safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-81: Enforce parent/child permissions between SharingProfile and Connection.

Browse Source
This commit is contained in:
Michael Jumper
2016-08-20 18:23:34 -07:00
parent 26d9dd8593
commit f32dbac458
6 changed files with 33 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/ModeledSharingProfile.java
View File

@@ -23,7 +23,7 @@ import com.google.inject.Inject;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObject; import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObject;
import org.apache.guacamole.form.Form; import org.apache.guacamole.form.Form;
import org.apache.guacamole.net.auth.SharingProfile; import org.apache.guacamole.net.auth.SharingProfile;
@@ -34,7 +34,7 @@ import org.apache.guacamole.net.auth.SharingProfile;
* @author Michael Jumper * @author Michael Jumper
*/ */
public class ModeledSharingProfile public class ModeledSharingProfile
extends ModeledDirectoryObject<SharingProfileModel> extends ModeledChildDirectoryObject<SharingProfileModel>
implements SharingProfile { implements SharingProfile {
/** /**
@@ -72,12 +72,12 @@ public class ModeledSharingProfile
@Override @Override
public String getPrimaryConnectionIdentifier() { public String getPrimaryConnectionIdentifier() {
return getModel().getPrimaryConnectionIdentifier(); return getModel().getParentIdentifier();
} }
@Override @Override
public void setPrimaryConnectionIdentifier(String identifier) { public void setPrimaryConnectionIdentifier(String identifier) {
getModel().setPrimaryConnectionIdentifier(identifier); getModel().setParentIdentifier(identifier);
} }
@Override @Override

4
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.java
View File

@@ -35,7 +35,7 @@ public interface SharingProfileMapper
* and having the given name. If no such sharing profile exists, null is * and having the given name. If no such sharing profile exists, null is
* returned. * returned.
* *
* @param primaryConnectionIdentifier * @param parentIdentifier
* The identifier of the primary connection to search against. * The identifier of the primary connection to search against.
* *
* @param name * @param name
@@ -46,7 +46,7 @@ public interface SharingProfileMapper
* given primary connection, or null if no such sharing profile exists. * given primary connection, or null if no such sharing profile exists.
*/ */
SharingProfileModel selectOneByName( SharingProfileModel selectOneByName(
@Param("primaryConnectionIdentifier") String primaryConnectionIdentifier, @Param("parentIdentifier") String parentIdentifier,
@Param("name") String name); @Param("name") String name);
} }

34
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileModel.java
View File

@@ -19,7 +19,7 @@
package org.apache.guacamole.auth.jdbc.sharingprofile; package org.apache.guacamole.auth.jdbc.sharingprofile;
import org.apache.guacamole.auth.jdbc.base.ObjectModel; import org.apache.guacamole.auth.jdbc.base.ChildObjectModel;
/** /**
* Object representation of a Guacamole sharing profile, as represented in the * Object representation of a Guacamole sharing profile, as represented in the
@@ -27,19 +27,13 @@ import org.apache.guacamole.auth.jdbc.base.ObjectModel;
* *
* @author Michael Jumper * @author Michael Jumper
*/ */
public class SharingProfileModel extends ObjectModel { public class SharingProfileModel extends ChildObjectModel {
/** /**
* The human-readable name associated with this sharing profile. * The human-readable name associated with this sharing profile.
*/ */
private String name; private String name;
/**
* The identifier of the primary connection associated with this
* sharing profile.
*/
private String primaryConnectionIdentifier;
/** /**
* Creates a new, empty sharing profile. * Creates a new, empty sharing profile.
*/ */
@@ -66,30 +60,6 @@ public class SharingProfileModel extends ObjectModel {
this.name = name; this.name = name;
} }
/**
* Returns the identifier of the primary connection associated with this
* sharing profile.
*
* @return
* The identifier of the primary connection associated with this
* sharing profile.
*/
public String getPrimaryConnectionIdentifier() {
return primaryConnectionIdentifier;
}
/**
* Sets the identifier of the primary connection associated with this
* sharing profile.
*
* @param primaryConnectionIdentifier
* The identifier of the primary connection associated with this
* sharing profile.
*/
public void setPrimaryConnectionIdentifier(String primaryConnectionIdentifier) {
this.primaryConnectionIdentifier = primaryConnectionIdentifier;
}
@Override @Override
public String getIdentifier() { public String getIdentifier() {

17
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileService.java
View File

