GUAC-586: Add multi-source retrieval of permissions to permissionService. Use multiple sources to determine user pages.

2025-09-06 13:17:41 +00:00 · 2015-08-28 14:49:44 -07:00
parent d6139bb02e
commit f55f388667
2 changed files with 129 additions and 46 deletions
--- a/guacamole/src/main/webapp/app/navigation/services/userPageService.js
+++ b/guacamole/src/main/webapp/app/navigation/services/userPageService.js
@@ -140,64 +140,79 @@ angular.module('navigation').factory('userPageService', ['$injector',
     * Returns all settings pages that the current user can visit. This can
     * include any of the various manage pages.
     * 
-     * @param {PermissionSet} permissions
-     *     The permissions for the current user.
+     * @param {Object.<String, PermissionSet>} permissionSets
+     *     A map of all permissions granted to the current user, where each
+     *     key is the identifier of the corresponding data source.
     * 
     * @returns {Page[]} 
     *     An array of all settings pages that the current user can visit.
     */
-    var generateSettingsPages = function generateSettingsPages(permissions) {
+    var generateSettingsPages = function generateSettingsPages(permissionSets) {
        
        var pages = [];
        
-        permissions = angular.copy(permissions);
+        var canManageUsers = false;
+        var canManageConnections = false;
+        var canManageSessions = false;

-        // Ignore permission to update root group
-        PermissionSet.removeConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, ConnectionGroup.ROOT_IDENTIFIER);
+        // Inspect the contents of each provided permission set
+        angular.forEach(permissionSets, function inspectPermissions(permissions) {

-        // Ignore permission to update self
-        PermissionSet.removeUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, authenticationService.getCurrentUsername());
+            permissions = angular.copy(permissions);

-        // Determine whether the current user needs access to the user management UI
-        var canManageUsers =
+            // Ignore permission to update root group
+            PermissionSet.removeConnectionGroupPermission(permissions,
+                PermissionSet.ObjectPermissionType.UPDATE,
+                ConnectionGroup.ROOT_IDENTIFIER);

-                // System permissions
-                   PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
-                || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER)
+            // Ignore permission to update self
+            PermissionSet.removeUserPermission(permissions,
+                PermissionSet.ObjectPermissionType.UPDATE,
+                authenticationService.getCurrentUsername());

-                // Permission to update users
-                || PermissionSet.hasUserPermission(permissions,            PermissionSet.ObjectPermissionType.UPDATE)
+            // Determine whether the current user needs access to the user management UI
+            canManageUsers = canManageUsers ||

-                // Permission to delete users
-                || PermissionSet.hasUserPermission(permissions,            PermissionSet.ObjectPermissionType.DELETE)
+                    // System permissions
+                       PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+                    || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER)

-                // Permission to administer users
-                || PermissionSet.hasUserPermission(permissions,            PermissionSet.ObjectPermissionType.ADMINISTER);
+                    // Permission to update users
+                    || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)

-        // Determine whether the current user needs access to the connection management UI
-        var canManageConnections =
+                    // Permission to delete users
+                    || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)

-                // System permissions
-                   PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
-                || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION)
-                || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION_GROUP)
+                    // Permission to administer users
+                    || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER);

-                // Permission to update connections or connection groups
-                || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.UPDATE)
-                || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)
+            // Determine whether the current user needs access to the connection management UI
+            canManageConnections = canManageConnections ||

-                // Permission to delete connections or connection groups
-                || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.DELETE)
-                || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)
+                    // System permissions
+                       PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
+                    || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION)
+                    || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION_GROUP)

-                // Permission to administer connections or connection groups
-                || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.ADMINISTER)
-                || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER);
+                    // Permission to update connections or connection groups
+                    || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.UPDATE)
+                    || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)

-        var canManageSessions = 
+                    // Permission to delete connections or connection groups
+                    || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.DELETE)
+                    || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)

-                // A user must be a system administrator to manage sessions
-                PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER);
+                    // Permission to administer connections or connection groups
+                    || PermissionSet.hasConnectionPermission(permissions,      PermissionSet.ObjectPermissionType.ADMINISTER)
+                    || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER);
+
+            // Determine whether the current user needs access to the session management UI
+            canManageSessions = canManageSessions ||
+
+                    // A user must be a system administrator to manage sessions
+                    PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER);
+
+        });

