From dbafe68cd40dc5d4d2876376007582a065d90764 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 1 Mar 2013 03:39:49 -0800 Subject: [PATCH] Ticket #269: Major cleanup of permissions service. --- .../net/auth/mysql/ConnectionDirectory.java | 54 +- .../net/auth/mysql/UserDirectory.java | 253 +++-- .../auth/mysql/service/ConnectionService.java | 76 +- .../mysql/service/PermissionCheckService.java | 865 +++++------------- .../net/auth/mysql/service/UserService.java | 133 ++- 5 files changed, 459 insertions(+), 922 deletions(-) diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java index 5f2544ea4..984aac7a0 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java @@ -38,7 +38,7 @@ package net.sourceforge.guacamole.net.auth.mysql; * ***** END LICENSE BLOCK ***** */ import com.google.inject.Inject; -import java.util.HashSet; +import java.util.List; import java.util.Set; import net.sourceforge.guacamole.GuacamoleException; import net.sourceforge.guacamole.net.auth.Connection; @@ -102,19 +102,34 @@ public class ConnectionDirectory implements Directory{ @Transactional @Override public Connection get(String identifier) throws GuacamoleException { - permissionCheckService.verifyConnectionReadAccess(this.user_id, identifier); - return connectionService.retrieveConnection(identifier); + + // Get connection + MySQLConnection connection = + connectionService.retrieveConnection(identifier); + + // Verify access is granted + permissionCheckService.verifyConnectionAccess( + this.user_id, + connection.getConnectionID(), + MySQLConstants.CONNECTION_READ); + + // Return connection + return connection; + } @Transactional @Override public Set getIdentifiers() throws GuacamoleException { - Set connectionNameSet = new HashSet(); - Set connections = permissionCheckService.getReadableConnections(this.user_id); - for(MySQLConnection mySQLConnection : connections) { - connectionNameSet.add(mySQLConnection.getIdentifier()); - } - return connectionNameSet; + + // List of all connection IDs for which this user has read access + List connectionIDs = + permissionCheckService.retrieveConnectionIDs(this.user_id, + MySQLConstants.CONNECTION_READ); + + // Query all associated connections + return connectionService.translateNames(connectionIDs).keySet(); + } @Transactional @@ -122,7 +137,8 @@ public class ConnectionDirectory implements Directory{ public void add(Connection object) throws GuacamoleException { // Verify permission to create - permissionCheckService.verifyCreateConnectionPermission(this.user_id); + permissionCheckService.verifySystemAccess(this.user_id, + MySQLConstants.SYSTEM_CONNECTION_CREATE); // Create connection MySQLConnection connection = connectionService.createConnection( @@ -192,10 +208,14 @@ public class ConnectionDirectory implements Directory{ if (!(object instanceof MySQLConnection)) throw new GuacamoleException("Connection not from database."); - // Verify permission to update - permissionCheckService.verifyConnectionUpdateAccess(this.user_id, object.getIdentifier()); - MySQLConnection mySQLConnection = (MySQLConnection) object; + + // Verify permission to update + permissionCheckService.verifyConnectionAccess(this.user_id, + mySQLConnection.getConnectionID(), + MySQLConstants.CONNECTION_UPDATE); + + // Perform update connectionService.updateConnection(mySQLConnection); // Delete old connection parameters @@ -213,13 +233,15 @@ public class ConnectionDirectory implements Directory{ @Override public void remove(String identifier) throws GuacamoleException { - // Verify permission to delete - permissionCheckService.verifyConnectionDeleteAccess(this.user_id, identifier); - // Get connection MySQLConnection mySQLConnection = connectionService.retrieveConnection(identifier); + // Verify permission to delete + permissionCheckService.verifyConnectionAccess(this.user_id, + mySQLConnection.getConnectionID(), + MySQLConstants.CONNECTION_DELETE); + // Delete the connection itself connectionService.deleteConnection(mySQLConnection.getConnectionID()); diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java index 2db93fca1..b22124f0d 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java @@ -41,8 +41,6 @@ import com.google.common.base.Preconditions; import com.google.inject.Inject; import java.util.ArrayList; import java.util.Collection; -import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; @@ -143,23 +141,32 @@ public class UserDirectory implements Directory getIdentifiers() throws GuacamoleException { - // Get set of all readable users - Set users = permissionCheckService.getReadableUsers(this.user_id); + // List of all user IDs for which this user has read access + List userIDs = + permissionCheckService.retrieveConnectionIDs(this.user_id, + MySQLConstants.USER_READ); - // Build set of usernames of readable users - Set userNameSet = new HashSet(); - for (MySQLUser mySQLUser : users) - userNameSet.add(mySQLUser.getUsername()); + // Query all associated users + return userService.translateUsernames(userIDs).keySet(); - return userNameSet; } @Override @@ -168,7 +175,8 @@ public class UserDirectory implements Directory permissions) throws GuacamoleException { + // If no permissions given, stop now if(permissions.isEmpty()) return; - // Get set of administerable users - Set administerableUsers = - permissionCheckService.getAdministerableUserIDs(this.user_id); + // Get list of administerable user IDs + List administerableUserIDs = + permissionCheckService.retrieveUserIDs(this.user_id, + MySQLConstants.USER_ADMINISTER); - // Get list of usernames for all given user permissions. - List usernames = new ArrayList(); - for (UserPermission permission : permissions) - usernames.add(permission.getObjectIdentifier()); - - // Find all the users by username - List users = userService.retrieveUsersByUsername(usernames); - - // Build map of found users, indexed by username - Map userMap = new HashMap(); - for (MySQLUser user : users) - userMap.put(user.getUsername(), user); + // Get set of usernames corresponding to administerable users + Map administerableUsers = + userService.translateUsernames(administerableUserIDs); + // Insert all given permissions for (UserPermission permission : permissions) { - // Get user - MySQLUser affectedUser = - userMap.get(permission.getObjectIdentifier()); - if (affectedUser == null) - throw new GuacamoleException( - "User '" + permission.getObjectIdentifier() - + "' not found."); + // Get original ID + Integer affected_id = + administerableUsers.get(permission.getObjectIdentifier()); // Verify that the user actually has permission to administrate // every one of these users - if (!administerableUsers.contains(affectedUser.getUserID())) + if (affected_id == null) throw new GuacamoleSecurityException( "User #" + this.user_id + " does not have permission to administrate user " - + affectedUser.getUsername()); + + permission.getObjectIdentifier()); // Create new permission UserPermissionKey newPermission = new UserPermissionKey(); - newPermission.setAffected_user_id(affectedUser.getUserID()); - newPermission.setPermission(permission.getType().name()); newPermission.setUser_id(user_id); + newPermission.setPermission(MySQLConstants.getUserConstant(permission.getType())); + newPermission.setAffected_user_id(affected_id); userPermissionDAO.insert(newPermission); + } + } /** @@ -345,54 +345,44 @@ public class UserDirectory implements Directory permissions) throws GuacamoleException { + // If no permissions given, stop now if(permissions.isEmpty()) return; - // Get set of administerable users - Set administerableUsers = - permissionCheckService.getAdministerableUserIDs(this.user_id); + // Get list of administerable user IDs + List administerableUserIDs = + permissionCheckService.retrieveUserIDs(this.user_id, + MySQLConstants.USER_ADMINISTER); - // Get list of usernames for all given user permissions. - List usernames = new ArrayList(); - for (UserPermission permission : permissions) - usernames.add(permission.getObjectIdentifier()); + // Get set of usernames corresponding to administerable users + Map administerableUsers = + userService.translateUsernames(administerableUserIDs); - // Find all the users by username - List users = userService.retrieveUsersByUsername(usernames); - List userIDs = new ArrayList(); - - // Build map of found users, indexed by username - Map userMap = new HashMap(); - for (MySQLUser user : users) { - userMap.put(user.getUsername(), user); - userIDs.add(user.getUserID()); - } - - // Verify we have permission to delete each user permission. + // Delete requested permissions for (UserPermission permission : permissions) { - // Get user - MySQLUser affectedUser = userMap.get(permission.getObjectIdentifier()); - if (affectedUser == null) - throw new GuacamoleException( - "User '" + permission.getObjectIdentifier() - + "' not found."); + // Get original ID + Integer affected_id = + administerableUsers.get(permission.getObjectIdentifier()); // Verify that the user actually has permission to administrate // every one of these users - if (!administerableUsers.contains(affectedUser.getUserID())) + if (affected_id == null) throw new GuacamoleSecurityException( "User #" + this.user_id + " does not have permission to administrate user " - + affectedUser.getUsername()); + + permission.getObjectIdentifier()); + + // Delete requested permission + UserPermissionExample userPermissionExample = new UserPermissionExample(); + userPermissionExample.createCriteria() + .andUser_idEqualTo(user_id) + .andPermissionEqualTo(MySQLConstants.getUserConstant(permission.getType())) + .andAffected_user_idEqualTo(affected_id); + userPermissionDAO.deleteByExample(userPermissionExample); + } - if(!userIDs.isEmpty()) { - UserPermissionExample userPermissionExample = new UserPermissionExample(); - userPermissionExample.createCriteria().andUser_idEqualTo(user_id) - .andAffected_user_idIn(userIDs); - userPermissionDAO.deleteByExample(userPermissionExample); - } } /** @@ -409,51 +399,42 @@ public class UserDirectory implements Directory permissions) throws GuacamoleException { + // If no permissions given, stop now if(permissions.isEmpty()) return; - // Get adminsterable connection identifiers - Set administerableConnections = - permissionCheckService.getAdministerableConnectionIDs(this.user_id); + // Get list of administerable connection IDs + List administerableConnectionIDs = + permissionCheckService.retrieveUserIDs(this.user_id, + MySQLConstants.CONNECTION_ADMINISTER); - // Build list of affected connection names from the permissions given - List connectionNames = new ArrayList(); - for (ConnectionPermission permission : permissions) - connectionNames.add(permission.getObjectIdentifier()); + // Get set of names corresponding to administerable connections + Map administerableConnections = + userService.translateUsernames(administerableConnectionIDs); - // Find all the connections by connection name - List connections = connectionService.retrieveConnectionsByName(connectionNames); - - // Build map of found connections, indexed by name - Map connectionMap = new HashMap(); - for (MySQLConnection connection : connections) - connectionMap.put(connection.getIdentifier(), connection); - - // Finally, insert the new permissions + // Insert all given permissions for (ConnectionPermission permission : permissions) { - // Get permission - MySQLConnection connection = connectionMap.get(permission.getObjectIdentifier()); - if (connection == null) - throw new GuacamoleException( - "Connection '" + permission.getObjectIdentifier() - + "' not found."); + // Get original ID + Integer connection_id = + administerableConnections.get(permission.getObjectIdentifier()); // Throw exception if permission to administer this connection // is not granted - if (!administerableConnections.contains(connection.getConnectionID())) + if (connection_id == null) throw new GuacamoleSecurityException( "User #" + this.user_id + " does not have permission to administrate connection " - + connection.getIdentifier()); + + permission.getObjectIdentifier()); - // Insert previously-non-existent connection permission + // Create new permission ConnectionPermissionKey newPermission = new ConnectionPermissionKey(); - newPermission.setConnection_id(connection.getConnectionID()); - newPermission.setPermission(permission.getType().name()); newPermission.setUser_id(user_id); + newPermission.setPermission(MySQLConstants.getConnectionConstant(permission.getType())); + newPermission.setConnection_id(connection_id); connectionPermissionDAO.insert(newPermission); + } } @@ -470,54 +451,43 @@ public class UserDirectory implements Directory permissions) throws GuacamoleException { + // If no permissions given, stop now if(permissions.isEmpty()) return; - // Get set of administerable users - Set administerableConnections = - permissionCheckService.getAdministerableConnectionIDs(this.user_id); + // Get list of administerable connection IDs + List administerableConnectionIDs = + permissionCheckService.retrieveUserIDs(this.user_id, + MySQLConstants.CONNECTION_ADMINISTER); - // Get list of identifiers for all given user permissions. - List identifiers = new ArrayList(); - for (ConnectionPermission permission : permissions) - identifiers.add(permission.getObjectIdentifier()); + // Get set of names corresponding to administerable connections + Map administerableConnections = + userService.translateUsernames(administerableConnectionIDs); - // Find all the connections by identifiers - List connections = connectionService.retrieveConnectionsByName(identifiers); - List connectionIDs = new ArrayList(); - - // Build map of found connections, indexed by identifier - Map connectionMap = new HashMap(); - for (MySQLConnection connection : connections) { - connectionMap.put(connection.getIdentifier(), connection); - connectionIDs.add(connection.getConnectionID()); - } - - // Verify we have permission to delete each connection permission. + // Delete requested permissions for (ConnectionPermission permission : permissions) { - // Get user - MySQLConnection connection = connectionMap.get(permission.getObjectIdentifier()); - if (connection == null) - throw new GuacamoleException( - "User '" + permission.getObjectIdentifier() - + "' not found."); + // Get original ID + Integer connection_id = + administerableConnections.get(permission.getObjectIdentifier()); // Verify that the user actually has permission to administrate // every one of these connections - if (!administerableConnections.contains(connection.getConnectionID())) + if (connection_id == null) throw new GuacamoleSecurityException( "User #" + this.user_id + " does not have permission to administrate connection " - + connection.getIdentifier()); + + permission.getObjectIdentifier()); + + ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample(); + connectionPermissionExample.createCriteria() + .andUser_idEqualTo(user_id) + .andPermissionEqualTo(MySQLConstants.getConnectionConstant(permission.getType())) + .andConnection_idEqualTo(connection_id); + connectionPermissionDAO.deleteByExample(connectionPermissionExample); + } - if(!connectionIDs.isEmpty()) { - ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample(); - connectionPermissionExample.createCriteria().andUser_idEqualTo(user_id) - .andConnection_idIn(connectionIDs); - connectionPermissionDAO.deleteByExample(connectionPermissionExample); - } } /** @@ -538,7 +508,7 @@ public class UserDirectory implements Directory systemPermissionTypes = new ArrayList(); for (SystemPermission permission : permissions) { - switch (permission.getType()) { + switch (permission.getType()) { // TODO: Move this into MySQLConstants // Create connection permission case CREATE_CONNECTION: @@ -627,12 +597,14 @@ public class UserDirectory implements Directory retrieveConnectionsByID(List ids) { + public Map translateNames(List ids) { - // If no IDs given, just return empty list + // If no IDs given, just return empty map if (ids.isEmpty()) - return Collections.EMPTY_LIST; + return Collections.EMPTY_MAP; - // Query connections by ID + // Map of all names onto their corresponding IDs. + Map names = new HashMap(); + + // Get all connections having the given IDs ConnectionExample example = new ConnectionExample(); example.createCriteria().andConnection_idIn(ids); List connections = connectionDAO.selectByExample(example); - // Convert to MySQLConnection list - List mySQLConnections = new ArrayList(connections.size()); + // Produce set of names for (Connection connection : connections) - mySQLConnections.add(toMySQLConnection(connection)); + names.put(connection.getConnection_name(), + connection.getConnection_id()); - // Return found connections - return mySQLConnections; + return names; } /** - * Retrieves the connections having the given names from the database. + * Retrieves a map of all connection names for the given IDs. * - * @param names The names of the connections to retrieve. - * @return A list of existing MySQLConnection objects. + * @param ids The IDs of the connections to retrieve the names of. + * @return A map containing the names of all connections and their + * corresponding IDs. */ - public List retrieveConnectionsByName(List names) { + public Map retrieveNames(List ids) { - // If no names given, just return empty list - if (names.isEmpty()) - return Collections.EMPTY_LIST; + // If no IDs given, just return empty map + if (ids.isEmpty()) + return Collections.EMPTY_MAP; - // Query connections by ID + // Map of all names onto their corresponding IDs. + Map names = new HashMap(); + + // Get all connections having the given IDs ConnectionExample example = new ConnectionExample(); - example.createCriteria().andConnection_nameIn(names); + example.createCriteria().andConnection_idIn(ids); List connections = connectionDAO.selectByExample(example); - // Convert to MySQLConnection list - List mySQLConnections = new ArrayList(connections.size()); + // Produce set of names for (Connection connection : connections) - mySQLConnections.add(toMySQLConnection(connection)); + names.put(connection.getConnection_id(), + connection.getConnection_name()); - // Return found connections - return mySQLConnections; + return names; } @@ -352,21 +361,6 @@ public class ConnectionService { } - /** - * Deletes the connection having the given name from the database. - * @param name The name of the connection to delete. - */ - public void deleteConnection(String name) { - - // Get specified connection - MySQLConnection mySQLConnection = retrieveConnection(name); - int connection_id = mySQLConnection.getConnectionID(); - - // Delete the connection in the database - deleteConnection(connection_id); - - } - /** * Deletes the connection having the given ID from the database. * @param id The ID of the connection to delete. diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java index 7957a379c..c159e1599 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java @@ -35,19 +35,14 @@ * ***** END LICENSE BLOCK ***** */ package net.sourceforge.guacamole.net.auth.mysql.service; -import com.google.common.collect.Lists; import com.google.inject.Inject; import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import net.sourceforge.guacamole.GuacamoleSecurityException; -import net.sourceforge.guacamole.net.auth.mysql.MySQLConnection; import net.sourceforge.guacamole.net.auth.mysql.MySQLConstants; -import net.sourceforge.guacamole.net.auth.mysql.MySQLUser; import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper; import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper; import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper; @@ -80,744 +75,299 @@ public class PermissionCheckService { @Inject private ConnectionService connectionService; + /** + * DAO for accessing permissions related to users. + */ @Inject private UserPermissionMapper userPermissionDAO; + /** + * DAO for accessing permissions related to connections. + */ @Inject private ConnectionPermissionMapper connectionPermissionDAO; + /** + * DAO for accessing permissions related to the system as a whole. + */ @Inject private SystemPermissionMapper systemPermissionDAO; /** - * Verifies that the user has read access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUserID - * @throws GuacamoleSecurityException + * Verifies that the user has the specified access to the given other + * user. If permission is denied, a GuacamoleSecurityException is thrown. + * + * @param userID The ID of the user to check. + * @param affectedUserID The user that would be affected by the operation + * if permission is granted. + * @param permissionType The type of permission to check for. + * @throws GuacamoleSecurityException If the specified permission is not + * granted. */ - public void verifyUserReadAccess(int userID, int affectedUserID) throws GuacamoleSecurityException { - if(!checkUserReadAccess(userID, affectedUserID)) - throw new GuacamoleSecurityException("User " + userID + " does not have read access to user " + affectedUserID); + public void verifyUserAccess(int userID, int affectedUserID, + String permissionType) throws GuacamoleSecurityException { + + // If permission does not exist, throw exception + if(!checkUserAccess(userID, affectedUserID, permissionType)) + throw new GuacamoleSecurityException("Permission denied."); + } /** - * Verifies that the user has update access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUserID - * @throws GuacamoleSecurityException + * Verifies that the user has the specified access to the given connection. + * If permission is denied, a GuacamoleSecurityException is thrown. + * + * @param userID The ID of the user to check. + * @param affectedConnectionID The connection that would be affected by the + * operation if permission is granted. + * @param permissionType The type of permission to check for. + * @throws GuacamoleSecurityException If the specified permission is not + * granted. */ - public void verifyUserUpdateAccess(int userID, int affectedUserID) throws GuacamoleSecurityException { - if(!checkUserUpdateAccess(userID, affectedUserID)) - throw new GuacamoleSecurityException("User " + userID + " does not have update access to user " + affectedUserID); + public void verifyConnectionAccess(int userID, int affectedConnectionID, String permissionType) throws