safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-5: Merge sharing profile fixes for non-admins.

Browse Source
This commit is contained in:
James Muehlner
2016-07-25 15:27:33 -07:00
parent b0eef60e15 f119b97230
commit fafcbf0dda
4 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/activeconnection/ActiveConnectionService.java
View File

@@ -80,6 +80,7 @@ public class ActiveConnectionService
public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user, public Collection<TrackedActiveConnection> retrieveObjects(AuthenticatedUser user,
Collection<String> identifiers) throws GuacamoleException { Collection<String> identifiers) throws GuacamoleException {
String username = user.getIdentifier();
boolean isAdmin = user.getUser().isAdministrator(); boolean isAdmin = user.getUser().isAdministrator();
Set<String> identifierSet = new HashSet<String>(identifiers); Set<String> identifierSet = new HashSet<String>(identifiers);
@@ -90,10 +91,15 @@ public class ActiveConnectionService
Collection<TrackedActiveConnection> activeConnections = new ArrayList<TrackedActiveConnection>(identifiers.size()); Collection<TrackedActiveConnection> activeConnections = new ArrayList<TrackedActiveConnection>(identifiers.size());
for (ActiveConnectionRecord record : records) { for (ActiveConnectionRecord record : records) {
// Sensitive information should be included if the connection was
// started by the current user OR the user is an admin
boolean includeSensitiveInformation =
isAdmin || username.equals(record.getUsername());
// Add connection if within requested identifiers // Add connection if within requested identifiers
if (identifierSet.contains(record.getUUID().toString())) { if (identifierSet.contains(record.getUUID().toString())) {
TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get(); TrackedActiveConnection activeConnection = trackedActiveConnectionProvider.get();
activeConnection.init(user, record, isAdmin); activeConnection.init(user, record, includeSensitiveInformation);
activeConnections.add(activeConnection); activeConnections.add(activeConnection);
} }

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-mysql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -55,7 +55,7 @@
<!-- Select identifiers of all readable sharing profiles associated with a particular connection --> <!-- Select identifiers of all readable sharing profiles associated with a particular connection -->
<select id="selectReadableIdentifiersWithin" resultType="string"> <select id="selectReadableIdentifiersWithin" resultType="string">
SELECT sharing_profile_id SELECT guacamole_sharing_profile.sharing_profile_id
FROM guacamole_sharing_profile FROM guacamole_sharing_profile
JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
WHERE WHERE

2
extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/sharingprofile/SharingProfileMapper.xml
View File

@@ -55,7 +55,7 @@
<!-- Select identifiers of all readable sharing profiles associated with a particular connection --> <!-- Select identifiers of all readable sharing profiles associated with a particular connection -->
<select id="selectReadableIdentifiersWithin" resultType="string"> <select id="selectReadableIdentifiersWithin" resultType="string">
SELECT sharing_profile_id SELECT guacamole_sharing_profile.sharing_profile_id
FROM guacamole_sharing_profile FROM guacamole_sharing_profile
JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id JOIN guacamole_sharing_profile_permission ON guacamole_sharing_profile_permission.sharing_profile_id = guacamole_sharing_profile.sharing_profile_id
WHERE WHERE

9
guacamole/src/main/java/org/apache/guacamole/rest/tunnel/TunnelResource.java
View File

@@ -30,6 +30,7 @@ import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam; import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
import org.apache.guacamole.GuacamoleException; import org.apache.guacamole.GuacamoleException;
import org.apache.guacamole.GuacamoleResourceNotFoundException;
import org.apache.guacamole.net.auth.ActiveConnection; import org.apache.guacamole.net.auth.ActiveConnection;
import org.apache.guacamole.net.auth.UserContext; import org.apache.guacamole.net.auth.UserContext;
import org.apache.guacamole.rest.activeconnection.APIActiveConnection; import org.apache.guacamole.rest.activeconnection.APIActiveConnection;
@@ -96,10 +97,14 @@ public class TunnelResource {
// Pull the UserContext from the tunnel // Pull the UserContext from the tunnel
UserContext userContext = tunnel.getUserContext(); UserContext userContext = tunnel.getUserContext();
// Fail if the active connection cannot be found
ActiveConnection activeConnection = tunnel.getActiveConnection();
if (activeConnection == null)
throw new GuacamoleResourceNotFoundException("No readable active connection for tunnel.");
// Return the associated ActiveConnection as a resource // Return the associated ActiveConnection as a resource
return activeConnectionResourceFactory.create(userContext, return activeConnectionResourceFactory.create(userContext,
userContext.getActiveConnectionDirectory(), userContext.getActiveConnectionDirectory(), activeConnection);
tunnel.getActiveConnection());
} }