Ticket #269: Fixed multiple permission validation issues + query efficiency.

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/ConnectionDirectory.java

@@ -122,15 +122,8 @@ public class ConnectionDirectory implements Directory<String, Connection>{
     @Transactional
     @Override
     public Set<String> getIdentifiers() throws GuacamoleException {
-
-        // List of all connection IDs for which this user has read access
-        List<Integer> connectionIDs =
-                permissionCheckService.retrieveConnectionIDs(this.user_id,
+        return permissionCheckService.retrieveConnectionNames(user_id,
                 MySQLConstants.CONNECTION_READ);
-
-        // Query all associated connections
-        return connectionService.translateNames(connectionIDs).keySet();
-
     }
 
     @Transactional

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/UserDirectory.java

@@ -145,15 +145,8 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
     @Transactional
     @Override
     public Set<String> getIdentifiers() throws GuacamoleException {
-
-        // List of all user IDs for which this user has read access
-        List<Integer> userIDs =
-                permissionCheckService.retrieveConnectionIDs(this.user_id,
+        return permissionCheckService.retrieveUsernames(user_id,
                 MySQLConstants.USER_READ);
-
-        // Query all associated users
-        return userService.translateUsernames(userIDs).keySet();
-
     }
 
     @Override
@@ -453,12 +446,12 @@ public class UserDirectory implements Directory<String, net.sourceforge.guacamol
 
         // Get list of administerable connection IDs
         List<Integer> administerableConnectionIDs =
-            permissionCheckService.retrieveUserIDs(this.user_id,
+            permissionCheckService.retrieveConnectionIDs(this.user_id,
                 MySQLConstants.CONNECTION_ADMINISTER);
 
         // Get set of names corresponding to administerable connections
         Map<String, Integer> administerableConnections =
-                userService.translateUsernames(administerableConnectionIDs);
+                connectionService.translateNames(administerableConnectionIDs);
 
         // Delete requested permissions
         for (ConnectionPermission permission : permissions) {

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/ConnectionService.java

@@ -414,38 +414,43 @@ public class ConnectionService {
     }
     
     /**
-     * Get all the connections defined in the system.
-     * @param userID The ID of the user who is querying the connections.
-     * @return A list of all connections defined in the system.
+     * Get the names of all the connections defined in the system.
+     * 
+     * @return A Set of names of all the connections defined in the system.
      */
-    public List<MySQLConnection> getAllConnections(int userID) {
+    public Set<String> getAllConnectionNames() {
 
-        // Get all connections defined in the system.
-        List<Connection> allConnections = connectionDAO.selectByExample(new ConnectionExample());
+        // Set of all present connection names
+        Set<String> names = new HashSet<String>();
 
-        // Translate database records to MySQLConnections
-        List<MySQLConnection> allMySQLConnections = new ArrayList<MySQLConnection>();
+        // Query all connection names
+        List<Connection> connections =
+                connectionDAO.selectByExample(new ConnectionExample());
+        for (Connection connection : connections)
+            names.add(connection.getConnection_name());
         
-        for(Connection connection : allConnections) {
-            allMySQLConnections.add(toMySQLConnection(connection, userID));
-        }
+        return names;
 
-        return allMySQLConnections;
     }
 
     /**
-     * Get the IDs of all the connection defined in the system.
-     * @param userID The ID of the user who is querying the connections.
-     * @return A list of IDs of all the connections defined in the system.
+     * Get the connection IDs of all the connections defined in the system.
+     * 
+     * @return A list of connection IDs of all the connections defined in the system.
      */
-    public List<Integer> getAllConnectionIDs(int userID) {
+    public List<Integer> getAllConnectionIDs() {
+
+        // Set of all present connection IDs 
         List<Integer> connectionIDs = new ArrayList<Integer>();
-        for(MySQLConnection connection : getAllConnections(userID)) {
-            connectionIDs.add(connection.getConnectionID());
-        }
+
+        // Query all connection IDs
+        List<Connection> connections =
+                connectionDAO.selectByExample(new ConnectionExample());
+        for (Connection connection : connections)
+            connectionIDs.add(connection.getConnection_id());
         
         return connectionIDs;
+
     }
 
-
 }

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/PermissionCheckService.java