GuacamoleSecurityException { + + // If permission does not exist, throw exception + if(!checkConnectionAccess(userID, affectedConnectionID, permissionType)) + throw new GuacamoleSecurityException("Permission denied."); + + } + /** + * Verifies that the user has the specified access to the system. If + * permission is denied, a GuacamoleSecurityException is thrown. + * + * @param userID The ID of the user to check. + * @param systemPermissionType The type of permission to check for. + * @throws GuacamoleSecurityException If the specified permission is not + * granted. + */ + public void verifySystemAccess(int userID, String systemPermissionType) + throws GuacamoleSecurityException { + + // If permission does not exist, throw exception + if(!checkSystemAccess(userID, systemPermissionType)) + throw new GuacamoleSecurityException("Permission denied."); + } /** - * Verifies that the user has delete access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUserID - * @throws GuacamoleSecurityException + * Checks whether a user has the specified type of access to the affected + * user. + * + * @param userID The ID of the user to check. + * @param affectedUserID The user that would be affected by the operation + * if permission is granted. + * @param permissionType The type of permission to check for. + * @return true if the specified permission is granted, false otherwise. */ - public void verifyUserDeleteAccess(int userID, int affectedUserID) throws GuacamoleSecurityException { - if(!checkUserDeleteAccess(userID, affectedUserID)) - throw new GuacamoleSecurityException("User " + userID + " does not have delete access to user " + affectedUserID); - } + public boolean checkUserAccess(int userID, Integer affectedUserID, String permissionType) { - /** - * Verifies that the user has administer access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUserID - * @throws GuacamoleSecurityException - */ - public void verifyUserAdministerAccess(int userID, int affectedUserID) throws GuacamoleSecurityException { - if(!checkUserAdministerAccess(userID, affectedUserID)) - throw new GuacamoleSecurityException("User " + userID + " does not have administer access to user " + affectedUserID); - } - - /** - * Verifies that the user has read access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUsername - * @throws GuacamoleSecurityException - */ - public void verifyUserReadAccess(int userID, String affectedUsername) throws GuacamoleSecurityException { - if(!checkUserReadAccess(userID, affectedUsername)) - throw new GuacamoleSecurityException("User " + userID + " does not have read access to user '" + affectedUsername + "'"); - } - - /** - * Verifies that the user has update access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUsername - * @throws GuacamoleSecurityException - */ - public void verifyUserUpdateAccess(int userID, String affectedUsername) throws GuacamoleSecurityException { - if(!checkUserUpdateAccess(userID, affectedUsername)) - throw new GuacamoleSecurityException("User " + userID + " does not have update access to user '" + affectedUsername + "'"); - } - - /** - * Verifies that the user has delete access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUsername - * @throws GuacamoleSecurityException - */ - public void verifyUserDeleteAccess(int userID, String affectedUsername) throws GuacamoleSecurityException { - if(!checkUserDeleteAccess(userID, affectedUsername)) - throw new GuacamoleSecurityException("User " + userID + " does not have delete access to user '" + affectedUsername + "'"); - } - - /** - * Verifies that the user has administer access to the given user. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedUsername - * @throws GuacamoleSecurityException - */ - public void verifyUserAdministerAccess(int userID, String affectedUsername) throws GuacamoleSecurityException { - if(!checkUserAdministerAccess(userID, affectedUsername)) - throw new GuacamoleSecurityException("User " + userID + " does not have administer access to user '" + affectedUsername + "'"); - } - - /** - * Checks if the user has read access to the given user. - * @param userID - * @param affectedUserID - * @return true if the user has access to this user. - */ - public boolean checkUserReadAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_READ); - } - - /** - * Checks if the user has update access to the given user. - * @param userID - * @param affectedUserID - * @return true if the user has access to this user. - */ - public boolean checkUserUpdateAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_UPDATE); - } - - /** - * Checks if the user has delete access to the given user. - * @param userID - * @param affectedUserID - * @return true if the user has access to this user. - */ - public boolean checkUserDeleteAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_DELETE); - } - - /** - * Checks if the user has administer access to the given user. - * @param userID - * @param affectedUserID - * @return true if the user has access to this user. - */ - public boolean checkUserAdministerAccess(int userID, int affectedUserID) { - return checkUserAccess(userID, affectedUserID, MySQLConstants.USER_ADMINISTER); - } - - /** - * Checks if the user has read access to the given user. - * @param userID - * @param affectedUsername - * @return true if the user has access to this user. - */ - public boolean checkUserReadAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_READ); - } - - /** - * Checks if the user has update access to the given user. - * @param userID - * @param affectedUsername - * @return true if the user has access to this user. - */ - public boolean checkUserUpdateAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_UPDATE); - } - - /** - * Checks if the user has delete access to the given user. - * @param userID - * @param affectedUsername - * @return true if the user has access to this user. - */ - public boolean checkUserDeleteAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_DELETE); - } - - /** - * Checks if the user has administer access to the given user. - * @param userID - * @param affectedUsername - * @return true if the user has access to this user. - */ - public boolean checkUserAdministerAccess(int userID, String affectedUsername) { - return checkUserAccess(userID, affectedUsername, MySQLConstants.USER_ADMINISTER); - } - - /** - * Check if the user has the selected type of access to the affected user. - * @param userID - * @param affectedUsername - * @param permissionType - * @return - */ - private boolean checkUserAccess(int userID, String affectedUsername, String permissionType) { - MySQLUser affectedUser = userService.retrieveUser(affectedUsername); - if(affectedUser != null) - return checkUserAccess(userID, affectedUser.getUserID(), permissionType); - - return false; - } - - /** - * Check if the user has the selected type of access to the affected user. - * @param userID - * @param affectedUserID - * @param permissionType - * @return - */ - private boolean checkUserAccess(int userID, Integer affectedUserID, String permissionType) { + // Check existence of requested permission UserPermissionExample example = new UserPermissionExample(); example.createCriteria().andUser_idEqualTo(userID).andAffected_user_idEqualTo(affectedUserID).andPermissionEqualTo(permissionType); - int count = userPermissionDAO.countByExample(example); - return count > 0; + return