the entity entry which corresponds to this object in the
+     * database, if any. Note that this is distinct from the objectID,
+     * inherited from ObjectModel, which is specific to the actual type of
+     * object represented by the entity.
+     */
+    private Integer entityID;
+
+    /**
+     * The type of object represented by the entity (user or user group).
+     */
+    private EntityType type;
+
+    /**
+     * Creates a new, empty entity.
+     */
+    public EntityModel() {
+    }
+
+    /**
+     * Creates a new entity of the given type which is otherwise empty.
+     *
+     * @param type
+     *     The type to assign to the new entity.
+     */
+    public EntityModel(EntityType type) {
+        this.type = type;
+    }
+
+    /**
+     * Returns the ID of the entity entry which corresponds to this object in
+     * the database, if it exists. Note that this is distinct from the objectID,
+     * inherited from ObjectModel, which is specific to the actual type of
+     * object represented by the entity.
+     *
+     * @return
+     *     The ID of this entity in the database, or null if this entity was
+     *     not retrieved from the database.
+     */
+    public Integer getEntityID() {
+        return entityID;
+    }
+
+    /**
+     * Sets the ID of this entity to the given value.
+     *
+     * @param entityID
+     *     The ID to assign to this entity.
+     */
+    public void setEntityID(Integer entityID) {
+        this.entityID = entityID;
+    }
+
+    /**
+     * Returns the type of object represented by the entity. Each entity may be
+     * either a user or a user group.
+     *
+     * @return
+     *     The type of object represented by the entity.
+     */
+    public EntityType getEntityType() {
+        return type;
+    }
+
+    /**
+     * Sets the type of object represented by the entity. Each entity may be
+     * either a user or a user group.
+     *
+     * @param type
+     *     The type of object represented by the entity.
+     */
+    public void setEntityType(EntityType type) {
+        this.type = type;
+    }
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityType.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityType.java
new file mode 100644
index 000000000..9b1f1edc9
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/EntityType.java
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.base;
+
+/**
+ * The type of object represented by an entity. Each entity may represent
+ * either a user or a user group.
+ */
+public enum EntityType {
+
+    /**
+     * An individual user.
+     */
+    USER,
+
+    /**
+     * A group of users and/or other groups.
+     */
+    USER_GROUP
+
+}
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
index 21508c471..3e3e707d5 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledDirectoryObjectService.java
@@ -432,8 +432,7 @@ public abstract class ModeledDirectoryObjectService<InternalType extends Modeled
 
             // Create model which grants this permission to the current user
             ObjectPermissionModel permissionModel = new ObjectPermissionModel();
-            permissionModel.setUserID(userModel.getObjectID());
-            permissionModel.setUsername(userModel.getIdentifier());
+            permissionModel.setEntityID(userModel.getEntityID());
             permissionModel.setType(permission);
             permissionModel.setObjectIdentifier(model.getIdentifier());
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
index a4f1f3f1f..9197217bc 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
@@ -53,8 +53,7 @@ public abstract class ModeledObjectPermissionService
         ObjectPermissionModel model = new ObjectPermissionModel();
 
         // Populate model object with data from user and permission
-        model.setUserID(targetUser.getModel().getObjectID());
-        model.setUsername(targetUser.getModel().getIdentifier());
+        model.setEntityID(targetUser.getModel().getEntityID());
         model.setType(permission.getType());
         model.setObjectIdentifier(permission.getObjectIdentifier());
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
index ff8369ae3..f744fbf89 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ObjectPermissionMapper.java
@@ -20,8 +20,8 @@
 package org.apache.guacamole.auth.jdbc.permission;
 
 import java.util.Collection;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
 import org.apache.ibatis.annotations.Param;
-import org.apache.guacamole.auth.jdbc.user.UserModel;
 import org.apache.guacamole.net.auth.permission.ObjectPermission;
 
 /**
@@ -31,11 +31,11 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
 
     /**
      * Retrieve the permission of the given type associated with the given
-     * user and object, if it exists. If no such permission exists, null is
+     * entity and object, if it exists. If no such permission exists, null is
      * returned.
      *
-     * @param user
-     *     The user to retrieve permissions for.
+     * @param entity
+     *     The entity to retrieve permissions for.
      * 
      * @param type
      *     The type of permission to return.
@@ -45,18 +45,18 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
      *
      * @return
      *     The requested permission, or null if no such permission is granted
-     *     to the given user for the given object.
+     *     to the given entity for the given object.
      */
-    ObjectPermissionModel selectOne(@Param("user") UserModel user,
+    ObjectPermissionModel selectOne(@Param("entity") EntityModel entity,
             @Param("type") ObjectPermission.Type type,
             @Param("identifier") String identifier);
 