@@ -242,9 +242,8 @@ public class PermissionCheckService {
     public List<Integer> retrieveUserIDs(int userID, String permissionType) {
 
         // A system administrator has access to all users.
-        if(checkSystemAdministratorAccess(userID)) {
+        if(checkSystemAdministratorAccess(userID))
             return userService.getAllUserIDs();
-        }
         
         // Query all user permissions for the given user and permission type
         UserPermissionExample example = new UserPermissionExample();
@@ -275,9 +274,8 @@ public class PermissionCheckService {
             String permissionType) {
 
         // A system administrator has access to all connections.
-        if(checkSystemAdministratorAccess(userID)) {
-            return connectionService.getAllConnectionIDs(userID);
-        }
+        if(checkSystemAdministratorAccess(userID))
+            return connectionService.getAllConnectionIDs();
 
         // Query all connection permissions for the given user and permission type
         ConnectionPermissionExample example = new ConnectionPermissionExample();
@@ -295,6 +293,54 @@ public class PermissionCheckService {
 
     }
 
+    /**
+     * Retrieve all existing usernames that the given user has permission to
+     * perform the given operation upon.
+     * 
+     * @param userID The user whose permissions should be checked.
+     * @param permissionType The permission to check.
+     * @return A set of all usernames for which the given user has the given
+     *         permission.
+     */
+    public Set<String> retrieveUsernames(int userID, String permissionType) {
+
+        // A system administrator has access to all users.
+        if(checkSystemAdministratorAccess(userID))
+            return userService.getAllUsernames();
+
+        // List of all user IDs for which this user has read access
+        List<Integer> userIDs =
+                retrieveUserIDs(userID, MySQLConstants.USER_READ);
+
+        // Query all associated users
+        return userService.translateUsernames(userIDs).keySet();
+
+    }
+
+    /**
+     * Retrieve all existing usernames that the given user has permission to
+     * perform the given operation upon.
+     * 
+     * @param userID The user whose permissions should be checked.
+     * @param permissionType The permission to check.
+     * @return A set of all usernames for which the given user has the given
+     *         permission.
+     */
+    public Set<String> retrieveConnectionNames(int userID, String permissionType) {
+
+        // A system administrator has access to all connections.
+        if(checkSystemAdministratorAccess(userID))
+            return connectionService.getAllConnectionNames();
+
+        // List of all connection IDs for which this connection has read access
+        List<Integer> connectionIDs =
+                retrieveUserIDs(userID, MySQLConstants.CONNECTION_READ);
+
+        // Query all associated connections
+        return connectionService.translateNames(connectionIDs).keySet();
+
+    }
+
     /**
      * Retrieves all user permissions granted to the user having the given ID.
      *

extensions/guacamole-auth-mysql/src/main/java/net/sourceforge/guacamole/net/auth/mysql/service/UserService.java

@@ -44,16 +44,15 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
+import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Set;
 import net.sourceforge.guacamole.GuacamoleException;
 import net.sourceforge.guacamole.net.auth.Credentials;
-import net.sourceforge.guacamole.net.auth.User;
 import net.sourceforge.guacamole.net.auth.mysql.MySQLUser;
-import net.sourceforge.guacamole.net.auth.mysql.dao.ConnectionPermissionMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.SystemPermissionMapper;
 import net.sourceforge.guacamole.net.auth.mysql.dao.UserMapper;
-import net.sourceforge.guacamole.net.auth.mysql.dao.UserPermissionMapper;
+import net.sourceforge.guacamole.net.auth.mysql.model.User;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserExample;
 import net.sourceforge.guacamole.net.auth.mysql.model.UserWithBLOBs;
 
@@ -71,24 +70,6 @@ public class UserService {
     @Inject
     private UserMapper userDAO;
 
