You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by vn...@apache.org on 2018/10/01 18:08:36 UTC

[35/38] guacamole-client git commit: GUACAMOLE-220: Remove effectively-redundant admin permission check.

GUACAMOLE-220: Remove effectively-redundant admin permission check.

Project: http://git-wip-us.apache.org/repos/asf/guacamole-client/repo
Commit: http://git-wip-us.apache.org/repos/asf/guacamole-client/commit/f4ccf8ef
Tree: http://git-wip-us.apache.org/repos/asf/guacamole-client/tree/f4ccf8ef
Diff: http://git-wip-us.apache.org/repos/asf/guacamole-client/diff/f4ccf8ef

Branch: refs/heads/master
Commit: f4ccf8ef626e236f39ed24b1ab28f2cc9699dee7
Parents: bb6e8bc
Author: Michael Jumper <mj...@apache.org>
Authored: Sun Sep 30 23:11:20 2018 -0700
Committer: Michael Jumper <mj...@apache.org>
Committed: Sun Sep 30 23:11:20 2018 -0700

----------------------------------------------------------------------
 .../permission/ModeledObjectPermissionService.java    | 14 +++++---------
 1 file changed, 5 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/guacamole-client/blob/f4ccf8ef/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
----------------------------------------------------------------------
diff --git a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
index d9bb6bc..8c4be58 100644
--- a/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
+++ b/extensions/guacamole-auth-jdbc/modules/guacamole-auth-jdbc-base/src/main/java/org/apache/guacamole/auth/jdbc/permission/ModeledObjectPermissionService.java
@@ -187,19 +187,15 @@ public abstract class ModeledObjectPermissionService
         if (identifiers.isEmpty())
             return identifiers;
         
-        // Retrieve permissions only if allowed
-        if (canReadPermissions(user, targetEntity)) {
-
-            // If user is an admin, everything is accessible
-            if (user.getUser().isAdministrator())
-                return identifiers;
+        // If user is an admin, everything is accessible
+        if (user.getUser().isAdministrator())
+            return identifiers;
 
-            // Otherwise, return explicitly-retrievable identifiers
+        // Otherwise, return explicitly-retrievable identifiers only if allowed
+        if (canReadPermissions(user, targetEntity))
             return getPermissionMapper().selectAccessibleIdentifiers(
                     targetEntity.getModel(), permissions, identifiers,
                     effectiveGroups);
-            
-        }
 
         // User cannot read this entity's permissions
         throw new GuacamoleSecurityException("Permission denied.");