safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUAC-586: Expand handling of permissions within user editor. Allow users to be created through editor. Display tabs for each possible account.

Browse Source
This commit is contained in:
Michael Jumper
2015-08-30 22:20:07 -07:00
parent b6607ac21e
commit fc21162821
6 changed files with 382 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

337
guacamole/src/main/webapp/app/manage/controllers/manageUserController.js
View File

@@ -1,5 +1,5 @@
/*
* Copyright (C) 2014 Glyptodon LLC
* Copyright (C) 2015 Glyptodon LLC
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
@@ -31,10 +31,12 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
var PageDefinition = $injector.get('PageDefinition');
var PermissionFlagSet = $injector.get('PermissionFlagSet');
var PermissionSet = $injector.get('PermissionSet');
var User = $injector.get('User');
// Required services
var $location = $injector.get('$location');
var $routeParams = $injector.get('$routeParams');
var $q = $injector.get('$q');
var authenticationService = $injector.get('authenticationService');
var connectionGroupService = $injector.get('connectionGroupService');
var guacNotification = $injector.get('guacNotification');
@@ -55,6 +57,21 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
}
};
/**
* The identifiers of all data sources currently available to the
* authenticated user.
*
* @type String[]
*/
var dataSources = authenticationService.getAvailableDataSources();
/**
* The username of the current, authenticated user.
*
* @type String
*/
var currentUsername = authenticationService.getCurrentUsername();
/**
* The unique identifier of the data source containing the user being
* edited.
@@ -70,6 +87,16 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
*/
var username = $routeParams.id;
/**
* Whether the user being modified actually exists. If the user does not
* yet exist, a different REST service call must be made to create that
* user rather than update an existing user. If the user has not yet been
* loaded, this will be null.
*
* @type Boolean
*/
var userExists = null;
/**
* The user being modified.
*
@@ -85,26 +112,13 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
$scope.permissionFlags = null;
/**
* The root connection group of the connection group hierarchy.
* The root connection group of the connection group hierarchy within the
* data source containing the user being edited/created.
*
* @type ConnectionGroup
*/
$scope.rootGroup = null;
/**
* Whether the authenticated user has UPDATE permission for the user being edited.
*
* @type Boolean
*/
$scope.hasUpdatePermission = null;
/**
* Whether the authenticated user has DELETE permission for the user being edited.
*
* @type Boolean
*/
$scope.hasDeletePermission = null;
/**
* All permissions associated with the current user, or null if the user's
* permissions have not yet been loaded.
@@ -128,21 +142,7 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
*
* @type PageDefinition[]
*/
$scope.accountPages = (function getAccountPages(dataSources) {
var accountPages = [];
// Add an account page for each applicable data source
angular.forEach(dataSources, function addAccountPage(dataSource) {
accountPages.push(new PageDefinition(
translationStringService.canonicalize('DATA_SOURCE_' + dataSource) + '.NAME',
'/manage/' + encodeURIComponent(dataSource) + '/users/' + encodeURIComponent(username)
));
});
return accountPages;
})(authenticationService.getAvailableDataSources());
$scope.accountPages = [];
/**
* Returns whether the list of all available account tabs should be shown.
@@ -168,25 +168,262 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
&& $scope.permissionFlags !== null
&& $scope.rootGroup !== null
&& $scope.permissions !== null
&& $scope.attributes !== null
&& $scope.canSaveUser !== null
&& $scope.canDeleteUser !== null;
&& $scope.attributes !== null;
};
/**
* Returns whether the current user can change attributes associated with
* the user being edited.
*
* @returns {Boolean}
* true if the current user can change attributes associated with the
* user being edited, false otherwise.
*/
$scope.canChangeAttributes = function canChangeAttributes() {
