GUACAMOLE-220: Add management interface for user parent groups.

2025-09-06 05:07:41 +00:00 · 2018-08-07 12:15:46 -07:00
parent ca1db7831b
commit de80957404
3 changed files with 80 additions and 6 deletions
--- a/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
+++ b/guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
@@ -36,9 +36,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    var $q                       = $injector.get('$q');
    var authenticationService    = $injector.get('authenticationService');
    var dataSourceService        = $injector.get('dataSourceService');
+    var membershipService        = $injector.get('membershipService');
    var permissionService        = $injector.get('permissionService');
    var requestService           = $injector.get('requestService');
    var schemaService            = $injector.get('schemaService');
+    var userGroupService         = $injector.get('userGroupService');
    var userService              = $injector.get('userService');

    /**
@@ -133,6 +135,46 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
     */
    $scope.permissionsRemoved = new PermissionSet();

+    /**
+     * The identifiers of all user groups which can be manipulated (all groups
+     * for which the user accessing this interface has UPDATE permission),
+     * either through adding the current user as a member or removing the
+     * current user from that group. If this information has not yet been
+     * retrieved, this will be null.
+     *
+     * @type String[]
+     */
+    $scope.availableGroups = null;
+
+    /**
+     * The identifiers of all user groups of which the user is a member,
+     * taking into account any user groups which will be added/removed when
+     * saved. If this information has not yet been retrieved, this will be
+     * null.
+     *
+     * @type String[]
+     */
+    $scope.parentGroups = null;
+
+    /**
+     * The set of identifiers of all parent user groups to which the user will
+     * be added when saved. Parent groups will only be present in this set if
+     * they are manually added, and not later manually removed before saving.
+     *
+     * @type String[]
+     */
+    $scope.parentGroupsAdded = [];
+
+    /**
+     * The set of identifiers of all parent user groups from which the user
+     * will be removed when saved. Parent groups will only be present in this
+     * set if they are manually removed, and not later manually added before
+     * saving.
+     *
+     * @type String[]
+     */
+    $scope.parentGroupsRemoved = [];
+
    /**
     * For each applicable data source, the management-related actions that the
     * current user may perform on the user account currently being created
@@ -166,6 +208,8 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
        return $scope.users                 !== null
            && $scope.permissionFlags       !== null
            && $scope.managementPermissions !== null
+            && $scope.availableGroups       !== null
+            && $scope.parentGroups          !== null
            && $scope.attributes            !== null;

    };
@@ -204,12 +248,14 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    var loadExistingUser = function loadExistingUser(dataSource, username) {
        return $q.all({
            users : dataSourceService.apply(userService.getUser, dataSources, username),
-            permissions : permissionService.getPermissions(dataSource, username)
+            permissions : permissionService.getPermissions(dataSource, username),
+            parentGroups : membershipService.getUserGroups(dataSource, username)
        })
        .then(function userDataRetrieved(values) {

            $scope.users = values.users;
            $scope.user  = values.users[dataSource];
+            $scope.parentGroups = values.parentGroups;

            // Create skeleton user if user does not exist
            if (!$scope.user)
@@ -243,12 +289,15 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    var loadClonedUser = function loadClonedUser(dataSource, username) {
        return $q.all({
            users : dataSourceService.apply(userService.getUser, [dataSource], username),
-            permissions : permissionService.getPermissions(dataSource, username)
+            permissions : permissionService.getPermissions(dataSource, username),
+            parentGroups : membershipService.getUserGroups(dataSource, username)
        })
        .then(function userDataRetrieved(values) {

            $scope.users = {};
            $scope.user  = values.users[dataSource];
+            $scope.parentGroups = values.parentGroups;
+            $scope.parentGroupsAdded = values.parentGroups;

            // The current user will be associated with cloneSourceUsername in the
            // retrieved permission set
@@ -274,6 +323,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto

        // Use skeleton user object with no associated permissions
        $scope.user = new User();
+        $scope.parentGroups = [];
        $scope.permissionFlags = new PermissionFlagSet();

