safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-08 06:01:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-586: Add multi-source retrieval of permissions to permissionService. Use multiple sources to determine user pages.

Browse Source
This commit is contained in:
Michael Jumper
2015-08-28 14:49:44 -07:00
parent d6139bb02e
commit f55f388667
2 changed files with 129 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
guacamole/src/main/webapp/app/navigation/services/userPageService.js
View File

@@ -140,64 +140,79 @@ angular.module('navigation').factory('userPageService', ['$injector',
* Returns all settings pages that the current user can visit. This can * Returns all settings pages that the current user can visit. This can
* include any of the various manage pages. * include any of the various manage pages.
* *
* @param {PermissionSet} permissions * @param {Object.<String, PermissionSet>} permissionSets
* The permissions for the current user. * A map of all permissions granted to the current user, where each
* key is the identifier of the corresponding data source.
* *
* @returns {Page[]} * @returns {Page[]}
* An array of all settings pages that the current user can visit. * An array of all settings pages that the current user can visit.
*/ */
var generateSettingsPages = function generateSettingsPages(permissions) { var generateSettingsPages = function generateSettingsPages(permissionSets) {
var pages = []; var pages = [];
permissions = angular.copy(permissions); var canManageUsers = false;
var canManageConnections = false;
var canManageSessions = false;
// Ignore permission to update root group // Inspect the contents of each provided permission set
PermissionSet.removeConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, ConnectionGroup.ROOT_IDENTIFIER); angular.forEach(permissionSets, function inspectPermissions(permissions) {
// Ignore permission to update self permissions = angular.copy(permissions);
PermissionSet.removeUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, authenticationService.getCurrentUsername());
// Determine whether the current user needs access to the user management UI // Ignore permission to update root group
var canManageUsers = PermissionSet.removeConnectionGroupPermission(permissions,
PermissionSet.ObjectPermissionType.UPDATE,
ConnectionGroup.ROOT_IDENTIFIER);
// System permissions // Ignore permission to update self
PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) PermissionSet.removeUserPermission(permissions,
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER) PermissionSet.ObjectPermissionType.UPDATE,
authenticationService.getCurrentUsername());
// Permission to update users // Determine whether the current user needs access to the user management UI
|| PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE) canManageUsers = canManageUsers ||
// Permission to delete users // System permissions
|| PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE) PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_USER)
// Permission to administer users // Permission to update users
|| PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER); || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)
// Determine whether the current user needs access to the connection management UI // Permission to delete users
var canManageConnections = || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)
// System permissions // Permission to administer users
PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER) || PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER);
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION)
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION_GROUP)
// Permission to update connections or connection groups // Determine whether the current user needs access to the connection management UI
|| PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE) canManageConnections = canManageConnections ||
|| PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)
// Permission to delete connections or connection groups // System permissions
|| PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE) PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
|| PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE) || PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION)
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.CREATE_CONNECTION_GROUP)
// Permission to administer connections or connection groups // Permission to update connections or connection groups
|| PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER) || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)
|| PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER); || PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE)
var canManageSessions = // Permission to delete connections or connection groups
|| PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)
|| PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.DELETE)
// A user must be a system administrator to manage sessions // Permission to administer connections or connection groups
PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER); || PermissionSet.hasConnectionPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER)
|| PermissionSet.hasConnectionGroupPermission(permissions, PermissionSet.ObjectPermissionType.ADMINISTER);
// Determine whether the current user needs access to the session management UI
canManageSessions = canManageSessions ||
// A user must be a system administrator to manage sessions
PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER);
});
// If user can manage sessions, add link to sessions management page // If user can manage sessions, add link to sessions management page
if (canManageSessions) { if (canManageSessions) {
@@ -245,10 +260,14 @@ angular.module('navigation').factory('userPageService', ['$injector',
var deferred = $q.defer(); var deferred = $q.defer();
// Retrieve current permissions, resolving main pages if possible // Retrieve current permissions
permissionService.getAllPermissions(
authenticationService.getAvailableDataSources(),
authenticationService.getCurrentUsername()
)
// Resolve promise using settings pages derived from permissions // Resolve promise using settings pages derived from permissions
permissionService.getPermissions(authenticationService.getCurrentUsername()) .then(function permissionsRetrieved(permissions) {
.success(function permissionsRetrieved(permissions) {
deferred.resolve(generateSettingsPages(permissions)); deferred.resolve(generateSettingsPages(permissions));
}); });
@@ -264,8 +283,9 @@ angular.module('navigation').factory('userPageService', ['$injector',
* @param {ConnectionGroup} rootGroup * @param {ConnectionGroup} rootGroup
* The root of the connection group tree for the current user. * The root of the connection group tree for the current user.
* *
* @param {PermissionSet} permissions * @param {Object.<String, PermissionSet>} permissions
* The permissions for the current user. * A map of all permissions granted to the current user, where each
* key is the identifier of the corresponding data source.
* *
* @returns {Page[]} * @returns {Page[]}
* An array of all main pages that the current user can visit. * An array of all main pages that the current user can visit.
@@ -327,9 +347,14 @@ angular.module('navigation').factory('userPageService', ['$injector',
resolveMainPages(); resolveMainPages();
}); });
// Retrieve current permissions, resolving main pages if possible // Retrieve current permissions
permissionService.getPermissions(authenticationService.getCurrentUsername()) permissionService.getAllPermissions(
.success(function permissionsRetrieved(retrievedPermissions) { authenticationService.getAvailableDataSources(),
authenticationService.getCurrentUsername()
)
// Resolving main pages if possible
.then(function permissionsRetrieved(retrievedPermissions) {
permissions = retrievedPermissions; permissions = retrievedPermissions;
resolveMainPages(); resolveMainPages();
}); });

