You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/10/01 18:08:22 UTC
[21/38] guacamole-client git commit: GUACAMOLE-220: Map and allow
manipulation of the user group parents of users.
GUACAMOLE-220: Map and allow manipulation of the user group parents of users.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/2999c560
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/2999c560
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/2999c560
Branch: refs/heads/master
Commit: 2999c560980d48bcf58befebbc6d9dde98db3a36
Parents: 856ab44
Author: Michael Jumper <mj...@apache.org>
Authored: Tue Apr 10 15:18:38 2018 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Wed Sep 19 23:56:52 2018 -0700
----------------------------------------------------------------------
.../jdbc/JDBCAuthenticationProviderModule.java | 2 +
.../guacamole/auth/jdbc/user/ModeledUser.java | 13 ++-
.../jdbc/user/UserParentUserGroupMapper.java | 28 ++++++
.../auth/jdbc/user/UserParentUserGroupSet.java | 59 ++++++++++++
.../jdbc/user/UserParentUserGroupMapper.xml | 96 ++++++++++++++++++++
5 files changed, 196 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2999c560/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
index 2d4c67a..5203cfe 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/JDBCAuthenticationProviderModule.java
@@ -91,6 +91,7 @@ import org.apache.guacamole.auth.jdbc.usergroup.UserGroupParentUserGroupMapper;
import org.apache.guacamole.auth.jdbc.usergroup.UserGroupService;
import org.mybatis.guice.MyBatisModule;
import org.mybatis.guice.datasource.builtin.PooledDataSourceProvider;
+import org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper;
/**
* Guice module which configures the injections used by the JDBC authentication
@@ -144,6 +145,7 @@ public class JDBCAuthenticationProviderModule extends MyBatisModule {
addMapperClass(UserGroupParentUserGroupMapper.class);
addMapperClass(UserGroupPermissionMapper.class);
addMapperClass(UserMapper.class);
+ addMapperClass(UserParentUserGroupMapper.class);
addMapperClass(UserPermissionMapper.class);
addMapperClass(UserRecordMapper.class);
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2999c560/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
index 9b65471..b7924ed 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/ModeledUser.java
@@ -20,6 +20,7 @@
package org.apache.guacamole.auth.jdbc.user;
import com.google.inject.Inject;
+import com.google.inject.Provider;
import java.sql.Date;
import java.sql.Time;
import java.sql.Timestamp;
@@ -49,7 +50,6 @@ import org.apache.guacamole.net.auth.ActivityRecord;
import org.apache.guacamole.net.auth.Permissions;
import org.apache.guacamole.net.auth.RelatedObjectSet;
import org.apache.guacamole.net.auth.User;
-import org.apache.guacamole.net.auth.simple.SimpleRelatedObjectSet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -177,6 +177,13 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {
private SaltService saltService;
/**
+ * Provider for RelatedObjectSets containing the user groups of which this
+ * user is a member.
+ */
+ @Inject
+ private Provider<UserParentUserGroupSet> parentUserGroupSetProvider;
+
+ /**
* Whether attributes which control access restrictions should be exposed
* via getAttributes() or allowed to be set via setAttributes().
*/
@@ -747,7 +754,9 @@ public class ModeledUser extends ModeledPermissions<UserModel> implements User {
@Override
public RelatedObjectSet getUserGroups() throws GuacamoleException {
- return new SimpleRelatedObjectSet();
+ UserParentUserGroupSet parentUserGroupSet = parentUserGroupSetProvider.get();
+ parentUserGroupSet.init(getCurrentUser(), this);
+ return parentUserGroupSet;
}
@Override
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2999c560/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java
new file mode 100644
index 0000000..ee3d6a8
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.java
@@ -0,0 +1,28 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.user;
+
+import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
+
+/**
+ * Mapper for the one-to-many relationship between a user and the user groups
+ * of which it is a member.
+ */
+public interface UserParentUserGroupMapper extends ObjectRelationMapper<UserModel> {}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2999c560/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java
new file mode 100644
index 0000000..f888729
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupSet.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.guacamole.auth.jdbc.user;
+
+import com.google.inject.Inject;
+import org.apache.guacamole.GuacamoleException;
+import org.apache.guacamole.auth.jdbc.base.ObjectRelationMapper;
+import org.apache.guacamole.auth.jdbc.base.RelatedObjectSet;
+import org.apache.guacamole.net.auth.permission.ObjectPermissionSet;
+
+/**
+ * RelatedObjectSet implementation which represents the one-to-many
+ * relationship between a particular user and the user groups of which it is a
+ * member.
