mirror of
https://github.com/gyurix1968/guacamole-client.git
synced 2025-09-07 13:41:21 +00:00
312 lines
12 KiB
JavaScript
312 lines
12 KiB
JavaScript
/*
|
|
* Copyright (C) 2014 Glyptodon LLC
|
|
*
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
* in the Software without restriction, including without limitation the rights
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
* furnished to do so, subject to the following conditions:
|
|
*
|
|
* The above copyright notice and this permission notice shall be included in
|
|
* all copies or substantial portions of the Software.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
* THE SOFTWARE.
|
|
*/
|
|
|
|
/**
|
|
* Service for operating on user permissions via the REST API.
|
|
*/
|
|
angular.module('rest').factory('permissionService', ['$injector',
|
|
function permissionService($injector) {
|
|
|
|
// Required services
|
|
var $http = $injector.get('$http');
|
|
var $q = $injector.get('$q');
|
|
var authenticationService = $injector.get('authenticationService');
|
|
var cacheService = $injector.get('cacheService');
|
|
|
|
// Required types
|
|
var PermissionPatch = $injector.get('PermissionPatch');
|
|
|
|
var service = {};
|
|
|
|
/**
|
|
* Makes a request to the REST API to get the list of permissions for a
|
|
* given user, returning a promise that provides an array of
|
|
* @link{Permission} objects if successful.
|
|
*
|
|
* @param {String} dataSource
|
|
* The unique identifier of the data source containing the user whose
|
|
* permissions should be retrieved. This identifier corresponds to an
|
|
* AuthenticationProvider within the Guacamole web application.
|
|
*
|
|
* @param {String} userID
|
|
* The ID of the user to retrieve the permissions for.
|
|
*
|
|
* @returns {Promise.<PermissionSet>}
|
|
* A promise which will resolve with a @link{PermissionSet} upon
|
|
* success.
|
|
*/
|
|
service.getPermissions = function getPermissions(dataSource, userID) {
|
|
|
|
// Build HTTP parameters set
|
|
var httpParameters = {
|
|
token : authenticationService.getCurrentToken()
|
|
};
|
|
|
|
// Retrieve user permissions
|
|
return $http({
|
|
cache : cacheService.users,
|
|
method : 'GET',
|
|
url : 'api/data/' + encodeURIComponent(dataSource) + '/users/' + encodeURIComponent(userID) + '/permissions',
|
|
params : httpParameters
|
|
});
|
|
|
|
};
|
|
|
|
/**
|
|
* Returns a promise which resolves with all permissions available to the
|
|
* given user, as a map of all PermissionSet objects by the identifier of
|
|
* their corresponding data source. All given data sources are queried. If
|
|
* an error occurs while retrieving any PermissionSet, the promise will be
|
|
* rejected.
|
|
*
|
|
* @param {String[]} dataSources
|
|
* The unique identifier of the data sources containing the user whose
|
|
* permissions should be retrieved. These identifiers corresponds to
|
|
* AuthenticationProviders within the Guacamole web application.
|
|
*
|
|
* @param {String} username
|
|
* The username of the user to retrieve the permissions for.
|
|
*
|
|
* @returns {Promise.<Object.<String, PermissionSet>>}
|
|
* A promise which resolves with all permissions available to the
|
|
* current user, as a map of app PermissionSet objects by the
|
|
* identifier of their corresponding data source.
|
|
*/
|
|
service.getAllPermissions = function getAllPermissions(dataSources, username) {
|
|
|
|
var deferred = $q.defer();
|
|
|
|
var permissionSetRequests = [];
|
|
var permissionSets = {};
|
|
|
|
// Retrieve all permissions from all data sources
|
|
angular.forEach(dataSources, function retrievePermissions(dataSource) {
|
|
permissionSetRequests.push(
|
|
service.getPermissions(dataSource, username)
|
|
.success(function permissionsRetrieved(permissions) {
|
|
permissionSets[dataSource] = permissions;
|
|
})
|
|
);
|
|
});
|
|
|
|
// Resolve when all requests are completed
|
|
$q.all(permissionSetRequests)
|
|
.then(
|
|
|
|
// All requests completed successfully
|
|
function allPermissionsRetrieved() {
|
|
deferred.resolve(permissionSets);
|
|
},
|
|
|
|
// At least one request failed
|
|
function permissionRetrievalFailed(e) {
|
|
deferred.reject(e);
|
|
}
|
|
|
|
);
|
|
|
|
return deferred.promise;
|
|
|
|
};
|
|
|
|
/**
|
|
* Makes a request to the REST API to add permissions for a given user,
|
|
* returning a promise that can be used for processing the results of the
|
|
* call.
|
|
*
|
|
* @param {String} dataSource
|
|
* The unique identifier of the data source containing the user whose
|
|
* permissions should be modified. This identifier corresponds to an
|
|
* AuthenticationProvider within the Guacamole web application.
|
|
*
|
|
* @param {String} userID
|
|
* The ID of the user to modify the permissions of.
|
|
*
|
|
* @param {PermissionSet} permissions
|
|
* The set of permissions to add.
|
|
*
|
|
* @returns {Promise}
|
|
* A promise for the HTTP call which will succeed if and only if the
|
|
* add operation is successful.
|
|
*/
|
|
service.addPermissions = function addPermissions(dataSource, userID, permissions) {
|
|
return service.patchPermissions(dataSource, userID, permissions, null);
|
|
};
|
|
|
|
/**
|
|
* Makes a request to the REST API to remove permissions for a given user,
|
|
* returning a promise that can be used for processing the results of the
|
|
* call.
