mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-10-31 09:03:21 +00:00
Ticket #269: Fixed multiple permission validation issues + query efficiency.
This commit is contained in:
Michael Jumper
@@ -122,15 +122,8 @@ public class ConnectionDirectory implements Directory<String, Connection>{
|
||||
@Transactional
|
||||
@Override
|
||||
public Set<String> getIdentifiers() throws GuacamoleException {
|
||||
|
||||
// List of all connection IDs for which this user has read access
|
||||
List<Integer> connectionIDs =
|
||||
permissionCheckService.retrieveConnectionIDs(this.user_id,
|
||||
return permissionCheckService.retrieveConnectionNames(user_id,
|
||||
MySQLConstants.CONNECTION_READ);
|
||||
|
||||
// Query all associated connections
|
||||
return connectionService.translateNames(connectionIDs).keySet();
|
||||
|
||||
}
|
||||
|
||||
@Transactional
|
||||
|
||||
@@ -145,15 +145,8 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
|
||||
@Transactional
|
||||
@Override
|
||||
public Set<String> getIdentifiers() throws GuacamoleException {
|
||||
|
||||
// List of all user IDs for which this user has read access
|
||||
List<Integer> userIDs =
|
||||
permissionCheckService.retrieveConnectionIDs(this.user_id,
|
||||
return permissionCheckService.retrieveUsernames(user_id,
|
||||
MySQLConstants.USER_READ);
|
||||
|
||||
// Query all associated users
|
||||
return userService.translateUsernames(userIDs).keySet();
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -453,12 +446,12 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
|
||||
|
||||
// Get list of administerable connection IDs
|
||||
List<Integer> administerableConnectionIDs =
|
||||
permissionCheckService.retrieveUserIDs(this.user_id,
|
||||
permissionCheckService.retrieveConnectionIDs(this.user_id,
|
||||
MySQLConstants.CONNECTION_ADMINISTER);
|
||||
|
||||
// Get set of names corresponding to administerable connections
|
||||
Map<String, Integer> administerableConnections =
|
||||
userService.translateUsernames(administerableConnectionIDs);
|
||||
connectionService.translateNames(administerableConnectionIDs);
|
||||
|
||||
// Delete requested permissions
|
||||
for (ConnectionPermission permission : permissions) {
|
||||
|
||||
@@ -414,38 +414,43 @@ public class ConnectionService {
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all the connections defined in the system.
|
||||
* @param userID The ID of the user who is querying the connections.
|
||||
* @return A list of all connections defined in the system.
|
||||
* Get the names of all the connections defined in the system.
|
||||
*
|
||||
* @return A Set of names of all the connections defined in the system.
|
||||
*/
|
||||
public List<MySQLConnection> getAllConnections(int userID) {
|
||||
public Set<String> getAllConnectionNames() {
|
||||
|
||||
// Set of all present connection names
|
||||
Set<String> names = new HashSet<String>();
|
||||
|
||||
// Query all connection names
|
||||
List<Connection> connections =
|
||||
connectionDAO.selectByExample(new ConnectionExample());
|
||||
for (Connection connection : connections)
|
||||
names.add(connection.getConnection_name());
|
||||
|
||||
// Get all connections defined in the system.
|
||||
List<Connection> allConnections = connectionDAO.selectByExample(new ConnectionExample());
|
||||
|
||||
// Translate database records to MySQLConnections
|
||||
List<MySQLConnection> allMySQLConnections = new ArrayList<MySQLConnection>();
|
||||
|
||||
for(Connection connection : allConnections) {
|
||||
allMySQLConnections.add(toMySQLConnection(connection, userID));
|
||||
}
|
||||
|
||||
return allMySQLConnections;
|
||||
return names;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get the IDs of all the connection defined in the system.
|
||||
* @param userID The ID of the user who is querying the connections.
|
||||
* @return A list of IDs of all the connections defined in the system.
|
||||
* Get the connection IDs of all the connections defined in the system.
|
||||
*
|
||||
* @return A list of connection IDs of all the connections defined in the system.
