safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-801 Created password update dialog on home screen, grant self READ and UPDATE permission to users upon creation, and added sql update script to grant self READ and UPDATE permissions for users in pre-existing databases.

Browse Source
This commit is contained in:
James Muehlner
2015-03-04 23:18:16 -08:00
parent e35a26ce6a
commit f513fa6e2e
9 changed files with 318 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/base/DirectoryObjectService.java
View File

@@ -338,6 +338,47 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
}
/**
* Returns a collection of permissions that should be granted due to the
* creation of the given object. These permissions need not be granted
* solely to the user creating the object.
*
* @param user
* The user creating the object.
*
* @param model
* The object being created.
*
* @return
* The collection of implicit permissions that should be granted due to
* the creation of the given object.
*/
protected Collection<ObjectPermissionModel> getImplicitPermissions(AuthenticatedUser user,
ModelType model) {
// Build list of implicit permissions
Collection<ObjectPermissionModel> implicitPermissions =
new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
UserModel userModel = user.getUser().getModel();
for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
// Create model which grants this permission to the current user
ObjectPermissionModel permissionModel = new ObjectPermissionModel();
permissionModel.setUserID(userModel.getObjectID());
permissionModel.setUsername(userModel.getIdentifier());
permissionModel.setType(permission);
permissionModel.setObjectIdentifier(model.getIdentifier());
// Add permission
implicitPermissions.add(permissionModel);
}
return implicitPermissions;
}
/**
* Creates the given object within the database. If the object already
* exists, an error will be thrown. The internal model object will be
@@ -369,27 +410,8 @@ public abstract class DirectoryObjectService<InternalType extends DirectoryObjec
// Create object
getObjectMapper().insert(model);
// Build list of implicit permissions
Collection<ObjectPermissionModel> implicitPermissions =
new ArrayList<ObjectPermissionModel>(IMPLICIT_OBJECT_PERMISSIONS.length);
UserModel userModel = user.getUser().getModel();
for (ObjectPermission.Type permission : IMPLICIT_OBJECT_PERMISSIONS) {
// Create model which grants this permission to the current user
ObjectPermissionModel permissionModel = new ObjectPermissionModel();
permissionModel.setUserID(userModel.getObjectID());
permissionModel.setUsername(userModel.getIdentifier());
permissionModel.setType(permission);
permissionModel.setObjectIdentifier(model.getIdentifier());
// Add permission
implicitPermissions.add(permissionModel);
}
// Add implicit permissions
getPermissionMapper().insert(implicitPermissions);
getPermissionMapper().insert(getImplicitPermissions(user, model));
return getObjectInstance(user, model);
}

38
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/glyptodon/guacamole/auth/jdbc/user/UserService.java
View File

@@ -33,9 +33,11 @@ import org.glyptodon.guacamole.auth.jdbc.base.DirectoryObjectService;
import org.glyptodon.guacamole.GuacamoleClientException;
import org.glyptodon.guacamole.GuacamoleException;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.permission.ObjectPermissionModel;
import org.glyptodon.guacamole.auth.jdbc.permission.UserPermissionMapper;
import org.glyptodon.guacamole.auth.jdbc.security.PasswordEncryptionService;
import org.glyptodon.guacamole.net.auth.User;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermission;
import org.glyptodon.guacamole.net.auth.permission.ObjectPermissionSet;
import org.glyptodon.guacamole.net.auth.permission.SystemPermission;
import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
@@ -47,7 +49,16 @@ import org.glyptodon.guacamole.net.auth.permission.SystemPermissionSet;
* @author Michael Jumper, James Muehlner
*/
public class UserService extends DirectoryObjectService<ModeledUser, User, UserModel> {
/**
* All user permissions which are implicitly granted to the new user upon
* creation.
*/
private static final ObjectPermission.Type[] IMPLICIT_USER_PERMISSIONS = {
ObjectPermission.Type.READ,
ObjectPermission.Type.UPDATE
};
/**
* Mapper for accessing users.
*/
@@ -160,6 +171,31 @@ public class UserService extends DirectoryObjectService<ModeledUser, User, UserM
}
@Override
protected Collection<ObjectPermissionModel>
getImplicitPermissions(AuthenticatedUser user, UserModel model) {
// Get original set of implicit permissions
Collection<ObjectPermissionModel> implicitPermissions = super.getImplicitPermissions(user, model);
// Grant implicit permissions to the new user
for (ObjectPermission.Type permissionType : IMPLICIT_USER_PERMISSIONS) {
ObjectPermissionModel permissionModel = new ObjectPermissionModel();
permissionModel.setUserID(model.getObjectID());
permissionModel.setUsername(model.getIdentifier());
permissionModel.setType(permissionType);
permissionModel.setObjectIdentifier(model.getIdentifier());
// Add new permission to implicit permission set
implicitPermissions.add(permissionModel);
}
return implicitPermissions;
}
/**
* Retrieves the user corresponding to the given credentials from the
* database.