From ea142d15ce83d18c04d931046204d265278e6bf5 Mon Sep 17 00:00:00 2001 From: Michael Jumper Date: Mon, 1 Oct 2018 11:45:25 -0700 Subject: [PATCH] GUACAMOLE-360: Add convenience function for testing user identity. --- .../ActiveConnectionPermissionService.java | 2 +- .../auth/jdbc/base/ModeledPermissions.java | 15 +++++++++++++++ .../permission/AbstractPermissionService.java | 2 +- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java index cb29c5acb..1e525710d 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionPermissionService.java @@ -97,7 +97,7 @@ public class ActiveConnectionPermissionService permissions.add(new ObjectPermission(ObjectPermission.Type.READ, identifier)); // If we're an admin, or the connection is ours, then we can DELETE - if (isAdmin || (targetEntity.isUser() && targetEntity.getIdentifier().equals(record.getUsername()))) + if (isAdmin || targetEntity.isUser(record.getUsername())) permissions.add(new ObjectPermission(ObjectPermission.Type.DELETE, identifier)); } diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java index cda6f6aa8..965062cc0 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/base/ModeledPermissions.java @@ -105,6 +105,21 @@ public abstract class ModeledPermissions return getModel().getEntityType() == EntityType.USER; } + /** + * Returns whether the underlying entity represents a specific user having + * the given username. + * + * @param username + * The username of a user. + * + * @return + * true if the underlying entity is a user that has the given username, + * false otherwise. + */ + public boolean isUser(String username) { + return isUser() && getIdentifier().equals(username); + } + /** * Returns whether the underlying entity is a user group. Entities may be * either users or user groups. diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java index 6e4ddfab3..eea570f5a 100644 --- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java +++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/AbstractPermissionService.java @@ -101,7 +101,7 @@ public abstract class AbstractPermissionService