|
||||
*/
|
||||
public List<Integer> getAllConnectionIDs(int userID) {
|
||||
public List<Integer> getAllConnectionIDs() {
|
||||
|
||||
// Set of all present connection IDs
|
||||
List<Integer> connectionIDs = new ArrayList<Integer>();
|
||||
for(MySQLConnection connection : getAllConnections(userID)) {
|
||||
connectionIDs.add(connection.getConnectionID());
|
||||
}
|
||||
|
||||
// Query all connection IDs
|
||||
List<Connection> connections =
|
||||
connectionDAO.selectByExample(new ConnectionExample());
|
||||
for (Connection connection : connections)
|
||||
connectionIDs.add(connection.getConnection_id());
|
||||
|
||||
return connectionIDs;
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -242,9 +242,8 @@ public class PermissionCheckService {
|
||||
public List<Integer> retrieveUserIDs(int userID, String permissionType) {
|
||||
|
||||
// A system administrator has access to all users.
|
||||
if(checkSystemAdministratorAccess(userID)) {
|
||||
if(checkSystemAdministratorAccess(userID))
|
||||
return userService.getAllUserIDs();
|
||||
}
|
||||
|
||||
// Query all user permissions for the given user and permission type
|
||||
UserPermissionExample example = new UserPermissionExample();
|
||||
@@ -275,9 +274,8 @@ public class PermissionCheckService {
|
||||
String permissionType) {
|
||||
|
||||
// A system administrator has access to all connections.
|
||||
if(checkSystemAdministratorAccess(userID)) {
|
||||
return connectionService.getAllConnectionIDs(userID);
|
||||
}
|
||||
if(checkSystemAdministratorAccess(userID))
|
||||
return connectionService.getAllConnectionIDs();
|
||||
|
||||
// Query all connection permissions for the given user and permission type
|
||||
ConnectionPermissionExample example = new ConnectionPermissionExample();
|
||||
@@ -295,6 +293,54 @@ public class PermissionCheckService {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve all existing usernames that the given user has permission to
|
||||
* perform the given operation upon.
|
||||
*
|
||||
* @param userID The user whose permissions should be checked.
|
||||
* @param permissionType The permission to check.
|
||||
* @return A set of all usernames for which the given user has the given
|
||||
* permission.
|
||||
*/
|
||||
public Set<String> retrieveUsernames(int userID, String permissionType) {
|
||||
|
||||
// A system administrator has access to all users.
|
||||
if(checkSystemAdministratorAccess(userID))
|
||||
return userService.getAllUsernames();
|
||||
|
||||
// List of all user IDs for which this user has read access
|
||||
List<Integer> userIDs =
|
||||
retrieveUserIDs(userID, MySQLConstants.USER_READ);
|
||||
|
||||
// Query all associated users
|
||||
return userService.translateUsernames(userIDs).keySet();
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve all existing usernames that the given user has permission to
|
||||
* perform the given operation upon.
|
||||
*
|
||||
* @param userID The user whose permissions should be checked.
|
||||
* @param permissionType The permission to check.
|
||||
* @return A set of all usernames for which the given user has the given
|
||||
* permission.
|
||||
*/
|
||||
public Set<String> retrieveConnectionNames(int userID, String permissionType) {
|
||||
|
||||
// A system administrator has access to all connections.
|
||||
if(checkSystemAdministratorAccess(userID))
|
||||
return connectionService.getAllConnectionNames();
|
||||
|
||||
// List of all connection IDs for which this connection has read access
|
||||
List<Integer> connectionIDs =
|
||||
retrieveUserIDs(userID, MySQLConstants.CONNECTION_READ);
|
||||
|
||||
// Query all associated connections
|
||||
return connectionService.translateNames(connectionIDs).keySet();
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieves all user permissions granted to the user having the given ID.
|
||||
*
|
||||
|
||||
@@ -44,16 +44,15 @@ import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import net.sourceforge.guacamole.GuacamoleException;
|
||||
import net.sourceforge.guacamole.net.auth.Credentials;
|
||||
import net.sourceforge.guacamole.net.auth.User;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.User;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.UserExample;
|
||||
import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
|
||||
|
||||
@@ -71,24 +70,6 @@ public class UserService {
|
||||
@Inject
|
||||
private UserMapper userDAO;
|
||||
|
||||
/**
|
||||
* DAO for accessing user permissions, which will be injected.
|
||||
*/
|
||||
@Inject
|
||||
private UserPermissionMapper userPermissionDAO;
|
||||
|
||||
/**
|
||||
* DAO for accessing connection permissions, which will be injected.