-    /**
-     * DAO for accessing user permissions, which will be injected.
-     */
-    @Inject
-    private UserPermissionMapper userPermissionDAO;
-
-    /**
-     * DAO for accessing connection permissions, which will be injected.
-     */
-    @Inject
-    private ConnectionPermissionMapper connectionPermissionDAO;
-
-    /**
-     * DAO for accessing system permissions, which will be injected.
-     */
-    @Inject
-    private SystemPermissionMapper systemPermissionDAO;
-
     /**
      * Provider for creating users.
      */
@@ -124,7 +105,7 @@ public class UserService {
      * @throws GuacamoleException If an error occurs while reading the data
      *                            of the provided User.
      */
-    public MySQLUser toMySQLUser(User user) throws GuacamoleException {
+    public MySQLUser toMySQLUser(net.sourceforge.guacamole.net.auth.User user) throws GuacamoleException {
         MySQLUser mySQLUser = mySQLUserProvider.get();
         mySQLUser.init(user);
         return mySQLUser;
@@ -255,11 +236,11 @@ public class UserService {
         // Get all users having the given IDs
         UserExample example = new UserExample();
         example.createCriteria().andUser_idIn(ids);
-        List<net.sourceforge.guacamole.net.auth.mysql.model.User> users =
+        List<User> users =
                 userDAO.selectByExample(example);
 
         // Produce set of names
-        for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users)
+        for (User user : users)
             names.put(user.getUsername(), user.getUser_id());
 
         return names;
@@ -285,11 +266,11 @@ public class UserService {
         // Get all users having the given IDs
         UserExample example = new UserExample();
         example.createCriteria().andUser_idIn(Lists.newArrayList(ids));
-        List<net.sourceforge.guacamole.net.auth.mysql.model.User> users =
+        List<User> users =
                 userDAO.selectByExample(example);
 
         // Produce set of names
-        for (net.sourceforge.guacamole.net.auth.mysql.model.User user : users)
+        for (User user : users)
             names.put(user.getUser_id(), user.getUsername());
 
         return names;
@@ -358,36 +339,43 @@ public class UserService {
     }
     
     /**
-     * Get all the users defined in the system.
-     * @return A list of all users defined in the system.
+     * Get the usernames of all the users defined in the system.
+     * 
+     * @return A Set of usernames of all the users defined in the system.
      */
-    public List<MySQLUser> getAllUsers() {
+    public Set<String> getAllUsernames() {
 
-        // Get all users defined in the system.
-        List<UserWithBLOBs> allUsers = userDAO.selectByExampleWithBLOBs(new UserExample());
+        // Set of all present usernames
+        Set<String> usernames = new HashSet<String>();
 
-        // Translate database records to MySQLUsers
-        List<MySQLUser> allMySQLUsers = new ArrayList<MySQLUser>();
+        // Query all usernames
+        List<User> users =
+                userDAO.selectByExample(new UserExample());
+        for (User user : users)
+            usernames.add(user.getUsername());
         
-        for(UserWithBLOBs user : allUsers) {
-            allMySQLUsers.add(toMySQLUser(user));
-        }
+        return usernames;
 
-        return allMySQLUsers;
     }
 
     /**
-     * Get the IDs of all the user defined in the system.
-     * @return A list of IDs of all the users defined in the system.
+     * Get the user IDs of all the users defined in the system.
+     * 
+     * @return A list of user IDs of all the users defined in the system.
      */
     public List<Integer> getAllUserIDs() {
+
+        // Set of all present user IDs 
         List<Integer> userIDs = new ArrayList<Integer>();
-        for(MySQLUser user : getAllUsers()) {
-            userIDs.add(user.getUserID());
-        }
+
+        // Query all user IDs
+        List<User> users =
+                userDAO.selectByExample(new UserExample());
+        for (User user : users)
+            userIDs.add(user.getUser_id());
         
         return userIDs;
+
     }
 
-
 }