|
|
*
|
|
* @param {String} dataSource
|
|
* The unique identifier of the data source containing the user whose
|
|
* permissions should be modified. This identifier corresponds to an
|
|
* AuthenticationProvider within the Guacamole web application.
|
|
*
|
|
* @param {String} userID
|
|
* The ID of the user to modify the permissions of.
|
|
*
|
|
* @param {PermissionSet} permissions
|
|
* The set of permissions to remove.
|
|
*
|
|
* @returns {Promise}
|
|
* A promise for the HTTP call which will succeed if and only if the
|
|
* remove operation is successful.
|
|
*/
|
|
service.removePermissions = function removePermissions(dataSource, userID, permissions) {
|
|
return service.patchPermissions(dataSource, userID, null, permissions);
|
|
};
|
|
|
|
/**
|
|
* Adds patches for modifying the permissions associated with specific
|
|
* objects to the given array of patches.
|
|
*
|
|
* @param {PermissionPatch[]} patch
|
|
* The array of patches to add new patches to.
|
|
*
|
|
* @param {String} operation
|
|
* The operation to specify within each of the patches. Valid values
|
|
* for this are defined within PermissionPatch.Operation.
|
|
*
|
|
* @param {String} path
|
|
* The path of the permissions being patched. The path is a JSON path
|
|
* describing the position of the permissions within a PermissionSet.
|
|
*
|
|
* @param {Object.<String, String[]>} permissions
|
|
* A map of object identifiers to arrays of permission type strings,
|
|
* where each type string is a value from
|
|
* PermissionSet.ObjectPermissionType.
|
|
*/
|
|
var addObjectPatchOperations = function addObjectPatchOperations(patch, operation, path, permissions) {
|
|
|
|
// Add object permission operations to patch
|
|
for (var identifier in permissions) {
|
|
permissions[identifier].forEach(function addObjectPatch(type) {
|
|
patch.push({
|
|
op : operation,
|
|
path : path + "/" + identifier,
|
|
value : type
|
|
});
|
|
});
|
|
}
|
|
|
|
};
|
|
|
|
/**
|
|
* Adds patches for modifying any permission that can be stored within a
|
|
* @link{PermissionSet}.
|
|
*
|
|
* @param {PermissionPatch[]} patch
|
|
* The array of patches to add new patches to.
|
|
*
|
|
* @param {String} operation
|
|
* The operation to specify within each of the patches. Valid values
|
|
* for this are defined within PermissionPatch.Operation.
|
|
*
|
|
* @param {PermissionSet} permissions
|
|
* The set of permissions for which patches should be added.
|
|
*/
|
|
var addPatchOperations = function addPatchOperations(patch, operation, permissions) {
|
|
|
|
// Add connection permission operations to patch
|
|
addObjectPatchOperations(patch, operation, "/connectionPermissions",
|
|
permissions.connectionPermissions);
|
|
|
|
// Add connection group permission operations to patch
|
|
addObjectPatchOperations(patch, operation, "/connectionGroupPermissions",
|
|
permissions.connectionGroupPermissions);
|
|
|
|
// Add active connection permission operations to patch
|
|
addObjectPatchOperations(patch, operation, "/activeConnectionPermissions",
|
|
permissions.activeConnectionPermissions);
|
|
|
|
// Add user permission operations to patch
|
|
addObjectPatchOperations(patch, operation, "/userPermissions",
|
|
permissions.userPermissions);
|
|
|
|
// Add system operations to patch
|
|
permissions.systemPermissions.forEach(function addSystemPatch(type) {
|
|
patch.push({
|
|
op : operation,
|
|
path : "/systemPermissions",
|
|
value : type
|
|
});
|
|
});
|
|
|
|
};
|
|
|
|
/**
|
|
* Makes a request to the REST API to modify the permissions for a given
|
|
* user, returning a promise that can be used for processing the results of
|
|
* the call.
|
|
*
|
|
* @param {String} dataSource
|
|
* The unique identifier of the data source containing the user whose
|
|
* permissions should be modified. This identifier corresponds to an
|
|
* AuthenticationProvider within the Guacamole web application.
|
|
*
|
|
* @param {String} userID
|
|
* The ID of the user to modify the permissions of.
|
|
*
|
|
* @param {PermissionSet} [permissionsToAdd]
|
|
* The set of permissions to add, if any.
|
|
*
|
|
* @param {PermissionSet} [permissionsToRemove]
|
|
* The set of permissions to remove, if any.
|
|
*
|
|
* @returns {Promise}
|
|
* A promise for the HTTP call which will succeed if and only if the
|
|
* patch operation is successful.
|
|
*/
|
|
service.patchPermissions = function patchPermissions(dataSource, userID, permissionsToAdd, permissionsToRemove) {
|
|
|
|
var permissionPatch = [];
|
|
|
|
// Build HTTP parameters set
|
|
var httpParameters = {
|
|
token : authenticationService.getCurrentToken()
|
|
};
|
|
|
|
// Add all the add operations to the patch
|
|
addPatchOperations(permissionPatch, PermissionPatch.Operation.ADD, permissionsToAdd);
|
|
|
|
// Add all the remove operations to the patch
|
|
addPatchOperations(permissionPatch, PermissionPatch.Operation.REMOVE, permissionsToRemove);
|
|
|
|
// Patch user permissions
|
|
return $http({
|
|
method : 'PATCH',
|
|
url : 'api/data/' + encodeURIComponent(dataSource) + '/users/' + encodeURIComponent(userID) + '/permissions',
|
|
params : httpParameters,
|
|
data : permissionPatch
|
|
})
|
|
|
|
// Clear the cache
|
|
.success(function permissionsPatched(){
|
|
cacheService.users.removeAll();
|
|
});
|
|
};
|
|
|
|
return service;
|
|
|
|
}]);
|