60
guacamole/src/main/webapp/app/rest/services/permissionService.js
View File

@@ -28,6 +28,7 @@ angular.module('rest').factory('permissionService', ['$injector',
// Required services // Required services
var $http = $injector.get('$http'); var $http = $injector.get('$http');
var $q = $injector.get('$q');
var authenticationService = $injector.get('authenticationService'); var authenticationService = $injector.get('authenticationService');
var cacheService = $injector.get('cacheService'); var cacheService = $injector.get('cacheService');
@@ -69,7 +70,64 @@ angular.module('rest').factory('permissionService', ['$injector',
}); });
}; };
/**
* Returns a promise which resolves with all permissions available to the
* given user, as a map of all PermissionSet objects by the identifier of
* their corresponding data source. All given data sources are queried. If
* an error occurs while retrieving any PermissionSet, the promise will be
* rejected.
*
* @param {String[]} dataSources
* The unique identifier of the data sources containing the user whose
* permissions should be retrieved. These identifiers corresponds to
* AuthenticationProviders within the Guacamole web application.
*
* @param {String} username
* The username of the user to retrieve the permissions for.
*
* @returns {Promise.<Object.<String, PermissionSet>>}
* A promise which resolves with all permissions available to the
* current user, as a map of app PermissionSet objects by the
* identifier of their corresponding data source.
*/
service.getAllPermissions = function getAllPermissions(dataSources, username) {
var deferred = $q.defer();
var permissionSetRequests = [];
var permissionSets = {};
// Retrieve all permissions from all data sources
angular.forEach(dataSources, function retrievePermissions(dataSource) {
permissionSetRequests.push(
service.getPermissions(dataSource, username)
.success(function permissionsRetrieved(permissions) {
permissionSets[dataSource] = permissions;
})
);
});
// Resolve when all requests are completed
$q.all(permissionSetRequests)
.then(
// All requests completed successfully
function allPermissionsRetrieved() {
deferred.resolve(permissionSets);
},
// At least one request failed
function permissionRetrievalFailed(e) {
deferred.reject(e);
}
);
return deferred.promise;
};
/** /**
* Makes a request to the REST API to add permissions for a given user, * Makes a request to the REST API to add permissions for a given user,
* returning a promise that can be used for processing the results of the * returning a promise that can be used for processing the results of the