You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/10/01 17:37:08 UTC
[35/37] guacamole-client git commit: GUACAMOLE-220: Remove
effectively-redundant admin permission check.
GUACAMOLE-220: Remove effectively-redundant admin permission check.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/f4ccf8ef
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/f4ccf8ef
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/f4ccf8ef
Branch: refs/heads/staging/1.0.0
Commit: f4ccf8ef626e236f39ed24b1ab28f2cc9699dee7
Parents: bb6e8bc
Author: Michael Jumper <mj...@apache.org>
Authored: Sun Sep 30 23:11:20 2018 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Sun Sep 30 23:11:20 2018 -0700
----------------------------------------------------------------------
.../permission/ModeledObjectPermissionService.java | 14 +++++---------
1 file changed, 5 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/f4ccf8ef/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
index d9bb6bc..8c4be58 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
@@ -187,19 +187,15 @@ public abstract class ModeledObjectPermissionService
if (identifiers.isEmpty())
return identifiers;
- // Retrieve permissions only if allowed
- if (canReadPermissions(user, targetEntity)) {
-
- // If user is an admin, everything is accessible
- if (user.getUser().isAdministrator())
- return identifiers;
+ // If user is an admin, everything is accessible
+ if (user.getUser().isAdministrator())
+ return identifiers;
- // Otherwise, return explicitly-retrievable identifiers
+ // Otherwise, return explicitly-retrievable identifiers only if allowed
+ if (canReadPermissions(user, targetEntity))
return getPermissionMapper().selectAccessibleIdentifiers(
targetEntity.getModel(), permissions, identifiers,
effectiveGroups);
-
- }
// User cannot read this entity's permissions
throw new GuacamoleSecurityException("Permission denied.");