|
||||
*/
|
||||
@Inject
|
||||
private ConnectionPermissionMapper connectionPermissionDAO;
|
||||
|
||||
/**
|
||||
* DAO for accessing system permissions, which will be injected.
|
||||
*/
|
||||
@Inject
|
||||
private SystemPermissionMapper systemPermissionDAO;
|
||||
|
||||
/**
|
||||
* Provider for creating users.
|
||||
*/
|
||||
@@ -124,7 +105,7 @@ public class UserService {
|
||||
* @throws GuacamoleException If an error occurs while reading the data
|
||||
* of the provided User.
|
||||
*/
|
||||
public MySQLUser toMySQLUser(User user) throws GuacamoleException {
|
||||
public MySQLUser toMySQLUser(net.sourceforge.guacamole.net.auth.User user) throws GuacamoleException {
|
||||
MySQLUser mySQLUser = mySQLUserProvider.get();
|
||||
mySQLUser.init(user);
|
||||
return mySQLUser;
|
||||
@@ -255,11 +236,11 @@ public class UserService {
|
||||
// Get all users having the given IDs
|
||||
UserExample example = new UserExample();
|
||||
example.createCriteria().andUser_idIn(ids);
|
||||
List<net.sourceforge.guacamole.net.auth.mysql.model.User> users =
|
||||
List<User> users =
|
||||
userDAO.selectByExample(example);
|
||||
|
||||
// Produce set of names
|
||||
for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users)
|
||||
for (User user : users)
|
||||
names.put(user.getUsername(), user.getUser_id());
|
||||
|
||||
return names;
|
||||
@@ -285,11 +266,11 @@ public class UserService {
|
||||
// Get all users having the given IDs
|
||||
UserExample example = new UserExample();
|
||||
example.createCriteria().andUser_idIn(Lists.newArrayList(ids));
|
||||
List<net.sourceforge.guacamole.net.auth.mysql.model.User> users =
|
||||
List<User> users =
|
||||
userDAO.selectByExample(example);
|
||||
|
||||
// Produce set of names
|
||||
for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users)
|
||||
for (User user : users)
|
||||
names.put(user.getUser_id(), user.getUsername());
|
||||
|
||||
return names;
|
||||
@@ -358,36 +339,43 @@ public class UserService {
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all the users defined in the system.
|
||||
* @return A list of all users defined in the system.
|
||||
* Get the usernames of all the users defined in the system.
|
||||
*
|
||||
* @return A Set of usernames of all the users defined in the system.
|
||||
*/
|
||||
public List<MySQLUser> getAllUsers() {
|
||||
public Set<String> getAllUsernames() {
|
||||
|
||||
// Set of all present usernames
|
||||
Set<String> usernames = new HashSet<String>();
|
||||
|
||||
// Query all usernames
|
||||
List<User> users =
|
||||
userDAO.selectByExample(new UserExample());
|
||||
for (User user : users)
|
||||
usernames.add(user.getUsername());
|
||||
|
||||
// Get all users defined in the system.
|
||||
List<UserWithBLOBs> allUsers = userDAO.selectByExampleWithBLOBs(new UserExample());
|
||||
|
||||
// Translate database records to MySQLUsers
|
||||
List<MySQLUser> allMySQLUsers = new ArrayList<MySQLUser>();
|
||||
|
||||
for(UserWithBLOBs user : allUsers) {
|
||||
allMySQLUsers.add(toMySQLUser(user));
|
||||
}
|
||||
|
||||
return allMySQLUsers;
|
||||
return usernames;
|
||||
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Get the IDs of all the user defined in the system.
|
||||
* @return A list of IDs of all the users defined in the system.
|
||||
* Get the user IDs of all the users defined in the system.
|
||||
*
|
||||
* @return A list of user IDs of all the users defined in the system.
|
||||
*/
|
||||
public List<Integer> getAllUserIDs() {
|
||||
|
||||
// Set of all present user IDs
|
||||
List<Integer> userIDs = new ArrayList<Integer>();
|
||||
for(MySQLUser user : getAllUsers()) {
|
||||
userIDs.add(user.getUserID());
|
||||
}
|
||||
|
||||
// Query all user IDs
|
||||
List<User> users =
|
||||
userDAO.selectByExample(new UserExample());
|
||||
for (User user : users)
|
||||
userIDs.add(user.getUser_id());
|
||||
|
||||
return userIDs;
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user