safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 21:27:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-220: Remove effectively-redundant admin permission check.

Browse Source
This commit is contained in:
Michael Jumper
2018-09-30 23:11:20 -07:00
parent bb6e8bc1c7
commit f4ccf8ef62
1 changed files with 5 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
View File

@@ -187,20 +187,16 @@ public abstract class ModeledObjectPermissionService
if (identifiers.isEmpty()) if (identifiers.isEmpty())
return identifiers; return identifiers;
// Retrieve permissions only if allowed // If user is an admin, everything is accessible
if (canReadPermissions(user, targetEntity)) { if (user.getUser().isAdministrator())
return identifiers;
// If user is an admin, everything is accessible // Otherwise, return explicitly-retrievable identifiers only if allowed
if (user.getUser().isAdministrator()) if (canReadPermissions(user, targetEntity))
return identifiers;
// Otherwise, return explicitly-retrievable identifiers
return getPermissionMapper().selectAccessibleIdentifiers( return getPermissionMapper().selectAccessibleIdentifiers(
targetEntity.getModel(), permissions, identifiers, targetEntity.getModel(), permissions, identifiers,
effectiveGroups); effectiveGroups);
}
// User cannot read this entity's permissions // User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied."); throw new GuacamoleSecurityException("Permission denied.");