// Do not check if permissions are not yet loaded
if (!$scope.permissions)
return false;
// Attributes can always be set if we are creating the user
if (!userExists)
return true;
// The administrator can always change attributes
if (PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.ADMINISTER))
return true;
// Otherwise, can change attributes if we have permission to update this user
return PermissionSet.hasUserPermission($scope.permissions,
PermissionSet.ObjectPermissionType.UPDATE, username);
};
/**
* Returns whether the current user can change permissions of any kind
* which are associated with the user being edited.
*
* @returns {Boolean}
* true if the current user can grant or revoke permissions of any kind
* which are associated with the user being edited, false otherwise.
*/
$scope.canChangePermissions = function canChangePermissions() {
// Do not check if permissions are not yet loaded
if (!$scope.permissions)
return false;
// Permissions can always be set if we are creating the user
if (!userExists)
return true;
// The administrator can always modify permissions
if (PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.ADMINISTER))
return true;
// Otherwise, can only modify permissions if we have explicit ADMINSTER permission
return PermissionSet.hasUserPermission($scope.permissions,
PermissionSet.ObjectPermissionType.ADMINISTER, username);
};
/**
* Returns whether the current user can change the system permissions
* granted to the user being edited.
*
* @returns {Boolean}
* true if the current user can grant or revoke system permissions to
* the user being edited, false otherwise.
*/
$scope.canChangeSystemPermissions = function canChangeSystemPermissions() {
// Do not check if permissions are not yet loaded
if (!$scope.permissions)
return false;
// Only the administrator can modify system permissions
return PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.ADMINISTER);
};
/**
* Returns whether the current user can save the user being edited,
* creating or updating that user, depending on whether the user already
* exists.
*
* @returns {Boolean}
* true if the current user can save changes to the user being edited,
* false otherwise.
*/
$scope.canSaveUser = function canSaveUser() {
// Do not check if permissions are not yet loaded
if (!$scope.permissions)
return false;
// The administrator can always save users
if (PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.ADMINISTER))
return true;
// If user does not exist, can only save if we have permission to create users
if (!userExists)
return PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.CREATE_USER);
// Otherwise, can only save if we have permission to update this user
return PermissionSet.hasUserPermission($scope.permissions,
PermissionSet.ObjectPermissionType.UPDATE, username);
};
/**
* Returns whether the current user can delete the user being edited.
*
* @returns {Boolean}
* true if the current user can delete the user being edited, false
* otherwise.
*/
$scope.canDeleteUser = function canDeleteUser() {
// Do not check if permissions are not yet loaded
if (!$scope.permissions)
return false;
// Can't delete what doesn't exist
if (!userExists)
return false;
// The administrator can always delete users
if (PermissionSet.hasSystemPermission($scope.permissions,
PermissionSet.SystemPermissionType.ADMINISTER))
return true;
// Otherwise, require explicit DELETE permission on the user
return PermissionSet.hasUserPermission($scope.permissions,
PermissionSet.ObjectPermissionType.DELETE, username);
};
/**
* Returns whether the user being edited is read-only, and thus cannot be
* modified by the current user.
*
* @returns {Boolean}
* true if the user being edited is actually read-only and cannot be
* edited at all, false otherwise.
*/
$scope.isReadOnly = function isReadOnly() {
return !$scope.canSaveUser();
};
// Pull user attribute schema
schemaService.getUserAttributes().success(function attributesReceived(attributes) {
$scope.attributes = attributes;
});
/**
* Retrieves all user objects having the given username from each of the
* given data sources, returning a promise which resolves to a map of those