        // If user can manage sessions, add link to sessions management page
        if (canManageSessions) {
@@ -245,10 +260,14 @@ angular.module('navigation').factory('userPageService', ['$injector',

        var deferred = $q.defer();

-        // Retrieve current permissions, resolving main pages if possible
+        // Retrieve current permissions
+        permissionService.getAllPermissions(
+            authenticationService.getAvailableDataSources(),
+            authenticationService.getCurrentUsername() 
+        )
+
        // Resolve promise using settings pages derived from permissions
-        permissionService.getPermissions(authenticationService.getCurrentUsername())
-        .success(function permissionsRetrieved(permissions) {
+        .then(function permissionsRetrieved(permissions) {
            deferred.resolve(generateSettingsPages(permissions));
        });
        
@@ -264,8 +283,9 @@ angular.module('navigation').factory('userPageService', ['$injector',
     * @param {ConnectionGroup} rootGroup
     *     The root of the connection group tree for the current user.
     *     
-     * @param {PermissionSet} permissions
-     *     The permissions for the current user.
+     * @param {Object.<String, PermissionSet>} permissions
+     *     A map of all permissions granted to the current user, where each
+     *     key is the identifier of the corresponding data source.
     * 
     * @returns {Page[]} 
     *     An array of all main pages that the current user can visit.
@@ -327,9 +347,14 @@ angular.module('navigation').factory('userPageService', ['$injector',
            resolveMainPages();
        });

-        // Retrieve current permissions, resolving main pages if possible
-        permissionService.getPermissions(authenticationService.getCurrentUsername())
-        .success(function permissionsRetrieved(retrievedPermissions) {
+        // Retrieve current permissions
+        permissionService.getAllPermissions(
+            authenticationService.getAvailableDataSources(),
+            authenticationService.getCurrentUsername()
+        )
+
+        // Resolving main pages if possible
+        .then(function permissionsRetrieved(retrievedPermissions) {
            permissions = retrievedPermissions;
            resolveMainPages();
        });
--- a/guacamole/src/main/webapp/app/rest/services/permissionService.js
+++ b/guacamole/src/main/webapp/app/rest/services/permissionService.js
@@ -28,6 +28,7 @@ angular.module('rest').factory('permissionService', ['$injector',

    // Required services
    var $http                 = $injector.get('$http');
+    var $q                    = $injector.get('$q');
    var authenticationService = $injector.get('authenticationService');
    var cacheService          = $injector.get('cacheService');
    
@@ -69,7 +70,64 @@ angular.module('rest').factory('permissionService', ['$injector',
        });

    };
-    
+
+    /**
+     * Returns a promise which resolves with all permissions available to the
+     * given user, as a map of all PermissionSet objects by the identifier of
+     * their corresponding data source. All given data sources are queried. If
+     * an error occurs while retrieving any PermissionSet, the promise will be
+     * rejected.
+     *
+     * @param {String[]} dataSources
+     *     The unique identifier of the data sources containing the user whose
+     *     permissions should be retrieved. These identifiers corresponds to
+     *     AuthenticationProviders within the Guacamole web application.
+     *
+     * @param {String} username
+     *     The username of the user to retrieve the permissions for.
+     *
+     * @returns {Promise.<Object.<String, PermissionSet>>}
+     *     A promise which resolves with all permissions available to the
+     *     current user, as a map of app PermissionSet objects by the
+     *     identifier of their corresponding data source.
+     */
+    service.getAllPermissions = function getAllPermissions(dataSources, username) {
+
+        var deferred = $q.defer();
+
+        var permissionSetRequests = [];
+        var permissionSets = {};
+
+        // Retrieve all permissions from all data sources
+        angular.forEach(dataSources, function retrievePermissions(dataSource) {
+            permissionSetRequests.push(
+                service.getPermissions(dataSource, username)
+                .success(function permissionsRetrieved(permissions) {
+                    permissionSets[dataSource] = permissions;
+                })
+            );
+        });
+
+        // Resolve when all requests are completed
+        $q.all(permissionSetRequests)
+        .then(
+
+            // All requests completed successfully
+            function allPermissionsRetrieved() {
+                deferred.resolve(permissionSets);
+            },
+
+            // At least one request failed
+            function permissionRetrievalFailed(e) {
+                deferred.reject(e);
+            }
+
+        );
+
+        return deferred.promise;
+
+    };
+
    /**
     * Makes a request to the REST API to add permissions for a given user,
     * returning a promise that can be used for processing the results of the