     /**
-     * Retrieves the subset of the given identifiers for which the given user
+     * Retrieves the subset of the given identifiers for which the given entity
      * has at least one of the given permissions.
      *
-     * @param user
-     *     The user to check permissions of.
+     * @param entity
+     *     The entity to check permissions of.
      *
      * @param permissions
      *     The permissions to check. An identifier will be included in the
@@ -71,7 +71,7 @@ public interface ObjectPermissionMapper extends PermissionMapper<ObjectPermissio
      *     A collection containing the subset of identifiers for which at least
      *     one of the specified permissions is granted.
      */
-    Collection<String> selectAccessibleIdentifiers(@Param("user") UserModel user,
+    Collection<String> selectAccessibleIdentifiers(@Param("entity") EntityModel entity,
             @Param("permissions") Collection<ObjectPermission.Type> permissions,
             @Param("identifiers") Collection<String> identifiers);
 
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java
index d49dc30c3..7b476b362 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionMapper.java
@@ -20,7 +20,7 @@
 package org.apache.guacamole.auth.jdbc.permission;
 
 import java.util.Collection;
-import org.apache.guacamole.auth.jdbc.user.UserModel;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
 import org.apache.ibatis.annotations.Param;
 
 /**
@@ -32,15 +32,16 @@ import org.apache.ibatis.annotations.Param;
 public interface PermissionMapper<PermissionType> {
 
     /**
-     * Retrieves all permissions associated with the given user.
+     * Retrieves all permissions associated with the given entity (user or user
+     * group).
      *
-     * @param user
-     *     The user to retrieve permissions for.
+     * @param entity
+     *     The entity to retrieve permissions for.
      *
      * @return
-     *     All permissions associated with the given user.
+     *     All permissions associated with the given entity.
      */
-    Collection<PermissionType> select(@Param("user") UserModel user);
+    Collection<PermissionType> select(@Param("entity") EntityModel entity);
 
     /**
      * Inserts the given permissions into the database. If any permissions
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionModel.java
index fbc3e8de4..da1ec2d28 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/PermissionModel.java
@@ -21,7 +21,7 @@ package org.apache.guacamole.auth.jdbc.permission;
 
 /**
  * Generic base permission model which grants a permission of a particular type
- * to a specific user.
+ * to a specific entity (user or user group).
  *
  * @param <PermissionType>
  *     The type of permissions allowed within this model.
@@ -29,14 +29,9 @@ package org.apache.guacamole.auth.jdbc.permission;
 public abstract class PermissionModel<PermissionType> {
 
     /**
-     * The database ID of the user to whom this permission is granted.
+     * The database ID of the entity to whom this permission is granted.
      */
-    private Integer userID;
-
-    /**
-     * The username of the user to whom this permission is granted.
-     */
-    private String username;
+    private Integer entityID;
 
     /**
      * The type of action granted by this permission.
@@ -44,43 +39,24 @@ public abstract class PermissionModel<PermissionType> {
     private PermissionType type;
     
     /**
-     * Returns the database ID of the user to whom this permission is granted.
+     * Returns the database ID of the entity to whom this permission is
+     * granted.
      * 
      * @return
-     *     The database ID of the user to whom this permission is granted.
+     *     The database ID of the entity to whom this permission is granted.
      */
-    public Integer getUserID() {
-        return userID;
+    public Integer getEntityID() {
+        return entityID;
     }
 
     /**
-     * Sets the database ID of the user to whom this permission is granted.
+     * Sets the database ID of the entity to whom this permission is granted.
      *
-     * @param userID
-     *     The database ID of the user to whom this permission is granted.
+     * @param entityID
+     *     The database ID of the entity to whom this permission is granted.
      */
-    public void setUserID(Integer userID) {
-        this.userID = userID;
-    }
-
-    /**
-     * Returns the username of the user to whom this permission is granted.
-     * 
-     * @return
-     *     The username of the user to whom this permission is granted.
-     */
-    public String getUsername() {
-        return username;
-    }
-
-    /**
-     * Sets the username of the user to whom this permission is granted.
-     *
-     * @param username
-     *     The username of the user to whom this permission is granted.
-     */
-    public void setUsername(String username) {
-        this.username = username;
+    public void setEntityID(Integer entityID) {
+        this.entityID = entityID;
     }
 