* users by data source identifier. If any data source returns an error,
* that data source is omitted from the results.
*
* @param {String[]} dataSources
* The identifiers of the data sources to query.
*
* @param {String} username
* The username of the user to retrieve from each of the given data
* sources.
*
* @returns {Promise.<Object.<String, User>>}
* A promise which resolves to a map of user objects by data source
* identifier.
*/
var getUserAccounts = function getUserAccounts(dataSources, username) {
var deferred = $q.defer();
var userRequests = [];
var accounts = {};
// Retrieve the requested user account from all data sources
angular.forEach(dataSources, function retrieveUser(dataSource) {
// Add promise to list of pending requests
var deferredUserRequest = $q.defer();
userRequests.push(deferredUserRequest.promise);
// Retrieve user from data source
userService.getUser(dataSource, username)
.success(function userRetrieved(user) {
accounts[dataSource] = user;
deferredUserRequest.resolve();
})
// Ignore any errors
.error(function userRetrievalFailed() {
deferredUserRequest.resolve();
});
});
// Resolve when all requests are completed
$q.all(userRequests)
.then(function accountsRetrieved() {
deferred.resolve(accounts);
});
return deferred.promise;
};
// Pull user data
userService.getUser(dataSource, username).success(function userReceived(user) {
$scope.user = user;
getUserAccounts(dataSources, username)
.then(function usersReceived(users) {
// Get user for currently-selected data source
$scope.user = users[dataSource];
// Create skeleton user if user does not exist
if (!$scope.user) {
userExists = false;
$scope.user = new User({
'username' : username
});
}
else
userExists = true;
// Generate pages for each applicable data source
$scope.accountPages = [];
angular.forEach(dataSources, function addAccountPage(dataSource) {
// Determine whether data source contains this user
var linked = dataSource in users;
// Add page entry
$scope.accountPages.push(new PageDefinition(
translationStringService.canonicalize('DATA_SOURCE_' + dataSource) + '.NAME',
'/manage/' + encodeURIComponent(dataSource) + '/users/' + encodeURIComponent(username),
linked ? 'linked' : 'unlinked'
));
});
});
// Pull user permissions
permissionService.getPermissions(dataSource, username).success(function gotPermissions(permissions) {
$scope.permissionFlags = PermissionFlagSet.fromPermissionSet(permissions);
})
// If permissions cannot be retrieved, use empty permissions
.error(function permissionRetrievalFailed() {
$scope.permissionFlags = new PermissionFlagSet();
});
// Retrieve all connections for which we have ADMINISTER permission
@@ -196,24 +433,9 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
});
// Query the user's permissions for the current user
permissionService.getPermissions(dataSource, authenticationService.getCurrentUsername())
permissionService.getPermissions(dataSource, currentUsername)
.success(function permissionsReceived(permissions) {
$scope.permissions = permissions;
// Check if the user is new or if the user has UPDATE permission
$scope.canSaveUser =
!username
|| PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
|| PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.UPDATE, username);
// Check if user is not new and the user has DELETE permission
$scope.canDeleteUser =
!!username && (
PermissionSet.hasSystemPermission(permissions, PermissionSet.SystemPermissionType.ADMINISTER)
|| PermissionSet.hasUserPermission(permissions, PermissionSet.ObjectPermissionType.DELETE, username)
);
});
/**
@@ -550,9 +772,14 @@ angular.module('manage').controller('manageUserController', ['$scope', '$injecto
return;
}
// Save the user
userService.saveUser(dataSource, $scope.user)
.success(function savedUser() {
// Save or create the user, depending on whether the user exists
var saveUserPromise;
if (userExists)
saveUserPromise = userService.saveUser(dataSource, $scope.user);
else
saveUserPromise = userService.createUser(dataSource, $scope.user);
saveUserPromise.success(function savedUser() {
// Upon success, save any changed permissions
permissionService.patchPermissions(dataSource, $scope.user.username, permissionsAdded, permissionsRemoved)