        // As no permissions are yet associated with the user, it is safe to
@@ -314,6 +364,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
    $q.all({
        userData    : loadRequestedUser(),
        permissions : dataSourceService.apply(permissionService.getEffectivePermissions, dataSources, currentUsername),
+        userGroups  : userGroupService.getUserGroups($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]),
        attributes  : schemaService.getUserAttributes($scope.dataSource)
    })
    .then(function dataReceived(values) {
@@ -326,6 +377,12 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
            // Determine whether data source contains this user
            var exists = (dataSource in $scope.users);

+            // Add the identifiers of all modifiable user groups
+            $scope.availableGroups = [];
+            angular.forEach(values.userGroups, function addUserGroupIdentifier(userGroup) {
+                $scope.availableGroups.push(userGroup.identifier);
+            });
+
            // Calculate management actions available for this specific account
            $scope.managementPermissions[dataSource] = ManagementPermissions.fromPermissionSet(
                    values.permissions[dataSource],
@@ -415,9 +472,11 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
                
            }

-            // Upon success, save any changed permissions
-            return permissionService.patchPermissions($scope.dataSource, $scope.user.username,
-                $scope.permissionsAdded, $scope.permissionsRemoved);
+            // Upon success, save any changed permissions/groups
+            return $q.all([
+                permissionService.patchPermissions($scope.dataSource, $scope.user.username, $scope.permissionsAdded, $scope.permissionsRemoved),
+                membershipService.patchUserGroups($scope.dataSource, $scope.user.username, $scope.parentGroupsAdded, $scope.parentGroupsRemoved)
+            ]);

        });

--- a/guacamole/src/main/webapp/app/manage/templates/manageUser.html
+++ b/guacamole/src/main/webapp/app/manage/templates/manageUser.html
@@ -56,6 +56,17 @@
              permissions-removed="permissionsRemoved">
        </system-permission-editor>

+        <!-- Parent group section -->
+        <identifier-set-editor
+            header="MANAGE_USER.SECTION_HEADER_USER_GROUPS"
+            empty-placeholder="MANAGE_USER.HELP_NO_USER_GROUPS"
+            unavailable-placeholder="MANAGE_USER.INFO_NO_USER_GROUPS_AVAILABLE"
+            identifiers-available="availableGroups"
+            identifiers="parentGroups"
+            identifiers-added="parentGroupsAdded"
+            identifiers-removed="parentGroupsRemoved">
+        </identifier-set-editor>
+
        <!-- Connection permissions section -->
        <connection-permission-editor ng-show="managementPermissions[dataSource].canChangePermissions"
              data-data-source="dataSource"
--- a/guacamole/src/main/webapp/translations/en.json
+++ b/guacamole/src/main/webapp/translations/en.json
@@ -301,13 +301,17 @@

        "FIELD_PLACEHOLDER_FILTER" : "@:APP.FIELD_PLACEHOLDER_FILTER",

-        "INFO_READ_ONLY" : "Sorry, but this user account cannot be edited.",
+        "HELP_NO_USER_GROUPS" : "This user does not currently belong to any groups. Expand this section to add groups.",
+
+        "INFO_READ_ONLY"                : "Sorry, but this user account cannot be edited.",
+        "INFO_NO_USER_GROUPS_AVAILABLE" : "No groups available.",

        "SECTION_HEADER_ALL_CONNECTIONS"     : "All Connections",
        "SECTION_HEADER_CONNECTIONS"         : "Connections",
        "SECTION_HEADER_CURRENT_CONNECTIONS" : "Current Connections",
        "SECTION_HEADER_EDIT_USER"           : "Edit User",
        "SECTION_HEADER_PERMISSIONS"         : "Permissions",
+        "SECTION_HEADER_USER_GROUPS"         : "Groups",

        "TEXT_CONFIRM_DELETE" : "Users cannot be restored after they have been deleted. Are you sure you want to delete this user?"