@@ -29,7 +29,7 @@ import org.apache.guacamole.auth.jdbc.user.ModeledAuthenticatedUser;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper; import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectMapper;
import org.apache.guacamole.GuacamoleClientException; import org.apache.guacamole.GuacamoleClientException;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.auth.jdbc.base.ModeledDirectoryObjectService; import org.apache.guacamole.auth.jdbc.base.ModeledChildDirectoryObjectService;
import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper; import org.apache.guacamole.auth.jdbc.permission.SharingProfilePermissionMapper;
import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper; import org.apache.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.apache.guacamole.net.auth.SharingProfile; import org.apache.guacamole.net.auth.SharingProfile;
@@ -45,7 +45,7 @@ import org.apache.guacamole.net.auth.permission.SystemPermissionSet;
* @author Michael Jumper * @author Michael Jumper
*/ */
public class SharingProfileService public class SharingProfileService
extends ModeledDirectoryObjectService<ModeledSharingProfile, extends ModeledChildDirectoryObjectService<ModeledSharingProfile,
SharingProfile, SharingProfileModel> { SharingProfile, SharingProfileModel> {
/** /**
@@ -128,6 +128,15 @@ public class SharingProfileService
} }
@Override
protected ObjectPermissionSet getParentPermissionSet(ModeledAuthenticatedUser user)
throws GuacamoleException {
// Sharing profiles are children of connections
return user.getUser().getConnectionPermissions();
}
@Override @Override
protected void beforeCreate(ModeledAuthenticatedUser user, protected void beforeCreate(ModeledAuthenticatedUser user,
SharingProfileModel model) throws GuacamoleException { SharingProfileModel model) throws GuacamoleException {
@@ -139,7 +148,7 @@ public class SharingProfileService
throw new GuacamoleClientException("Sharing profile names must not be blank."); throw new GuacamoleClientException("Sharing profile names must not be blank.");
// Do not attempt to create duplicate sharing profiles // Do not attempt to create duplicate sharing profiles
SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getParentIdentifier(), model.getName());
if (existing != null) if (existing != null)
throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists."); throw new GuacamoleClientException("The sharing profile \"" + model.getName() + "\" already exists.");
@@ -156,7 +165,7 @@ public class SharingProfileService
throw new GuacamoleClientException("Sharing profile names must not be blank."); throw new GuacamoleClientException("Sharing profile names must not be blank.");
// Check whether such a sharing profile is already present // Check whether such a sharing profile is already present
SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getPrimaryConnectionIdentifier(), model.getName()); SharingProfileModel existing = sharingProfileMapper.selectOneByName(model.getParentIdentifier(), model.getName());
if (existing != null) { if (existing != null) {
// If the specified name matches a DIFFERENT existing sharing profile, the update cannot continue // If the specified name matches a DIFFERENT existing sharing profile, the update cannot continue

12
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -25,9 +25,9 @@
<!-- Result mapper for sharing profile objects --> <!-- Result mapper for sharing profile objects -->
<resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
<id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/>
<result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/> <result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/>
</resultMap> </resultMap>
<!-- Select all sharing profile identifiers --> <!-- Select all sharing profile identifiers -->
@@ -89,7 +89,7 @@
primary_connection_id primary_connection_id
FROM guacamole_sharing_profile FROM guacamole_sharing_profile
WHERE WHERE
primary_connection_id = #{primaryConnectionIdentifier,jdbcType=VARCHAR} primary_connection_id = #{parentIdentifier,jdbcType=VARCHAR}
AND sharing_profile_name = #{name,jdbcType=VARCHAR} AND sharing_profile_name = #{name,jdbcType=VARCHAR}
</select> </select>
@@ -110,7 +110,7 @@
) )
VALUES ( VALUES (
#{object.name,jdbcType=VARCHAR}, #{object.name,jdbcType=VARCHAR},
#{object.primaryConnectionIdentifier,jdbcType=VARCHAR} #{object.parentIdentifier,jdbcType=VARCHAR}
) )
</insert> </insert>
@@ -119,7 +119,7 @@
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
UPDATE guacamole_sharing_profile UPDATE guacamole_sharing_profile
SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, SET sharing_profile_name = #{object.name,jdbcType=VARCHAR},
primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=VARCHAR} primary_connection_id = #{object.parentIdentifier,jdbcType=VARCHAR}
WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER} WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}
</update> </update>

12
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -25,9 +25,9 @@
<!-- Result mapper for sharing profile objects --> <!-- Result mapper for sharing profile objects -->
<resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> <resultMap id="SharingProfileResultMap" type="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
<id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/> <id column="sharing_profile_id" property="objectID" jdbcType="INTEGER"/>
<result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/> <result column="sharing_profile_name" property="name" jdbcType="VARCHAR"/>
<result column="primary_connection_id" property="primaryConnectionIdentifier" jdbcType="INTEGER"/> <result column="primary_connection_id" property="parentIdentifier" jdbcType="INTEGER"/>
</resultMap> </resultMap>
<!-- Select all sharing profile identifiers --> <!-- Select all sharing profile identifiers -->
@@ -89,7 +89,7 @@
primary_connection_id primary_connection_id
FROM guacamole_sharing_profile FROM guacamole_sharing_profile
WHERE WHERE
primary_connection_id = #{primaryConnectionIdentifier,jdbcType=INTEGER}::integer primary_connection_id = #{parentIdentifier,jdbcType=INTEGER}::integer
AND sharing_profile_name = #{name,jdbcType=VARCHAR} AND sharing_profile_name = #{name,jdbcType=VARCHAR}
</select> </select>
@@ -110,7 +110,7 @@
) )
VALUES ( VALUES (
#{object.name,jdbcType=VARCHAR}, #{object.name,jdbcType=VARCHAR},
#{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer #{object.parentIdentifier,jdbcType=INTEGER}::integer
) )
</insert> </insert>
@@ -119,7 +119,7 @@
<update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel"> <update id="update" parameterType="org.apache.guacamole.auth.jdbc.sharingprofile.SharingProfileModel">
UPDATE guacamole_sharing_profile UPDATE guacamole_sharing_profile
SET sharing_profile_name = #{object.name,jdbcType=VARCHAR}, SET sharing_profile_name = #{object.name,jdbcType=VARCHAR},
primary_connection_id = #{object.primaryConnectionIdentifier,jdbcType=INTEGER}::integer primary_connection_id = #{object.parentIdentifier,jdbcType=INTEGER}::integer
WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}::integer WHERE sharing_profile_id = #{object.objectID,jdbcType=INTEGER}::integer
</update> </update>