+ */
+public class UserParentUserGroupSet extends RelatedObjectSet<ModeledUser, UserModel> {
+
+ /**
+ * Mapper for the relations between users and the user groups of which they
+ * are members.
+ */
+ @Inject
+ private UserParentUserGroupMapper userParentUserGroupMapper;
+
+ @Override
+ protected ObjectRelationMapper<UserModel> getObjectRelationMapper() {
+ return userParentUserGroupMapper;
+ }
+
+ @Override
+ protected ObjectPermissionSet
+ getParentObjectEffectivePermissionSet() throws GuacamoleException {
+ return getCurrentUser().getUser().getEffectivePermissions().getUserPermissions();
+ }
+
+ @Override
+ protected ObjectPermissionSet getChildObjectEffectivePermissionSet()
+ throws GuacamoleException {
+ return getCurrentUser().getUser().getEffectivePermissions().getUserGroupPermissions();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/2999c560/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
new file mode 100644
index 0000000..bcff7a2
--- /dev/null
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-postgresql/src/main/resources/org/apache/guacamole/auth/jdbc/user/UserParentUserGroupMapper.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
+ "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<mapper namespace="org.apache.guacamole.auth.jdbc.user.UserParentUserGroupMapper" >
+
+ <!-- Select the names of all parent user groups -->
+ <select id="selectChildIdentifiers" resultType="string">
+ SELECT name
+ FROM guacamole_user_group_member
+ JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id
+ JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id
+ WHERE
+ guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
+ AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
+ </select>
+
+ <!-- Select the names of all readable parent user groups -->
+ <select id="selectReadableChildIdentifiers" resultType="string">
+ SELECT guacamole_entity.name
+ FROM guacamole_user_group_member
+ JOIN guacamole_user_group ON guacamole_user_group_member.user_group_id = guacamole_user_group.user_group_id
+ JOIN guacamole_entity ON guacamole_entity.entity_id = guacamole_user_group.entity_id
+ JOIN guacamole_user_group_permission ON affected_user_group_id = guacamole_user_group.user_group_id
+ WHERE
+ <include refid="org.apache.guacamole.auth.jdbc.base.EntityMapper.isRelatedEntity">
+ <property name="column" value="guacamole_user_group_permission.entity_id"/>
+ <property name="entityID" value="#{user.entityID,jdbcType=INTEGER}"/>
+ <property name="groups" value="effectiveGroups"/>
+ </include>
+ AND guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
+ AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
+ AND permission = 'READ'
+ </select>
+
+ <!-- Delete parent groups by name -->
+ <delete id="delete">
+ DELETE FROM guacamole_user_group_member
+ USING guacamole_user_group, guacamole_entity
+ WHERE
+ member_entity_id = #{parent.entityID,jdbcType=INTEGER}
+ AND guacamole_user_group.user_group_id = guacamole_user_group_member.user_group_id
+ AND guacamole_entity.entity_id = guacamole_user_group.entity_id
+ AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
+ AND guacamole_entity.name IN
+ <foreach collection="children" item="identifier"
+ open="(" separator="," close=")">
+ #{identifier,jdbcType=VARCHAR}
+ </foreach>
+ </delete>
+
+ <!-- Insert parent groups by name -->
+ <insert id="insert">
+ INSERT INTO guacamole_user_group_member (
+ user_group_id,
+ member_entity_id
+ )
+ SELECT DISTINCT
+ guacamole_user_group.user_group_id,
+ #{parent.entityID,jdbcType=INTEGER}
+ FROM guacamole_user_group
+ JOIN guacamole_entity ON guacamole_user_group.entity_id = guacamole_entity.entity_id
+ WHERE
+ guacamole_entity.name IN
+ <foreach collection="children" item="identifier"
+ open="(" separator="," close=")">
+ #{identifier,jdbcType=VARCHAR}
+ </foreach>
+ AND guacamole_entity.type = 'USER_GROUP'::guacamole_entity_type
+ AND guacamole_user_group.user_group_id NOT IN (
+ SELECT guacamole_user_group_member.user_group_id
+ FROM guacamole_user_group_member
+ WHERE guacamole_user_group_member.member_entity_id = #{parent.entityID,jdbcType=INTEGER}
+ )
+ </insert>
+
+</mapper>