From e71145285a3efc15081ee74b6fd4876ca0b3bb11 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Fri, 12 Aug 2016 11:04:06 -0700 Subject: [PATCH] GUACAMOLE-75: Do not insert duplicate permissions. --- .../ConnectionGroupPermissionMapper.xml | 23 +++++++++++++++---- .../permission/ConnectionPermissionMapper.xml | 23 +++++++++++++++---- .../SharingProfilePermissionMapper.xml | 23 +++++++++++++++---- .../permission/SystemPermissionMapper.xml | 19 +++++++++++---- .../jdbc/permission/UserPermissionMapper.xml | 15 ++++++++++-- 5 files changed, 82 insertions(+), 21 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml index c171b2df8..5ab114a43 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionGroupPermissionMapper.xml @@ -105,12 +105,25 @@ permission, connection_group_id ) - VALUES - - (#{permission.userID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, - #{permission.objectIdentifier,jdbcType=INTEGER}::integer) + SELECT DISTINCT + permissions.user_id, + permissions.permission, + permissions.connection_group_id + FROM + + SELECT #{permission.userID,jdbcType=INTEGER} AS user_id, + #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type AS permission, + #{permission.objectIdentifier,jdbcType=INTEGER}::integer AS connection_group_id + AS permissions + WHERE (user_id, permission, connection_group_id) NOT IN ( + SELECT + guacamole_connection_group_permission.user_id, + guacamole_connection_group_permission.permission, + guacamole_connection_group_permission.connection_group_id + FROM guacamole_connection_group_permission + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml index f08893267..eed00aa43 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/ConnectionPermissionMapper.xml @@ -105,12 +105,25 @@ permission, connection_id ) - VALUES - - (#{permission.userID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, - #{permission.objectIdentifier,jdbcType=INTEGER}::integer) + SELECT DISTINCT + permissions.user_id, + permissions.permission, + permissions.connection_id + FROM + + SELECT #{permission.userID,jdbcType=INTEGER} AS user_id, + #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type AS permission, + #{permission.objectIdentifier,jdbcType=INTEGER}::integer AS connection_id + AS permissions + WHERE (user_id, permission, connection_id) NOT IN ( + SELECT + guacamole_connection_permission.user_id, + guacamole_connection_permission.permission, + guacamole_connection_permission.connection_id + FROM guacamole_connection_permission + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml index 6f65edb03..faddcdb1a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SharingProfilePermissionMapper.xml @@ -105,12 +105,25 @@ permission, sharing_profile_id ) - VALUES - - (#{permission.userID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type, - #{permission.objectIdentifier,jdbcType=INTEGER}::integer) + SELECT DISTINCT + permissions.user_id, + permissions.permission, + permissions.sharing_profile_id + FROM + + SELECT #{permission.userID,jdbcType=INTEGER} AS user_id, + #{permission.type,jdbcType=VARCHAR}::guacamole_object_permission_type AS permission, + #{permission.objectIdentifier,jdbcType=INTEGER}::integer AS sharing_profile_id + AS permissions + WHERE (user_id, permission, sharing_profile_id) NOT IN ( + SELECT + guacamole_sharing_profile_permission.user_id, + guacamole_sharing_profile_permission.permission, + guacamole_sharing_profile_permission.sharing_profile_id + FROM guacamole_sharing_profile_permission + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml index 35010f492..96ffb2126 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/SystemPermissionMapper.xml @@ -79,11 +79,22 @@ user_id, permission ) - VALUES - - (#{permission.userID,jdbcType=INTEGER}, - #{permission.type,jdbcType=VARCHAR}::guacamole_system_permission_type) + SELECT DISTINCT + permissions.user_id, + permissions.permission + FROM + + SELECT #{permission.userID,jdbcType=INTEGER} AS user_id, + #{permission.type,jdbcType=VARCHAR}::guacamole_system_permission_type AS permission + AS permissions + WHERE (user_id, permission) NOT IN ( + SELECT + guacamole_system_permission.user_id, + guacamole_system_permission.permission + FROM guacamole_system_permission + ); diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml index 4af8966bb..0126ae570 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/permission/UserPermissionMapper.xml @@ -111,7 +111,11 @@ permission, affected_user_id ) - SELECT permissions.user_id, permissions.permission, guacamole_user.user_id FROM + SELECT DISTINCT + permissions.user_id, + permissions.permission, + guacamole_user.user_id + FROM SELECT #{permission.userID,jdbcType=INTEGER} AS user_id, @@ -119,7 +123,14 @@ #{permission.objectIdentifier,jdbcType=INTEGER} AS username AS permissions - JOIN guacamole_user ON guacamole_user.username = permissions.username; + JOIN guacamole_user ON guacamole_user.username = permissions.username + WHERE (permissions.user_id, permissions.permission, guacamole_user.user_id) NOT IN ( + SELECT + guacamole_user_permission.user_id, + guacamole_user_permission.permission, + guacamole_user_permission.affected_user_id + FROM guacamole_user_permission + );