userPermissionDAO.countByExample(example) > 0; + } /** - * Find the list of all user IDs a user has permission to administer. - * @param userID - * @return the list of all user IDs this user has administer access to + * Checks whether a user has the specified type of access to the affected + * connection. + * + * @param userID The ID of the user to check. + * @param affectedConnectionID The connection that would be affected by the + * operation if permission is granted. + * @param permissionType The type of permission to check for. + * @return true if the specified permission is granted, false otherwise. */ - public Set getAdministerableUserIDs(int userID) { - return getUserIDs(userID, MySQLConstants.USER_ADMINISTER); + public boolean checkConnectionAccess(int userID, Integer affectedConnectionID, String permissionType) { + + // Check existence of requested permission + ConnectionPermissionExample example = new ConnectionPermissionExample(); + example.createCriteria().andUser_idEqualTo(userID).andConnection_idEqualTo(affectedConnectionID).andPermissionEqualTo(permissionType); + return connectionPermissionDAO.countByExample(example) > 0; + } /** - * Find the list of all user IDs a user has permission to delete. - * @param userID - * @return the list of all user IDs this user has delete access to + * Checks whether a user has the specified type of access to the system. + * + * @param userID The ID of the user to check. + * @param systemPermissionType The type of permission to check for. + * @return true if the specified permission is granted, false otherwise. */ - public Set getDeletableUserIDs(int userID) { - return getUserIDs(userID, MySQLConstants.USER_DELETE); - } + private boolean checkSystemAccess(int userID, String systemPermissionType) { - /** - * Find the list of all user IDs a user has permission to write. - * @param userID - * @return the list of all user IDs this user has write access to - */ - public Set getUpdateableUserIDs(int userID) { - return getUserIDs(userID, MySQLConstants.USER_UPDATE); - } - - /** - * Find the list of all user IDs a user has permission to read. - * @param userID - * @return the list of all user IDs this user has read access to - */ - public Set getReadableUserIDs(int userID) { - return getUserIDs(userID, MySQLConstants.USER_READ); - } - - /** - * Find the list of all users a user has permission to administer. - * @param userID - * @return the list of all users this user has administer access to - */ - public Set getAdministerableUsers(int userID) { - return getUsers(userID, MySQLConstants.USER_ADMINISTER); - } - - /** - * Find the list of all users a user has permission to delete. - * @param userID - * @return the list of all users this user has delete access to - */ - public Set getDeletableUsers(int userID) { - return getUsers(userID, MySQLConstants.USER_DELETE); - } - - /** - * Find the list of all users a user has permission to write. - * @param userID - * @return the list of all users this user has write access to - */ - public Set getUpdateableUsers(int userID) { - return getUsers(userID, MySQLConstants.USER_UPDATE); - } - - /** - * Find the list of all users a user has permission to read. - * @param userID - * @return the list of all users this user read has access to - */ - public Set getReadableUsers(int userID) { - return getUsers(userID, MySQLConstants.USER_READ); - } - - /** - * Find the list of all users a user has permission to. - * The access type is defined by permissionType. - * @param userID - * @param permissionType - * @return the list of all users this user has access to - */ - @Deprecated /* FIXME: Totally useless (we only ever need usernames, and querying ALL USER DATA will take ages) */ - private Set getUsers(int userID, String permissionType) { - - // Get all IDs of all users that the given user can perform the given - // operation on - Set affectedUserIDs = getUserIDs(userID, permissionType); - - // If no affected users at all, return empty set - if (affectedUserIDs.isEmpty()) - return Collections.EMPTY_SET; - - // Query corresponding user data for each retrieved ID - return new HashSet(userService.retrieveUsersByID( - Lists.newArrayList(affectedUserIDs))); + // Check existence of requested permission + SystemPermissionExample example = new SystemPermissionExample(); + example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(systemPermissionType); + return systemPermissionDAO.countByExample(example) > 0; } /** * Find the list of the IDs of all users a user has permission to. * The access type is defined by permissionType. - * @param userID - * @param permissionType - * @return the list of all user IDs this user has access to + * + * @param userID The ID of the user to check. + * @param permissionType The type of permission to check for. + * @return A list of all user IDs this user has the specified access to. */ - private Set getUserIDs(int userID, String permissionType) { - Set userIDs = new HashSet(); + public List retrieveUserIDs(int userID, String permissionType) { + + // Query all user permissions for the given user and permission type UserPermissionExample example = new UserPermissionExample(); example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(permissionType); - List userPermissions = userPermissionDAO.selectByExample(example); + example.setDistinct(true); + List userPermissions = + userPermissionDAO.selectByExample(example); + + // Convert result into list of IDs + List userIDs = new ArrayList(userPermissions.size()); for(UserPermissionKey permission : userPermissions) userIDs.add(permission.getAffected_user_id()); return userIDs; - } - - /** - * Verifies that the user has read access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionID - * @throws GuacamoleSecurityException - */ - public void verifyConnectionReadAccess(int userID, int affectedConnectionID) throws GuacamoleSecurityException { - if(!checkConnectionReadAccess(userID, affectedConnectionID)) - throw new GuacamoleSecurityException("User " + userID + " does not have read access to connection " + affectedConnectionID); - } - - /** - * Verifies that the user has update access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionID - * @throws GuacamoleSecurityException - */ - public void verifyConnectionUpdateAccess(int userID, int affectedConnectionID) throws GuacamoleSecurityException { - if(!checkConnectionUpdateAccess(userID, affectedConnectionID)) - throw new GuacamoleSecurityException("User " + userID + " does not have update access to connection " + affectedConnectionID); - } - - /** - * Verifies that the user has delete access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionID - * @throws GuacamoleSecurityException - */ - public void verifyConnectionDeleteAccess(int userID, int affectedConnectionID) throws GuacamoleSecurityException { - if(!checkConnectionDeleteAccess(userID, affectedConnectionID)) - throw new GuacamoleSecurityException("User " + userID + " does not have delete access to connection " + affectedConnectionID); - } - - /** - * Verifies that the user has administer access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionID - * @throws GuacamoleSecurityException - */ - public void verifyConnectionAdministerAccess(int userID, int affectedConnectionID) throws GuacamoleSecurityException { - if(!checkConnectionAdministerAccess(userID, affectedConnectionID)) - throw new GuacamoleSecurityException("User " + userID + " does not