     /**
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
index 929d6e9aa..738062c2a 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.java
@@ -19,7 +19,7 @@
 
 package org.apache.guacamole.auth.jdbc.permission;
 
-import org.apache.guacamole.auth.jdbc.user.UserModel;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
 import org.apache.ibatis.annotations.Param;
 import org.apache.guacamole.net.auth.permission.SystemPermission;
 
@@ -30,19 +30,19 @@ public interface SystemPermissionMapper extends PermissionMapper<SystemPermissio
 
     /**
      * Retrieve the permission of the given type associated with the given
-     * user, if it exists. If no such permission exists, null is returned.
+     * entity, if it exists. If no such permission exists, null is returned.
      *
-     * @param user
-     *     The user to retrieve permissions for.
+     * @param entity
+     *     The entity to retrieve permissions for.
      * 
      * @param type
      *     The type of permission to return.
      *
      * @return
      *     The requested permission, or null if no such permission is granted
-     *     to the given user.
+     *     to the given entity.
      */
-    SystemPermissionModel selectOne(@Param("user") UserModel user,
+    SystemPermissionModel selectOne(@Param("entity") EntityModel entity,
             @Param("type") SystemPermission.Type type);
 
 }
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
index db1d81e61..e50a47f3c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/SystemPermissionService.java
@@ -66,8 +66,7 @@ public class SystemPermissionService
         SystemPermissionModel model = new SystemPermissionModel();
 
         // Populate model object with data from user and permission
-        model.setUserID(targetUser.getModel().getObjectID());
-        model.setUsername(targetUser.getModel().getIdentifier());
+        model.setEntityID(targetUser.getModel().getEntityID());
         model.setType(permission.getType());
 
         return model;
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
index a6cf997d3..194a26d4c 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserModel.java
@@ -22,12 +22,13 @@ package org.apache.guacamole.auth.jdbc.user;
 import java.sql.Date;
 import java.sql.Time;
 import java.sql.Timestamp;
-import org.apache.guacamole.auth.jdbc.base.ObjectModel;
+import org.apache.guacamole.auth.jdbc.base.EntityModel;
+import org.apache.guacamole.auth.jdbc.base.EntityType;
 
 /**
  * Object representation of a Guacamole user, as represented in the database.
  */
-public class UserModel extends ObjectModel {
+public class UserModel extends EntityModel {
 
     /**
      * The SHA-256 hash of the password and salt.
@@ -124,6 +125,7 @@ public class UserModel extends ObjectModel {
      * Creates a new, empty user.
      */
     public UserModel() {
+        super(EntityType.USER);
     }
 
     /**
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
index 090963fd2..e4bb738d8 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserService.java
@@ -38,7 +38,6 @@ import org.apache.guacamole.auth.jdbc.base.ActivityRecordModel;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordSearchTerm;
 import org.apache.guacamole.auth.jdbc.base.ActivityRecordSortPredicate;
 import org.apache.guacamole.auth.jdbc.base.ModeledActivityRecord;
-import org.apache.guacamole.auth.jdbc.connection.ConnectionRecordModel;
 import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
 import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionModel;
 import org.apache.guacamole.auth.jdbc.permission.UserPermissionMapper;
@@ -49,7 +48,6 @@ import org.apache.guacamole.form.PasswordField;
 import org.apache.guacamole.net.auth.ActivityRecord;
 import org.apache.guacamole.net.auth.AuthenticatedUser;
 import org.apache.guacamole.net.auth.AuthenticationProvider;
-import org.apache.guacamole.net.auth.ConnectionRecord;
 import org.apache.guacamole.net.auth.User;
 import org.apache.guacamole.net.auth.credentials.CredentialsInfo;
 import org.apache.guacamole.net.auth.credentials.GuacamoleInsufficientCredentialsException;
@@ -294,8 +292,7 @@ public class UserService extends ModeledDirectoryObjectService<ModeledUser, User
         for (ObjectPermission.Type permissionType : IMPLICIT_USER_PERMISSIONS) {
             
             ObjectPermissionModel permissionModel = new ObjectPermissionModel();
-            permissionModel.setUserID(model.getObjectID());
-            permissionModel.setUsername(model.getIdentifier());
+            permissionModel.setEntityID(model.getEntityID());
             permissionModel.setType(permissionType);
             permissionModel.setObjectIdentifier(model.getIdentifier());