36
guacamole/src/main/webapp/app/manage/styles/manage-user.css
View File

@@ -27,3 +27,39 @@
.manage-user .username.header h2 {
text-transform: none;
}
.manage-user .settings-tabs .page-list li.unlinked a[href],
.manage-user .settings-tabs .page-list li.linked a[href] {
padding-right: 2.5em;
position: relative;
}
.manage-user .settings-tabs .page-list li.unlinked a[href]:before,
.manage-user .settings-tabs .page-list li.linked a[href]:before {
content: ' ';
position: absolute;
right: 0;
bottom: 0;
top: 0;
width: 2.5em;
background-size: 1.25em;
background-repeat: no-repeat;
background-position: center;
}
.manage-user .settings-tabs .page-list li.unlinked a[href]:before {
background-image: url('images/plus.png');
}
.manage-user .settings-tabs .page-list li.unlinked a[href] {
opacity: 0.5;
}
.manage-user .settings-tabs .page-list li.unlinked a[href]:hover,
.manage-user .settings-tabs .page-list li.unlinked a[href].current {
opacity: 1;
}
.manage-user .settings-tabs .page-list li.linked a[href]:before {
background-image: url('images/checkmark.png');
}

29
guacamole/src/main/webapp/app/manage/templates/manageUser.html
View File

@@ -22,7 +22,7 @@ THE SOFTWARE.
<div class="manage-user view" ng-class="{loading: !isLoaded()}">
<!-- Main property editor -->
<!-- User header and data source tabs -->
<div class="username header">
<h2>{{user.username}}</h2>
<guac-user-menu></guac-user-menu>
@@ -31,6 +31,15 @@ THE SOFTWARE.
<guac-page-list pages="accountPages" ng-show="showAccountTabs()"></guac-page-list>
</div>
<!-- Warn if user is read-only -->
<div class="section" ng-show="isReadOnly()">
<p class="notice read-only">{{'MANAGE_USER.INFO_READ_ONLY' | translate}}</p>
</div>
<!-- Sections applicable to non-read-only users -->
<div ng-show="!isReadOnly()">
<!-- User password section -->
<div class="section">
<table class="properties">
<tr>
@@ -45,15 +54,17 @@ THE SOFTWARE.
</div>
<!-- User attributes section -->
<div class="attributes">
<div class="attributes" ng-show="canChangeAttributes()">
<guac-form namespace="'USER_ATTRIBUTES'" content="attributes" model="user.attributes"></guac-form>
</div>
<!-- System permissions section -->
<div class="system-permissions" ng-show="canChangePermissions()">
<h2 class="header">{{'MANAGE_USER.SECTION_HEADER_PERMISSIONS' | translate}}</h2>
<div class="section">
<table class="properties">
<tr ng-repeat="systemPermissionType in systemPermissionTypes">
<tr ng-repeat="systemPermissionType in systemPermissionTypes"
ng-show="canChangeSystemPermissions()">
<th>{{systemPermissionType.label | translate}}</th>
<td><input type="checkbox" ng-model="permissionFlags.systemPermissions[systemPermissionType.value]"
ng-change="systemPermissionChanged(systemPermissionType.value)"/></td>
@@ -65,9 +76,12 @@ THE SOFTWARE.
</tr>
</table>
</div>
</div>
<!-- Connection permissions section -->
<div class="connection-permissions" ng-show="canChangePermissions()">
<h2 class="header">{{'MANAGE_USER.SECTION_HEADER_CONNECTIONS' | translate}}</h2>
<div class="section" ng-class="{loading: !rootGroup}">
<div class="section">
<guac-group-list
context="groupListContext"
connection-group="rootGroup"
@@ -75,12 +89,15 @@ THE SOFTWARE.
connection-group-template="'app/manage/templates/connectionGroupPermission.html'"
page-size="20"/>
</div>
</div>
</div>
<!-- Form action buttons -->
<div class="action-buttons">
<button ng-show="canSaveUser" ng-click="saveUser()">{{'MANAGE_USER.ACTION_SAVE' | translate}}</button>
<button ng-show="canSaveUser()" ng-click="saveUser()">{{'MANAGE_USER.ACTION_SAVE' | translate}}</button>
<button ng-click="cancel()">{{'MANAGE_USER.ACTION_CANCEL' | translate}}</button>
<button ng-show="canDeleteUser" ng-click="deleteUser()" class="danger">{{'MANAGE_USER.ACTION_DELETE' | translate}}</button>
<button ng-show="canDeleteUser()" ng-click="deleteUser()" class="danger">{{'MANAGE_USER.ACTION_DELETE' | translate}}</button>
</div>
</div>

BIN
guacamole/src/main/webapp/images/checkmark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 569 B

BIN
guacamole/src/main/webapp/images/plus.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 299 B

2
guacamole/src/main/webapp/translations/en.json
View File

@@ -245,6 +245,8 @@
"FIELD_HEADER_PASSWORD_AGAIN" : "@:APP.FIELD_HEADER_PASSWORD_AGAIN",
"FIELD_HEADER_USERNAME" : "Username:",
"INFO_READ_ONLY" : "Sorry, but this user account cannot be edited.",
"SECTION_HEADER_CONNECTIONS" : "Connections",
"SECTION_HEADER_EDIT_USER" : "Edit User",
"SECTION_HEADER_PERMISSIONS" : "Permissions",