have administer access to connection " + affectedConnectionID); - } - - /** - * Verifies that the user has read access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionName - * @throws GuacamoleSecurityException - */ - public void verifyConnectionReadAccess(int userID, String affectedConnectionName) throws GuacamoleSecurityException { - if(!checkConnectionReadAccess(userID, affectedConnectionName)) - throw new GuacamoleSecurityException("User " + userID + " does not have read access to connection '" + affectedConnectionName + "'"); - } - - /** - * Verifies that the user has update access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionName - * @throws GuacamoleSecurityException - */ - public void verifyConnectionUpdateAccess(int userID, String affectedConnectionName) throws GuacamoleSecurityException { - if(!checkConnectionUpdateAccess(userID, affectedConnectionName)) - throw new GuacamoleSecurityException("User " + userID + " does not have update access to connection '" + affectedConnectionName + "'"); - } - - /** - * Verifies that the user has delete access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionName - * @throws GuacamoleSecurityException - */ - public void verifyConnectionDeleteAccess(int userID, String affectedConnectionName) throws GuacamoleSecurityException { - if(!checkConnectionDeleteAccess(userID, affectedConnectionName)) - throw new GuacamoleSecurityException("User " + userID + " does not have delete access to connection '" + affectedConnectionName + "'"); - } - - /** - * Verifies that the user has administer access to the given connection. If not, throws a GuacamoleSecurityException. - * @param userID - * @param affectedConnectionName - * @throws GuacamoleSecurityException - */ - public void verifyConnectionAdministerAccess(int userID, String affectedConnectionName) throws GuacamoleSecurityException { - if(!checkConnectionAdministerAccess(userID, affectedConnectionName)) - throw new GuacamoleSecurityException("User " + userID + " does not have administer access to connection '" + affectedConnectionName + "'"); - } - - /** - * Checks if the user has read access to the given connection. - * @param userID - * @param affectedConnectionID - * @return true if the user has access to this connection. - */ - public boolean checkConnectionReadAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_READ); - } - - /** - * Checks if the user has update access to the given connection. - * @param userID - * @param affectedConnectionID - * @return true if the user has access to this connection. - */ - public boolean checkConnectionUpdateAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_UPDATE); - } - - /** - * Checks if the user has delete access to the given connection. - * @param userID - * @param affectedConnectionID - * @return true if the user has access to this connection. - */ - public boolean checkConnectionDeleteAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_DELETE); - } - - /** - * Checks if the user has administer access to the given connection. - * @param userID - * @param affectedConnectionID - * @return true if the user has access to this connection. - */ - public boolean checkConnectionAdministerAccess(int userID, int affectedConnectionID) { - return checkConnectionAccess(userID, affectedConnectionID, MySQLConstants.CONNECTION_ADMINISTER); - } - - /** - * Checks if the user has read access to the given connection. - * @param userID - * @param affectedConnectionName - * @return true if the user has access to this connection. - */ - public boolean checkConnectionReadAccess(int userID, String affectedConnectionName) { - return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_READ); - } - - /** - * Checks if the user has update access to the given connection. - * @param userID - * @param affectedConnectionName - * @return true if the user has access to this connection. - */ - public boolean checkConnectionUpdateAccess(int userID, String affectedConnectionName) { - return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_UPDATE); - } - - /** - * Checks if the user has delete access to the given connection. - * @param userID - * @param affectedConnectionID - * @return true if the user has access to this connection. - */ - public boolean checkConnectionDeleteAccess(int userID, String affectedConnectionname) { - return checkConnectionAccess(userID, affectedConnectionname, MySQLConstants.CONNECTION_DELETE); - } - - /** - * Checks if the user has administer access to the given connection. - * @param userID - * @param affectedConnectionName - * @return true if the user has access to this connection. - */ - public boolean checkConnectionAdministerAccess(int userID, String affectedConnectionName) { - return checkConnectionAccess(userID, affectedConnectionName, MySQLConstants.CONNECTION_ADMINISTER); - } - - /** - * Check if the user has the selected type of access to the affected connection. - * @param connectionID - * @param affectedConnectionname - * @param permissionType - * @return - */ - private boolean checkConnectionAccess(int userID, String affectedConnectionName, String permissionType) { - MySQLConnection connection = connectionService.retrieveConnection(affectedConnectionName); - if(connection != null) - return checkConnectionAccess(userID, connection.getConnectionID(), permissionType); - - return false; - } - - /** - * Check if the user has the selected type of access to the affected connection. - * @param connectionID - * @param affectedConnectionID - * @param permissionType - * @return - */ - private boolean checkConnectionAccess(int userID, Integer affectedConnectionID, String permissionType) { - ConnectionPermissionExample example = new ConnectionPermissionExample(); - example.createCriteria().andUser_idEqualTo(userID).andConnection_idEqualTo(affectedConnectionID).andPermissionEqualTo(permissionType); - int count = connectionPermissionDAO.countByExample(example); - return count > 0; - } - - /** - * Find the list of all connection IDs a user has permission to administer. - * @param userID - * @return the list of all connection IDs this user has administer access to - */ - public Set getAdministerableConnectionIDs(int userID) { - return getConnectionIDs(userID, MySQLConstants.CONNECTION_ADMINISTER); - } - - /** - * Find the list of all connection IDs a user has permission to delete. - * @param userID - * @return the list of all connection IDs this user has delete access to - */ - public Set getDeletableConnectionIDs(int userID) { - return getConnectionIDs(userID, MySQLConstants.CONNECTION_DELETE); - } - - /** - * Find the list of all connection IDs a user has permission to write. - * @param userID - * @return the list of all connection IDs this user has write access to - */ - public Set getUpdateableConnectionIDs(int userID) { - return getConnectionIDs(userID, MySQLConstants.CONNECTION_UPDATE); - } - - /** - * Find the list of all connection IDs a user has permission to read. - * @param userID - * @return the list of all connection IDs this user has ready access to - */ - public Set getReadableConnectionIDs(int userID) { - return getConnectionIDs(userID, MySQLConstants.CONNECTION_READ); - } - - /** - * Find the list of all connections a user has permission to administer. - * @param userID - * @return the list of all connections this user has administer access to - */ - public Set getAdministerableConnections(int userID) { - return