You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@guacamole.apache.org by mike-jumper <gi...@git.apache.org> on 2016/07/25 21:48:41 UTC
[GitHub] incubator-guacamole-client pull request #34: GUACAMOLE-5: Fix non-admin acce...
GitHub user mike-jumper opened a pull request:
https://github.com/apache/incubator-guacamole-client/pull/34
GUACAMOLE-5: Fix non-admin access to sharing profiles.
This change fixes the following issues discovered after testing sharing profiles in a production environment against non-admin users:
1. The tunnel beneath an active connection was only being exposed to admin users, thus breaking the `.../api/session/tunnels/[UUID]/activeConnection` resource for non-admins. Users should be able to see the data associated with their own active connections.
2. As the above resource was written under the faulty assumption that the active connection can always be retrieved (what if the extension does not implement active connection tracking), a hard HTTP 500 was thrown when this assumption failed. The resource should instead throw a nice HTTP 404.
3. The permission-restricted query for retrieving the sharing profile identifiers associated with a particular connection was ambiguous with respect to the `sharing_profile_id` column, which occurs in both the `guacamole_sharing_profile` and `guacamole_sharing_profile_permission` tables.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/mike-jumper/incubator-guacamole-client fix-non-admin
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-guacamole-client/pull/34.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #34
----
commit a5af6c00d249ffc7d5c50414541545e53cad3f4c
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-25T21:10:54Z
GUACAMOLE-5: Throw clean "resource not found" if the active connection of a tunnel cannot be determined.
commit 8fad01c65c350d10d2bb86dedcf4eb246d82b0c6
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-25T21:20:03Z
GUACAMOLE-5: Include the sensitive information of an active connection if the current user started that active connection.
commit f119b972301cb42f2c17ee7011452c05af0ab9bc
Author: Michael Jumper <mj...@apache.org>
Date: 2016-07-25T21:25:53Z
GUACAMOLE-5: Column "sharing_profile_id" is ambiguous without the table name.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---
[GitHub] incubator-guacamole-client pull request #34: GUACAMOLE-5: Fix non-admin acce...
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/incubator-guacamole-client/pull/34
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---