getConnections(userID, MySQLConstants.CONNECTION_ADMINISTER); - } - - /** - * Find the list of all connections a user has permission to delete. - * @param userID - * @return the list of all connections this user has delete access to - */ - public Set getDeletableConnections(int userID) { - return getConnections(userID, MySQLConstants.CONNECTION_DELETE); - } - - /** - * Find the list of all connections a user has permission to write. - * @param userID - * @return the list of all connections this user has write access to - */ - public Set getUpdateableConnections(int userID) { - return getConnections(userID, MySQLConstants.CONNECTION_UPDATE); - } - - /** - * Find the list of all connections a user has permission to read. - * @param userID - * @return the list of all connections this user has read access to - */ - public Set getReadableConnections(int userID) { - return getConnections(userID, MySQLConstants.CONNECTION_READ); - } - - /** - * Find the list of all connections a user has permission to. - * The access type is defined by permissionType. - * @param connectionID - * @param permissionType - * @return the list of all connections this user has access to - */ - @Deprecated /* FIXME: Totally useless (we only ever need identifiers, and querying ALL CONNECTION DATA will take ages) */ - private Set getConnections(int userID, String permissionType) { - - Set affectedConnectionIDs = getConnectionIDs(userID, permissionType); - return new HashSet( - connectionService.retrieveConnectionsByID(Lists.newArrayList(affectedConnectionIDs))); } /** * Find the list of the IDs of all connections a user has permission to. * The access type is defined by permissionType. - * @param connectionID - * @param permissionType - * @return the list of all connection IDs this user has access to + * + * @param userID The ID of the user to check. + * @param permissionType The type of permission to check for. + * @return A list of all connection IDs this user has the specified access + * to. */ - private Set getConnectionIDs(int userID, String permissionType) { - Set connectionIDs = new HashSet(); + public List retrieveConnectionIDs(int userID, + String permissionType) { + + // Query all connection permissions for the given user and permission type ConnectionPermissionExample example = new ConnectionPermissionExample(); example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(permissionType); - List connectionPermissions = connectionPermissionDAO.selectByExample(example); + example.setDistinct(true); + List connectionPermissions = + connectionPermissionDAO.selectByExample(example); + + // Convert result into list of IDs + List connectionIDs = new ArrayList(connectionPermissions.size()); for(ConnectionPermissionKey permission : connectionPermissions) connectionIDs.add(permission.getConnection_id()); return connectionIDs; - } - public void verifyCreateUserPermission(int userID) throws GuacamoleSecurityException { - if(!checkCreateUserPermission(userID)) - throw new GuacamoleSecurityException("User " + userID + " does not have permission to create users."); - } - - public void verifyCreateConnectionPermission(int userID) throws GuacamoleSecurityException { - if(!checkCreateConnectionPermission(userID)) - throw new GuacamoleSecurityException("User " + userID + " does not have permission to create connections."); } /** - * Check if the user has the permission to create users. - * @param userID - * @return + * Retrieves all user permissions granted to the user having the given ID. + * + * @param userID The ID of the user to retrieve permissions of. + * @return A set of all user permissions granted to the user having the + * given ID. */ - public boolean checkCreateUserPermission(int userID) { - return checkSystemPermission(userID, MySQLConstants.SYSTEM_USER_CREATE); - } + public Set retrieveUserPermissions(int userID) { - /** - * Check if the user has the permission to create connections. - * @param userID - * @return - */ - public boolean checkCreateConnectionPermission(int userID) { - return checkSystemPermission(userID, MySQLConstants.SYSTEM_CONNECTION_CREATE); - } + // Set of all permissions + Set permissions = new HashSet(); - /** - * Check if the user has the selected system permission. - * @param userID - * @param systemPermissionType - * @return - */ - private boolean checkSystemPermission(int userID, String systemPermissionType) { - SystemPermissionExample example = new SystemPermissionExample(); - example.createCriteria().andUser_idEqualTo(userID).andPermissionEqualTo(systemPermissionType); - int count = systemPermissionDAO.countByExample(example); - return count > 0; - } - - /** - * Get all permissions a given user has. - * @param userID - * @return all permissions a user has. - */ - public Set getAllPermissions(int userID) { - Set allPermissions = new HashSet(); - - // First, user permissions + // Query all user permissions UserPermissionExample userPermissionExample = new UserPermissionExample(); userPermissionExample.createCriteria().andUser_idEqualTo(userID); List userPermissions = userPermissionDAO.selectByExample(userPermissionExample); - // If user permissions present, add permissions - if (!userPermissions.isEmpty()) { + // Get list of affected user IDs + List affectedUserIDs = new ArrayList(); + for(UserPermissionKey userPermission : userPermissions) + affectedUserIDs.add(userPermission.getAffected_user_id()); - // Get list of affected user IDs - List affectedUserIDs = new ArrayList(); - for(UserPermissionKey userPermission : userPermissions) - affectedUserIDs.add(userPermission.getAffected_user_id()); + // Get corresponding usernames + Map affectedUsers = + userService.retrieveUsernames(affectedUserIDs); - // Query all affected users, store in map indexed by user ID - List users = userService.retrieveUsersByID(affectedUserIDs); - Map userMap = new HashMap(); - for (MySQLUser user : users) - userMap.put(user.getUserID(), user); + // Add user permissions + for(UserPermissionKey userPermission : userPermissions) { - // Add user permissions - for(UserPermissionKey userPermission : userPermissions) { - MySQLUser affectedUser = userMap.get(userPermission.getAffected_user_id()); - UserPermission newPermission = new UserPermission( - UserPermission.Type.valueOf(userPermission.getPermission()), - affectedUser.getUsername() - ); - allPermissions.add(newPermission); - } + // Construct permission from data + UserPermission permission = new UserPermission( + UserPermission.Type.valueOf(userPermission.getPermission()), + affectedUsers.get(userPermission.getUser_id()) + ); + + // Add to set + permissions.add(permission); } - // Secondly, connection permissions + return permissions; + + } + + /** + * Retrieves all connection permissions granted to the user having the + * given ID. + * + * @param userID The ID of the user to retrieve permissions of. + * @return A set of all user permissions granted to the user having the + * given ID. + */ + public Set retrieveConnectionPermissions(int userID) { + + // Set of all permissions + Set permissions = new HashSet(); + + // Query all connection permissions ConnectionPermissionExample connectionPermissionExample = new ConnectionPermissionExample(); connectionPermissionExample.createCriteria().andUser_idEqualTo(userID); List connectionPermissions = connectionPermissionDAO.selectByExample(connectionPermissionExample); - // If connection permissions present, add permissions - if (!connectionPermissions.isEmpty()) { + // Get list of affected connection IDs + List connectionIDs = new ArrayList(); + for(ConnectionPermissionKey connectionPermission : connectionPermissions) + connectionIDs.add(connectionPermission.getConnection_id()); - // Get list of affected connection IDs - List affectedConnectionIDs = new ArrayList(); - for(ConnectionPermissionKey connectionPermission : connectionPermissions) - affectedConnectionIDs.add(connectionPermission.getConnection_id()); + // Get corresponding names + Map affectedUsers = + connectionService.retrieveNames(connectionIDs); - // Query connections, store in map indexed by connection ID - List connections = - connectionService.retrieveConnectionsByID(affectedConnectionIDs); - Map connectionMap = new HashMap(); - for(MySQLConnection connection : connections) - connectionMap.put(connection.getConnectionID(), connection); + // Add connection permissions + for(ConnectionPermissionKey connectionPermission : connectionPermissions) { - // Add connection permissions - for(ConnectionPermissionKey connectionPermission : connectionPermissions) { - MySQLConnection affectedConnection = - connectionMap.get(connectionPermission.getConnection_id()); - ConnectionPermission newPermission = new ConnectionPermission( - ConnectionPermission.Type.valueOf(connectionPermission.getPermission()), - affectedConnection.getIdentifier() - ); - allPermissions.add(newPermission); - } + // Construct permission from data + ConnectionPermission permission = new ConnectionPermission( + ConnectionPermission.Type.valueOf(connectionPermission.getPermission()), + affectedUsers.get(connectionPermission.getUser_id()) + ); + + // Add to set + permissions.add(permission); } + return permissions; + + } + + /** + * Retrieves all permissions granted to the user having the given ID. + * + * @param userID The ID of the user to retrieve permissions of. + * @return A set of all permissions granted to the user having the given + * ID. + */ + public Set retrieveAllPermissions(int userID) { + + // Set which will contain all permissions + Set allPermissions = new HashSet(); + + // Add user permissions + allPermissions.addAll(retrieveUserPermissions(userID)); + + // Add connection permissions + allPermissions.addAll(retrieveConnectionPermissions(userID)); + + // TODO: Move to retrieveSystemPermissions() + // And finally, system permissions SystemPermissionExample systemPermissionExample = new SystemPermissionExample(); systemPermissionExample.createCriteria().andUser_idEqualTo(userID); @@ -841,4 +391,5 @@ public class PermissionCheckService { return allPermissions; } + } diff --git a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java index 5d6f6177b..dc1e466dd 100644 --- a/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java +++ b/extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java @@ -39,9 +39,10 @@ package net.sourceforge.guacamole.net.auth.mysql.service; import com.google.inject.Inject; import com.google.inject.Provider; -import java.util.ArrayList; import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import net.sourceforge.guacamole.GuacamoleException; import net.sourceforge.guacamole.net.auth.Credentials; import net.sourceforge.guacamole.net.auth.User; @@ -143,7 +144,7 @@ public class UserService { user.getUser_id(), user.getUsername(), null, - permissionCheckService.getAllPermissions(user.getUser_id()) + permissionCheckService.retrieveAllPermissions(user.getUser_id()) ); // Return new user @@ -171,60 +172,6 @@ public class UserService { } - /** - * Retrieves the users having the given IDs from the database. - * - * @param ids The IDs of the users to retrieve. - * @return A list of existing MySQLUser objects. - */ - public List retrieveUsersByID(List ids) { - - // If no IDs given, just return empty list - if (ids.isEmpty()) - return Collections.EMPTY_LIST; - - // Query users by ID - UserExample example = new UserExample(); - example.createCriteria().andUser_idIn(ids); - List users = userDAO.selectByExampleWithBLOBs(example); - - // Convert to MySQLUser list - List mySQLUsers = new ArrayList(users.size()); - for (UserWithBLOBs user : users) - mySQLUsers.add(toMySQLUser(user)); - - // Return found users - return mySQLUsers; - - } - - /** - * Retrieves the users having the given usernames from the database. - * - * @param names The usernames of the users to retrieve. - * @return A list of existing MySQLUser objects. - */ - public List retrieveUsersByUsername(List names) { - - // If no names given, just return empty list - if (names.isEmpty()) - return Collections.EMPTY_LIST; - - // Query users by ID - UserExample example = new UserExample(); - example.createCriteria().andUsernameIn(names); - List users = userDAO.selectByExampleWithBLOBs(example); - - // Convert to MySQLUser list - List mySQLUsers = new ArrayList(users.size()); - for (UserWithBLOBs user : users) - mySQLUsers.add(toMySQLUser(user)); - - // Return found users - return mySQLUsers; - - } - /** * Retrieves the user having the given username from the database. * @@ -286,6 +233,66 @@ public class UserService { } + /** + * Retrieves a translation map of usernames to their corresponding IDs. + * + * @param ids The IDs of the users to retrieve the usernames of. + * @return A map containing the names of all users and their corresponding + * IDs. + */ + public Map translateUsernames(List ids) { + + // If no IDs given, just return empty map + if (ids.isEmpty()) + return Collections.EMPTY_MAP; + + // Map of all names onto their corresponding IDs + Map names = new HashMap(); + + // Get all users having the given IDs + UserExample example = new UserExample(); + example.createCriteria().andUser_idIn(ids); + List users = + userDAO.selectByExample(example); + + // Produce set of names + for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users) + names.put(user.getUsername(), user.getUser_id()); + + return names; + + } + + /** + * Retrieves a map of all usernames for the given IDs. + * + * @param ids The IDs of the users to retrieve the usernames of. + * @return A map containing the names of all users and their corresponding + * IDs. + */ + public Map retrieveUsernames(List ids) { + + // If no IDs given, just return empty map + if (ids.isEmpty()) + return Collections.EMPTY_MAP; + + // Map of all names onto their corresponding IDs + Map names = new HashMap(); + + // Get all users having the given IDs + UserExample example = new UserExample(); + example.createCriteria().andUser_idIn(ids); + List users = + userDAO.selectByExample(example); + + // Produce set of names + for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users) + names.put(user.getUser_id(), user.getUsername()); + + return names; + + } + /** * Creates a new user having the given username and password. * @@ -315,21 +322,13 @@ public class UserService { } /** - * Deletes the user having the given username from the database. - * @param username The username of the user to delete. + * Deletes the user having the given ID from the database. + * @param user_id The ID of the user to delete. */ - public void deleteUser(String username) { - - // Get specified user - MySQLUser mySQLUser = retrieveUser(username); - int user_id = mySQLUser.getUserID(); - - // Delete the user in the database + public void deleteUser(int user_id) { userDAO.deleteByPrimaryKey(user_id); - } - /** * Updates the user in the database corresponding to the given MySQLUser. *